After they were first created during 2006, exploit kits have evolved into the main weapon of choice for automated malware delivery.
These kits are composed of programs that can be installed on web portals in order to identify and take advantage of recognised vulnerabilities. This takes place when a browser comes onto the portal and triggers a scan by the exploit kit to identify specific software vulnerabilities that have yet to be addressed with an update or patch. Once this is found the exploit kit will be able to install a malware payload without any further interaction from the browser.
This method of attack was widely witnessed from 2010-2017, after which the use of this method dropped somewhat. However they are still very much an active threat when it comes to cybersecurity. Some of the best-known exploit kits are constantly refreshed to add new exploits for known vulnerabilities. In recent times these kits have been mainly deployed in order to install malware that can activate ransomware. One of these is the Fallout exploit kit that was used to share Maze Locker ransomware, and the Magnitude EK which was deployed to spread ransomware in the Asia Pacific region from 2013 onwards.
Typically, exploit kits are placed on authentic web portals that have been hacked, in addition to malicious hacker-owned websites laced with malware. Due to this it can be the case that someone visits these web portals without realizing it.
One of the most popular kits currently is the Magnitude EK. Previously it was only deployed on Internet Explorer. Recently it has been discovered that the exploit kit has now been updated to be installed using Chromium-based web browsers on Windows PCs.
Anti-virus expert group Avast has revealed that the Magnitude EK has recently added two new exploits. One aimed to take advantage of a vulnerability in Google Chrome – CVE-2021-21224 – and the other focused on the Windows kernel memory corruption vulnerability labelled CVE-2021-31956. A cybercriminal could obtain system privileges using the remote code execution vulnerability Google Chrome bug or the Windows bug that allows bypassing the Chrome sandbox.
Google and Microsoft have made patches available to mitigate these vulnerabilities. The onus is on users to run these updates. If not it will only be a matter of time before Magnitude EK takes advantage of the weaknesses to install malware. For businesses an additional layer of cybersecurity to prevent this type of attack would be using a web filter. These are similar to spam filters in that they stop malware delivery from malicious websites and are one of the strongest anti-phishing measures you can use.
WebTitan, one of the best web filters available, was created by TitanHQ to keep companies safe in the face of these cyberattacks and manage web access levels for office-based and remote workers – a key feature for tools designed to prevent browsers visiting malicious websites. This web filter solution is DNS-based and is very straightforward to configure, so much so that it is in operation on the databases of more than 12,000 companies and MSPs to complete tasks for content filtering, malware prevention and to provide an extra obstacle for phishers.
In order to enhance your cybersecurity protection measures with WebTitan and block malware contact the TitanHQ experts as soon as you can. There is also a 100% free 14-day trial for you to avail of so you can test the solution in your own environment.
Squirrelwaffle, a new strain of malware that is being distributed using spam email messages, has been discovered in the last six weeks.
The disabling of the Emotet botnet last January 2021 created a vacuum within the malware-as-a-service market, a gap that a number of malware strains have attempted to take advantage of. Squirrelwaffle boasts similar capabilities to the Emotoet banking malware. Squirrelwaffle allows threat actors to gain a foothold in networks, which the operators of the malware can abuse. However, the access is being sold to other cybercriminals.
A review of this campaign has indicated that it is being leveraged to download Qakbot and Cobalt Strike. However, there is nothing to suggest that these are the only two malware strains that are being delivered by this malware. The Squirrelwaffle emails feature a hyperlink to a malicious website which is used to download a .zip file that includes either a .doc or .xls file. The Office files contain a malicious script that will install the Squirrelwaffle payload.
The Word documents implement the DocuSign signing service to trick recipients into enabling macros, stating that the document was set up with an older version of Microsoft Office Word so the user must “enable editing” then click “enable content” to access the contents of the file. Doing so will run code that will install and execute a Visual Basic script, which downloads the Squirrelwaffle payload from one of 5 hardcoded URLs. Squirrelwaffle is sent as a DLL which is then executed when downloaded and then silently places Qakbot or Cobalt Strike on the device/network, which will allow constant access to compromised devices.
