Blog

Expert Insights Gives TitanHQ 5 Best-Of Awards

Cyberattacks are occurring in record numbers and attacks are becoming more sophisticated, so it has never been more important for businesses to ensure they are well protected and have the right cybersecurity solutions in place. However, finding the right solutions at the right price can be a challenge for businesses, which is why many rely on independent B2B software review sites.

Expert Insights is a leading online platform that provides invaluable advice on business cybersecurity software solutions. The site has more than one million users a year, and each month more than 85,000 businesses rely on the reviews, advice, and buyers’ guides produced by the site’s researchers to help them find the best cybersecurity solutions to meet their needs so they can purchase with confidence.

Expert Insights regularly recognizes the leading companies and their products in its “Best-Of” awards. For the Fall 2022 Best-Of Awards, the huge range of cybersecurity solutions on the market was whittled down to 150 products in 41 different software categories, with the top 10 vendors in each category given a prestigious Best-Of award. The editorial team selected each product using several criteria, including the features of the products, how easy they are to use, customer satisfaction scores, and the company’s market presence, with each category also having its own specific criteria. Like the advice provided by Expert Insights, the selection of products in each category is not influenced by external factors, and each of the products included in the list is subjected to internal testing and analysis by Expert Insights’ in-house team.

TitanHQ is happy to announce that the company’s innovative cybersecurity solutions have been recognized in the Expert Insights Fall 2022 Best-Of Awards, with four TitanHQ products recognized in five of the cybersecurity categories.

The SafeTitan Security Awareness Training platform collected two Best-Of Awards in the Security Awareness Training and Phishing Simulation Categories, SpamTitan received an award in the Email Security category, WebTitan was recognized in the Web Security category, and ArcTitan received an award in the Email Archiving category. SpamTitan and ArcTitan were also rated top in their respective categories.

All TitanHQ solutions are provided through the best-in-class SaaS Cybersecurity Platform, which allows businesses to implement advanced, layered defenses to protect against a broad range of cyber threats including phishing, spear phishing, BEC, botnets, malware, and ransomware. The platform is also used by thousands of managed service providers to help their SMBs clients improve their security posture. All TitanHQ solutions are cloud-based, easy to implement, easy to use, and provide industry-leading protection at an affordable price.

“We are honored that TitanHQ was named as a Fall 2022 winner of Expert Insights Best-Of award for phishing simulation, email security, security awareness training, web security and email archiving” said TitanHQ CEO, Ronan Kavanagh.  “Our cloud-based platform allows partners and MSPs to take advantage of TitanHQ’s proven technology so they can sell, implement and deliver our advanced network security solutions directly to their client base”.

New WebTitan Cloud Release Gives Users New Functionality and Enhanced Security

On September 6, 2022, TitanHQ announced the release of a new version of WebTitan Cloud that gives users several new functions to add to the already industry-leading feature set, along with product improvements, security enhancements, and a new user interface.

TitanHQ welcomes feedback from users on new features they would like to see incorporated into its cybersecurity solutions. Previous requests from SMBs, enterprise, and MSP customers have been considered when making the latest product enhancements and adding new functionality.

New WebTitan Cloud Features

The key new features in the latest release of WebTitan have been added to improve security, provide easier access to important information through a suite of new reports, and improve protection for off-network users to better support hybrid working. WebTitan users also benefit from a new user interface that places important information at users’ fingertips.

Interactive Threat Intelligence Including DNS Data Offload

WebTitan Cloud now gives users the ability to list and download the DNS history, logs are available for download, and users can access all DNS data which will provide them with valuable insights. DNS data can be easily extracted to allow sophisticated integrations and advanced analyses, which support IT decisions and security planning and help with network troubleshooting.

New User Interface with Advanced Reporting

A new WebTitan Cloud user interface has been launched that makes accessing all features of WebTitan Cloud even more intuitive, with easy access to a new suite of advanced reports. Data visualization tools have been used to embed key data into the user interface to provide a clear view of important metrics to improve the user experience.

Improved Remote Workforce Protection

Many businesses have remote workers or operate under a hybrid working model. WebTitan Cloud protects all users, whether they are on or off the network. When off the network, the WebTitan Cloud On-The-Go (OTG) agent allows businesses to extend the network protections to workers, regardless of where they access the Internet. The latest enhancements vastly improve the WebTitan Cloud OTG agent for managing and monitoring off-network users, with the JSON Config filters for OTG devices replaced. It is also much easier to add and update exceptions for OTG devices through a simple, intuitive user interface.

DNSSEC Added to Enhance Security

The Domain Name System Security Extensions (DNSSEC) was created to enhance the security of the DNS. DNSSEC uses public key cryptography to strengthen authentication through digital signatures and verifies the origin and integrity of data during the DNS resolution process, helping to protect against attacks on the DNS such as DNS poisoning.

“This WebTitan release is hitting so many key pillars of success for TitanHQ. The data offload feature has been requested by many customers and creates real differentiation for our solution in the market. This coupled with our new advanced reporting were major requests from our MSP customers,” said TitanHQ CEO, Ronan Kavanagh. “Finally, security is at the heart of what we do and are, the addition of DNSSEC just continues to add to our credentials.”

The TitanHQ Cybersecurity Suite

WebTitan Cloud is part of TitanHQ’s best-in-class cybersecurity platform that also includes SpamTitan Cloud spam filtering, SpamTitan Plus phishing protection, ArcTitan email archiving, EncryptTitan email encryption, and the SafeTitan security awareness and phishing simulation platform. These solutions provide customers with layered defenses to block the full range of cyber threats and are used by more than 12,000 businesses worldwide for compliance and cybersecurity and have been incorporated into the service stacks of over 3,000 MSP partners.

If you haven’t used TitanHQ solutions or you are an MSP that has yet to incorporate TitanHQ products into your service stack, contact the TitanHQ team today. TitanHQ solutions are available on a free trial to allow you to see for yourself how easy they are to use and the benefits that come from TitanHQ’s layered defenses.

Relatively Simple Smishing Attack Compromised 130 Organizations

Phishing can take many forms and while email phishing is by far the most common way that threat actors phish for sensitive information and distribute malware, other forms of phishing are increasingly being used in attacks on businesses. Cybercriminals are taking advantage of the relatively poor defenses against SMS phishing – smishing. These attacks may be relatively low-tech, but they can be extremely successful.

Smishing involves making contact with targeted individuals via SMS messages. These attacks trick the recipient into clicking a link that directs them to a malicious website. That website may host a phishing kit that collects sensitive data such as login credentials. The website to which the user is directed spoofs a trusted company or may appear to be a website used by the targeted individual’s employer.

An alternate approach is to direct a user to a website hosting a malicious file, which provides the attacker with remote access to their device. If that device is a corporate-issued mobile phone, and single sign-on credentials are stolen, access can be gained to the corporate network. These attacks may be relatively simplistic and be sent in large campaigns to whatever phone numbers the attacker has procured, but some attacks are highly sophisticated and can defeat multi-factor authentication.

One of the most notable examples occurred this month and involved an attack on Twilio. Twilio is a provider of programmable communication tools for making and receiving phone calls and sending and receiving text messages, through its web service APIs. The smishing attack targeted Twilio employees and tricked them into disclosing their credentials, which allowed the attackers to access their accounts and also access the information of a limited number of its customers. The SMS messages themselves appeared to have been sent by the Twilio IT department and suggested the employees’ passwords had expired.

A link was included that employees could click to change their passwords, with the landing page created to mimic the one used by Twilio. Those URLs hosted the 0ktapus phishing kit, with the URLs including familiar words, such as Okta, Twilio, and SSO. The single sign-on credentials obtained in the attack allowed the attackers to gain access to multiple internal systems. They were then able to conduct attacks on 25 companies that used Twilio’s phone verification services and other Twilio services.

An investigation by researchers at Group IB revealed the attackers had successfully compromised more than 130 organizations and from those attacks, stole almost 10,000 sets of credentials, including 2-factor authentication credentials. Supply chain attacks were then conducted on downstream customers, including DoorDash, Digital Ocean, Mailchimp, and Klaviyo.

These attacks have been made much easier due to the reliance on mobile devices, especially with many companies having a hybrid workforce with many employees spending at least some of the working week at home. It is essential for security teams to implement security solutions that cover the mobile attack surface and to ensure that smishing and other types of phishing attacks are covered in employee security awareness training.

TitanHQ Announces Addition of Predictive Threat Detection to SpamTitan Plus

SpamTitan Plus from TitanHQ has the most extensive coverage of any anti-phishing product. It now also has enhanced predictive capabilities to block automated bot campaigns and personalized phishing URLs.  

In December 2021, TitanHQ launched SpamTitan Plus – the most advanced anti-phishing solution released to date. SpamTitan Plus is an AI-driven solution that independent tests have shown to have better coverage than any other anti-phishing product. SpamTitan Plus is fed massive clickstream traffic from more than 600 million endpoints worldwide and has 100% coverage of all current market-leading anti-phishing feeds. Users of the solution get significantly faster detection of phishing threats than any other solution. Independent tests have shown SpamTitan Plus delivers 1.5x more phishing detections than other leading products and up to 1.6x faster phishing detection than any of the current market-leading anti-phishing solutions. Every day, SpamTitan Plus blocks more than 10 million new, unique, never-before-seen phishing and malicious URLs, and it takes just 5 minutes from the detection of a new malicious URL for all users of the solution to be protected.

The solution rewrites all URLs and provides click time protection against malicious links. If a link is initially benign, which allows it to evade email security defenses, and is then turned malicious, most anti-phishing solutions would not block the threat. Click-time protection ensures SpamTitan Plus does identify and block the threat. SpamTitan Plus follows all redirects, identifies spoofed sites in real-time, scans for phishing kits and login pages, and prevents users from visiting malicious websites that are used for phishing and malware distribution.

TitanHQ has recently performed an upgrade of SpamTitan Plus to enhance its capabilities further still to significantly improve its predictive phishing threat capabilities. Phishers are constantly changing their tactics, techniques, and procedures to evade security solutions, and one of the new tactics is to use personalized URLs. Rather than use the same URL for each email in a phishing campaign, programmatically the URLs are made unique for each victim at the path or parameter level. Since each URL is unique, standard anti-phishing solutions are ineffective at detecting the URLs as malicious. When a URL is detected as malicious and is blocked for all users of the anti-phishing solution, they will not be protected as all other emails in the campaign use a different URL.

The latest predictive functionality added to SpamTitan Plus detects and blocks automated bot phishing campaigns and personalized URL attacks. “With predictive phishing detection, SpamTitan Plus can now combat automated bot phishing. At TitanHQ we always strive to innovate and develop solutions that solve real-security problems and provide tangible value to our customers. The end goal is to have our partners and customers two or three steps ahead of the phishers and cybercriminals’ said Ronan Kavanagh, CEO, TitanHQ.

The Key to Effective Security Awareness Training is Providing Training in Real Time

Want to improve the security awareness of your workforce? You will have the greatest success if you provide training in real-time in response to risks taken by employees.

You can implement a new email security solution to block more email threats, use a web filter for blocking web-based threats, and endpoint security solutions for detecting malware and compromised devices. Add in multifactor authentication to stop stolen credentials from being used to access accounts and you will be well protected. However, none of those security measures will block voice phishing for instance, and even with all those security measures, threats will still reach employees, albeit at a much-reduced level. It only takes one employee to respond to a single phishing email to give an attacker a foothold in the network, so security awareness training for the workforce should not be neglected.

Businesses can develop their security awareness training programs from scratch or purchase a training platform from a vendor such as TitanHQ. Training should teach the workforce security best practices, get employees to always stop and think before taking actions that have the potential to compromise security, and employees need to know the signs of phishing. However, to get the greatest benefit from your investment of money and resources, you need to deliver training at a time when it is likely to have the maximum effect.

Many businesses provide classroom-based training sessions as part of the onboarding of new employees, they may even follow up with annual refresher training sessions. Employees may take this training on board and pass end-of-course quizzes, but it doesn’t necessarily mean they will apply what they have learned on a day-to-day basis.

Providing training once a year may be effective at changing behavior in the month after the training session, but what about 11 months later? Bad practices are likely to creep in over time. You can provide annual or biannual training, but also be sure to provide more timely reminders about security. These can include monthly cybersecurity newsletters, and it is also useful to add a banner to external emails warning the user that the email has come from an external and less trustworthy source. A mail client add-on is also recommended to allow one-click reporting of suspicious emails to the security team – You need to make it as quick and easy as possible for employees to report potential threats.

It is also strongly recommended to use a training platform that delivers training in real-time in response to mistakes by employees. If you want to build a security culture, you should be running phishing simulations, and any failure should trigger immediate and relevant training. That training could be a 5-minute video related to the mistake that was made. This timely training is likely to be much more effective than waiting a few months to provide a general training session.

SafeTitan allows timely training to be provided, not just in response to clicks in phishing simulations, but also in response to other security errors. Real-time intervention training can be triggered in response to a risk taken by an employee. This is important as the employee may not even be aware they have engaged in risky behavior and will likely continue to take risks in the future if there is no intervention. With SafeTitan, administrators can configure the solution to automatically send training content, policy reminders, data regulations, and compliance standards to staff when they engage in risky cyber behaviors.

All SafeTitan training content is gamified, highly interactive, and enjoyable for employees, and can be accessed via a browser from anywhere. Since no module is longer than 10 minutes, training is easy to fit into even the busiest workflows. If you want to improve your security posture, ensure you train the workforce, but be sure to also provide real-time training to get the best return on your investment.

For more information about creating a human firewall using SafeTitan, give the TitanHQ a call. Product demonstrations can be arranged on request.

TitanHQ Recognized at the CompTIA UK Spotlight Awards

The Computing Technology Industry Association (CompTIA) has named TitanHQ as one of the finalists in the Innovative Vendor Award Category at this year’s CompTIA UK Spotlight Awards.

The CompTIA UK Spotlight Awards recognize individual and organizational excellence in the UK tech industry, with this year’s award winners announced on June 16, 2022, at the CompTIA UK Business Technology Community Meeting, in Bristol.

CompTIA is a not-for-profit trade association for the $5 trillion global information technology industry. CompTIA provides education, training, certifications, and philanthropy, and conducts valuable market research to support an estimated 75 million tech professionals who work in the IT sector. CompTIA stands for excellence and standards in the industry, and the annual CompTIA UK Spotlight Awards recognize companies and individuals who reflect that.

The awards span several categories, with the UK Innovative Vendor Spotlight Award recognizing CompTIA Corporate Member Vendors that operate in the technology sector who have demonstrated innovation or an innovative approach that has transformed their organization, a client’s organization, or the wider industry.

Inclusion in the list of finalists is recognition that a company has developed innovative solutions that are having a real impact on the business and are providing great benefits to companies of all sizes. While TitanHQ was not named the winner in the category this year, the company was runner-up and was “Highly Commended.”

Just a few weeks ago, TitanHQ was also recognized for being an innovative cybersecurity vendor by Expert insights, which included the company in the Expert Insights’ list of the Top 100 Most Innovative Cybersecurity Companies of 2022, and also collected no fewer than 5 Expert Insights’ “Best of” Awards for Email Security, Email Archiving, Web Security, Security Awareness Training, and Phishing Simulation.

Over the past 12 months, TitanHQ has enjoyed impressive growth, has made significant inroads into the US market, and has recruited a wealth of new talent to continue to drive growth and foster further innovation. Two new products have been launched that expand the company’s portfolio of cybersecurity solutions to provide even greater protection from online and email-based threats.

TitanHQ launched SpamTitan Plus to provide businesses with leading-edge protection against phishing threats – The number one cause of data breaches at businesses. The product provides unrivaled protection against zero-day threats and protects businesses from more than 10 million new phishing URLs every day. The product has 100% coverage of all current market-leading anti-phishing feeds, which translates into 1.5x faster unique phishing URL detection, 1.6x faster phishing detection than the current market leaders, and just 5 minutes from initial detection at any of 600 million+ endpoints worldwide to protecting all users of the solution.

Protecting against phishing and other cyber threats requires a defense in-depth approach, that should include technical safeguards and end user training. TitanHQ now offers comprehensive security awareness training for businesses through the SafeTitan Security Awareness Training Platform. SafeTitan is the only behavior-driven security awareness training that delivers relevant training in real-time in response to user actions, ensuring training is delivered to the people who need it in real-time when the training is most likely to be taken on board. The platform also includes a phishing simulation platform with hundreds of templates based on real-world threats.

These solutions join SpamTitan Email Security, WebTitan DNS Filtering, ArcTitan Email Archiving, and EncryptTitan Email Encryption. For further information on these solutions, to book a product demonstration, or to sign up for a 100% free trial of any TitanHQ solution, give the TitanHQ team a call today.

TitanHQ Appoints Top IT Channel Veteran Tom Watson as Channel Chief

TitanHQ has announced the appointment of Tom Watson as the company’s new Channel Chief. Tom is an IT channel veteran with extensive experience in the MSP market, having previously served as Channel Chief at Grade A vendors such as NinjaOne and Axcient, has been a vendor evangelist for a swathe of tech companies over the past 24 years, and has owned and operated an MSP business and has previously worked as a network engineer.

Tom will be based at TitanHQ’s U.S office in Shelton, Connecticut, and will be working alongside another top IT channel veteran, Jeff Benedetti, who was recently appointed TitanHQ VP of Sales. Tom was appointed to help maintain TitanHQs incredible growth in the US MSP market, where there has been a huge demand for TitanHQ’s MSP services. Tom has been tasked with managing TitanHQ’s MSP tradeshows, roadshows, and webinars and will oversee the company’s new MSP partner program.

TitanHQ has been providing MSPs with innovative technology solutions for more than 2 decades, with the current product portfolio recently expanded to include an industry-leading email security solution – SpamTitan Plus, an email encryption solution – EncryptTitan, and security awareness and phishing simulation platform – SafeTitan. These recently introduced solutions join the award-winning SpamTitan Email Security, WebTitan DNS Filtering, and ArcTitan email archiving solutions.

TitanHQ solutions are delivered through an MSP-centric platform, which allows MSP partners to generate recurring revenues through the sales of TitanHQ solutions to SMBs, and scale and effectively manage their own businesses. The products have been developed from the ground up to meet the needs of MSPs and have proven to be a huge hit due to their ease of implementation, ease of use, and seamless integration into MSPs’ service stacks. TitanHQ solutions are now relied on by more than 8,500 businesses worldwide and are used to protect the clients of more than 2,500 MSPs against malware, ransomware, botnets, phishing, spear phishing, and other cyber threats.

