Infrastructure Takedown Hinders TrickBot Phishing Campaigns

The majority of modern businesses have put in place a hybrid workforce model, where employees can carry out their duties whether based in the office or working from home. This working model is ideal for msot companies due to the flexibility it provides.

Recent research produced by Gartner has revealed that, since the beginning of the coronavirus pandemic, 88% of companies made remote working mandatory. This quicke shift from an office-based to remote workforce caused major issues for IT departments, but it has allowed business to continue to operate as close to normal as possible. There have been productivity issues and technical obstacles to overcome. Most importantly workers are able to remain in touch and collaborate by implementing online using chat platforms, videoconferencing, and the telephone and some companies have even recorded enhances productivity levels using these communication methods.

Due to the increase in the number of methods being used for collaborating and maintaining contact, remote working has resulted in companies and their staff being dependent on email to a much greater extent. This higher reliance on email means it is now crucial to make sure that emails can be accessed come what may, even if email servers are compromised that would see work come to a halt.

The majority of companies use emails to hold vital information and much of the data in emails is not held in any other location. A report from from IDC states that approximately 60% of business-critical data resides in emails and email attachments and that was before the pandemic took hold.

There is a lot of legislation and regulations governing business data, including at the federal, state, and industry level. There are set stated times required for specific types of data, regardless of where the data is held. If the information is stored in emails, then that information must be safeguarded protected and secured against accidental or deliberate deletion until the retention period is ended.

Backups of emails can be carried out to meet certain regulations, but there are issues when it comes to retrieving emails. Locating emails in backups can be a time-consuming task that can take days or weeks. Even locating the appropriate backup media can be a major issues before you can search for emails within it.

The best method for ensuring privacy, security, and meet compliance obligation and ensure that emails and attachments never go missing is to configure an email archiving service. Email archives are established for long term data storage. Email archives can be simply searched, so when emails need to be located and retrieved, the task takes seconds or minutes. A tamper-proof record of all emails is retained for compliance purposes and to protect against data loss and ensure business continuity in the event of something unwelcome happening.

Most companies have configured an on-premises email archive, but this is far from ideal in a world where almost all staff members are working remotely. After the pandemic is ended, many staff member will go back to the office, but remote working looks set to remain. The ideal option is therefore to use an email archiving solution that perfectly suits the remote working or hybrid working system.

Cloud-based email archives centralize disparate email servers and hold all emails safely in the cloud where they can be quickly and simply retrieved by any authorized individual, from any location. As many companies now use cloud-based email, sending emails to a cloud-based archive makes more sense than using on-site archives. Sending emails to the archive and recovering emails will be far faster from a cloud service to a cloud service.

If you have an on-site email archive, moving to a cloud-based service can save time and money. There is no need to manage hardware, perform software updates, and the archive is automatically backed up to see to it that emails can always be retrieved and storage space will never be an issue due to the scalability of the cloud based solution.

10 Reasons Why Archiving Email Is Important for Your Business

Any possibility of losing email would be detrimental to the workings of a modern company. The vast majority of the information held in old emails is, typically, not saved elsewhere so losing emails due to a technology issues or having it stolen/locked by a hackers is not a desirable course of events.

Along with the inconvenience of business interruption there are also regulatory issues to take into account as you could be fined if a breach takes place. in addition to this email may be need in the event of an official investigation and not maintaining them on your databases could result in a costly mistake to make. Even though the majority of companies complete backups in order to be prepared for a disaster, there can be issues with this solution. These backups are not searchable in the same way that archives are. The best solution for backing up you emails is to establish a relaiable archives. here we have listed the 10 reasons for doign this.