As happened with the Emotet Trojan, Squirrelwaffle can take over message threads and insert malware. As replies to authentic messages are sent from a legitimate email account, a reply to the message is more likely. This attack method was very successful for the Emotet Trojan. In most cases, the attacks take place in English; however, security experts have discovered emails in different languages such as French, German, Dutch, and Polish.
Due to the similarities with Emotet, it is likely that those responsible for the deactivated botnet are trying to make a comeback. However, it is possible that this is an attempt by unrelated threat actors to fill the market vacuum that was created when Emotet was taken down. At present, the malware is not being distributed to the same extent that Emotet was but that may change in the near future.
The best way to protect devices and servers from an attack like this is to configure email security measures to block the malspam at source and see to it that the malicious messages do not land in inboxes. It is important to implement a spam filtering solution that also scans outbound emails to identify compromised devices and stop attacks on other employees and business contacts from corporate email accounts.
Hotel guests tend to take Wi-Fi security as a given when they are staying overnight. However, if there is no secure connection in place, anyone using the network could be in danger of leaving themselves exposed to malware infection or another type of cyberattack. A cloud-based web content filtering solution mitigates the risk of a guest inadvertently downloading malware onto their own device and also protects guests from being exposed to inappropriate website content on other guests´ mobile devices.
it should not be taken for granted by guests that Wi-Fi is secure. Research will inform the speed and reliability of the network that each hotel is offering, and any checks should also determine if they offer a filtered Internet service. Every hotel offers some level of Wi-Fi but a lot of these solutions are not completely secured Wi-Fi networks. Hotel Wi-Fi can be very susceptible to cyberattacks and malware installations. It is crucial that hotels put in place enterprise cloud-based web filtering and limit the websites that guests are allowed to access.
There are five steps that hotels should take to see to it that the Wi-Fi they are providing for their guests is fully secure.
Step 1: Configure cloud-based content filtering: This should be the foundation that hotel Wi-Fi is built upon. This can be implemented for a reasonable level of investment. and there are many different cloud-based web filtering solutions that will allow you to send all of your traffic through their filtering system. A solution such as WebTitan can prevent access to malware and credential phishing web portals. The majority of cloud-based filtering solutions incorporate a malware gateway that checks all web traffic for malicious code threats. Another advantage is that these solutions can be utilized to prevent access to certain website categories. This can be implemented using a simple web GUI interface using your web browser.
Step 2: Make Wi-Fi security stronger: The reputational damage that unsecured internet access can inflict is massive and can be tricky for businesses to come back from. A hotel or campsite will not be able to state that they are a family-friendly establishment if they permit pornography or illegal websites to be viewed using their Wi-Fi network. Corporate guests must be happy that they can safely access sensitive data.
Step 3: Configure a cloud-based content filter: This will result in the provision of a secure Wi-Fi service that allows guests to browse safely online by forbidding inappropriate content from being loaded. It requires NO software installation and NO need for technical expertise to set up or manage customer accounts. You set up new accounts easily and manage any number of hotels.
Step 4: More Secure Wi-Fi is faster Wi-Fi: Cloud-based web filtering for malware and ads not only makes the hotel network safer, but it also boosts network speed by cutting the amount of data that is being shared. With WebTitan Cloud for Wi-Fi, web access policy can be configured for each Wi-Fi access point. This can be a competitive advantage for hotels that are marketed to families. Parents can be happy that their children are using the web in a safe environment. Cloud-based web filtering allows hotels the chance to create tiered Wi-Fi services.
Step 5: Guide your guests to use Wi-Fi: Ensure that your guests are aware of the correct name of your Wi-Fi network. Provide a secure login page for entering credentials: The “https://” prefix ensures the login page is encrypted to protect guests’ personal information. Hotels can exercise total control over Internet content by using WebTitan, a cloud-based web content filtering solution.
WebTitan is a cloud-based web filter solution that can be used by every kind of hotel that comes with flexible controls. To discover more about the advantages of WebTitan Cloud based filtering for Wi-Fi call the TitanHQ team now.