“I’ve wanted to work for a rising cybersecurity company for quite a while now. Here I know I can use my skills and understanding of MSP operations, sales, and marketing to help MSPs succeed. Working together with TitanHQ we can give MSPs everything they need to provide quality cyber services to their clients,” said Tom. “TitanHQ already has a fantastic offering. You’ll be hearing me talk about that in the future. For now, I think it’s more important to highlight the commitments TitanHQ has made to the channel. This is a company that is 100% dedicated to making sure they serve the MSP community.”

Toms’s views are shared by all members of the leadership team at TitanHQ, who are excited about the appointment. “As we continue to further expand into the North American market, introducing industry experts like Tom to our team is vital to allow us to continue to partner with MSPs looking for best in class cybersecurity solutions,” said TitanHQ CEO, Ronan Kavanagh. “We are thrilled to welcome Tom to the team, his wealth of experience working with the MSP sector will serve us well as we continue on our growth journey.”

“For over 20 years TitanHQ has worked with MSPs to develop best in class, advanced, and highly innovative cybersecurity solutions. We pride ourselves on the sophisticated yet easy-to-manage offerings we bring to the market,” said TitanHQ Marketing Director, Dryden Geary, Marketing Director, Bringing Tom on board is yet another leap to allow us to offer the best service to the MSP market.”

ArcTitan Awarded Best In Class Award by Expert Insights

TitanHQ has been awarded a best in class award by Expert insights for ArcTitan Email Archiving, in a haul of 5 awards at the Expert Insights’ Spring 2022 Best-Of awards.

Email archiving is important for compliance with state, federal, and industry regulations for data retention, allowing vast numbers of emails to be searched in seconds and recovered on demand. The solution works seamlessly with Office 365, offering several key benefits over the native Office 365 email archiving feature, including enhanced search and storage, simplified archiving, and a greatly reduced management overhead.

ArcTitan users have reviewed the product on the Expert Insights website and praised the solution for its speed, scalability, ease of use, and the lack of storage limits, with one of the most common plus points from userd being the price of the solution. The solution was ranked top in a group of 10 email archiving solutions at the Expert Insights Spring 2022 Best-Of Awards.

It was not just ArcTitan that was recognized as best in class. TitanHQ’s email security solution,n SpamTitan, ranked 1st in the Best Email Security category, with WebTitan DNS Filter ranking second in the Web Security category. It didn’t end there, as the latest addition to the TitanHQ product portfolio, SafeTitan Security Awareness Training, collected two Best-Of awards in the Security Awareness Training and Phishing Simulation categories.

Expert Insights is an important resource for IT professionals and business owners which helps them make the right purchasing decisions. The site provides valuable insights into the best B2B solutions on the market, provides technical reviews and analysis, editorial buyers’ guides, industry analyses, and other valuable content. The site is visited by 80,000 individuals each month.

These awards recognize the continued excellence of the providers in these categories,” said Joel Witts, Expert Insights’ Content Director. “Each of the services recognized in our awards are providing in many cases an essential service to their users, driving business growth, securing users in a challenging cybersecurity marketplace, and massively improving business efficiency.” 

The awards come after a quarter that has seen TitanHQ beat several growth records, especially in the United States. A new U.S. office has been set up to handle the increase in enterprise, SMB, and MSP customers, and this year has seen an additional 12 strategic hires in North America which is helping to continue to drive the impressive growth.

“The recent pandemic and the growth of remote working initiatives have further highlighted the need for multiple layers of cybersecurity and our award-winning solutions form key pillars in this security strategy. We will continue to innovate and provide solutions that MSPs can use to deliver a consistent, secure and reliable experience to their customers,” said TitanHQ CEO Ronan Kavanagh.

Benefits of a Security Aware Workforce

Technical defenses are essential for preventing cyberattacks, but many attacks target employees and will bypass those defenses. Having a security-aware workforce can be the difference between just another normal business day and the permanent closure of your business. 60% of small businesses permanently close within 6 months of suffering a cyberattack and data breach.

Ensure your technical defenses are up to scratch…

2021 was another record-breaking year for cyberattacks. A 2022 Check Point Research report shows there was a 50% increase in cyberattacks in 2021 compared to 2020 and more than 60% of businesses have now suffered at least one type of cyberattack. Last year, cyberattacks on businesses were occurring at a rate of one every 39 seconds!

Cyber threat actors use a variety of techniques to gain access to business networks, including brute force attacks to guess weak and default credentials, and unpatched vulnerabilities in software and operating systems are exploited, but phishing remains the number one security threat. It is vital for security to implement technical measures to protect against email attacks. The best defense is an advanced email security solution with machine learning technology that is able to predict new attacks and block phishing emails from IP addresses that have not previously been used for malicious purposes. The email security solution should also provide protection against all known malware threats, but also include protection against zero-day malware attacks through sandboxing. SpamTitan from TitanHQ has these features and blocks the vast majority of malicious emails.

…but don’t neglect security awareness training for the workforce

As good as SpamTitan is at detecting and blocking threats, some malicious emails will inevitably be delivered. No email security solution will block all threats without also blocking an unacceptable number of genuine emails. The aim of email security software is to reduce the volume of threats that reach inboxes. Technical defenses will not eliminate threats entirely.

Your technical defenses need to be complemented with human defenses. If your employees are not trained on how to recognize threats, they are likely to be fooled if a threat lands in their inbox. That is especially true for targeted attacks such as spear phishing, where messages are sent to a select group of employees and the emails are carefully crafted to maximize the chance of a response. The emails masquerade as typical business emails, and they often include the logos and color schemes of trusted brands and can be difficult to identify if you don’t know what to look for, If an employee responds to a phishing email and opens an attachment, malware would likely be installed. Employees could be tricked into clicking a hyperlink and visiting a malicious website where their credentials are harvested, which would give the attacker access to the email environment and sensitive data and provide a springboard for a more extensive attack on the organization.

Many businesses invest in email security defenses and other cybersecurity solutions, only to neglect the human element. Some provide cybersecurity training during the onboarding process but then never again, or provide annual refresher training sessions, but such infrequent security training is no longer sufficient given the current threat level.

To create a formidable human firewall, training must be provided and regularly be reinforced. You also need to check whether the training has been effective. Some employees may require multiple training sessions to learn the skills to be able to recognize email threats. The best way to do this is through phishing email simulations. Through regular training and simulations, the risk of a successful cyberattack can be greatly reduced.

To help address this common gap in security, TitanHQ has launched the SafeTitan security awareness training platform. SafeTitan is the only behavior-driven security awareness platform that delivers training in real-time and helps businesses significantly improve their defenses against social engineering and advanced phishing attacks. If you have not provided training to your workforce, or if you are not conducting phishing simulations, take a look at SafeTitan and start working on your human firewall today.

Security Awareness Training Added to TitanHQ Portfolio with Cyber Risk Aware Acquisition

TitanHQ, the leading cybersecurity SaaS business, has announced its acquisition of Cyber Risk Aware. Established in 2016, Cyber Risk Aware is a global leader in security awareness and mitigation of human cyber risk, assisting companies to help their staff protect the company network.

Cyber Risk Aware delivers real-time cyber security awareness training to staff in response to actual staff network behavior. This intuitive and real-time security awareness training reduces the likelihood users will be impacted by the latest threats such as ransomware, BEC attacks, and data breaches, whilst also enabling organizations to meet compliance obligations.  Leading global businesses that trust Cyber Risk Aware include Standard Charter, Glen Dimplex, and Invesco.

The acquisition will further bolster TitanHQ’s already extensive security offering. The combination of intelligent security awareness training with phishing simulation and TitanHQ’s advanced email protection, DNS security, email encryption, and email archiving solutions create a powerful, multi-layered cybersecurity platform that secures end users from compromise. This is the go-to cybersecurity platform for IT Managed Service Providers and internal IT teams.

“This is a fantastic addition to the TitanHQ team and solution portfolio. It allows us to add a human protection layer to our MSP Security platform, with a fantastic feature-rich solution as demonstrated by the high-caliber customers using it. Stephen and his team have built a great company over the years, and we are delighted to have them join the exciting TitanHQ journey.” said TitanHQ CEO Ronan Kavanagh.

Stephen Burke, CEO of Cyber Risk Aware, commented: “I am incredibly proud that Cyber Risk Aware has been acquired by TitanHQ, cybersecurity business that I have greatly admired for a long time. Today’s announcement is fantastic news for both our clients and partners. We will jointly bring together a platform of innovative security solutions that address the #1 threat vector used by bad actors that cause 99% of security breaches, “End User Compromise”. When I first started Cyber Risk Aware, my aim was to be the global security awareness leader in delivering the right message, to the right user at the right time. Now as part of TitanHQ, I am more excited than ever about the unique value proposition we bring to market”.

The solution is available to both new and existing customers and MSP partners at TitanHQ.com and is now branded as SafeTitan, Security Awareness Training. Cyber Risk Aware existing clients are unaffected and will benefit from improvements in the platform in terms of phishing sims content and an exciting, innovative product roadmap.

For more information on TitanHQ’s new Security Awareness Solution, visit https://www.arctitan.com/safetitan/

EncryptTitan: Secure and Easy Email Encryption for Businesses

Email encryption for businesses is important to prevent the accidental exposure of sensitive information and to protect against the interception of data in transit. When an email is sent, there are stopovers on the way from the sender to the recipient. There is the device where the email originates, the company email server, the recipient’s email server, and the recipient’s device. Emails can be intercepted at any of those points, and the sender and receiver would be none the wiser. Emails can also be intercepted in transit and altered in a man-in-the-middle attack, again without the knowledge of the sender or the receiver.

If an email is sent requesting a change to a fantasy football team, encryption is perhaps overkill, but financial reports, password resets, proprietary company information, and sensitive employee data are often sent via email. The interception of those messages could be highly damaging to a business. Individuals can easily lose trust in a company if mistakes are made, and loss of reputation is very hard to recover from. The exposure of sensitive information can also have severe financial consequences for a business.

Due to the sensitive nature of email data, hackers target unencrypted email and mail servers. One notable example is the hacking of Sony Pictures in 2014 when North Korean hackers compromised a mail server and gained access to highly sensitive emails. The hack reportedly cost the company several million dollars to resolve (estimates range from $15 million to $100 million), damaged the company’s reputation and was a major cause of embarrassment.

If you want peace of mind that your emails cannot be intercepted in transit and can only be read by the intended recipient, you need to use email encryption. Secure and easy email encryption for businesses is vital. Businesses need to protect their email communications but do so in a way that does not affect employee productivity. If encrypting emails is time-consuming, employees may end up sending their emails without encrypting them.

Modern email encryption for businesses is virtually invisible. Virtually all the complicated business of encrypting emails takes place behind the scenes and is seamlessly applied to email communications. The productivity of users is not affected, yet emails are fully protected in transit with end-to-end encryption to ensure that only the intended recipient can view messages.

Introducing EncryptTitan from TitanHQ

EncryptTitan was developed by TitanHQ to make email encryption for businesses simple. EncryptTitan is a full-featured, 100% cloud-based email encryption solution for MSPs and enterprises that allows information to be securely transmitted via email without fear of interception in transit. EncryptTitan ensures emails and attachments can only be opened by the intended recipients. EncryptTitan protects your organization and ensures compliance with legal, state, and federal privacy regulations, and is quick and easy to set up and use.

Key Features of EncryptTitan Email Encryption for Businesses

  • 100% cloud-based solution requiring no hardware
  • End-to-end encryption of emails
  • TLS for protection with multiple layers of security
  • Ultimate scalability
  • Data Loss Prevention to prevent the sharing of unsecured data
  • Automatic encryption of emails containing user-specified keywords
  • Compliant with legal requirements for sending sensitive data
  • Compatible with all email environments
  • Message expiry after a user-defined period
  • Quick and easy recall of messages
  • Automatic attachment encryption
  • Automatic encryption of replies to emails
  • Easy integration with Office 365
  • Outlook plugin with one click option of whether to encrypt emails
  • MSP friendly email encryption to seamlessly add to your security stack

If you want to improve email security, prevent the interception of business emails, and prevent costly email data breaches, give the TitanHQ team a call or click here to arrange a product demonstration.

European & US Banks Under Attack from SharkBot Android Banking Trojan

SharkBot, a new Android banking Trojan, has been discovered in campaigns created to steal money from bank accounts and cryptocurrency services in locations including the United States, United Kingdom, and Italy, and targets 27 financial institutions – 22 banks and 5 cryptocurrency apps.

This new Android malware is different from other mobile banking Trojans due to its use of an Automatic Transfer System (ATS) tactic that enables the bypassing of multi-factor authentication measures and automates the stealing of money from victims’ accounts. This does not require any human input as SharkBot auto-completes fields required for completing financial transactions.

SharkBot can capture text messages, such as those sending financial institution multi-factor authentication codes, and can mask those SMS messages to make it seem as if they were never received. SharkBot can also conduct overlay attacks, where a benign pop-up is shown over an application to fool a user into performing tasks, such as alocatting access authorizations. SharkBot is also a keylogger and can capture and exfiltrate sensitive information such as details to the hacker’s command and control server and bypasses the Android doze component to ensure it stays logged on to its C2 servers.

During the configuration process, the user is bombarded with popups to allocate the malicious app the permissions it requires, with those popups only ending when the user shares the required authorizations, such as enabling Accessibility Services. When the malicious app is downloaded, the app’s icon is not shown on the home screen. Users are stopped from removing the malware via settings by abusing Accessibility Services.

The ATS technique deployed by the malware allows it to redirect payments. When a user tries to complete a financial transaction, information is auto-filled to direct payments to an hacker-managed account, with the recipient being aware of it.

The malware was examined by experts at Cleafy, who identified no similarities with any other malware strains. Since the malware has been created from scratch, it currently has a low detection rate. The experts believe the malware is still in the initial stages of development, and new capabilities could well be added to make it even more dangerous.

One of the main issues for developers of malware attacking Android devices is how to get the malware downloaded on a device. Google carries out checks of all apps available before including them in the Google Play Store, so getting a malicious app on the Play Store is tricky. On occasions when they do make it to the store, Google is quick to identify and delete malicious apps.

SharkBot has been witnessed pretending to be a range of apps such as an HD media player, data recovery app, and live TV streaming app, which is delivered via sideloading on rooted devices and by using social engineering tactics on compromised or hacker-owned websites to trick victims to install the fake app.

SharkBot is able to avoid detection and analysis, such as obfuscation to hide malicious commands, by virtue of downloading malicious modules once it has been installed, and by encrypting all communications between the malware and the C2 servers.

 

 

 

Scampage Tools & Brand Phishing Attacks Alert Warning Released

An official warning has been issued by the Federal Bureau of Investigation (FBI) in relation to a spike well known brand being used in spear phishing attacks, focused on tricking people to hand over sensitive data or download malware.

The campaigns work by leveraging the trust that is placed in well-known brands in order to make them complete an action. Typically they include the actual logo of the targeted brand in the same format as real messages from the company. However, they will include links that take those who click on them to a malicious web portal. These web portals will attempt to steal sensitive data. 

Hackers sell scampage tools on the dark web that will allow other hackers to operate successful phishing campaigns. The FBI has confirmed that the scampage tools in question have the ability to spot if a person is their email address as their login ID for a web platform. If this is detected the user is sent to a scam page with the same email domain. The user is then asked to share their login credentials that the hacker can use to access the victim’s email. This in turn allows hackers to receive 2-factor authentication codes, thus rendering this security method useless. With 2FA codes, the cybercriminal can obtain access to accounts and make changes, including updating passwords to lock users out of their accounts or altering security rules before the owner of the account can be alerted.

The FBI release said: “Much like the threat with ransomware-as-a-service, this type of product-as-a-service distribution of scampage and credential harvesting tools presents an increased nationwide risk to private sector businesses and their consumers. Brand-phishing email campaigns and scampage tools that help bypass 2FA security measures represent another aspect to this emerging cyber threat.”

In order to prepare for an attack like this, companies must configure an advanced spam filtering solution to prevent phishing emails and stop them from landing in employee inboxes. Password policies should be set up that make strong passwords mandatory, and reviews carried out to police this and root out commonly used or weak passwords cannot be created on accounts. Employees should be warned to never use passwords on multiple accounts and to see to it that all company accounts have 100% unique passwords. Security awareness training should be conducted for all staff members to make them aware of email security best practices and how to spot  phishing emails and other scams.

Due to the spike in the use of scampage campaigns, all staff members should create a unique username for an account that is not connected to their main email address. 2-factor authentication should be enabled if it is available, and where possible, a software-based authenticator program or a USB security key should be in place as the second factor. 

 

900% in Ransomware Attacks During First Six Months of 2021

2021 has borne witness to a massive spike in the number of ransomware campaigns being initiated.

According to research data produced by CybSafe‘s, there has been a 900% growth in this type of attack during the first half of 2021 when compared with the same time period from 2020. In tandem with this there has also been significant increases in cost of the cybersecurity required to keep organization safe from this type of attack and the cybercriminals have also been demanding larger ransoms be paid in order to release the locked data.

So far in 2021 there have been major ransomware attacks on many healthcare service providers, including the Health Service Executive, resulting in concerns related to the impact this might have on the provision of patient care. The attack in Ireland took place after one person replied to an email from the Conti ransomware group, allowing them to encrypt files. Recovery of the files took up to nine months, however it is not believed that the $20m ransom demand was met.

There has been a measure of success in relation to holding ransomware groups to account for their crimes. The U.S. government has elevated this type of crime to the same status as that of terrorist attacks and dedicated more manpower to dealing with them. Some Of The success encountered so far include:

  • Taking down the REvil ransomware infrastructure
  • Dismantling the Darkside operation and BlackMatter
  • Arresting suspected members of the Clop ransomware group

Additional in Europe authorities apprehended twelve people believed to be working on the LockerGoga, MegaCortex, and Dharma ransomware campaigns. These successes will have an impact in the short term but it will not be long before some group, or new strain of ransomware, fills the vacuum that has been created. This is why steps are required in order to address the potential for organizations being infiltrated by the cybercriminals responsible. 

