During this unprecedented time of uncertainty, the health and safety of our staff, clients, partners and their families is one of our main focuses and concerns. Team TitanHQ are dedicated to supporting our partners and customers. The advantages provided by our email and web security products are even more relevant and crucial now.
Our fantastic team has met at the challenge with vigor and we have mobilized our workforce so that it’s business as usual over this unusual period of time. We are taking counsel from the government on best practice and have a task force in place to manage our work.
Customers and partners can be happy that support teams will continue to be available and product teams are working as normal. If you have any queries or concerns about products, or technical support, please contact us as you normally would The support team has been trained to be aware of special customer concerns during this pandemic and will escalate any question to the relevant responsible person or department.
Our new documentation and set up resource has been extremely busy during the period. You can access it here and as always our support team is available at https://www.titanhq.com/support-portal/
We are conscious that this is a sensitive time and we will do everything we can to make it easier for our customers. All of us at TitanHQ wish you good health and thank you for your continued business.
Blackpoint Cyber has unveiled its Remote Reality LIVE conference, which will take place over the Internet online April 8th and April 9th 2020.
The conference will concentrate on managed service providers (MSPs) and how they can stay safe, profitable, and resilient as the world rises remote operations during the COVID-19 pandemic – registration and attendance are free. The two-day conference will feature sessions by former leaders of the United States’ government cyber security and intelligence communities as well as cyber security experts and business experts from the MSP services and technology sector.
Jon Murchison, Blackpoint’s CEO and founder, and former US government cyber operations specialist, explains the conference’s aim: “IT services and infrastructure have become mission critical for organizations to survive in this new economic landscape brought on by COVID-19. MSPs are the key to our success and, especially during these times, a collective national asset to their respective countries. That’s why we are bringing together experienced government and industry leaders to help MSPs navigate the current economic and security environments. We’re excited to provide one of the first online and socially-distanced conferences dedicated to MSPs and cyber security.”
Blackpoint has worked with leading technology, service, and marketing firms for the conference, such as
- Datto: leading global supplier of cloud-based software and technology solutions purpose-built for MSPs
- Webroot: Cybersecurity Solutions Purpose-Built for MSPs and SMBs
- Convergint: Global, Service-based Systems Integrator
- Marketopia: Lead Generation and Marketing for Technology Businesses
- ID Agent: Dark Web and Identity Theft Security
- TitanHQ: Email and DNS Protection
- Compliancy Group: HIPAA Compliance-as-a-Service
- Atlantic Data Forensics: Leading Incident Response and Forensics
- ProSource Technology Solutions: Leading Managed Service Provider
- Corporate Office Properties Trust (COPT): Premier Real Estate Investment Trust
Michael Morell, former Deputy Director and Acting Director CIA, will provide the keynote session on national security implications of the Coronavirus Pandemic. While at the CIA, Mr. Morell was President George W. Bush’s daily intelligence advisor during the 9/11 attacks and was awarded the Distinguished Intelligence Medal, the CIA’s second highest honor.
Other former US government cyber security and intelligence-related speakers include: Bill Priestap, former FBI Assistant Director of Counterintelligence, Chris Inglis, Former Deputy Director of NSA, Dave Sears, former Commander and Navy SEAL, and Kevin Donegan, former United States Navy Vice Admiral and former commander of the US Navy’s 5th fleet out of Bahrain. Security and MSP sector leaders will also present informational sessions, such as lead generation in a virtual world, security in the MSP space, cyber security for commercial real estate, the threat landscape of remote workers, and others.
Matt Solomon, VP of Business Development & IT at ID Agent, said: “ID Agent is very excited to participate in one of the first virtual MSP events since in-person events have been taken off the schedule. MSPs still need education during this period and we are honored to be part of such an esteemed group of vendors.”
In addition to learning how to stay secure and prosper, conference attendees will also qualify for giveaways and prizes.