TitanHQ’s products have ranked No1 in their respective categories by Expert Insights for the Fall 2021 Best-of Cybersecurity Awards.
This means that TitanHQ has now completed a clean sweep and headed the list for Best Email Security Gateway, Best Web Security Solution, and Best Email Archiving Solution for Business for two years running. Additionally the Best Email Security Solution for Office 365 category was won by SpamTitan.
Ronan Kavanagh, TitanHQ CEO commented on the achievement saying: “TitanHQ are proud to have received continued recognition for all three of our advanced cybersecurity solutions. As the threat landscape continues to be a significant risk to organizations across the globe, we are dedicated to continuous innovation to provide consistent, secure, and reliable protection to our customers”. The annual awards aim to award the best cybersecurity and their solutions, with the winners chosen after taking into account industry recognition, customer feedback, and research conducted by its editorial team and independent technical specialists.
Expert Insights is a recognized online cybersecurity publication and industry analyst that has technical and editorial teams in both the United States and United Kingdom. The publication covers cybersecurity and cloud-based technologies, and its website is used by more than 80,000 business owners, IT admins, and others each month to research B2B solutions. Expert Insights produces editorial buyers’ guides, blog posts, conducts interviews, and publishes industry analyses and technical product reviews from industry experts.
SpamTitan Email Security and WebTitan Web Security were both recognized for their powerful threat protection, and along with ArcTitan Email Archiving, were praised for ease-of-use, cost-effectiveness, and industry-leading technical and customer support.
The high standard of threat protection, simplicity-of-use, and competitive pricing of the solutions are just some of the factors that make TitanHQ the leading provider of cloud-based security products solutions for managed service providers currently on the SMB market. These factors have resulted in the TitanHQ product range being marked as the gold standard for SMBs looking to enhance security and make compliance easier.
One of the main focuses of cybercriminals in recent times has been on infiltrating the databases of MSPs. This is due to the large customer base that the cybercriminals are hoping to access and the high probability of these customers having valuable data on their servers.
So it has become very important for MSPs to be aware of how they should address the risk of cyberattacks focusing on their databases. Here are three of the best ways:
1. Cybersecurity Training
MSPs are vulnerable to phishing attacks that aim to trick staff members into installing ransomware and other types of malware attacks. If infiltrated, staff accounts can be used to turn off security monitoring tools and permit cybercriminals to access the databases that hold client information without being noticed. Other things that can be completed include changing security settings, local firewalls, and other services.
MSPs should be conducting cybersecurity awareness training for all members of staff to address this point of attack. Phishing simulations are a smart move so staff can see what is happening in real-time.
2. Cybersecurity Solutions
The massive amount of enterprise cybersecurity solutions to consider for MSPs can be daunting, so it is crucial to recognize what your organization needs. Using TitanHQ’s cybersecurity suite across your group will allow MSP to use the group’s know-how in order to sell, implement and deliver advanced network security solutions such as SpamTitan and WebTitan to their client base and provide a product that their client will be safe and secure with. These solutions are provided via the cloud-based which means they can be controlled remotely for workers who travel or are based away from the main office(s).
3. Cybersecurity Audits
A risk assessment is necessary to spot, review and assess any danger that may be present in relation to cybersecurity, particularly vulnerabilities in the existing cybersecurity defenses that a group has in place. A risk assessment should include:
Listing the network area that is most likely to be targeted in a cyberattack
Evaluate the dangers, specifically, to these areas
Prioritize the importance of addressing each vulnerability
Doing this will allow a group to see how the MSP must be sure that cybersecurity is enhanced as much as possible to prevent a cybersecurity incident from taking place. SMEs need to find the right happy medium between how much they can reasonably invest in cybersecurity and the minimum level of safety that they need to keep their customers safe.
An audit should be completed at least once annually by an MSP in order to see to it that a secure cybersecurity system is in place for its customers. After identifying potential vulnerabilities, these should be mitigated to prevent hackers from taking advantage of them. Doing so will provide MSP personnel valuable experience that they can then use to assess their clients.