Companies face a daunting challenge to protect themselves from attacks like this due to the wide variety of tactics that hackers can use. The starting point should be ensuring that phishing emails are being tackled head on as they are the point of origin for the vast majority of ransomware attacks. This email will be used to deploy malware or steal the credentials needed to access corporate networks and databases.

A cybersecurity solution like SpamTitan will route out malicious messages and stop them from landing in the inboxes of unsuspecting staff members. While staff training can help it will always need to be backed up with a technical solution like this. SpamTitan, for instance, completes an in-depth analysis of all email content and can spot malicious links and email attachments which will be placed in a quarantine folder where they can be reviewed. This means security teams can see how these types of threats are aiming to take advantage of the organization. Additionally, it means that false positives to be identified so filtering rules can be amended appropriately. This solution uses dual antivirus engines, sandboxing that allows suspicious attachments to be analyzed to identify new malware strains, and machine learning technology to ensure that spam filtering learns more the longer that it is used.

In the background, a huge variety of reviews and controls see to it that malicious messages are removed. Managers can control this via a clean, easy-to-use interface that requires no technical skills to navigate and use. All information and controls are simple to learn and control.

Contact the TitanHQ team now to find out more about using this solution.TitanHQ solutions can be trialled for free.

 

Chromium-Based Web Browsers Vulnerable to Updated Magnitude Exploit Kit

After they were first created during 2006, exploit kits have evolved into the main weapon of choice for automated malware delivery.

These kits are composed of programs that can be installed on web portals in order to identify and take advantage of recognised vulnerabilities. This takes place when a browser comes onto the portal and triggers a scan by the exploit kit to identify specific software vulnerabilities that have yet to be addressed with an update or patch. Once this is found the exploit kit will be able to install a malware payload without any further interaction from the browser. 

This method of attack was widely witnessed from 2010-2017, after which the use of this method dropped somewhat. However they are still very much an active threat when it comes to cybersecurity. Some of the best-known exploit kits are constantly refreshed to add new exploits for known vulnerabilities. In recent times these kits have been mainly deployed in order to install malware that can activate ransomware. One of these is the Fallout exploit kit that was used to share Maze Locker ransomware, and the Magnitude EK which was deployed to spread ransomware in the Asia Pacific region from 2013 onwards. 

Typically, exploit kits are placed on authentic web portals that have been hacked, in addition to malicious hacker-owned websites laced with malware. Due to this it can be the case that someone visits these web portals without realizing it.

One of the most popular kits currently is the Magnitude EK. Previously it was only deployed on Internet Explorer. Recently it has been discovered that the exploit kit has now been updated to be installed using Chromium-based web browsers on Windows PCs.

Anti-virus expert group Avast has revealed that the Magnitude EK has recently added two new exploits. One aimed to take advantage of a vulnerability in Google Chrome – CVE-2021-21224 – and the other focused on the Windows kernel memory corruption vulnerability labelled CVE-2021-31956. A cybercriminal could obtain system privileges using the remote code execution vulnerability Google Chrome bug or the Windows bug that allows bypassing the Chrome sandbox.

Google and Microsoft have made patches available to mitigate these vulnerabilities. The onus is on users to run these updates. If not it will only be a matter of time before Magnitude EK takes advantage of the weaknesses to install malware. For businesses an additional layer of cybersecurity to prevent this type of attack would be using a web filter. These are similar to spam filters in that they stop malware delivery from malicious websites and are one of the strongest anti-phishing measures you can use.

WebTitan, one of the best web filters available, was created by TitanHQ to keep companies safe in the face of these cyberattacks and manage web access levels for office-based and remote workers – a key feature for tools designed to prevent browsers visiting malicious websites. This web filter solution is DNS-based and is very straightforward to configure, so much so that it is in operation on the databases of more than 12,000 companies and MSPs to complete tasks for content filtering, malware prevention and to provide an extra obstacle for phishers.

In order to enhance your cybersecurity protection measures with WebTitan and block malware contact the TitanHQ experts as soon as you can. There is also a 100% free 14-day trial for you to avail of so you can test the solution in your own environment.

 

Spam Emails Spreading Squirrelwaffle Malware Loader

 

Squirrelwaffle, a new strain of malware that is being distributed using spam email messages, has been discovered in the last six weeks.

The disabling of the Emotet botnet last January 2021 created a vacuum within the malware-as-a-service market, a gap that a number of malware strains have attempted to take advantage of. Squirrelwaffle boasts similar capabilities to the Emotoet banking malware. Squirrelwaffle allows threat actors to gain a foothold in networks, which the operators of the malware can abuse. However, the access is being sold to other cybercriminals.

A review of this campaign has indicated that it is being leveraged to download Qakbot and Cobalt Strike. However, there is nothing to suggest that these are the only two malware strains that are being delivered by this malware. The Squirrelwaffle emails feature a hyperlink to a malicious website which is used to download a .zip file that includes either a .doc or .xls file. The Office files contain a malicious script that will install the Squirrelwaffle payload.

The Word documents implement the DocuSign signing service to trick recipients into enabling macros, stating that the document was set up with an older version of Microsoft Office Word so the user must “enable editing” then click “enable content” to access the contents of the file. Doing so will run code that will install and execute a Visual Basic script, which downloads the Squirrelwaffle payload from one of 5 hardcoded URLs. Squirrelwaffle is sent as a DLL which is then executed when downloaded and then silently places Qakbot or Cobalt Strike on the device/network, which will allow constant access to compromised devices.

As happened with the Emotet Trojan, Squirrelwaffle can take over message threads and insert malware. As replies to authentic messages are sent from a legitimate email account, a reply to the message is more likely. This attack method was very successful for the Emotet Trojan. In most cases, the attacks take place in English; however, security experts have discovered emails in different languages such as French, German, Dutch, and Polish.

Due to the similarities with Emotet, it is likely that those responsible for the deactivated botnet are trying to make a comeback. However, it is possible that this is an attempt by unrelated threat actors to fill the market vacuum that was created when Emotet was taken down. At present, the malware is not being distributed to the same extent that Emotet was but that may change in the near future. 

The best way to protect devices and servers from an attack like this is to configure email security measures to block the malspam at source and see to it that the malicious messages do not land in inboxes. It is important to implement a spam filtering solution that also scans outbound emails to identify compromised devices and stop attacks on other employees and business contacts from corporate email accounts.

Making Hotel Wi-Fi Safe & Easy to Use

 

Hotel guests tend to take Wi-Fi security as a given when they are staying overnight. However, if there is no secure connection in place, anyone using the network could be in danger of leaving themselves exposed to malware infection or another type of cyberattack. A cloud-based web content filtering solution mitigates the risk of a guest inadvertently downloading malware onto their own device and also protects guests from being exposed to inappropriate website content on other guests´ mobile devices.

it should not be taken for granted by guests that Wi-Fi is secure. Research will inform the speed and reliability of the network that each hotel is offering, and any checks should also determine if they offer a filtered Internet service. Every hotel offers some level of Wi-Fi but a lot of these solutions are not completely secured Wi-Fi networks. Hotel Wi-Fi can be very susceptible to cyberattacks and malware installations. It is crucial that hotels put in place enterprise cloud-based web filtering and limit the websites that guests are allowed to access.

There are five steps that hotels should take to see to it that the Wi-Fi they are providing for their guests is fully secure.

  • Step 1: Configure cloud-based content filtering: This should be the foundation that hotel Wi-Fi is built upon. This can be implemented for a reasonable level of investment. and there are many different cloud-based web filtering solutions that will allow you to send all of your traffic through their filtering system.  A solution such as WebTitan can prevent access to malware and credential phishing web portals.  The majority of cloud-based filtering solutions incorporate a malware gateway that checks all web traffic for malicious code threats. Another advantage is that these solutions can be utilized to prevent access to certain website categories. This can be implemented using a simple web GUI interface using your web browser.
  • Step 2: Make Wi-Fi security stronger: The reputational damage that unsecured internet access can inflict is massive and can be tricky for businesses to come back from. A hotel or campsite will not be able to state that they are a family-friendly establishment if they permit pornography or illegal websites to be viewed using their Wi-Fi network. Corporate guests must be happy that they can safely access sensitive data. 
  • Step 3: Configure a cloud-based content filter: This will result in the provision of a secure Wi-Fi service that allows guests to browse safely online by forbidding inappropriate content from being loaded. It requires NO software installation and NO need for technical expertise to set up or manage customer accounts. You set up new accounts easily and manage any number of hotels.
  • Step 4: More Secure Wi-Fi is faster Wi-Fi: Cloud-based web filtering for malware and ads not only makes the hotel network safer, but it also boosts network speed by cutting the amount of data that is being shared.  With WebTitan Cloud for Wi-Fi, web access policy can be configured for each Wi-Fi access point. This can be a competitive advantage for hotels that are marketed to families. Parents can be happy that their children are using the web in a safe environment. Cloud-based web filtering allows hotels the chance to create tiered Wi-Fi services. 
  • Step 5: Guide your guests to use Wi-Fi: Ensure that your guests are aware of the correct name of your Wi-Fi network. Provide a secure login page for entering credentials: The “https://” prefix ensures the login page is encrypted to protect guests’ personal information. Hotels can exercise total control over Internet content by using WebTitan, a cloud-based web content filtering solution.

WebTitan is a cloud-based web filter solution that can be used by every kind of hotel that comes with flexible controls. To discover more about the advantages of WebTitan Cloud based filtering for Wi-Fi call the TitanHQ team now.

 

 

 

Lots of Awards for TitanHQ at Expert Insights Annual Awards

TitanHQ’s products have ranked No1 in their respective categories by Expert Insights for the Fall 2021 Best-of Cybersecurity Awards.

This means that TitanHQ has now completed a clean sweep and headed the list for Best Email Security Gateway, Best Web Security Solution, and Best Email Archiving Solution for Business for two years running. Additionally the Best Email Security Solution for Office 365 category was won by SpamTitan.

Ronan Kavanagh, TitanHQ CEO commented on the achievement saying: “TitanHQ are proud to have received continued recognition for all three of our advanced cybersecurity solutions. As the threat landscape continues to be a significant risk to organizations across the globe, we are dedicated to continuous innovation to provide consistent, secure, and reliable protection to our customers”. The annual awards aim to award the best cybersecurity and their solutions, with the winners chosen after taking into account industry recognition, customer feedback, and research conducted by its editorial team and independent technical specialists.

Expert Insights is a recognized online cybersecurity publication and industry analyst that has technical and editorial teams in both the United States and United Kingdom. The publication covers cybersecurity and cloud-based technologies, and its website is used by more than 80,000 business owners, IT admins, and others each month to research B2B solutions. Expert Insights produces editorial buyers’ guides, blog posts, conducts interviews, and publishes industry analyses and technical product reviews from industry experts.

SpamTitan Email Security and WebTitan Web Security were both recognized for their powerful threat protection, and along with ArcTitan Email Archiving, were praised for ease-of-use, cost-effectiveness, and industry-leading technical and customer support.

The high standard of threat protection, simplicity-of-use, and competitive pricing of the solutions are just some of the factors that make TitanHQ the leading provider of cloud-based security products solutions for managed service providers currently on the SMB market. These factors have resulted in the TitanHQ product range being marked as the gold standard for SMBs looking to enhance security and make compliance easier.

Cyberattacks: MSP Guidance

Cyberattacks: MSP Guidance

One of the main focuses of cybercriminals in recent times has been on infiltrating the databases of MSPs. This is due to the large customer base that the cybercriminals are hoping to access and the high probability of these customers having valuable data on their servers. 

So it has become very important for MSPs to be aware of how they should address the risk of cyberattacks focusing on their databases. Here are three of the best ways:

1. Cybersecurity Training

MSPs are vulnerable to phishing attacks that aim to trick staff members into installing ransomware and other types of malware attacks.  If infiltrated, staff accounts can be used to turn off security monitoring tools and permit cybercriminals to access the databases that hold client information without being noticed.  Other things that can be completed include changing security settings, local firewalls, and other services.  

MSPs should be conducting cybersecurity awareness training for all members of staff to address this point of attack. Phishing simulations are a smart move so staff can see what is happening in real-time.

2. Cybersecurity Solutions

The massive amount of enterprise cybersecurity solutions to consider for MSPs can be daunting, so it is crucial to recognize what your organization needs. Using TitanHQ’s cybersecurity suite across your group will allow MSP to use the group’s know-how in order to sell, implement and deliver advanced network security solutions such as SpamTitan and WebTitan to their client base and provide a product that their client will be safe and secure with.  These solutions are provided via the cloud-based which means they can be controlled remotely for workers who travel or are based away from the main office(s).

3. Cybersecurity Audits

A risk assessment is necessary to spot, review and assess any danger that may be present in relation to cybersecurity, particularly vulnerabilities in the existing cybersecurity defenses that a group has in place.  A risk assessment should include:

  • Listing the network area that is most likely to be targeted in a cyberattack
  • Evaluate the dangers, specifically, to these areas
  • Prioritize the importance of addressing each vulnerability 

Doing this will allow a group to see how the MSP must be sure that cybersecurity is enhanced as much as possible to prevent a cybersecurity incident from taking place. SMEs need to find the right happy medium between how much they can reasonably invest in cybersecurity and the minimum level of safety that they need to keep their customers safe.

An audit should be completed at least once annually by an MSP in order to see to it that a secure cybersecurity system is in place for its customers. After identifying potential vulnerabilities, these should be mitigated to prevent hackers from taking advantage of them.  Doing so will provide MSP personnel valuable experience that they can then use to assess their clients.  

If you would like to find out more about adding TitanHQ MSP Security to your offering, get in touch with us now so that we can discuss safeguarding your organization, and your clients from cybercriminals.

 

Advantages of an Email Archiving Solution for Exchange

The importance of email archiving in today’s business world is undeniable, but many businesses may be questioning why a third-party email archiving solution for Exchange is far superior to using the Exchange archiving feature.

The term archive refers to ‘a collection of information that is permanently stored and unalterable.’ Archives are necessary for all businesses to comply with regulations and in the case of litigation, although the degree to which they are necessary depends on the sector the business operates in, with archives essential in highly regulated industries. 

The terms “backup” and “archive” shouldn’t be confused with one another. The purpose of a backup is to restore entire mailboxes in the event of data corruption or loss. It is also worth noting that backups are overwritten with more recent information as time progresses. In contrast, archives preserve data in its original form for longer periods of time. In contrast to backups, archives can easily be searched to identify and recover individual emails.

Why Archiving is Necessary for Businesses

By moving emails to archives, you are helping to limit the amount of data storage needed for mailboxes and that will help to improve the performance of your mail server. A good archiving solution can also help pinpoint the source of data leaks or even security breaches; however these are side benefits.

Archiving is necessary for regulatory compliance and as a repository of information to meet eDiscovery requirements, which is a legal requirement in many countries. eDiscovery is defined as the process of obtaining electronically stored information for use in litigation. This is not only restricted to email. For example, Word and Excel files on your server may also need to be produced in the event of litigation.

Without archives in place, the cost of eDiscovery can be huge. It would, in fact, require the analyzing of each computer in the company to find emails and searching for emails by restoring data from backups, provided of course that backups exist. The search and organizational aspects of archiving are invaluable. In the Nortel Networks executive criminal case, the prosecution delivered 23 million pages of electronic records. Ontario Superior Court Justice Cary Boswell understandably described this as an “unsearchable morass” and requested the prosecution to organize the information and re-present it to the defense.

Issues with Microsoft Exchange 2010 and 2013 Archiving

Microsoft has applied the term “archiving” to describe the journaling and Personal Archive functions of Microsoft Exchange since its 2007 version.

Email copies can be created in Exchange Standard with journaling. Furthermore, with Exchange Premium, these copies can be directed to specific mailboxes or distribution lists. However, journaling does not provide the same functions as archiving because:

  • It lacks the indexing and searching capabilities necessary for fast email recovery
  • Journaling has no data retention configuration settings
  • Users can still create their own PSTs (copies of email that they keep on their own computer). These copies may not necessarily satisfy eDiscovery requirements.

The Personal Archive function addresses some of the shortcomings of journaling. Exchange 2010 has more capabilities than Exchange 2007 in this regard. In terms of Exchange 2010, each user can establish an “archive” for the mailbox. Microsoft TechNet’s description of these is “secondary mailboxes in which users can store messages they need to keep for a longer duration.”  Additionally, Microsoft explains, “the whole idea behind creating personal archive mailboxes is to avoid the constraints of mailbox quotas.” This does not provide an archiving function.

The Personal Archive doesn’t necessarily need to reside in the same production database, it can even live in the cloud. Users have two options: they can move the emails manually or let them be moved automatically based on retention tags. The major downside of Personal Archive lies in the cost. The reason for this is using Personal Archive requires enterprise client access licenses (CALs) and Office 2010 Professional Plus for Outlook.

Microsoft also states that Personal Archive “may not meet your archiving needs”. Since users have control over their own Personal Archives, they are questionable repositories for compliance and eDiscovery as users are able to delete items and modify retention tags.

Microsoft maintains that users with a Discovery Management role can take advantage of indexing and multiple mailbox searching to meet eDiscovery needs. However, Exchange 2010's Exchange Control Panel is clunky and difficult to use, making it far from ideal for eDiscovery.

Exchange 2013 and Exchange Online Improvements

With the newer Exchange versions, users still have a large amount of control over their mailboxes. Not only can they define their own policies, users can also use creative ways to try bypass imposed corporate policies, e.g. “archiving” items in the Deleted Items folder. Although the Exchange administrator can use Policy Tips to notify users of possible compliance issues with data in their e-mails, the administrator still can’t override user settings unless Litigation Hold or In-Place Hold is applied to a mailbox.

Microsoft Exchange has added improved features for eDiscovery, requiring a SharePoint 2013-based portal to search across all mailboxes. There are two main drawbacks with this approach:

  1. Companies must purchase/upgrade to SharePoint 2013
  2. It makes it necessary to have a monolithic mail store with rapidly growing online storage. Data must be held on an online Exchange server to use Exchange’s In-Place Discovery tools.

Advantages of True Email Archiving

Microsoft Exchange “archiving” is not a complete compliance and eDiscovery tool by any means. A true email archiving solution is far superior to Exchange for archiving.