Participants may register here: Remote Reality Live – Free Registration
Under CCPA, Californians can request to have their personal data deleted, but there are CCPA data deletion exceptions you should be aware of. Not all personal data needs to be deleted.
Who Must Comply with CCPA?
The California Consumer Privacy Act gave Californians new rights over their personal data. From January 1, 2020, organizations that conduct business in the state of California are required to comply with CCPA if they have annual gross revenues of more than $25 million, handle the personal data of 50,000 or more consumers, or derive more than 50% of their annual revenue from the sale of personal information.
The CCPA Right to Delete
One of the new rights given to consumers is the right to have their personal data deleted. CCPA applies to personal data that identifies, relates to, describes, or can be associated with an individual or household, directly or indirectly.
When consumers exercise the right to delete, organizations are required to comply within 45 days, but there are CCPA data deletion exceptions. If data is not going to be deleted, the consumer must be informed without unreasonable delay and no later than 45 days after the request has been received. This timescale does not apply to data contained in archive or backup systems. The deletion of personal data stored in an archive or backup can be delayed until the next time the archive or backup is accessed or used.
When a data deletion request is received, an organization must take reasonable steps to verify that the request to delete data has been sent by the individual about whom the data relates. All personal data must then be deleted; however, there are 9 CCPA data deletion exceptions.
CCPA Data Deletion Exceptions
Businesses are not required by law to delete data that is required to perform 9 specific activities:
Data does not need to be deleted if it is required to complete the transaction for which the data was collected or to provide goods or services that have been requested by the consumer. Data does not need to be deleted if it is “reasonably anticipated within the context of a business’s ongoing business relationship with the consumer, or otherwise perform a contract between the business and the consumer.”
If personal data, such as data contained in server logs, is needed to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity to allow prosecution of the persons responsible for those activities, it should not be deleted.
If personal data is needed to debug or identify and repair errors that impair existing functionality.
While the CCPA helps protect the privacy of consumers, it is secondary to free speech. Personal data does not need to be deleted in order to allow the exercise of free speech, and to ensure the right of another consumer to exercise his or her right of free speech, or to exercise another right provided for by law.
Personal data does not need to be deleted if it is required to ensure compliance with the California Electronic Communications Privacy Act (CalECPA).
Personal data is excepted from deletion if it is required to comply with other legal obligations, such as data retention laws.
Research Conducted in the Public Interest
Personal information of consumers that is used for research conducted in the public interest does not need to be deleted. This includes personal data that is collected and maintained for peer-reviewed, scientific, historical, or statistical research in the public interest if deletion of the data would seriously impair the achievement of the research, provided the consumer has previously provided informed consent for their personal data to be used for research.
Expected Internal Uses
Data is exempt from detection requests if it is required to enable solely internal uses reasonably aligned with the expectations of the consumer based on the consumer’s relationship with the business.
Other Internal Uses
Personal data does not need to be deleted if it is required for other internal uses which, in a lawful manner, are compatible with the context in which the consumer provided their personal data.
Enforcement of CCPA Compliance
The California Attorney General is tasked with enforcing compliance with CCPA and has the authority to issue financial penalties for noncompliance up to $2,500 per violation or $7,500 for an intentional violation. Californian consumers are permitted to take legal action against organizations over data breaches and can claim damages between $100 and $750 per data breach.
In this post we explain the CCPA requirements for businesses and the most important elements of the California Consumer Privacy Act.
What Businesses Must Comply with CCPA?
Unlike the EU’s General Data Protection regulation (GDPR), which applies to all businesses that collect or process the data of EU residents, CCPA only applies to for-profit businesses that meet certain criteria. Any business that meets one or more of the criteria below is required to comply with CCPA.
- Has annual revenues of more than $25 million
- Collects information on 50,000 or more California households or residents each year
- Earns 50% or more of its annual revenue from the sale of the consumer data of California residents
These requirements may be updated or expanded to include a wider range of companies. Make sure you keep up to date with any changes to CCPA if you collect or process the data of U.S consumers.
