TitanHQ has been awarded a best in class award by Expert insights for ArcTitan Email Archiving, in a haul of 5 awards at the Expert Insights’ Spring 2022 Best-Of awards.
Email archiving is important for compliance with state, federal, and industry regulations for data retention, allowing vast numbers of emails to be searched in seconds and recovered on demand. The solution works seamlessly with Office 365, offering several key benefits over the native Office 365 email archiving feature, including enhanced search and storage, simplified archiving, and a greatly reduced management overhead.
ArcTitan users have reviewed the product on the Expert Insights website and praised the solution for its speed, scalability, ease of use, and the lack of storage limits, with one of the most common plus points from userd being the price of the solution. The solution was ranked top in a group of 10 email archiving solutions at the Expert Insights Spring 2022 Best-Of Awards.
It was not just ArcTitan that was recognized as best in class. TitanHQ’s email security solution,n SpamTitan, ranked 1st in the Best Email Security category, with WebTitan DNS Filter ranking second in the Web Security category. It didn’t end there, as the latest addition to the TitanHQ product portfolio, SafeTitan Security Awareness Training, collected two Best-Of awards in the Security Awareness Training and Phishing Simulation categories.
Expert Insights is an important resource for IT professionals and business owners which helps them make the right purchasing decisions. The site provides valuable insights into the best B2B solutions on the market, provides technical reviews and analysis, editorial buyers’ guides, industry analyses, and other valuable content. The site is visited by 80,000 individuals each month.
These awards recognize the continued excellence of the providers in these categories,” said Joel Witts, Expert Insights’ Content Director. “Each of the services recognized in our awards are providing in many cases an essential service to their users, driving business growth, securing users in a challenging cybersecurity marketplace, and massively improving business efficiency.”
The awards come after a quarter that has seen TitanHQ beat several growth records, especially in the United States. A new U.S. office has been set up to handle the increase in enterprise, SMB, and MSP customers, and this year has seen an additional 12 strategic hires in North America which is helping to continue to drive the impressive growth.
“The recent pandemic and the growth of remote working initiatives have further highlighted the need for multiple layers of cybersecurity and our award-winning solutions form key pillars in this security strategy. We will continue to innovate and provide solutions that MSPs can use to deliver a consistent, secure and reliable experience to their customers,” said TitanHQ CEO Ronan Kavanagh.
SharkBot, a new Android banking Trojan, has been discovered in campaigns created to steal money from bank accounts and cryptocurrency services in locations including the United States, United Kingdom, and Italy, and targets 27 financial institutions – 22 banks and 5 cryptocurrency apps.
This new Android malware is different from other mobile banking Trojans due to its use of an Automatic Transfer System (ATS) tactic that enables the bypassing of multi-factor authentication measures and automates the stealing of money from victims’ accounts. This does not require any human input as SharkBot auto-completes fields required for completing financial transactions.
SharkBot can capture text messages, such as those sending financial institution multi-factor authentication codes, and can mask those SMS messages to make it seem as if they were never received. SharkBot can also conduct overlay attacks, where a benign pop-up is shown over an application to fool a user into performing tasks, such as alocatting access authorizations. SharkBot is also a keylogger and can capture and exfiltrate sensitive information such as details to the hacker’s command and control server and bypasses the Android doze component to ensure it stays logged on to its C2 servers.
During the configuration process, the user is bombarded with popups to allocate the malicious app the permissions it requires, with those popups only ending when the user shares the required authorizations, such as enabling Accessibility Services. When the malicious app is downloaded, the app’s icon is not shown on the home screen. Users are stopped from removing the malware via settings by abusing Accessibility Services.
The ATS technique deployed by the malware allows it to redirect payments. When a user tries to complete a financial transaction, information is auto-filled to direct payments to an hacker-managed account, with the recipient being aware of it.
The malware was examined by experts at Cleafy, who identified no similarities with any other malware strains. Since the malware has been created from scratch, it currently has a low detection rate. The experts believe the malware is still in the initial stages of development, and new capabilities could well be added to make it even more dangerous.
One of the main issues for developers of malware attacking Android devices is how to get the malware downloaded on a device. Google carries out checks of all apps available before including them in the Google Play Store, so getting a malicious app on the Play Store is tricky. On occasions when they do make it to the store, Google is quick to identify and delete malicious apps.
SharkBot has been witnessed pretending to be a range of apps such as an HD media player, data recovery app, and live TV streaming app, which is delivered via sideloading on rooted devices and by using social engineering tactics on compromised or hacker-owned websites to trick victims to install the fake app.
SharkBot is able to avoid detection and analysis, such as obfuscation to hide malicious commands, by virtue of downloading malicious modules once it has been installed, and by encrypting all communications between the malware and the C2 servers.