The approach made by Microsoft towards eDiscovery presupposes that all email that ever passed through your organization resides on an Exchange server. The issue with this idea is data storage requirements will skyrocket over time. It is worth noting that an estimated 90 percent of the information stored in Exchange is never accessed again. True archiving removes a large chunk of that 90 percent through deduplication and archives are compressed. By doing this it reduces not only storage, but greatly increases search and recovery times.

TitanHQ has developed a solution that provides true email archiving for Exchange. ArcTitan will ensure you can achieve all your eDiscovery and data storage needs, improve the performance of your mail server, and significantly reduce email storage costs. 

Here are some of the features of the product:

  • Unlimited cloud based email archiving including inbound/outbound/internal email, folders, calendar and contacts
  • Complete Audit trail
  • Data retention and eDiscovery policy
  • Encrypted storage on AWS cloud
  • HIPAA, SOX (and more) standards compliance and Audited access trail
  • Instantly searchable via your browser - find archived emails in seconds
  • No hardware / software  required
  • Secure transfer from your email server
  • SuperFast Search™ – email compressed, Zipped, message de-duplication, attachment de-duplication allowing for the fastest search and retrieval
  • Web console access with multi-tiered and granular access options; you decide user access permissions.
  • Works with All Email Servers including MS Exchange,Zimbra, Notes, SMTP/IMAP/Google/PO
  • Optional Active Directory integration for seamless Microsoft Windows authentication
  • Optional Outlook email client plugin

If you have not yet implemented an email archiving solution, if you are unhappy with the native Microsoft Exchange email archiving features, or if you are finding your current archiving solution too expensive or difficult to use, contact TitanHQ today to find out more about the benefits of ArcTitan and the improvements it can offer to your business.

Frequently Asked Questions (FAQs)

Will archiving emails delete the messages from the Exchange server?

This will depend on how your Exchange server has been configured. Typically, the message will be deleted from the Exchange server once the message has been transferred to the archive and deleted from an inbox, but a copy may be retained for a period of time to allow for a backup to be created. If there are multiple copies of the same message, such as an email sent to a distribution list, a copy will remain on the server until everyone has archived and deleted the message.

Is email archiving compliant with the GDPR?

Email archiving can be GDPR-compliant with the right policies and procedures in place. Bear in mind that personal data can only be kept for as long as necessary to achieve the purpose for collecting the information and personal data, including information in email accounts, must be deleted if requested by an individual. Email retention periods must also be defined.

What happens if someone responds to an archived email?

When you have an email archiving solution in place, emails that need to be retained will be sent to the archive for long term storage and can be deleted from inboxes. If someone replies to an archived message or reactivates an old message thread, the email will simply reappear in your inbox.

Does email archiving save on storage space?

Email archiving can save a considerable amount of storage space, which can greatly improve the performance of your mail server. For example, ArcTitan typically reduces mail server email storage space by up to 80% - That means 1,000 GB of email storage space is reduced to around 200 GB.

Are there any limits on storage space with ArcTitan?

ArcTitan is 100% cloud based and provides incredibly scalability. Storage space will automatically increase as required and there are essentially no limits on storage space in the cloud, nor the number of users. You just pay for the number of active mailboxes.

Cybersecurity & Email Archiving

Performing backups is a vital part of disaster recovery and this is well known by all IT departments. However, another important aspect of archiving emails is the possibility that they will be needed for incident response and data breach audits.

The majority of companies recognise the importance of creating backups but are unaware of their importance in relation to regulatory compliance. Backups can be implemented to restore a network to its pre-breach status and avoid the chance of users not being able to access older files.

Email archives work a bit differently in that they are a copy of email messages that is held in a different location. This means that the emails are not on the existing network so they are not taking up storage space or hindering network speeds. They are also accessible over the web in most cases.  

Email archives save metadata that can be implemented in order to efficiently organize records and conduct searches for particular messages in the event of an audit being required during an investigation. As a lot of larger companies are being sent millions of emails on a daily basis this allows for a much cleaner search system to be in place.

In order to be compliant with legislation such as HIPAA and GDPR, among others, companies must maintain archives of messages for a long period of time. As these archives take up a lot of network space it is important to be able to store them elsewhere in case they are needed at some point in the future. Archives fulfil this need and ensure that all regulatory requirements are in place. 

It is important to maintain audit trails that can be used to ascertain a vulnerability in the aftermath of a data breach occurring. This will allow third-party software to complete searches and control archive backups. The metadata is used to tag messages with specific words and phrases so that messages will be produced using relevant search queries.

Email Archives Advantages

  • Quicker data recovery following a breach, minimizing downtime.
  • They can be used for data loss prevention if backups fail or the backup files are corrupted. Archives are a copy of email data, so they can be used as failover during disaster recovery.
  • Save network space by holding data on a cloud solution
  • Lower costs as cloud storage is much cheaper than housing storage infrastructure on-site.

 

 

Email Retention Legislation in the U.S.

Email retention legislation in the U.S. requires companies to maintain copies of emails for many years. There are federal laws that apply to all companies, data retention laws for specific industries, and a swathe of email retention laws in the United States at the individual state level. Ensuring compliance with all the proper email retention laws in the United States is vital. Noncompliance can prove incredibly expensive and multi-million-dollar fines await any company found to have breached federal, industry, or state regulations.

Certain types of data must be retained by U.S companies in case the information is required by the courts, and that includes email. eDiscovery requests often require massive volumes of data to be provided for use in lawsuits and the failure to provide the data can land a company in serious trouble. Not only are heavy fines issued if data cannot be produced in eDiscovery, companies  can face criminal proceedings if certain data has been erased.

For decades, U.S companies have been required to store documents by law. Document retention laws are included in numerous legislative acts such as the Civil Rights Act of 1964, the Executive Order 11246 of 1965, the Freedom of Information Act of 1967, the Occupational Safety and Health Act of 1970, and the Reform and Control Act of 1986, and data retention laws in the United States were updated a dozen years ago to expand the definition of documents to include electronic communications such as emails and email attachments.

To enhance awareness of the many different email retention laws in the United States, a summary has been included below. Please remember that this is for information purposes only and does not constitute legal advice. For legal counsel on data retention laws in the United States, we recommend you get in touch with your legal representatives and industry and federal electronic data and email retention legislation in the United States are periodically updated.

As you can see from the list below, there are several federal and industry-specific email retention legislative acts in the United States. These laws apply to emails that are sent and received, and include internal as well as external emails.

Reduce storage space, eliminate mailbox quotas and improve email server performance. Book a FREE demo of ArcTitan.
Book Free Demo

Federal Email Retention Legislation in the U.S.

Email retention legislation Who it is applicable to How long emails must be kept
IRS Regulations All companies 7 Years
Freedom of Information Act (FOIA) Federal, state, and local agencies 3 Years
Sarbanes Oxley Act (SOX) All public companies 7 Years
Department of Defense (DOD) Regulations DOD contractors 3 Years
Federal Communications Commission (FCC) Regulations Telecommunications companies 2 Years
Federal Deposit Insurance Corporation (FDIC) Regulations Banks 5 Years
Food and Drug Administration (FDA) Regulations Pharmaceutical firms, food manufacturers, food storage and distribution firms, manufacturers of biological products Minimum of 5 years rising to 35 years
Gramm-Leach-Bliley Act Banks and Financial Institutions 7 Years
Health Insurance Portability and Accountability Act (HIPAA) Healthcare groups (Healthcare providers, health insurers, healthcare clearinghouses and business associates of covered bodies) 7 Years
Payment Card Industry Data Security Standard (PCI DSS) Credit card businesses and credit card processing groups 1 Year
Securities and Exchange Commission (SEC) Regulations Investment banks, investment advisors, brokers, dealers, insurance agents & securities companies Minimum of 7 years up to a lifetime

Email retention legislation in the United States at the state level has not been included in this article. You should seek legal advice about any state-level laws. You should must also consider legislation in other countries where you do business. If you deal with individuals in Europe, or they can access your website, you will need to comply with the General Data Protection Regulation (GDPR) email requirements.

Storing emails for a few years is not likely to take up masses of storage for a small company with a few of members of staff; however, the more employees a company has, the greater the need for extensive resources just to store emails. The average size of a business email may only be 10KB, but multiply that by 123 – the average number of emails sent and received each day by an average company employee (Radicati email statistics report 2015-2019), by 365 days each year, and by the number of years that those emails need to be maintained, and the storage requirements become massive.

If any emails ever need to be obtained, it is vital that an email archive or backup can be searched. In the case of standard backups, that is likely to be an incredibly long process. Backups were not created to be searched and finding the right backup alone can be almost impossible, let alone finding all emails sent to, or received from, a specific company or person. Backups have their uses, but they are not suitable for companies for email retention purposes.

For that, an email archive is necessary. Email archives contain structured email data that can easily be reviewed and searched. If ever an eDiscovery request is received, finding all email correspondence is a quick and simple task. Since many email archives are cloud based, they also do not require large and expensive op-premises storage resources. Emails are stored in the cloud, with the space provided by the service supplier.

ArcTitan is a cost-effective, quick and easy-to-manage email archiving solution supplied by TitanHQ that meets the needs of all businesses and enables them to adhere with all email retention laws in the United States.

ArcTitan includes a variety of security protections to ensure stored data is kept 100% secure and confidential, with email data encrypted in transit and storage, replicated and backed up to ensure constant availability. As opposed to many email archiving solutions, ArcTitan is fast. The solution can process 200 emails per second from your email server and archived emails can be retrieved instantly though a a browser or Outlook plugin. Emails can be archived from any location, whether in the office or on the go via a laptop or tablet. There are no restrictions on storage space or the number of users and the solution can be scaled up to meet the needs of companies of all sizes.

To find out more about ArcTitan, get in touch with the TitanHQ team today.

Frequently Asked Questions (FAQs)

How does email archiving work?

Email archiving involves sending an exact copy of a message outside the email system for long term storage. The messages are usually deduplicated and compressed to save on storage space and are indexed prior to archiving to ensure the archive can be rapidly searched. Email archiving solutions typically have end-to-end encryption to ensure messages cannot be intercepted and the emails are maintained in a tamper-proof repository and can be quickly retrieved on demand.

Is email archiving necessary?

Emails must be retained for compliance and need to be produced quickly for audits and e-discovery. Email recovery is far faster with an email archive. Most businesses have important data stored in email accounts that is stored nowhere else. That data is at risk if it is not sent to an archive. In the event of a ransomware attack that also encrypts backups, email data could be lost forever or cost millions to recover. The regulatory fines for loss of email data can be astronomical. Data loss is not possible with an email archive.

Is email archiving expensive?

Email archiving in the cloud is a low-cost solution that allows businesses to retain a tamper-proof copy of all messages to meet compliance requirements and for disaster recovery. An email archive saves on mail server storage space, which will increase performance. When you factor in productivity improvements and the reduced time producing emails to resolve customer complaints, for audits, and E-discovery requests, an email archive is money well spent.

Is email archiving the same as backing up email?

Email archiving and backing up email are not the same. Backups are intended for short term email storage for disaster recovery purposes. Entire mailboxes can quickly be restored from a backup if a mailbox is corrupted, deleted, or encrypted with ransomware. An email archive is a long-term email storage solution. In contrast to a backup, an archive can be rapidly searched allowing individual emails to be quickly found and recovered.

How much space can be saved with an email archive?

The amount of space saved by implementing an email archiving solution will vary from business to business, but typically businesses can reduce storage space by up to 80% by implementing an email archive and further, if emails ever need to be recovered, the archive can be rapidly searched, and emails retrieved in seconds.

Reduce storage space, eliminate mailbox quotas and improve email server performance. Book a FREE demo of ArcTitan.
Book Free Demo

Tackling Phishing Scams in 2021

 

There was a huge surge in phishing campaigns conducted during 2021, most companies are now very familiar with them and the danger(s) that they pose. Due to this is it now more important than ever to be aware how to tackle this type of attack head on.

This type of attack typically begins with an email being sent to your inbox which appears 100% authentic and includes a request for you to complete an action urgently.  While you probably think that you would be adept at spotting a ploy such as this, every day three billion spoofing emails are transmitted so there is every chance that if you are not tricked, someone in your organization make take the bait and click a link that will lead to a lot of pain for your group.

To assist you in your fight against spamming, we have put together a number of measures you can introduce at your organization.

Investigate How the Sender is Aware of You

All a phisher will do is sometimes launch a campaign where millions of spoof emails are broadcast pretending to be genuine well-known and reputable companies. They know that companies that operate on a global basis will have millions of customers so there is an excellent chance that the message will reach the inboxes of some actual clients. Always treat the message with suspicion even if it is from a company that you have an existing business relationship with.

Check for Spyware

It is important to check for spyware if you are finding yourself in receipt of a large number of spoof emails that appear to be sent from companies whose web portals you use a lot. If this is the case it is likely that one of your devices has been infiltrated with spyware which is recording your web traffic. This can be managed with a strong endpoint security application or spyware cleaner to make your device safe again.

Review the Email Address that is Contacting You

Even if a phishing email includes everything to make the message appear authentic such as a company logo/image and corporate header, you should pay very close attention to the sending email. Phishing emails are normally uncovered by the sending name and sending email address being completely different from each other. 

Check for Standard Phishing Email Claims

These include: 

  • Someone contacts you to confirm some personal information in relation to an account you hold.
  • You are made aware of suspicious activity on an account that you hold and asked to complete an action like visiting a link to change your password.
  • You are informed that you are entitled to claim a tax refund or government subsidy
  • An email from “IT Department” or “Help Desk”  asking you to complete an action.

Tackling Phishing Emails

Using a strong security solution like SpamTitan will prevent phishing, ransomware, and malware variants attacks while also safeguarding all financial accounts using multi-factor authentication.  

Having this in place will prevent your details from ever being exposed. It is important for companies to recognise the danger posed by cyberattacks and take steps, like configuring SpamTitan, in order to address it. 

Contact TitanHQ as soon as you can in order to find out more about how SpamTitan Email Security helps you tackle phishing attacks.

 

Supply Chain Targeted by Hackers

Supply Chain Targeted by Hackers

As cybercriminals look for more new targets that might bear them some profit it appears that they have now shifted some focus towards infiltrating supply chains.

These attacks occur when hacking groups manage to infiltrate servers and components that companies will likely buy from third party suppliers. IT departments would presume that new equipment has not been infiltrated and happily install it onto their networks. This type of attack is now increasing, particularly evident within state-sponsored campaigns that may make it easier for cybercriminals to gain access during the production process. 

Igt will come as no surprise that, due to lower costs, the majority of technology components are manufactured in China. These components are then ordered by the manufacturer and they are instructed how to add them to their own equipment. The manufacturing/purchaser configures these components to build their systems locally before sending them on to the final destination. This means that all #malicious components inserted into hardware design will, more than likely, not be detected.

There is a small chance that some groups will carry out penetration tests on new equipment installed into their infrastructure. However, the vast majority of IT professionals will take it for granted that a brand new system will not feature weak points once it is set up and all software remains updated. Sadly there is a possibility that an opening could have been created for cybercriminals to target, allowing private data to be accessed. 

Occasionally, new equipment will transmit a signal to alert cybercriminals that malicious components are now operational. Once this is sent it is possible that a hacker could access data, review the network, remove data to a third-party server, download passwords, or configure more malware on other equipment. In more complex attacks, the malicious equipment could allow a state-sponsored threat actor remote management of the local system.

Anything configured on your network should be dealt with carefully until it’s validated and tested. Most system managers conduct tests on new hardware to see to it that there are no bugs or defects so that performance is at an optimal level. It is now just as important to review this hardware for any possible security issues.

Penetration testing should be completed in order to guarantee that there is no chance of malicious activity taking place after the system becomes operational. Any company installing hardware from third parties can mitigate risk by mapping the supply chain carefully. System penetration testing should also be completed to uncover unusual traffic patterns and activity on the local network. Backdoors might be present in order to transmit data back to the cybercriminals. 

As the targeting of supply chains becomes more prevalent companies will have to increase their testing efforts to ensure the new hardware is safe before it is made operational within a system. TitanHQ can safeguard supply chains from cybercriminal-led.

Contact the TitanHQ team now to discover more about the cybersecurity solutions like email filtering that can be added to your company’s security suite. 

 

Rockingham School District Emotet Malware Infection Cost $314,000 to Address

In November 2018 the Rockingham school district in North Carolina suffered an Emotet malware infection that cost a massive $314,000 to resolve. The malware was delivered using spam emails, which were sent to multiple users’ inboxes. The attack included an often-used ploy by hackers to get users to install malware.

The emails appeared to have been sent by the anti-virus supplier used by the school district, with the subject line ‘incorrect invoice’ and the correct invoice attached to the email. The emails were believable and looked like many other legitimate emails received on a daily basis. The emails requested the recipient open and check the attached invoice; however, doing so resulted in Emotet being downloaded and installed.

Not long after those emails were received and opened, staff started to experience problems. Internet access seemed to have been disabled for some users and reports were received from Google saying email accounts had been disabled due to spamming. The school district looked into the issue and discovered several devices and servers had been infected with malware.

Emotet malware is a Trojan that can worm its way across a network. Infection on one machine will result in the virus being sent to other vulnerable devices. The malware can also send copies of itself via email, and injects itself into previous message threats. The malware is capable of stealing victims’ credentials including online banking details, and also acts as a downloader of other malware variants and ransomware.

Emotet is a very advanced malware variant that is difficult to spot and hard to remove. The Rockingham school district discovered just how troublesome Emotet malware infections can be when attempts were made to remove the Trojan. The school district was able to successfully clean some infected machines by reimaging the devices; however, malware remained on the network and simply re-infected those devices.

Addressing the attack required assistance from security experts. 10 ProLogic ITS engineers spent approximately 1,200 hours on site reimaging machines. 12 servers and around 3,000 end points had to be reimaged to remove the malware and stop reinfection. The cost of cleanup ran to $314,000.

Attacks such as this are far from unusual. Cybercriminals target a wide range of vulnerabilities to install malware on business computers and servers. In this case, the attack took advantage of gaps in email defenses and a lack of security awareness of staff members.

To safeguard against malware, layered defenses are necessary. An advanced spam filtering solution can ensure malicious emails are not delivered to inboxes, endpoint protection software can detect unusual user behavior indicating an attack in progress, antivirus solutions can potentially discover infections, while web filters can block web-based attacks and drive-by malware downloads. End users are the last line of defense and should be shown how to recognize malicious emails and websites. Using a combination of these measures will help to prevent attacks such as this.