It is not just companies with a base in California that are required to comply with CCPA. Any company that does business in California or collects or processes the data of California residents is required to comply with CCPA.
What are the CCPA Consumer Rights
CCPA was introduced to give California residents greater control over their personal data.
Consumer rights under CCPA include:
- Right to know what personal data is being collected
- Right to know what personal data is held by a company
- Right to know how personal data is being used by a company
- Restriction of the use and sale of personal data of minors (under 13) without parental consent
- Restriction of the use and sale of personal data of minors (13-16) without direct consent
- Right to delete all personal data held by a company
- Right to opt-out of having personal data sold
- Right to non-discrimination, in terms of price or services, if CCPA rights are exercised
- Right to take legal action against companies for privacy violations and the failure to honor CCPA rights
- Requests from consumers must be confirmed within 10 days and honored within 45 days
Key CCPA Requirements for Businesses
- Businesses must ensure consumers are notified about the collection of their personal data before data is collected and consumers should be given the option of opting out of the collection of their data or the sale of their data. Personal data should only be collected for specific and legitimate purposes.
- Maintain procedures to respond to requests from consumers to access their data, delete their data, and opt out of the sale of their personal information. Procedures must also be developed and maintained relating to the collection and use of the personal information of minors.
- Businesses must offer consumers two methods for consumers to request data and arrange to have their data deleted. One method that is mandatory is a toll-free telephone number. If a business primarily operates online, a web-based method should be offered.
- Any member of staff that handles consumer data must be trained on the requirements of CCPA. Oversight of compliance must be delegated to an individual or team.
- Business must verify the identity of the consumer prior to providing their data or deleting data after a request is received from a consumer.
- CCPA does not go as far as GDPR in terms of data security requirements for businesses. CCPA does not stipulate the security measures that must be implemented to protect consumer data, but it does require businesses to have adequate protections in place to safeguard consumer data, including measures to prevent unauthorized data access. Bear in mind that penalties can be imposed for data breaches and consumers can take legal action over the exposure of their data if the company holding that data has been negligent. Consumer lawsuits can require payment of up to $750 per consumer in the event of a CCPA violation and it is not necessary to provide proof of harm. A large data breach could therefore prove very costly.
How TitanHQ Can Help with CCPA Compliance
TitanHQ offers three solutions that can help with CCPA compliance. SpamTitan Email Security, WebTitan DNS Filtering, and ArcTitan Email Archiving.
- SpamTitan is a powerful email security solution that provides industry leading protection against spam and the leading causes of data breaches – phishing attacks and malware infections.
- WebTitan is a DNS filtering solution that provides an additional level of protection against phishing attacks and malware. WebTitan blocks attempts by network users to access malicious websites such as those used for phishing or malware delivery, thus helping to prevent the exposure of consumer data.
- ArcTitan is an email archiving solution that helps businesses keep email data protected, meet email retention requirements, and quickly find and recover emails when dealing with customer complaints, demonstrating compliance, and for finding and deleting the data of consumers if a request to have data deleted is received.
A new strain of the Ursnif banking Trojan has been identified and the actors to blame for the latest campaign have implemented a new tactic to spread the malware more quickly.
The Ursnif banking Trojan is one of the most often witnessed Trojans. As is the case with other banking Trojans, the purpose of the Ursnif Trojan is to take away credentials such as logins to banking websites, corporate bank details, and credit card information. The stolen credentials are then used to complete financial transactions. It is not unusual for accounts to be drained prior to the transactions being discovered, by which time the funds have cleared, have been withdrawn, and the criminal’s account has been closed. Recovering the stolen funds may not be impossible.
Infection will result in the malware stealing a wide range of sensitive data, capturing credentials as they are typed into the browser. The Ursnif banking Trojan also captures screenshots of the infected device and logs keystrokes. All of that information is silently shared to the hacker’s C2 server.