An official warning has been issued by the Federal Bureau of Investigation (FBI) in relation to a spike well known brand being used in spear phishing attacks, focused on tricking people to hand over sensitive data or download malware.
The campaigns work by leveraging the trust that is placed in well-known brands in order to make them complete an action. Typically they include the actual logo of the targeted brand in the same format as real messages from the company. However, they will include links that take those who click on them to a malicious web portal. These web portals will attempt to steal sensitive data.
Hackers sell scampage tools on the dark web that will allow other hackers to operate successful phishing campaigns. The FBI has confirmed that the scampage tools in question have the ability to spot if a person is their email address as their login ID for a web platform. If this is detected the user is sent to a scam page with the same email domain. The user is then asked to share their login credentials that the hacker can use to access the victim’s email. This in turn allows hackers to receive 2-factor authentication codes, thus rendering this security method useless. With 2FA codes, the cybercriminal can obtain access to accounts and make changes, including updating passwords to lock users out of their accounts or altering security rules before the owner of the account can be alerted.
The FBI release said: “Much like the threat with ransomware-as-a-service, this type of product-as-a-service distribution of scampage and credential harvesting tools presents an increased nationwide risk to private sector businesses and their consumers. Brand-phishing email campaigns and scampage tools that help bypass 2FA security measures represent another aspect to this emerging cyber threat.”
In order to prepare for an attack like this, companies must configure an advanced spam filtering solution to prevent phishing emails and stop them from landing in employee inboxes. Password policies should be set up that make strong passwords mandatory, and reviews carried out to police this and root out commonly used or weak passwords cannot be created on accounts. Employees should be warned to never use passwords on multiple accounts and to see to it that all company accounts have 100% unique passwords. Security awareness training should be conducted for all staff members to make them aware of email security best practices and how to spot phishing emails and other scams.
Due to the spike in the use of scampage campaigns, all staff members should create a unique username for an account that is not connected to their main email address. 2-factor authentication should be enabled if it is available, and where possible, a software-based authenticator program or a USB security key should be in place as the second factor.
2021 has borne witness to a massive spike in the number of ransomware campaigns being initiated.
According to research data produced by CybSafe‘s, there has been a 900% growth in this type of attack during the first half of 2021 when compared with the same time period from 2020. In tandem with this there has also been significant increases in cost of the cybersecurity required to keep organization safe from this type of attack and the cybercriminals have also been demanding larger ransoms be paid in order to release the locked data.
So far in 2021 there have been major ransomware attacks on many healthcare service providers, including the Health Service Executive, resulting in concerns related to the impact this might have on the provision of patient care. The attack in Ireland took place after one person replied to an email from the Conti ransomware group, allowing them to encrypt files. Recovery of the files took up to nine months, however it is not believed that the $20m ransom demand was met.
There has been a measure of success in relation to holding ransomware groups to account for their crimes. The U.S. government has elevated this type of crime to the same status as that of terrorist attacks and dedicated more manpower to dealing with them. Some Of The success encountered so far include:
- Taking down the REvil ransomware infrastructure
- Dismantling the Darkside operation and BlackMatter
- Arresting suspected members of the Clop ransomware group
Additional in Europe authorities apprehended twelve people believed to be working on the LockerGoga, MegaCortex, and Dharma ransomware campaigns. These successes will have an impact in the short term but it will not be long before some group, or new strain of ransomware, fills the vacuum that has been created. This is why steps are required in order to address the potential for organizations being infiltrated by the cybercriminals responsible.
Companies face a daunting challenge to protect themselves from attacks like this due to the wide variety of tactics that hackers can use. The starting point should be ensuring that phishing emails are being tackled head on as they are the point of origin for the vast majority of ransomware attacks. This email will be used to deploy malware or steal the credentials needed to access corporate networks and databases.
A cybersecurity solution like SpamTitan will route out malicious messages and stop them from landing in the inboxes of unsuspecting staff members. While staff training can help it will always need to be backed up with a technical solution like this. SpamTitan, for instance, completes an in-depth analysis of all email content and can spot malicious links and email attachments which will be placed in a quarantine folder where they can be reviewed. This means security teams can see how these types of threats are aiming to take advantage of the organization. Additionally, it means that false positives to be identified so filtering rules can be amended appropriately. This solution uses dual antivirus engines, sandboxing that allows suspicious attachments to be analyzed to identify new malware strains, and machine learning technology to ensure that spam filtering learns more the longer that it is used.
In the background, a huge variety of reviews and controls see to it that malicious messages are removed. Managers can control this via a clean, easy-to-use interface that requires no technical skills to navigate and use. All information and controls are simple to learn and control.
Contact the TitanHQ team now to find out more about using this solution.TitanHQ solutions can be trialled for free.
After they were first created during 2006, exploit kits have evolved into the main weapon of choice for automated malware delivery.