Blocking Drive-By Malware Installations

A drive-by malware download is a web-based attack which occurs when malware is installed on a target device. It is crucial for groups to put in place drive-by malware download security, along with configuring a spam filter to block malware delivery via email. 

The malware could be:

  • Malware to make money for the developer thanks to advertising income
  • Spyware to collect data on the user
  • Keyloggers or banking Trojans that gather credentials
  • Ransomware to encrypt data and demand money from the victim.

These installations typically happen unnoticed to the device user. It can be as simple as a phishing email being received with a hyperlink that avoids the spam filter which takes the recipient to a compromised website which is laden with malware lures.

Authentic web portals can also be infiltrated and loaded with malware and ransomware. This is even more likely for a large web site that allows the placement of third-party ad blocks that generate extra revenue. Malicious adverts – termed malvertising – may get around various testing required by third-party ad networks and be shown to site visitors. If a link is visited, the user is taken to the malicious web portal. Threat actors also participate in #search engine poisoning. This is when search engine optimization tactics are deployed in order to move malicious websites to the top of the search engine results pages. 

It is vital for companies to safeguard themselves from drive-by malware downloads. Using a web-filtering solution.to block out undesirable website content from being displayed. The consumer versions come with parental control features for home WiFi networks. 

WebTitan from TitanHQ is popular for corporate entities, managed services providers, and Internet service providers to prevent access to malicious, illegal, and other undesirable web content including pornography and safeguards from drive-by malware downloads in a number of different ways. 

Initially it does not allow downloads of specific file types from the Internet, those most linked to malware (.exe, .js, and .msi for example). Second, it employs the use of blacklists of IP addresses and domains that have previously been marked as involved in spreading malware distribution. Finally it can be utilised to prevent access to dangerous website categories that are typically involved in spreading malware.

WebTitan is simple to configure in a short space of time. It does not impinge on page loads, speeds load, safeguards users regardless of location, and updates automatically as soon as new malicious content is identified in threat intelligence reports. .

In order to protect your company from drive-by malware installations, enhance security in relation to phishing attacks, and safely manage web content that is accessible on your network, get in touch with TitanHQ now to find out more.

 

Cyberloafing Costs Revealed in New Study

A study published in the Journal of Psychosocial Research on Cyberspace has highlighted the cost of cyberloafing to businesses. Cyberloafing has a massive impact on productivity, yet it is all too common. The cyberloafing costs for businesses are considerable and employees who partake in cyberloafing can seriously damage their career trajectory.

Employers are paying their employees to carry out work duties, yet a huge amount of time is lost to cyberloafing. Cyberloafing dramatically cuts productivity and gobbles up company profits. The study was carried out on 273 employees and cyberloafing was measured along with the characteristics that led to the behavior.

The study indicated a correlation exists between dark personality traits such as psychopathy, Machiavellianism and narcissism, but also suggested that employees are wasting huge amounts of time simply because they can do so. The sites most commonly viewed were not social media sites, but news websites and retail sites for online shopping.

In a perfect world, employees would be able to complete their duties and allocate some time each day to personal Internet use without any reduction in productivity. Some employees do just that and curb personal Internet use and do not let it impact their work duties. However, for many employees, cyberfloafing is an issue and huge losses are suffered by employers.

A report on cyberloafing published by Salary.com indicated 69% of employees waste time at work every day, with 64% visiting non-work related webs pages. Out of those workers, 39% said they wasted up to an hour on the Internet at work, 29% wasted 1-2 hours, and 32% wasted over two hours a day.

Cyberloafing can have a huge impact in company profits. A company with 100 workers, each of whom spend an hour daily on personal Internet use, would see productivity losses of in excess of 25,000 man-hours annually.

Productivity losses caused by cyberloafing are not the only problem – or cost. When employees use the Internet for personal reasons, their actions slow down the network resulting in slower Internet speeds for all. Personal Internet use increases the chance of malware and viruses being introduced, which can cause further productivity losses. The cost of addressing those infections can be huge.

What Can Employers do to Reduce Cyberloafing Costs?

First of all, it is vital that the workforce is educated on company policies relating to personal Internet use. Advising the staff about what is an acceptable level of personal Internet use and what is considered unacceptable behavior ensures everyone is aware of the rules. They must also be told about the personal consequences of cyberloafing.

The Journal of Psychosocial Research on Cyberspace study says, “a worker’s perceived ability to take advantage of an employer is a key part of cyberloafing.” By improving monitoring and making it clear that personal Internet use is being recorded, it acts as a good deterrent. When personal Internet use reaches problem levels there should be repercussions for the employees involved.

If there are no sanctions for employees that break the rules and company policies are not enforced, little is likely to change. Action could be taken against the workers concerned through standard disciplinary procedures such as verbal and written warnings. Controls could be implemented to curb Internet activity – such as blocks applied for certain websites – social media sites/news sites for example – when employees are wasting too much time online. Those blocks could be temporary or even time-based, only permitting personal Internet use during breaks or at times when workloads are usually low.

WebTitan – An Easy Solution to Cut Productivity Losses and Curb Cyberloafing

Such controls are simple to apply using WebTitan. WebTitan is an Internet filter for SMBs and enterprises that can be deployed in order to reclaim lost productivity and block access to web content that is unacceptable in the workplace.

WebTitan allows administrators to apply Internet controls for individual employees, user groups, or the entire company, with the ability to apply time-based web filtering controls as appropriate.

Stopping all employees from logging onto the Internet for personal reasons may not be the best way forward, as that could have a negative impact on morale which can similarly impact productivity. However, some controls can certainly help employers reduce productivity losses. Internet filtering can also reduce the risk of lawsuits as a result of illegal activity on the network and blocking adult content in the workplace and can help to stop the development of a hostile work environment.

If you would like to increase productivity and start enforcing Internet usage policies in your company, contact TitanHQ today. WebTitan is available on a free trial to test the solution in your own environment before making a decision about a purchase.

Network Segmentation Best Practices to Improve Security

Whatever the size of your company, one of the most important security measure to deploy to block threat actors from gaining access to your servers, workstations, and data is a hardware firewall. A hardware firewall will make sure your digital assets are well secured, but how should your firewall be set up for optimal network security? If you follow network segmentation best practices and implement firewall security zones, you can improve security and keep your internal network isolated and protected from attacks by remote hackers.

Most companies have a well-defined network structure that incorporates a secure internal network zone and an external untrusted network zone, often with intermediate security zones. Security zones are sets of servers and systems that have similar security requirements and include a Layer3 network subnet to which several hosts link up to.

The firewall provides protection by managing traffic to and from those hosts and security zones, whether at the IP, port, or application level.

Network Segmentation Best Practices

There is no single configuration that will be ideal for all companies and all networks, since each business will have its own requirements and required functionalities. However, there are some network segmentation best practices that should be implemented.

Possible Firewall Security Zone Segmentation

Network Segmentation Best Practices

In the above depiction we have used firewall security zone segmentation to keep servers separated. In our example, we have used a a sole firewall and two DMZ (demilitarized) zones and an internal zone. A DMZ zone is an isolated Layer3 subnet.

The servers in these DMZ zones may have to be Internet facing in order to function. For instance, web servers and email servers need to be Internet facing. Because they face the Internet, these servers are the most susceptible to cyberattacks, so they should be separated from servers that do not require direct Internet access. By keeping these servers in separate zones, you can minimize the damage if one of your Internet facing servers is compromised.

In the diagram above, the permitted direction of traffic is shown with the red arrows. As you can see, bidirectional traffic is allowed between the internal zone and DMZ2, which includes the application/database servers, but only one-way traffic is permitted to take place between the internal zone and DMZ1, which is used for the proxy, email, and web servers. The proxy, email, and web servers have been located in a separate DMZ to the application and database servers for the highest possible protection.

Traffic from the Internet is permitted by the firewall to DMZ1 but the firewall should only permit traffic through certain ports (80,443, 25 etc.). All other TCP/UDP ports should be closed. Traffic from the Internet to the servers in DMZ2 is not allowed, at least not directly.

A web server may to link up with a database server, and while it may seem like a good idea to have both of these virtual servers operating on the same machine, from a security perspective this should be avoided. Ideally, both should be separated and located in different DMZs. The same applies to front end web servers and web application servers which should similarly be located in different DMZs. Traffic between DMZ1 and DMZ2 will no doubt be required, but it should only be permitted on certain ports. DMZ2 can connect to the internal zone for certain special cases such as backups or authentication through active directory.

The internal zone is made up of of workstations and internal servers, internal databases that do not have to be web facing, active directory servers, and internal applications. It is recommended that Internet access for users on the internal network to be directed through an HTTP proxy server located in DMZ 1. Remember that the internal zone is isolated from the Internet. Direct traffic from the internet to the internal zone should not be allowed.

The above setup provides important security for your internal networks. In the event that a server in DMZ1 is compromised, your internal network should still be protected since traffic between the internal zone and DMZ1 is only allowed in one direction.

By complying with network segmentation best practices and using the above firewall security zone segmentation you should be able to improve the security of your network. For greater security, we also recommend using a cloud-based web filtering solution such as WebTitan, which filters the Internet and stops end users from accessing websites known to host malware or those that break acceptable usage policies.

Exclaimer Mail Archiver Reaches End of Life

This September, the Exclaimer Mail Archiver reaches end-of-life. The Exclaimer Mail Archiver email archiving solution has been discontinued and support for the solution will no longer be provided by Exclaimer from the end of the month. That means vulnerabilities will no longer be addressed and customers will need to migrate to a new email archiving solution.

The Best Exclaimer Mail Archiver Alternative

If you are looking for an Exclaimer Mail Archiver alternative there are many solutions to choose from, but when it comes to functionality, ease of use, speed, compliance, and usability, you need look no further than ArcTitan from TitanHQ.

ArcTitan is an award-winning email archiving and email retention solution, which was recently rated as the best email archiving software company of 2021 by the independent small business review site digital.com, based on archiving features, online support, and encryption availability.

As with all TitanHQ solutions, setup is a quick and simple process. When you sign up to use ArcTitan you will be provided with detailed step-by-step instructions for configuring your email server to duplicate your emails. Your TitanHQ support team will work with your IT team to migrate your existing archive and can even work directly with your service provider for a totally pain-free migration. For the majority of clients, same day account set up is possible.

ArcTitan is a cloud-based email archiving solution, so there is no need for any on-site hardware. Compatibility is not an issue, as ArcTitan will seamlessly integrate with most email systems, including Microsoft Exchange, Microsoft 365, Zimbra, Lotus Notes, and many others and you can import an existing archive from MS Exchange, Google Apps, EML, MBOX, MSG, or PST with ease.

Advantages of ArcTitan Email Archiving

TitanHQ likes to make everything simple. All the complexity is in the background, with users able to access their archives via an Outlook add-on or a web interface. When you need to access your archive to recover emails, lightning-fast searches of the archive can be performed. In fact, TitanHQ is a front runner in the market for searchability of email archives and allows large data searches to be performed at incredible speeds. With a load performance of more than 200 emails per second from your email server, ArcTitan is one of the fastest email archiving solutions on the market.

Users also benefit from

  • Unlimited storage
  • Folder replication
  • Delegated permissions
  • Re-ingestion function
  • Disaster recovery included with impressive SLAs
  • GDPR, HIPAA and SOX Compliance
  • Seamless integration with Microsoft 365 / Office 365
  • No maintenance headaches: we monitor and manage the infrastructure 24/7, it is our job to make sure it’s performing well.
  • Massive cost and time savings

In contrast to many email archiving solutions, customers are not locked into proprietary data formats. That means you can move some or all of your data to another system as required. Email data are transferred and retrieved using open standards and you can export to EML, MSG, PDF, TIFF and PST.

No matter what, you will not have any costly, time-consuming data conversions. That includes when you join and if you leave. On top of that, ArcTitan is extremely competitively priced, which makes it an ideal Exclaimer Mail Archiver alternative.

Contact TitanHQ Today and find out for yourself why ArcTitan is the best Exclaimer Mail Archiver alternative. ArcTitan product demonstrations can be booked on request.

Digital.com Rates ArcTitan by TitanHQ Top Email Archiving Solution for 2021

The leading independent business software review site Digital.com has recognized ArcTitan by TitanHQ as one of the best email archiving solutions for small businesses, with the product named in Best Email Archiving Software Company ratings for 2021.

Digital.com rates small business online tools, products, and services. The research team conducted a 40-hour assessment of over 45 companies to determine the leading email archiving solution providers. Each company’s product was assessed based on archiving features, online support, and encryption availability.

The researchers were looking for features that make email archiving solutions ideal for small businesses, such as supported deployment, robust access controls, secure backup management, and Microsoft 365 integration.

To be considered as a leader in the field for 2021, Digital.com experts required companies to provided first-class online support, including self-help resources and easy access to live support with customer support reps. Security was also an important factor. Archives needed to have powerful encryption to ensure files and emails containing sensitive business data were well protected.

Some of the features that makes the award-winning TitanHQ email archiving solution stand out from the competition are:

  • Unlimited storage
  • Folder replication
  • Delegated permissions
  • Re-ingestion function
  • GDPR, HIPAA and SOX Compliance
  • Powerful search and retrieve tool
  • Easy Microsoft 365 integration

Having an email archiving solution that is competitively priced and easy to set up and use is important for small businesses. Small businesses typically have limited budgets and need to buy cost effective solutions. Emails need to be sent to a secure repository to meet compliance requirements, and when emails need to be recovered, when dealing with customer disputes, legal matters, or when emails are deleted from inboxes by mistake for example, it is vital that they can be found and retrieved quickly.

ArcTitan has an intuitive email search and retrieval tool that performs lightning-fast searches of emails and attachments. Plus, emails are stored securely, are replicated, and automatically backed up to ensure they are always available. Seamless integration with Microsoft 365 ensures small businesses have no IT headaches. ArcTitan truly is a set and forget solution.

If you have yet to implement an email archiving solution, are unhappy with your current service provider or want to reduce your email archiving costs, ArcTitan is the solution you need.

For further information on the ArcTitan cloud-based email archiving solution, or to book a product demonstration, contact the TitanHQ team today.

Preventing Phishing Attacks: Five Strong Tactics

As cybercriminals look for more new targets that might bear them some profit it appears that they have now shifted some focus towards infiltrating supply chains.

These attacks occur when hacking groups manage to infiltrate servers and components that companies will likely buy from third party suppliers. IT departments would presume that new equipment has not been infiltrated and happily install it onto their networks. This type of attack is now increasing, particularly evident within state-sponsored campaigns that may make it easier for cybercriminals to gain access during the production process. 

Igt will come as no surprise that, due to lower costs, the majority of technology components are manufactured in China. These components are then ordered by the manufacturer and they are instructed how to add them to their own equipment. The manufacturing/purchaser configures these components to build their systems locally before sending them on to the final destination. This means that all #malicious components inserted into hardware design will, more than likely, not be detected.

There is a small chance that some groups will carry out penetration tests on new equipment installed into their infrastructure. However, the vast majority of IT professionals will take it for granted that a brand new system will not feature weak points once it is set up and all software remains updated. Sadly there is a possibility that an opening could have been created for cybercriminals to target, allowing private data to be accessed. 

Occasionally, new equipment will transmit a signal to alert cybercriminals that malicious components are now operational. Once this is sent it is possible that a hacker could access data, review the network, remove data to a third-party server, download passwords, or configure more malware on other equipment. In more complex attacks, the malicious equipment could allow a state-sponsored threat actor remote management of the local system.

Anything configured on your network should be dealt with carefully until it’s validated and tested. Most system managers conduct tests on new hardware to see to it that there are no bugs or defects so that performance is at an optimal level. It is now just as important to review this hardware for any possible security issues.

Penetration testing should be completed in order to guarantee that there is no chance of malicious activity taking place after the system becomes operational. Any company installing hardware from third parties can mitigate risk by mapping the supply chain carefully. System penetration testing should also be completed to uncover unusual traffic patterns and activity on the local network. Backdoors might be present in order to transmit data back to the cybercriminals. 

As the targeting of supply chains becomes more prevalent  companies will have to increase their testing efforts to ensure the new hardware is safe before it is made operational within a system. TitanHQ can safeguard supply chains from cybercriminal-led.

Contact the TitanHQ team now to discover more about the cybersecurity solutions that can be added to your company’s security suite. 

 

Cisco Umbrella Alternative for SMBs and MSPs

In this post we propose an ideal Cisco Umbrella alternative that you can implement at a fraction of the cost of Cisco Umbrella, yet still have excellent protection from web-based threats and precision Internet content control for your workforce.

WebTitan Cloud is the leading Cisco Umbrella alternative for SMBs and Managed Service Providers (MSP) that serve the SMB market. WebTitan Cloud is, in many respects, a direct swap out for Cisco Umbrella, and one that will save you a small fortune on DNS filtering costs.

What is Cisco Umbrella?

In 2015, Cisco acquired OpenDNS and rebranded the OpenDNS Umbrella solution Cisco Umbrella. Cisco Umbrella is first and foremost a DNS filtering service – A cloud-based security service that protects office and home workers from online threats by filtering DNS requests. The Cisco Umbrella DNS filtering service works at the DNS lookup stage of a web request, where a URL is translated into an IP address to allow the resource to be located by a computer.

Cisco Umbrella DNS filtering allows administrators to set controls governing the web content that can be accessed, the files that can be downloaded from the Internet, along with a range of other security features such as a cloud-delivered firewall, shadow IT protection, and tools to investigate cyber threats.

Before we cover the cost of WebTitan versus Cisco Umbrella in our Cisco Umbrella review, it is worthwhile taking a moment to explain why DNS filtering is now an essential part of the security stack and why you need to add this additional layer of security if you are not already using a DNS filter.

Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

Why is a DNS Filter Necessary?

You will no doubt be aware that the internet can be a dangerous place. As an IT professional or SMB owner, you need to make sure that your employees do not venture into areas of the internet that could cause your business harm.

Even general web browsing can pose a risk of a malware infection or ransomware download, and employees can easily be tricked into visiting phishing web pages where credentials are harvested. These are very real threats that need to be mitigated.