Banking Trojans can be put in place in a number of ways. They are often installed onto websites where they are downloaded in drive-by attacks. Traffic is sent d to the malicious websites using malvertising campaigns or spam emails contacting hyperlinks. Legitimate websites are compromised using brute force methods, and kits installed on the sites that attack people who have failed to keep their software up to date. In a lot of, software is shared using spam email, hidden in attachments.
Spam email has previously been used to share the Ursnif banking Trojan, and the most recent campaign is no different in that regard. However, the latest campaign uses a new tactic to increase the chance of infection and spread infections more quickly and widely. Financial institutions have been the main target of this banking Trojan, but with this most recent attack method they are far more widespread.
Infection will see the user’s contact list scanned and spear phishing emails sent to each of the user’s contacts. Since the spear phishing emails come from a trusted email account, the chances of the emails being opened is significantly heightened. Simply opening the email will not lead to infection. For that to take place, the recipient must click on the email attachment. Again, since it has come from a trusted person, that is more probably.
The actors to blame for this latest Ursnif banking Trojan campaign have another trick to increase trust and ensure their payload is sent. The spear phishing emails contain message threads from past communications. The email looks like a response to a previous email, and include details of past communications.
A short line of text is included as a attempt to get the recipient to open the email attachment – a Word document including a malicious macro. That macro needs to be authorized to run – if macros have not been set to run automatically, but it will not until the Word document is shut. When the macro is enabled, it initiates PowerShell commands that download the Ursnif Trojan, which then starts logging activity on the infected device and sends further spear phishing emails to the new victim’s contacts.
This is not an original tactic, but it is new to Ursnif – and it is likely to see infections spread much more swiftly. Additionally, the malware incorporates a number of additional tactics to hamper detection, allowing information to be stolen and bank accounts emptied before infection is discovered – the Trojan even erases itself once it has run.
Malware is always changing, and new tactics are constantly created to increase the likelihood of infection. The most recent campaign shows just how important it is to block email threats before they reach end users’ inboxes.
If you use an advanced spam filter like SpamTitan, malicious emails can be blocked to prevent them from reaching end user’s inboxes, greatly reducing the danger posed by malware infections.
There is a cheaper option that Cisco OpenDNS that provides total protection against web-based threats. If you are currently using OpenDNS or have yet to configure a web filtering solution, you can find out about this powerful web filtering solution in a December 5, 2018 webinar.
Cybersecurity solutions can be implemented to secure the network perimeter, but employees often are careless online that can lead to costly data breaches. The online activities of employees can easily lead to in malware, ransomware, and viruses being installed. Staff may also respond to malicious adverts (malvertising) or visit phishing websites where they are relieved of their login details.
Addressing malware infections, solving ransomware attacks, and resolving phishing-related breaches have a negative impact on the business and the resultant data breaches can be incredibly expensive. Due to this, the threat from web-based attacks cannot be disregarded.
Luckily, there is an easy solution that offers protection against web-based threats by carefully managing the web content that their employees can access: A DNS-based web filter.
DNS-based web filtering requires no hardware acquisitions and no software installations. Within around 5 minutes, a business will be able to control employee internet access and block web-based dangers. Some DNS-based web filters such as OpenDNS can be costly, but there is a more cost-effective alternative to Cisco OpenDNS.
TitanHQ and Celestix Networks will be conducting a joint webinar to introduce an alternative to Cisco OpenDNS – The WebTitan-powered solution, Celestix WebFilter Cloud.
Celestix will be implemented by Rocco Donnino, TitanHQ EVP of Strategic Alliances, and Senior Sales Engineer, Derek Higgins who will outline how the DNS-based filtering technology offers total protection from web-based dangers at a fraction of the cost of OpenDNS.
The webinar is at 10:00 AM US Pacific Time on Wednesday December 5, 2018.