If you would like to find out more about adding TitanHQ MSP Security to your offering, get in touch with us now so that we can discuss safeguarding your organization, and your clients from cybercriminals.
The importance of email archiving in today’s business world is undeniable, but many businesses may be questioning why a third-party email archiving solution for Exchange is far superior to using the Exchange archiving feature.
The term archive refers to ‘a collection of information that is permanently stored and unalterable.’ Archives are necessary for all businesses to comply with regulations and in the case of litigation, although the degree to which they are necessary depends on the sector the business operates in, with archives essential in highly regulated industries.
The terms “backup” and “archive” shouldn’t be confused with one another. The purpose of a backup is to restore entire mailboxes in the event of data corruption or loss. It is also worth noting that backups are overwritten with more recent information as time progresses. In contrast, archives preserve data in its original form for longer periods of time. In contrast to backups, archives can easily be searched to identify and recover individual emails.
Why Archiving is Necessary for Businesses
By moving emails to archives, you are helping to limit the amount of data storage needed for mailboxes and that will help to improve the performance of your mail server. A good archiving solution can also help pinpoint the source of data leaks or even security breaches; however these are side benefits.
Archiving is necessary for regulatory compliance and as a repository of information to meet eDiscovery requirements, which is a legal requirement in many countries. eDiscovery is defined as the process of obtaining electronically stored information for use in litigation. This is not only restricted to email. For example, Word and Excel files on your server may also need to be produced in the event of litigation.
Without archives in place, the cost of eDiscovery can be huge. It would, in fact, require the analyzing of each computer in the company to find emails and searching for emails by restoring data from backups, provided of course that backups exist. The search and organizational aspects of archiving are invaluable. In the Nortel Networks executive criminal case, the prosecution delivered 23 million pages of electronic records. Ontario Superior Court Justice Cary Boswell understandably described this as an “unsearchable morass” and requested the prosecution to organize the information and re-present it to the defense.
Issues with Microsoft Exchange 2010 and 2013 Archiving
Microsoft has applied the term “archiving” to describe the journaling and Personal Archive functions of Microsoft Exchange since its 2007 version.
Email copies can be created in Exchange Standard with journaling. Furthermore, with Exchange Premium, these copies can be directed to specific mailboxes or distribution lists. However, journaling does not provide the same functions as archiving because:
It lacks the indexing and searching capabilities necessary for fast email recovery
Journaling has no data retention configuration settings
Users can still create their own PSTs (copies of email that they keep on their own computer). These copies may not necessarily satisfy eDiscovery requirements.
The Personal Archive function addresses some of the shortcomings of journaling. Exchange 2010 has more capabilities than Exchange 2007 in this regard. In terms of Exchange 2010, each user can establish an “archive” for the mailbox. Microsoft TechNet’s description of these is “secondary mailboxes in which users can store messages they need to keep for a longer duration.” Additionally, Microsoft explains, “the whole idea behind creating personal archive mailboxes is to avoid the constraints of mailbox quotas.” This does not provide an archiving function.
The Personal Archive doesn’t necessarily need to reside in the same production database, it can even live in the cloud. Users have two options: they can move the emails manually or let them be moved automatically based on retention tags. The major downside of Personal Archive lies in the cost. The reason for this is using Personal Archive requires enterprise client access licenses (CALs) and Office 2010 Professional Plus for Outlook.
Microsoft also states that Personal Archive “may not meet your archiving needs”. Since users have control over their own Personal Archives, they are questionable repositories for compliance and eDiscovery as users are able to delete items and modify retention tags.
Microsoft maintains that users with a Discovery Management role can take advantage of indexing and multiple mailbox searching to meet eDiscovery needs. However, Exchange 2010's Exchange Control Panel is clunky and difficult to use, making it far from ideal for eDiscovery.