Rather than leave things to chance and hope your employees obey the rules and recognize all threats in time, you can implement a content filtering solution such as a DNS filter. A DNS filter requires no hardware purchases nor software downloads. You just reconfigure your DNS and point it to the provider of your DNS filtering service and apply your content controls. A DNS filter will block access to malicious content an can be configured to block downloads of certain file types commonly used to install malware.

All DNS content filtering takes place in the cloud, there will be no latency, and filtering will take place without any content being downloaded. You can control the categories of content that can be accessed and, if rules are broken by employees, they will be directed to a block page and no harm will be done. You can run reports on web usage, apply controls to conserve bandwidth, and perhaps most importantly, you can prevent employees from visiting malicious websites and can block malware and ransomware downloads. Without this additional security layer, your business will be at risk.

Cisco Umbrella Review

In this Cisco Umbrella review we will cover some of the advantages and disadvantages of Cisco Umbrella and will present a Cisco Umbrella alternative that is ideal for SMBs and MSPs. The Cisco Umbrella alternative we suggest includes the most important features of the Umbrella DNS filtering solution, with some key advantages for SMBs and MSPs. First, let us consider some aspects of the Cisco Umbrella solution to save you time in your research.

Cisco Umbrella Pricing

Cisco Umbrella pricing is not particularly transparent. First, there is no Cisco Umbrella price list on the Cisco website, and while it is possible to get an idea of the Cisco Umbrella price from resellers via Google searches, their prices tend to be out of date. Cisco recently updated and renamed its three Cisco Umbrella offerings, and as part of the re-jigging of the packages and addition of extra features, the Cisco Umbrella price was increased.

Cisco Umbrella pricing is a little complicated and varies based on several different factors. Naturally the prices increase from the basic offering - DNS Security Essentials - to the most advanced version of the solution - Secure Internet Gateway (SIG) Essentials, but also by the number of users, length of the contract term, and the optional extras that are added to the standard packages. It should be noted that standard Cisco Umbrella pricing only includes basic email support. More comprehensive support is offered as an add-on at an additional cost, and you will need to pay extra for software updates and access to online learning resources.

There is a Cisco Umbrella ordering guide that provides more information about what is included, the features of the solution, and a breakdown of each package to help businesses choose the most suitable version of the solution and select the extras they need. But if a Cisco Umbrella ordering guide is required, it gives you some idea of the complexity of Cisco Umbrella pricing.

Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

Cisco Umbrella Licensing

As previously mentioned, Cisco Umbrella licensing is for three different solutions. These were initially called “Professional”, “Insights” and “Platform” but have recently been renamed “DNS Security Essentials,” “DNS Security Advantage,” and “DNS Secure Internet Gateway (SIG) Essentials.”

Cisco Umbrella licensing is based on the number of users and the minimum contract term is 1 year. In contrast to other DNS filtering service providers, with Cisco Umbrella you have to pay the costs upfront. You cannot spread the cost over the contract term with monthly billing, which makes the solution prohibitively expensive for many businesses, especially considering the cost of the SIG Essentials solution could be, with typical add-ons, in the region of $5+ per user, per month.

Is It Worth Paying the Cisco Umbrella Price?

We are not going to try to convince you not to look at Cisco Umbrella, as it is an accomplished DNS filtering solution that is suitable for many enterprises and SMBs. The product will certainly protect your business from web-based threats and will allow you to enforce your internet policies. However, there is a but. If you are already using Cisco Umbrella or have made enquiries about the solution, you will be aware that the product comes at a considerable cost.

Cisco Umbrella is not a one-size fits all solution. Cisco caters to a range of different customers, from small businesses to large enterprises and packages have been devised accordingly. The most basic offering is DNS Security Essentials, which is a bare bones DNS filtering package that blocks malware and ransomware downloads and allows you to enforce your Internet policies. However, there are many important features lacking that most SMBs will feel are important. For instance, now that most websites have moved over to HTTPS, connections to those sites are encrypted. You therefore need to decrypt, inspect, and then re-encrypt that traffic. The basic package does not include this feature - termed SSL inspection. That means those websites will be opaque to the solution and many malicious websites now have SSL certificates. Full decryption and inspection of all SSL traffic is only available in the top-level package. The mid-range solution only has partial decryption and inspection (for risky websites).

DNS Security Advantage is the second package offered, which provides more features such as greater insight for investigations, file threat intelligence, and  other tools. At the top end is the comprehensive Secure Internet Gateway Essentials package, which offers enterprise-grade DNS filtering with a host of features required by enterprises with a huge workforce. For most SMBs, the top package will offer a host of features that will most likely not be used. Unfortunately, the lowest level package is missing some important features that really are required by many SMBs.

What is the Cisco Umbrella Cost Per User?

So, how much does Cisco Umbrella cost? This is a key consideration for SMBs as they are likely to have limited budgets. They need to pay for several layers of cybersecurity to block the threats they are most likely to encounter. Spend top dollar on one solution and it is likely to mean less can be spent on other important security controls.

At the standard level, the Cisco Umbrella cost per user is $2.20 per month as of the start of 2021, which is considerably more than Cisco Umbrella alternative options such as WebTitan. For 100 users, Cisco Umbrella will cost $2,640 per year and that price only includes basic email support. If you opt for one of the more advanced packages, and we believe the middle package is the lowest level you should really consider due tot he lack of SSL inspection in the basic package, that price will increase considerably.

The standard price for a Cisco Umbrella alternative is around $1.00 to $1.50 per user per month, but here at TitanHQ we have a highly competitive pricing policy and can provide you with a Cisco Umbrella alternative for as little as $0.90 per user per month. That will save you $1,560 per year, based on 100 users compared to the basic Cisco Umbrella price.

Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

There is More to Consider than the Cost of Cisco Umbrella Alone

Cost is not the only consideration, although it is certainly important. You will want to ensure that your DNS filter allows you to control content easily and it must provide protection against web-based threats. So, does opting for a Cisco Umbrella alternative reduce the protection you will get? Actually, you can pay less and improve protection, have an easier to use product, with better reporting, and less complexity.

At TitanHQ we have a totally transparent and flexible pricing policy and provide the same, high level of protection for everyone. All customers benefit from full SSL inspection to ensure that HTTPS traffic is inspected and analyzed, and all customers get industry-leading customer support at no extra cost.

WebTitan is also loved by users who rate it highly for ease of setup, ease of use, ease of admin, and for the quality of support provided. This can be seen on review sites such as G2 Crowd, as detailed below.

Cisco Umbrella alternative

The Leading DNS Filtering Solution for MSPs Serving the SMB Market

TitanHQ is the global leader in cloud-based email and web security solutions for MSPs that serve the SMB market. WebTitan has been designed to be ideal for MSPs and includes a host of features not offered by Cisco. In contrast to all packages of Cisco Umbrella, we offer a range of hosting options - with TitanHQ, in a private cloud, and you can even host the solution in your own environment, something that is important for many MSPs. You can also have WebTitan in white label form ready to take your own branding, another big plus for MSPs that is not offered by Cisco. The solution is also easy to integrate seamlessly into your own security and customer management solutions thanks to a suite of APIs. Onboarding new customers is simple and painless, and managing their web filtering settings is straightforward. All customers are kept separate in the solution and you can apply individual settings with ease, but you can still apply bulk settings to all customer accounts. Plus you can manage the solution securely from anywhere with an Internet connection.

Cisco Umbrella alternative for MSPs

Many MSPs are now making the switch from Cisco Umbrella to WebTitan, with the most common reasons being the high cost of Umbrella, which has to be passed on to customers or absorbed. It can be a difficult sell with the high cost, even though the benefits of web filtering are usually understood by clients. The usability of the solution is also a common complaint, as is the quality of post-sales customer support and the lack of flexibility.

UK-based managed service provider Network Needs is one of the MSPs that has made the switch from Cisco Umbrella to WebTitan, and accurately sums up the experience of the many MSPs that have done the same. "When we decided to trial WebTitan we were happily surprised. Straightaway we dropped Cisco Umbrella and moved to WebTitan and it is impressing us every day," said Network Needs Technical Director, Ryan Lochhead. "WebTitan easily integrated into Network Needs existing service stack, avoiding any delays in offering the service. There is comprehensive remote management and monitoring via an API. Any MSP will benefit from WebTitan’s many advantages"

Protection from web-based threats and precision Internet content control for your workforce. Book a FREE WebTitan demo.
Book Free Demo

How Does WebTitan Compare to Cisco Umbrella?

WebTitan Cisco Umbrella Comparison Chart

Find out More About Our Alternative to Cisco Umbrella Today!

Our sales staff will be happy to explain the benefits of WebTitan over Cisco Umbrella and schedule a product demonstration to show you how easy the solution is to use and integrate into your own environment. If you would like to try WebTitan before committing, you can also take advantage of our free 14-day trial. For the duration of the trial you will have access to full product support to ensure you get the most out of the solution. For more information, give the TitanHQ team a call today.

Frequently Asked Questions (FAQs)

Is Cisco Umbrella the same as OpenDNS?

Cisco acquired OpenDNS and rebranded the OpenDNS enterprise security products as Cisco Umbrella. Cisco Umbrella is not exactly the same as OpenDNS, but they do perform the same function, with Cisco Umbrella providing enterprises with greater control, more features, and better integration with other Cisco solutions.

Is Cisco Umbrella worth the cost?

Cisco Umbrella is a powerful web security solution that provides important security benefits and visibility into the Internet activity of all devices and users. While the threat protection is excellent, the cost of the solution can be prohibitively expensive for many small businesses, who can get the features they need from a solution at a fraction of the cost.

Who uses Cisco Umbrella?

While any company can benefit from Cisco Umbrella and improve security, the solution is aimed at mid-to large-sized organizations and includes many features that smaller businesses will not need or use. If you are just looking for a web security solution to control access to web content and block malware downloads, you will be able to make considerable savings with WebTitan.

Is Cisco Umbrella DNS Security Essentials worth the cost?

The features included with the cheapest package of Cisco Umbrella – DNS Security Essentials - are very limited. Businesses looking for the features provided by DNS Security Essentials will be able to get them and more – full SSL inspection for instance - with a Cisco Umbrella alternative such as WebTitan Cloud.

Is Cisco Umbrella a good choice for MSPs?

Cisco does provide Umbrella for Managed Service Providers and it is a good solution for protecting clients and preventing costly malware infections. While an accomplished product, the cost can be high for MSPs, especially those serving the SMB market and there is no option for hosting within an MSP data center and the solution will not be provided as a white label.

New Geo-blocking Email Security Feature Included in SpamTitan 7.11 Release

New Geo-blocking Email Security Feature Included in SpamTitan 7.11 Release

A new version of TitanHQ has been launched that introduces Geo-blocking email filtering in addition to many other updates and fixes aimed at enhancing usability.

This new version of the award-winning email security solution added geo-blocking due to the high level of demand from existing users. It will be included with the solution at no additional cost to the subscription. This Geo-blocking feature means that users of the solution will be able to prevent, or permit, emails sent from specific geographical areas being delivered to their inbox(es). This is done using the country of IP address of the mail server that the email is sent from. This places an additional level of security for companies that allows them to restrict access to geographic threat vectors and stop malware, ransomware, and phishing emails from landing in inboxes.

A country can be selected and all emails from individuals and groups in that location will be blocked. Doing this can greatly improve your company’s cybersecurity efforts as the majority of malicious emails originate from a small number of countries. These are, in most cases, countries that most small- to medium-sized businesses do not have any contact with. Due to this it will not have any impact on business to block this country and it could save a lot of money that would have been lost in addressing a successful cyber attack. 

This is simple to configure within the SpamTitan solution. It can be enabled within the SpamTitan Country IP Database. For companies that do not wish to block every group from a specific country or domain, there is a whitelisted option which will allow you to approve specific senders and their email will be allowed to reach the correct inboxes.A

Along with geoblocking there are a range of other security improvements that have been created in order to further strengthen the already excellent threat detection and blocking mechanisms within SpamTitan. These include an upgraded sandboxing tool that places more security from attacks featuring malware, ransomware, phishing, spear-phishing, Advanced Persistent Threats, and malicious URLs hidden within emails. 

Recently reported bugs have been addressed and have resulted in better email rendering in Mail Viewer and the option of removing quarantine report token expiry and improving domain verification.

TitanHQ CEO Ronan Kavanagh said: “Geoblocking has been a much-requested feature and as always we listen to our customers and provide what they need to implement the very best email security they can. After experiencing 30% growth in 2021, TitanHQ expects these product enhancements and new features to make 2021 another record-breaking year.”

SpamTitan can be provided as a 100% cloud-based solution or as an anti-spam gateway, which is run as a virtual appliance on existing company hardware. Existing users of SpamTitan Cloud will have their solution automatically updated on September 14, 2021.A full description of the latest updates in SpamTitan 7.11 is available here.

Users of SpamTitan Gateway will need to manually upgrade to the latest version via System Setup > System Updates.

 

Most Popular Phishing Tactics Cybercriminals Use

Most Popular Phishing Tactics Cybercriminals Use

Cybercriminals normally use phishing attacks in order to steal access credentials to corporate networks which will allow them to download private data, install malware, and commit further fraudulent attacks.

This type of attack is, typically, carried out through emailing individuals and getting them to hand over credentials and protected information. hackers normally use ‘social engineering’ tactics to make the recipients of the email believe that the communication they are sending is genuine. This is accomplished by pretending to be real people within the same group, often by creating an email address that is very close to the authentic email address with a similar layout as well. These emails will feature a URL that takes anyone who clicks on it to a data harvesting website that is laden with malware and adware. In order to ensure that their conversion rate is higher the cybercriminals make the spoofed website look almost identical to the real website as is possible.

These spam attacks offer the chance of a high return for a minimal effort for the hackers. Additionally, if they are detected, it is very difficult to apprehend those responsible for conducting them. Here we have listed the most common ways that hackers use email to try and steal private data. The emails will include:

  1. Information that advises accounts are about to be closed unless the website is visited to stop this from happening immediately
  2. Advice related to account changes that could be suspicious
  3. IRS/tax related notices that relate to you qualifying for a refund due to an overpayment
  4. Payment requests for something that you never placed an order for
  5. Proof of identification requests
  6. Contact from the police is relation to crime you are believed to be linked to
  7. Malware detection notices

It is also important to recognise that there are alway new types of phishing email introduced by cybercriminals. Along with the usual phishing campaigns that feature fake invoices and resumes, missed deliveries, and fake account charge notifications are regularly used there are also topical current events-related lures. Recently there have been phishing campaigns linked to COVID-19, the TOkyo Olympics and Euro 2022.

The best way to tackle the most popular types of phishing attacks, along with topical attacks, is to configure an advanced spam filtering solution like SpamTitan. Using SpamTitan will put in place strong security that can prevent phishing and other malicious emails from allowing your databases and valuable information to be accessed by criminals. This is done thanks to the use of a wide variety of tools that include machine-learning to identify suspicious messages, sandboxing, dual antivirus engines, greylisting, and malicious link detection mechanisms. This solution blocks the receipt of malicious messages and, when used in tandem with cybersecurity training, can practically reduce the chance of your system being successfully attacked to zero. 

Contact the TitanHQ team now to discover more in relation to safeguarding your databases from phishing and spam attacks. There is a free trial available and you can request a product demonstration which will allow you to see how little investment is needed to secure your systemes from all possible phishing attacks. 

 

Cybercriminals Stole $1.9m in Southern Oregon University Phishing Attack

A Southern Oregon University phishing attack has demonstrated exactly why so many hackers have opted for phishing to make money. The Southern Oregon University phishing attack involved just one phishing email. The attackers pretended to be a construction company – Andersen Construction – that was erecting a pavilion and student recreation center at the University.

The attackers spoofed the email address of the construction firm and asked for all future payments be directed to a different bank account. The university then transferred the next payment of €1.9m to the new account in April 2019. The university realized the construction firm had not received the funds three days later. The FBI was made aware of the situation as soon as the fraud was discovered and attempts were made to recover the funds. The university reports that the hackers had not emptied all of the funds from their account, but a sizeable amount of the payment had been withdrawn and could not be recovered. Joe Mosley, a representative for SOU said, “It’s certainly not all of the money that was transferred, but it’s not just nickels and dimes, either.”

In order for a scam like this to be successful, the hackers would need to be aware that the construction project was taking place and the name of the firm that had been awarded the contract. that information is not hard to find, and universities are easy to target as they often have ongoing construction projects.

These attacks are referred to as Business Email Compromise (BEC) scams. They typically involve a contractor’s email account being hacked and used to send an email requesting changes to payment information, although these scams need not involve compromising an email account. Spoofing an email account can be just as effective.

Increase in BEC Attacks Prompts FBI Alert for Universities

In this instance, the payment was massive but it is far from an isolated incident. The FBI has issued warnings to universities to be wary of attacks such as this. BEC attacks may not be nearly as common as other forms of cybercrime, but they are the leading cause of losses to cybercrime as the payments made to the attackers are often considerable. Payments are often of the order of several hundred thousand dollars or in some cases millions.

The FBI said that access to a construction firm’s email account is not required. All that is required is for the scammer to buy a similar domain to the one used by the firm. Accounts department employees should carefully check the email address in any request to change banking information or payment methods, as it is common for domains to be used that differ from the genuine domain by only one letter. for instance, an L may be used instead of an i or a zero instead of the letter O.

The Southern Oregon University phishing attack shows just how simple it can be for cybercriminals to pull off a BEC attack. Protecting against BEC attacks requires employees to be vigilant and to use extreme caution when requests are made to alter bank accounts. Such a request should always be verified by some means other than email. A telephone call to the construction firm could easily have identified this scam before any transfer was completed.

BEC Scammers Steal $2.3m from New Hampshire Town

Peterborough, a town in New Hampshire, was recently the focus of an attack by BEC scammers who were able to diver a number of bank transfers before being discovered.

This occurred when the cybercriminals shared forged documents to workers in the Finance Department of the town, requesting them to complete amendments to account information for a range of different payments. This complex scam was responsible for more than one email exchange between workers. It is clear that the cybercriminals had completed in-depth research to ascertain the most valuable transactions to focus on.

The scam was first identified when the ConVal School District alerted the town when they had never received a $1.2 million transfer of funds that had been. Peterborough officials looked into this and confirmed that the transfer had been made. However, the investigation also confirmed that the bank account details had been changed and that two large bank transfers to the contractor in question had been sent to hacker-controlled accounts. Overall, $2.3m was stolen  in the attack.