These kits are composed of programs that can be installed on web portals in order to identify and take advantage of recognised vulnerabilities. This takes place when a browser comes onto the portal and triggers a scan by the exploit kit to identify specific software vulnerabilities that have yet to be addressed with an update or patch. Once this is found the exploit kit will be able to install a malware payload without any further interaction from the browser.
This method of attack was widely witnessed from 2010-2017, after which the use of this method dropped somewhat. However they are still very much an active threat when it comes to cybersecurity. Some of the best-known exploit kits are constantly refreshed to add new exploits for known vulnerabilities. In recent times these kits have been mainly deployed in order to install malware that can activate ransomware. One of these is the Fallout exploit kit that was used to share Maze Locker ransomware, and the Magnitude EK which was deployed to spread ransomware in the Asia Pacific region from 2013 onwards.
Typically, exploit kits are placed on authentic web portals that have been hacked, in addition to malicious hacker-owned websites laced with malware. Due to this it can be the case that someone visits these web portals without realizing it.
One of the most popular kits currently is the Magnitude EK. Previously it was only deployed on Internet Explorer. Recently it has been discovered that the exploit kit has now been updated to be installed using Chromium-based web browsers on Windows PCs.
Anti-virus expert group Avast has revealed that the Magnitude EK has recently added two new exploits. One aimed to take advantage of a vulnerability in Google Chrome – CVE-2021-21224 – and the other focused on the Windows kernel memory corruption vulnerability labelled CVE-2021-31956. A cybercriminal could obtain system privileges using the remote code execution vulnerability Google Chrome bug or the Windows bug that allows bypassing the Chrome sandbox.
Google and Microsoft have made patches available to mitigate these vulnerabilities. The onus is on users to run these updates. If not it will only be a matter of time before Magnitude EK takes advantage of the weaknesses to install malware. For businesses an additional layer of cybersecurity to prevent this type of attack would be using a web filter. These are similar to spam filters in that they stop malware delivery from malicious websites and are one of the strongest anti-phishing measures you can use.
WebTitan, one of the best web filters available, was created by TitanHQ to keep companies safe in the face of these cyberattacks and manage web access levels for office-based and remote workers – a key feature for tools designed to prevent browsers visiting malicious websites. This web filter solution is DNS-based and is very straightforward to configure, so much so that it is in operation on the databases of more than 12,000 companies and MSPs to complete tasks for content filtering, malware prevention and to provide an extra obstacle for phishers.
In order to enhance your cybersecurity protection measures with WebTitan and block malware contact the TitanHQ experts as soon as you can. There is also a 100% free 14-day trial for you to avail of so you can test the solution in your own environment.
Squirrelwaffle, a new strain of malware that is being distributed using spam email messages, has been discovered in the last six weeks.
The disabling of the Emotet botnet last January 2021 created a vacuum within the malware-as-a-service market, a gap that a number of malware strains have attempted to take advantage of. Squirrelwaffle boasts similar capabilities to the Emotoet banking malware. Squirrelwaffle allows threat actors to gain a foothold in networks, which the operators of the malware can abuse. However, the access is being sold to other cybercriminals.
A review of this campaign has indicated that it is being leveraged to download Qakbot and Cobalt Strike. However, there is nothing to suggest that these are the only two malware strains that are being delivered by this malware. The Squirrelwaffle emails feature a hyperlink to a malicious website which is used to download a .zip file that includes either a .doc or .xls file. The Office files contain a malicious script that will install the Squirrelwaffle payload.
The Word documents implement the DocuSign signing service to trick recipients into enabling macros, stating that the document was set up with an older version of Microsoft Office Word so the user must “enable editing” then click “enable content” to access the contents of the file. Doing so will run code that will install and execute a Visual Basic script, which downloads the Squirrelwaffle payload from one of 5 hardcoded URLs. Squirrelwaffle is sent as a DLL which is then executed when downloaded and then silently places Qakbot or Cobalt Strike on the device/network, which will allow constant access to compromised devices.
As happened with the Emotet Trojan, Squirrelwaffle can take over message threads and insert malware. As replies to authentic messages are sent from a legitimate email account, a reply to the message is more likely. This attack method was very successful for the Emotet Trojan. In most cases, the attacks take place in English; however, security experts have discovered emails in different languages such as French, German, Dutch, and Polish.
Due to the similarities with Emotet, it is likely that those responsible for the deactivated botnet are trying to make a comeback. However, it is possible that this is an attempt by unrelated threat actors to fill the market vacuum that was created when Emotet was taken down. At present, the malware is not being distributed to the same extent that Emotet was but that may change in the near future.
The best way to protect devices and servers from an attack like this is to configure email security measures to block the malspam at source and see to it that the malicious messages do not land in inboxes. It is important to implement a spam filtering solution that also scans outbound emails to identify compromised devices and stop attacks on other employees and business contacts from corporate email accounts.