Exchange 2013 and Exchange Online Improvements
With the newer Exchange versions, users still have a large amount of control over their mailboxes. Not only can they define their own policies, users can also use creative ways to try bypass imposed corporate policies, e.g. “archiving” items in the Deleted Items folder. Although the Exchange administrator can use Policy Tips to notify users of possible compliance issues with data in their e-mails, the administrator still can’t override user settings unless Litigation Hold or In-Place Hold is applied to a mailbox.
Microsoft Exchange has added improved features for eDiscovery, requiring a SharePoint 2013-based portal to search across all mailboxes. There are two main drawbacks with this approach:
Companies must purchase/upgrade to SharePoint 2013
It makes it necessary to have a monolithic mail store with rapidly growing online storage. Data must be held on an online Exchange server to use Exchange’s In-Place Discovery tools.
Advantages of True Email Archiving
Microsoft Exchange “archiving” is not a complete compliance and eDiscovery tool by any means. A true email archiving solution is far superior to Exchange for archiving.
The approach made by Microsoft towards eDiscovery presupposes that all email that ever passed through your organization resides on an Exchange server. The issue with this idea is data storage requirements will skyrocket over time. It is worth noting that an estimated 90 percent of the information stored in Exchange is never accessed again. True archiving removes a large chunk of that 90 percent through deduplication and archives are compressed. By doing this it reduces not only storage, but greatly increases search and recovery times.
TitanHQ has developed a solution that provides true email archiving for Exchange. ArcTitan will ensure you can achieve all your eDiscovery and data storage needs, improve the performance of your mail server, and significantly reduce email storage costs.
Here are some of the features of the product:
Unlimited cloud based email archiving including inbound/outbound/internal email, folders, calendar and contacts
Complete Audit trail
Data retention and eDiscovery policy
Encrypted storage on AWS cloud
HIPAA, SOX (and more) standards compliance and Audited access trail
Instantly searchable via your browser - find archived emails in seconds
No hardware / software required
Secure transfer from your email server
SuperFast Search™ – email compressed, Zipped, message de-duplication, attachment de-duplication allowing for the fastest search and retrieval
Web console access with multi-tiered and granular access options; you decide user access permissions.
Works with All Email Servers including MS Exchange,Zimbra, Notes, SMTP/IMAP/Google/PO
Optional Active Directory integration for seamless Microsoft Windows authentication
Optional Outlook email client plugin
If you have not yet implemented an email archiving solution, if you are unhappy with the native Microsoft Exchange email archiving features, or if you are finding your current archiving solution too expensive or difficult to use, contact TitanHQ today to find out more about the benefits of ArcTitan and the improvements it can offer to your business.
Frequently Asked Questions (FAQs)
Will archiving emails delete the messages from the Exchange server?
This will depend on how your Exchange server has been configured. Typically, the message will be deleted from the Exchange server once the message has been transferred to the archive and deleted from an inbox, but a copy may be retained for a period of time to allow for a backup to be created. If there are multiple copies of the same message, such as an email sent to a distribution list, a copy will remain on the server until everyone has archived and deleted the message.
Is email archiving compliant with the GDPR?
Email archiving can be GDPR-compliant with the right policies and procedures in place. Bear in mind that personal data can only be kept for as long as necessary to achieve the purpose for collecting the information and personal data, including information in email accounts, must be deleted if requested by an individual. Email retention periods must also be defined.
What happens if someone responds to an archived email?
When you have an email archiving solution in place, emails that need to be retained will be sent to the archive for long term storage and can be deleted from inboxes. If someone replies to an archived message or reactivates an old message thread, the email will simply reappear in your inbox.
Does email archiving save on storage space?
Email archiving can save a considerable amount of storage space, which can greatly improve the performance of your mail server. For example, ArcTitan typically reduces mail server email storage space by up to 80% - That means 1,000 GB of email storage space is reduced to around 200 GB.
Are there any limits on storage space with ArcTitan?
ArcTitan is 100% cloud based and provides incredibly scalability. Storage space will automatically increase as required and there are essentially no limits on storage space in the cloud, nor the number of users. You just pay for the number of active mailboxes.