BEC attacks are complex in nature. Cybercriminals have finely-honed talents for conducting these campaigns and can very simply fool finance department workers into believing that they are being directed by the CEO, CFO, or a vendor using email, since the authentic email account is being used. The hackers also research the type of emails normally shared by the owner of the account and copy that style so as not to be detected.

There is a process that groups must employ in order to prevent the initial attack vector and to discover scams in time to prevent any fraudulent transfers of funds. The main security measure in this type of attack is a spam filtering solution, which will tackle block the first phishing email used to obtain the credentials for internal email accounts. SpamTitan uses a variety of features to spot and quarantine these phishing emails, including machine learning technology that can identify email messages that are not the same as normal messages usually received by staff members. Outbound scanning is used to discover phishing attacks as the cybercriminals attempt to use employee email accounts to infiltrate the accounts of their final target – the CFO or CEO. Rules can also be set to flag attempts to share sensitive data – such as W-2 forms – using email.

Along with spam filtering, it is crucial for groups to raise awareness of the threat of BEC attacks in their group, particularly among workers in the finance department. Policies and processes should also be implemented that require any change to payment details to be verified by telephone using previously confirmed contact details. Using these simple steps can be the difference between tackling an attack and sending millions of dollars directly to the hackers’ accounts.

Contact the TitanHQ team now if you wish to enhance your cybersecurity measures in the face of BEC and phishing attacks. 

 

Office 365 Credentials Stolen Using Sneaky Tactics

Over the last few months organizations using Office 365 are being attacked using a sneaky phishing campaign that is using a variety of different tactics to trick recipients and email security measures.

The focus of this campaign is to get recipients to unwittingly share Office 365 credentials that can be used to commit further email fraud. 

The campaign begins with phishing emails being shared from email addresses that appear to be authentic. This is accomplished as spoofed display names are being included to make the sender appear genuine. The campaign concentrates on specific groups and includes believable usernames and domains for sender display names linked to the target and the messages also incorporate authentic logos for the targeted company and Microsoft branding.

Additionally the messages feature believable Microsoft SharePoint lures to fool recipients into clicking on an embedded hyperlink that will take them to the phishing URL. Those who receive the email messages are advised that a co-worker has shared a file-share request that they may have missed, along with a link that will take the recipient to a web portal hosting a fake Microsoft Office 365 login form.

To get recipients to click on the URL, the emails say that the shared file includes information in relation to bonuses, staff reports, or price books. The phishing emails incorporate two different URLs with malformed HTTP headers. The main phishing URL is for a Google storage resource which points to an AppSpot domain. If the user  completes the signs-in process, they are brought to a Google User Content domain with an Office 365 phishing page. The second URL is embedded in the notification settings and brings users to a compromised SharePoint site, which again requires the user to sign in to get to the final page.

To trick email security solutions, the messages employ extensive obfuscation and encryption for file types often connected with malicious messages, such as JavaScript, along with multi-layer obfuscation in HTML. The threat actors have employed old and unusual encryption tactics, including the use of morse code to mask segments of the HTML deployed in the attack. A variety of the code segments used in the attacks are found in several open directories and are called by encoded scripts. Microsoft cybersecurity specialists found, and tracked, the campaign and compared it to a jigsaw puzzle, where all the pieces look normal on their own and only become dangerous when they are correctly pieced together.

This campaign is very dangerous, with the threat actor having gone to great trouble to mask their true intentions in order to get end users to hand over their credentials. 

Should you be worried in relation to your cybersecurity measures and wish to tackle attacks like this, contact the TitanHQ team now to find out more in relation to security solutions that can be easily put in place to prevent phishing and other email threats to enhance your security suite.

 

 

MSP Cybersecurity Selling Tactics

While a lot of companies are unable to invest a large amount of money in cybersecurity solutions, many do opt to avail of the services provided by Managed Service Providers (MSPs).

Due to this it is important for MSPs to make smaller companies aware of the crucial service that they can provide for them. The lack of a good cybersecurity service can lead to data breaches and, in some cases, regulatory fines and legal issues. 

It is no surprise that cash-strapped small businesses have not invested thousands of dollars on cybersecurity measures so it is the role of their MSP to make them aware of the importance of having an adequate cybersecurity structure in place to prevent hacking attacks. So the onus is on the MSP to ensure that their client(s) are completely aware of the level of risk they are facing. As the needs of all businesses are different there will be different levels of threat that each faces. An audit of the risk the client is facing will provide them with the knowledge to enable them to make a smart decision when it comes to investment in cybersecurity. This is much more useful for a small company as they will not find themselves investing in a package with many features that are of no use to them.

Small companies will appreciate the level of risk that they are facing, rather than being bewildered with the technical aspects of each solution that they are being provided with. While this technical information should certainly be provided, it is not going to be the thing that pushes most small companies into making an investment decision. 

Monitoring is equally important for the prevention of cybersecurity attacks. Once installed, cybersecurity solutions must be maintained. This means it is important for MSPs to see to it that there is an adequate amount of staff working to spot all potential cyberattacks and work swiftly to mitigate them. In order for the client to know what they are investing in they need to be made aware of the difference between IT and cybersecurity support. A lot of clients will think that these two solutions are the same thing when this is really not the case. 

It is important to MSPs to be able to educate and add value for the stakeholders at their client companies so that the value of investment is appreciated and there is a build up in trust. This is one place where MSP clients can be assist4e by TitanHQ.

Through the provision of smartly priced , robust and proven cybersecurity solutions to address the threat posed by typical hacking attack vectors, in addition to a solution for backing up and archiving business critical data, Titan HQ enhances security measures everywhere. 

If you would like additional details in relation to the cybersecurity solutions for MSPs ,provided by TitanHQ, contact them now to find out more about TitanHQ email security, DNS filtering, and email archiving, and the TitanShield Partner Program.

Once up and running with the TitanShield Program, MSPs will gain strong tools, marketing assistance, and training support to help them sell cybersecurity solutions to their clients.

 

Some Credit Unions Still Lacking Strong Email Security

It is well known that financial institutions are an ideal target for cybercriminal. Despite this Credit unions still lag behind when it comes to configuring adequate cybersecurity for their email systems. This shortcoming leaves these bodies wide open or hackers who aim to get access to banking systems and financial data.

With a strong email security system in place internal employees and the financial institution’s customers are safeguarded from possible infiltration. It can prevent a phishing email tricking an account holder believing that they have received what looks like an email from the credit union. A spoofed message will be designed so that only a closer look will reveal that it is not genuine. Skilled cybercriminals are availing of email servers that don’t have any spam flags in place so they will be able to bypass basic security measures to land in a prospective victim’s inbox. Additionally there is a chance that the account holders use an email provider with poor spam detection, which means that the malicious message will not be quarantined.

However, if the account holder has good email filters, the malicious message will be marked as spam. As this is not, typically, the case cybercriminals are aware that their phishing messages will reach a good number of the intended recipients, potentially earning them thousands of dollars.

Credit unions require a minimum of Domain-based Message Authentication, Reporting & Conformance (DMARC) in order to tackle phishing messages. In order for this to be as successful as possible, both the recipient email system and the domain owner (the credit union) must configure DMARC.

There are two parts to a DMARC system: SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). SPF is the IP addresses that are permitted to send email for the domain. The SPF entry is placed on the domain owner’s name server as a DNS record, from here it will prevent email spoofing. When email messages are issued with an unauthorized IP address, it is marked as a “failed” DMARC status and is not shared with the intended recipient. There is, however, an onus on the recipient’s email service to review the status and quarantine/delete the incoming message.

DKIM is a signature system that makes sure that cybercriminals have not altered a message. An encrypted signature is shared including the headers of the message using the recipient’s public key placed as a DNS entry at the host. The recipient’s mail server can then authenticate the recipient message to deduce if the signature is the same by encrypting the same message and comparing it to the resulting value. The resulting value should be the same if no content within the message has been changed.

It is often, incorrectly, believed that small businesses are not a valued target of phishers. However, Credit Unions are small financial institutions that can be perfect targets as they are known for not having a strong cybersecurity suite in place. DMARC rules will address the threat posed to these bodies. 

Phishing can be conducted at a low cost by hackers so it is crucial for organizations to focus their efforts on fighting it. Using DMARC will safeguard internal staff members and account holders who are being sent emails

 

 

Case Study: Home Depot Data Breach Cost $179 Million

When pondering how much to spend on cybersecurity defenses, be sure to consider the cost of a retail data breach. Ill-advised security practices and a lack of proper cybersecurity defenses can cost a company dearly. That was certainly the case for Home Depot.

A data breach of the scale of that which impacted Home Depot in 2014 can cost hundreds of millions of dollars to address. The Home Depot data breach was huge. It was the largest retail data breach involving a point of sale system ever to be reported. Malware had been downloaded that allowed cyber criminals to obtain over 50 million credit card numbers from Home Depot customers and around 53 million email addresses.

The Home Depot cyberattack was conducted using credentials that had been stolen from one of the retailer’s vendors. Those credentials were used to obtain access to the network, the attackers then elevated privileges, and moved laterally undetected until they found what they were looking for: The POS system. Malware was downloaded that recorded credit card details as payments were made, and the information was silently exfiltrated to the attacker’s servers. The malware infection went unnoticed for five months between April 2014 and September 2014.

DNS blocking is one of the most effective ways of preventing Internet users from visiting malicious websites. Book a FREE WebTitan demo.
Book Free Demo

Last year, Home Depot agreed to pay out $19.5 million in damages to customers that had been impacted by the breach. The payout included the costs of providing credit monitoring services to those affected by the breach. Home Depot has also paid out a minimum of $134.5 million to credit card companies and banks. The latest settlement amount will permit banks and credit card companies to submit claims for $2 per compromised credit card without having to show proof of losses suffered. If banks can show losses, they will have up to 60% of their losses compensated.

The total cost of the retail data breach is approximately $179 million, although that figure does not incorporate all legal fees that Home Depot must pay, and neither does it include undisclosed settlements. The final cost of the retail data breach will be much bigger and is likely to pass the $200 million mark.

Then there is the reputation damage suffered as a result of the data breach. Following any data breach, customers often take their business elsewhere and many consumers that were affected by the Home Depot breach said they would not shop there again. A number of studies have been carried out on the fallout from a data breach, with one HiTrust study suggesting companies may lose up to 51% of their customers following a breach of sensitive data.

 

MSP Cybersecurity Selling Tips

Managed Service Providers (MSPs) are often used by smaller organizations that do not have their own IT department, in order to meet the technology and cybersecurity requirements.

The challenge in this scenario is that MSPs need to be able to relay to the small companies that are trying to make their budgets stretch as far as possible the importance of investing in the strongest possible cybersecurity measures. 

It is crucial that small businesses are fully aware of the dangers that they are facing unless they introduce a strong cybersecurity suite. Any data breach could lead to regulatory fines and costly litigation. There are a number of different ways that MSPs can get this message across to their clients and we have detailed them below. 

Focus on Enhancing Cybersecurity

There is a good business opportunity for MSPs to increase their revenue by selling cybersecurity security services to small companies that currently have no structure in place.The easiest way to do this is to show clients the risks that they are taking by not having strong cybersecurity measures implemented. As all companies have different needs it is up to the MSP to spot where the need of the company sits in relation to cybersecurity and concentrate on this. 

This is easier following an audit of the company’s current cybersecurity strategy, or lack thereof. Companies will appreciate a bespoke level of cybersecurity measure, matched to their specific needs, rather than being sold a package that includes a range of measures that they have no need for. Providing the company with the audit will assist in the sales process also as these companies may not have the resources to complete this themselves.

With the audit a step-by-step process for addressing each vulnerability can be included to allow the company to see how their worries will be alleviated. As configuring and investing in cybersecurity solutions is a massive step for small companies with a limited budget it is crucial that the decision makers for potential clients are able to quantify the benefits that they are gaining from any possible investment. 

Importance of Cybersecurity Support Being Provided by an MSP

In order for them to be effective, cybersecurity solutions have to be properly set up and managed. MSPs must do their utmost to ensure that clients also invest in cybersecurity so that the product they are selling is set up correctly. 

By relaying to the client the importance of this aspect, and the difference between IT support and cybersecurity support, clients will be more likely to invest in this service. After communicating with the client there should be no confusion between the two and the needs for the latter should be obvious to the purchaser. Doing this successfully will make the business relationship easier going forward as there will be less issues and a stronger level of service provided. 

TitanHQ

TitanHQ can be an excellent solution for MSP clients to avail of as it is competitively priced, strong and configured to tackle the most common attack vectors, along with a solution for backing up and archiving business critical data.

Contact TitanHQ nwo to find out more in relation to TitanHQ email security, DNS filtering, and email archiving for MSPs, and the TitanShield Partner Program. MSPs that are a member of the TitanShield Program will be given in-depth and strong tools, marketing advice, and training support.

 

Should You Block File Sharing Websites in the Workplace to Stop Malware Infecting Your Network?

There are valid reasons why you should block file sharing websites in the workplace. These websites are mainly used to share pirated software, music, films, and TV shows. It would be improbable that the owner of the copyright would take action against an employer for failing to stop the illegal sharing of copyrighted material, but this is an unnecessary legal danger and there is currently a crackdown on illegal file sharing.

The main risk from using these websites comes in the form of malware. There is limited data on malware downloads from pirated software, although data from a study in 2013 highlight how common it is. The study as conducted by IDC on 533 websites and peer-2-peer file sharing networks, the downloading of pirated software led to spyware and tracking cookies being downloaded to users’ computers 78% of the time. More concerning is the fact that Trojans were downloaded with pirated software 36% of the time.

A survey carried out on IT managers and CIOs at the time showed that malware was downloaded 15% of the time with the software.  IDC found that overall there was a 33.3% chance of infecting a machine with malware by using pirated software.

Even browsing on torrent sites can be harmful. Malwarebytes has reported users of the popular torrent site The Pirate Bay were shown malicious adverts. An advertiser used a pop-under to silently redirect users to a malicious site that had the Magnitude exploit kit which was used to install Cerber ransomware onto users’ devices.

A study completed by UC San Diego involved testing pirated software downloads using VirusTotal. VirusTotal reviews files against the databases of 68 different anti-virus services. The research team found that 50% of pirated files were infected with malware.

Dealing with malware from pirated software was found to take around 1.5 billion hours per year. For companies the cost can be considerable. IDC estimated the cost to enterprises to be around $114 billion in 2013 alone. And that was just for the clean-up. The cost of data breaches caused by illegal software installations was calculated at around $350 billion.

New malware variants are often discovered in pirated software and fake software available through P2P file sharing websites. In 2021, NordLocker identified a previously unknown malware variant that was being distributed in pirated video games and software such as Adobe Photoshop. The malware was not detected for 2 years, during which time it had infected more than 3.2 million computers.

Businesses can monitor devices and check for unauthorized software downloads on individual devices; however, by the time a software installation has been identified, malware is likely to already have been downloaded. A recent report by Verizon indicates that on average, hackers are able to extract data within 28 minutes of obtaining access to a system.

One of the simplest ways to manage risk is to block file sharing websites including P2P and torrent sites. A web filter can be easily set up to block file sharing websites and stop them from being accessed. Many web filters can also be set up to block specific file types from being installed, including keygens and other executables.

If organizations block file sharing websites in the workplace they will ensure that copyright-violating activities are stopped and and the risk of malware downloads is effectively mitigated and users are prevented from visiting websites hosting phishing kits.

Choosing not to block file sharing websites in the workplace could turn out to be expensive for a company. It is far better to block possibly dangerous websites and online activities than to have to cover the cost of removing malware infections and remediating data breaches.

Remote Working on Public Wi-Fi Concerns

The problems associated with working via public Wi-Fi are well known, especially now as workers globally shift to a remote working or hybrid model of office use. 

Even though a large number of companies have recognized the advantages linked to remote working and having staff members work from home, many other organizations are putting in place the hybrid working routine that permits employees to be based away from the office for part of their working week at least. 

However, there are many things to be wary of when it comes to accessing the Internet via public Wi-Fi networks, one of the most significant being the Wi-Fi access point that people log on to is not the same as the Wi-Fi network of the individual’s employer. It has happened on previous occasions that cybercriminals have created WiFi networks which are designed to look like authentic Wi-Fi access points. This type of connection has been labelled as ‘evil twins’.

Hackers are known to set up malicious proxies, view network activity, and create user redirects to take Wi-Fi users to websites that are loaded with malware. If Bluetooth and NFC are enabled, a hacker could locate nearby devices and download information that could allow them to locate and focus on a specific individual.

There are a range of different tactics that should be implemented to prevent remotely-based workers from sharing their details due to  a phishing attack, or otherwise impact their device or their organization’s databases. The most straightforward of these is to restrict or forbid the use of public Wi-Fi networks. However, doing so may greatly impact the productivity of remote workers.

Logging on to a public WiFi network, if there is no other solution available, should only be done if there is encryption and strong authentication in place to ensure a high level of security. It is also wide to make sure that a password is necessary to access the WiFi hotspot.

It is advisable for organizations to implement a variety of different security measures such as setting up a company policy that bans the use of public Wi-Fi networks or uploading any sensitive data on websites that do not begin with ‘HTTPS’. Creating a Virtual Private Network (VPN) for employees with enough capacity to permit everyone to log on at the same time is a smart move as it extends the scope of web filters to remote workers’ devices. This will stop access to web pages known to be malicious and stop malware downloads.

Options like WebTitan are simple to configure so as to secure remote workers’ devices, and filtering controls will then be managed in the same manner as if the employee was sitting at a workstation in the corporate headquarters.

It is also important that cybersecurity best practices are followed like running all patches and software updates once they are available. Multi-Factor authentication should be enabled and anti-malware software installed. Anti-spam services – like SpamTitan  – should also be configured to stop email attacks, and firewalls should be switched on to stop unauthorized inbound and outbound connections.

 

 

2020 Witnessed Massive Surge in Healthcare Data Breaches

According to figures from the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR), 2020 saw record numbers of healthcare data breaches reported – more than in any other year since healthcare data breaches started to be tracked. An article published on HIPAA Journal in January, 2021 included an analysis of healthcare data breaches in 2020 with the following findings:

  • Over 29 million healthcare records were breached from January 1 to December 31, 2020
  • There was a rate of 1.76 healthcare data breaches reported per day
  • Healthcare data breaches grew by 25% year-over-year
  • During 2020, 642 healthcare data breaches of 500 or more records were discovered

In addition to this:

  • The total number of healthcare data breaches has doubled since 2014 and tripled since 2010.
  • Over 3,700 breaches of 500 or more records have been reported since October 2009
  • Since 2009, more than 268 million healthcare records have been breached

How Data Breaches Occur

There are many different causes of healthcare data breaches, the most common of which are:

  • Hacking of servers and email accounts
  • Portable devices being stolen or lost
  • Unauthorized disclosures of personal healthcare information

The size of some of the data breaches is staggering. One largest breaches of the year was reported by the Dental Care Alliance, and was discovered on October 11, 2020. The payment card numbers of more than 1 million patients were compromised in the attack. The hackers initially obtained access to DCA systems on September 18, and access remained possible until October 13. Along with payment card data, those responsible may have illegally taken patient names and contact information as well as medical information and insurance information.  Patients were made aware of the attack in early December and approximately 10% of the patients later reported misuse of their data.

There are many factors that have led to the huge spike in attacks that took place over the last 12 months. Ultimately, the increase in attacks is simply due to cybercriminals targeting the healthcare sector to gain access to sensitive data. Patient records are extremely valuable as they can be used for multiple types of fraud. While credit card information will only garner a few dollars on their own, patient data can be sold for up to $150 per record. For healthcare providers, the cost of mitigating data breaches is considerable. the IBM Security Cost of a Data Breach Report shows the cost of a healthcare data breach has risen by 16% and is now costs and average of $499 per record.

Healthcare organizations have a responsibility to secure patient data and prevent attackers from accessing systems containing patient data. TitanHQ can assist healthcare organizations by providing solutions to block the most common attack vectors. Get in touch with TitanHQ now to discover how our award winning solutions can stop hackers from gaining access to patient data.

Businesses Face Massive Challenges as Phishing Attacks Surge

Since the beginning of 2020 there has been a noticeable spike in the amount of ransomware attacks recorded. Less noticeable however, has been that phishing attacks are also extremely widespread nowadays.  

Phishing attacks aim to steal passwords and other login credentials that will unlock access to databases and, potentially, much more valuable private data. Particularly attractive for phishers are email credentials. For instance, a healthcare worker’s email account will often hold valuable healthcare data, health insurance details, and Social Security information. This range of information can be deployed to carry out identity theft or other fraudulent activity. 

The start of most phishing attacks is when a phishing email is sent in order to try and trick the recipient into handing over access details for a database. There have been many different research studies completed that have indicated that phishing is one of the main threats facing groups. In the UK and the US, two recent surveys have revealed that 75% of companies had suffered a data breach in the last year while another study showed that more than 50% of IT management have witnessed a surge in phishing attacks in the past year.

Employee training courses are crucial in order to increase awareness of the phishing threat. The current trend towards remote  working has made providing this a much more tricky challenge. Refresher classes must be conducted on an ongoing basis or vulnerabilities can come to the surface. Phisher often change their tactics and new trends must be made known to employees so that they know what to look out for. As phishing emails evolve and continue to look more and more realistic the challenge linked to spotting these attacks becomes all the greater.

Two of the best technical approaches to combating phishing attacks are spam filters and web filters. When used in tandem they can provide a strong forcefield to bolster cybersecurity measures and block all attempts to infiltrate your databases.

A spam filter must have specific features configured to tackle complex phishing threats. By using blacklists emails from known malicious IP addresses will be blocked. However, IP addresses can often be changed so machine learning approaches are required to tackle brand new phishing tactics and threats from IP addresses not regarded as malicious. Using multiple AV engines malware threats can be handled, while sandboxing can be used to identify spot malware straind. DMARC is also vital to take on email impersonation attacks, while outbound scanning is important for quickly discovering infiltrated inboxes. All of these features are used by SpamTitan, which is why the solution registers a high block rate (over 99.97%) and low false positive rate.

Web filters are mainly used to limit access to potentially dangerous websites, whether they are sites with pornographic content or malicious sites employed for phishing and malware transmission. Web filters, especially DNS-based filters, greatly enhance security in the face of threats. they will also prevent access to known malicious websites and block malware installations. WebTitan provides all of this and can easily be set up to safeguard remotely-based employees workers.

With phishing attacks are on the rise it is crucial for companies to configure solutions to address this threat. For more details on SpamTitan and WebTitan, and how they can make your company safer, contact TitanHQ now. 

 

 

Public Wi-Fi Issues for Remote Working

The issues caused by using public Wi-Fi are widely known and should be more widely recognized and the global shifts towards remote working. Since the beginning of the COVID19 pandemic. a large number of companies have had little choice but to permit the staff members to work from a remote location.

While a lot of companies have witnessed the benefits to remote working and having staff members work from home, many other businesses are beginning to operate with a hybrid working model that allows staff to work remotely for a portion of the week as a minimum. 

There are a range of dangers to be addressed when using the Internet on public Wi-Fi networks, one of the most serious being the Wi-Fi access point that people log on to is not really the Wi-Fi network of the company that the employees work for. In many cases hackers create WiFi networks that appear to be genuine Wi-Fi access points. Using these – often referred to as evil twins – connections are reviewed, and no communicated data is safe.

Cybercriminals often create malicious proxies, monitor network activity traffic, and deploy user redirects to bring Wi-Fi users to malware laded web portals. If Bluetooth and NFC are turned on, a hacker could search for nearby devices and steal information that could allow them to identify and target a specific person.

There are many different measures that should be put in place to see to it that remote workers are not tricked into sharing their details in a phishing attack, or otherwise compromise their device, and in turn, the network of their company. The simplest of these measures is to stop the use of public Wi-Fi networks, although that is not always possible for travelling workers.

If there is no other option available then a connection should only be made to a Wi-Fi hotspot with encryption and strong authentication, as security will be strongest. Make sure that there is a password required to access the WiFi hotspot and there is less chance of any transmitted data being intercepted. 

Companies need to put a range of precautions in place. These can include creating a company policy that forbids the use of public Wi-Fi networks or sharing any sensitive data on websites that do not begin  with HTTPS. Providing a Virtual Private Network (VPN) for staff with adequate capacity to allow all workers to connect is a smart move as it extends the range of web filters to remote workers’ devices. This will prevent access to recognized dangerous web pages and prevent malware installations.

Solutions such as WebTitan are easy to set up in order to secure remote workers’ devices, and filtering controls will then be placed as though the user is situated in the corporate headquarters.

Standard cybersecurity best practices should also be adhered to, such as seeing to it that patches and software updates are applied quickly. Multi Factor authentication should be turned on and anti-malware software configured. Anti-spam services should also be used to prevent email attacks, and firewalls and DNS filtering should be turned on to prevent unauthorized inbound and outbound connections.

It is also advisable to turn off Link-Local Multicast Name Resolution (LLMNR) and Netbios Name Service (NBT-NS) on Windows laptops and to set up Web-Proxy Autodiscovery Protocol (WPAD) to allow only corporate proxy servers and to disable device file and printer sharing on public networks.

 

Haron & BlackMatter: Two New Ransomware-as-a-Service Operations in Action

July has witnessed the emergence of two new ransomware-as-a-service (RaaS) groups, Haron and BlackMatter. Cybersecurity experts have been closely examining the attacks that these groups are believed to be responsible for and have discovered links to some well known RaaS operations that have recently gone quiet – Avaddon, REvil, and DarkSide.

There is still no solid proof of a connection aside from a range of similarities which suggest that either the Avaddon, REvil, and DarkSide RaaS operations have reorganized their attacks or that those who worked on these attacks have begun their own group. 

Even though it is forbidden to advertise RaaS operations on some cybercrime forums, the BlackMatter RaS has been advertising for affiliates on Russian speaking cybercrime forums – even though they are not stating outright that this is an RaaS operation. A user referred to as “BlackMatter” created an account on July 19 on both the XSS and Exploit criminal forums looking for help seeking assistance to register on the networks of U.S., UK, Australian, or Canadian businesses with more than $100 million in annual revenues. They also made it clear that they were not seeking access to state institutions or any targets in the healthcare sector. This was not long after REvil and Avaddon revealed that they would also cease these types of attacks following the colonial pipeline attack.

An Escrow account, to be used to settle disputes over payments, was set up by the BlackMatter operator with a $120,000 deposit. A reward of between $3K and $100K is being offered by the group along with a share in any ransoms earned in exchange for access. The BlackMatter operators boast that their group uses the strongest features of DarkSide, REvil, and LockBit, all three of which are believed to have operated from inside Russia.

Similarities were identified between BlackMatter and REvil and DarkSide by several cybersecurity groups, with Recorded Future labelling BlackMatter as the heir to DarkSide and REvil, although proof remains circumstantial at this point in time.  For example, BlackMatter is very similar to BlackLivesMatter, which was the label for the Windows registry used by REvil. Mandiant reports that it has found some proof which indicates at least one member of the DarkSide operation working with Black Matter, although that individual may just be an affiliate that has moved their partnership.

S2W Lab has found similarities between Haron ransomware and Avaddon, notably a largely copy and pasted ransom note, similar appearances and wording on the ransom negotiation sites, the same structures on the data leak sites, and identical sections of JavaScript code for chat. However, while the Avaddon gang created its own ransomware, Haron was created using the Thanos ransomware.

There may be nothing in the similarities, or the code was just stolen by the BlackMatter creator to save time, as there are some significant differences between the two. As has been previously stated here, no clear proof has been found to indicate that Avaddon and Haron are one and the same.

Cybersecurity experts have ongoing investigations into the new groups, but regardless of who is managing the operations, their aims look quite similar. Both are focusing on large businesses with a lot of revenue and if the RaaS operations that have gone quiet remain out of action, there will be any affiliates looking for a new RAAS operation to avail of.

 

 

Attacks on Windows and Linux Systems Using LemonDuck Malware Increasing

Those managing the LemonDuck malware campaigns have increased their activity, whilst introducing new attack features, in the last few weeks.

While this strain of malware is chiefly known for the power of its botnet and the cryptocurrency mining targets there have been moves to concentrate on other aspects of their hacking attempts. Even though the bot and cryptocurrency mining activities remain live continue, now malware has been added that can disable security measures on infiltrated devices, quickly shifting laterally inside networks, dropping a range of tools onto infected devices, and stealing and stealing credentials.

Those operating the attacks have craft campaigns which feature emails related to recent news and events for their phishing attempts launched via Microsoft Office attachments.There are also attempts made to infect devices with new exploits and some older vulnerabilities. During 2020 this group was spreading malware through phishing emails using COVID-19 themed lures, and while phishing emails are still being used to broadcast the malware, the threat actor has also been targeting recently addressed vulnerabilities in Microsoft Exchange to gain access to systems, according to a recent security warning from Microsoft.

LemonDuck malware is slightly unusual as it is relatively unique for these malware strains to be deployed via Windows and Linux systems. The malware operators prefer to have complete management of infected devices so they can erase competing malware if it is present. To make sure no other malware variants have been downloaded, after accessing a device, the vulnerability LemonDuck exploited to gain access to a system is addressed.

If the malware is downloaded on a device with Microsoft Outlook installed, a script is activated that uses saved credentials to obtain access to the mailbox and copies of itself are then sent in phishing emails to all contacts in the mailbox, using a preset message and a malware downloader as an attached file.

The malware was first discovered during May 2019, with the previous forms of LemonDuck malware deployed in attacks within China, but the malware is now being shared on a larger scale. It has now been spotted in attacks launched in the United States, United Kingdom, Russia, France, India, Germany, Korea, Canada, and Vietnam.

To date, Microsoft has discovered two different operating structures that both use LemonDuck malware which could suggest that the malware is being used by multiple groups with different aims. The ‘LemonCat’ infrastructure was put to action in a campaign focused on Microsoft Exchange Server vulnerabilities to identify backdoors, exfiltrate credentials and data, and deliver other malware variants, including Ramnit.

Preventing infiltration attempts using this malware requires a range of tactics. A robust spam filter like SpamTitan should be implemented to tackle the phishing emails used to broadcast the malware. SpamTitan also reviews outbound messages to stop malware strains with emailing capabilities from being shared with contacts. Since vulnerabilities are targeted to obtain access to networks, it is important to have a rigorous patch management policy and to apply patches quickly after they are made available.  Antivirus software should be configured and set to automatically update, and a web filter is recommended to block malware installs over the Internet.

For additional details on enhancing your cybersecurity measures against LemonDucck malware and other malware attacks, call the TitanHQ now.

 

Phishing Campaign Using ZLoader Banking Trojan Disables Office Macro Warnings

It is very common for malware to be broadcast via phishing emails that seek some level of user interaction like visiting a URL to download a Microsoft Office file. Malicious payloads are often sent using Word and Excel files via macros.

You should always be wary of Macros as they can be used to infiltrate your systems with malicious code. In most cases they are not enabled and will only be allowed to run if they are manually enabled by the end user. When an Office file is clicked on and it includes a macro, an alert will pop up to state that there is a macro and that it is potentially malicious. If the macro is not manually activated by the end user, malware cannot infect your systems.

A phishing attack has recently been discovered that is employing the usual phishing campaign for spreading malware. The first attack point is a phishing email, and Office files are attached that are filled with macros that install the malware payload – in this case ZLoader. However, a new method is used to spread the dangerous Office files by turning off usual macro warnings and security mechanisms.

In this attack, malicious DLLs – Zloader malware – are sent masquerading as the payload, but the first phishing email does not have the malicious code attached. The phishing email has a Microsoft Word file which will lead to the download of a password-protected Excel spreadsheet from the hacker’s remote server when the file is opened and macros are turned on.

The attack depends on Microsoft Word Visual Basic for Applications (VBA) and the Dynamic Data Exchange (DDE) fields of Microsoft Excel, and is effective on systems that support the legacy .xls file format.

Once the encrypted Excel file is installed, Word VBA-based instructions in the file read the cell contents from the specially designed XLS file. Word VBS then writes the cell contents into XLS VBA to set up a new macro for the XLS file. When the macros are prepared, Excel macro defenses are turned off by the Word document by setting the policy in the registry to Disable Excel Macro Warning. The Excel VBA is then run and downloads the malicious DLL files, which are  run using rundll32.exe.

While the malicious files will be silently installed and executed, this attack still needs the recipient to turn on the macros in the first Word document. Victims are fooled into doing this by informing them “This document was created in an earlier version of Microsoft Office Word. To access or amend this document, please click the ‘Enable editing’ button on the top bar, and then click ‘Enable content’,” when they open the Word file. That one click will initiate the entire infection chain.

ZLoader is a string of the Zeus banking Trojan, which first reared its head during 2006. The malware is also referred to asc ZBot and Silent Night and is used by a range of different attack groups. The malware was deployed in large scale attacks during 2020 using COVID-19 themed lures, such as COVID-19 prevention tips, along with more standard lures such as job applications.

Once downloaded, the malware uses webinjects to capture passwords, login details and browser cookies. 

If you wish to prevent this from impacting your business contact the TitanHQ team now to find out more about SpamTitan Email Security and WebTitan Web Security. There is no obligation for a 14-day free trial so you can see for yourself how easy they are to use and how effective they are at blocking malware attacks.

 

Education Sector Targeted by Pysa Ransomware Group

During 2020, the healthcare sector has been constant focus of ransomware gangs, but the education sector is also dealing with a rise in attacks, with the Pysa (Mespinoza) ransomware gang now extensively targeting the education sector.

Pysa ransomware is another strain of Mespinoza ransomware that was first seen in ransomware campaigns during October 2019. The threat group responsible for the attacks, like many other ransomware gangs, uses double extortion tactics. Files are encrypted and a ransom demand is issued that must be paid to obtain the keys to decrypt files, but to improve the chances of the ransom being paid, data is stolen before file encryption. The gang threatens to sell the stolen data on the darkweb if the ransom is not paid. Many targeted healthcare organizations have been forced to pay the ransom demand even when they have backups, solely to prevent the sale of their data.

Since October 2019, the Pysa ransomware gang has focused on large companies, the healthcare sector, and local government bodies, but there has been a recent rise in attacks on the education sector. Attacks have been carried out on K12 schools, higher education institutions, and colleges, with attacks being reported in 12 U.S. states and in the United Kingdom. The rise in attacks led the FBI to issue a Flash Alert in March 2020 warning the education sector about the heightened risk of Pysa ransomware attacks.

Reviews of attacks revealed the gang carries out network reconnaissance using open source tools like Advanced Port Scanner and Advanced IP Scanner. Tools including PowerShell Empire, Koadic, and Mimikatz are employed to obtain credentials and elevate privileges and move laterally inside networks. The gang looks for sensitive data that can be easily monetized and exfiltrates the data before delivering the ransomware payload.

Discovering a Pysa ransomware attack in progress is tricky, so it is crucial for defenses to be hardened to prevent attackers from gaining access to networks. In attacks on French firms and government agencies, brute force tactics were used against management consoles and exposed Active Directory accounts. Some attacks have included exploitation of Remote Desktop Protocol flaws, with the gang also known to use spam and phishing emails to obtain credentials to gain a foothold in education networks.

As a range of methods are used for obtaining access, there is no one option that can be implemented to block attacks. Educational institutions need to use a combination of security solutions and cybersecurity best practices to improve their security posture and block attacks. Antivirus/antimalware solutions are vital, as is ensuring they are kept updated. Since many attacks begin with a phishing email, an advanced email security gateway is also crucial. Picking a solution such as SpamTitan that uses dual AV engines and sandboxing will increase the probability of malware being installed, which is used by ransomware gangs for persistent access to networks. SpamTitan also blocks phishing emails containing links to websites where credentials are harvested. SpamTitan uses machine learning methods to identify new types of email attacks.

Patches and security updates should be implemented quickly after they have been released to stop software and operating system vulnerabilities from being exploited. You should employ the rule of least privilege for accounts, limit the use of administrative accounts as far as you can, and segment networks to hamper efforts to move laterally once access has been gained. You should also be scanning your network for suspicious activity and investigate alerts to ensure infiltrations are quickly discovered. All redundant RDP ports should be closed, and a VPN used for remote access.

It is crucial for backups to be created of all critical data to ensure that file recovery can take place without paying the ransom. Multiple backups of data should be created, those backups should be tested to make sure file recovery is possible, and at least one copy should be stored on an air-gapped device.