10 Reasons Why Businesses Should Archive Emails

  1. Stopping Data Loss: Emails are placed in your archive for long term, safe storage. Emails can be easily retrieved from here should an employee accidentally accidentally remove something important from their inbox.
  2. Mail Server Performance: As emails make up so much of the correspondence that your company handles they place a massive strain on email servers. Moving a lot of email to the archive will release this pressure and can result in servers that are working better.
  3. Litigation and eDiscovery: In the event of a lawsuit, you are likely to be required to produce emails related to the case and you will only have a short period of time in which to respond. Finding emails in PST files and backups can be an extraordinarily time-consuming process, and you may have to search through several years of email data to find all the emails you need. You must also ensure that the messages are original and have not been altered in any way. An email archive makes responding to eDiscovery requests and finding and producing emails a quick and simple process.
  4. Less work for IT Departs: If employees delete or lose important emails, the IT support desk will be the point of call for addressing this. Placing emails in an archive eliminates email storage issues and makes the work that they have to do much easier, especially if staff members can access their own email archives.
  5. Recovery during Disaster: Email data can easily be lost if there is an issue with hardware or the theft of a device. When emails are moved to the archive they can be swiftly and simply retrieved.
  6. Regulatory Compliance: An email archive assists with all regulatory compliance tasks. Data can be categorized and retention periods can be created with emails automatically erased when the legal retention period is ended.
  7. Data Access and Right to be Forgotten Requests: The General Data Protection Regulation (GDPR) and other laws allow people the right to have access to all data that a company holds on them. If a request for access to personal data is registered, the data must be produced promptly. An email archive allows you to quickly review for email data and process right-of-access and right-to-be-forgotten requests.
  8. Internal Audits: An email archive makes the internal review process quick and simple and negates the need to include the IT department.
  9. Business Continuity: No matter what happens you can simply access old emails with the advanced search capability of an email archiving solution, you will be able to ensure business can continue as you always were.
  10. Addressing Costs: Looking for lost emails, managing email servers, answering eDiscovery requests, and producing email data for audits can take a massive amount of time. An email archive will cut the amount of time that needs to be dedicated to these issues and allow you avoid unnecessary expense.

Solution: Use ArcTitan

ArcTitan is a strong, safe, cloud-based email archiving solution provided by TitanHQ that means emails will never be lost. Quick searches can be completed when you need to find old emails, with emails sent to the archive automatically at a rate of 200 emails a second with searches of 30 million emails taking less than one single second. There are no restrictions on storage space, no onsite hardware needed and you only pay for the number of active mailboxes. Companies that use ArcTitan normally save up to 80% of email storage space.

 

CISA Issues Alert Regarding Rise in LokiBot Malware Attacks

The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has released a public warning in relation to a marked rise in LokiBot malware activity was recorded in the two months.

Also known as Lokibot, Loki PWS, and Loki-bot, LokiBot initially came to the fore during 2015. it is a complex data stealer, used to obtain credentials and other protected data from victim devices. The malware attacks Windows and Android operating systems and uses a keylogger to spy on usernames and passwords and monitors browser and desktop actions. LokiBot can capture log in credentials from a range of different applications and data sources such as Safari, Chrome, and Firefox web browsers, along with log in details for email accounts, FTP and sFTP clients.

The malware can also record other important data and cryptocurrency wallets and can set up backdoors in infiltrated devices to permit ongoing access, allowing the operators of the malware to deliver additional malicious downloads.

The malware is able to establish a connection with its Command and Control Server and steals data using HyperText Transfer Protocol. The malware has been captured employing a process where it places itself in authentic Windows processes such as vbc.exe to avoid being discovered. The malware can also create a duplicate of itself, which is saved to a hidden file and directory on an infiltrated device.

The malware may be quite simple but that has made it an useful tool for a wide range of cybercriminals and it is being deployed is used in a wide variety of data compromise use attacks.  Since July, CISA’s EINSTEIN Intrusion Detection System tracked a huge spike in LokiBot activity.

LokiBot is typically deployed with a malicious attachment; however, since July, the malware has been distributed shared in a range of different fashions, including links to websites hosting the malware being transmitted via SMS and using text messaging software.

Data stealers have been en vogue since the beginning of the COVID-19 pandemic, particularly LokiBot. In order to tackle attacks like this your group should use a strong e-security solution like SpamTitan and WebTitan

SpamTitan is a robust security solution that attacks phishing emails at source, stopping dangerous messages from landing in mailboxes. WebTitan is a DNS filtering package that is used to manage the web pages that can be accessed on wired and wireless networks, restricting access to web pages that are deployed for phishing and malware delivery.

WebTitan and SpamTitan can be used as part of a free TitanHQ trial.

Phishers Using Fake GDPR Compliance Reminders for CyberAttacks

A GDPR-related smap campaign has been identified that involves phishers send out false fake GDPR compliance reminders as they attempt to trick unsuspecting recipients into handing over log in credentials.

This campaign was initially identified by the cybersecurity group Area 1 Security researchers. They detailed how an attack involves phishers sharing an alert notification to a distribution list of companies emails that they possibly purchased from a vendor on the black market.

An Area One representative stated: “The attacker lures targets under the pretense that their email security is not GDPR compliant and requires immediate action. For many who are not versed in GDPR regulations, this phish could be merely taken as more red tape to contend with rather than being identified as a malicious message.”

They went one: “On the second day of the campaign the attacker began inserting SMTP HELO commands to tell receiving email servers that the phishing message originated from the target company’s domain, when in fact it came from an entirely different origin. This is a common tactic used by malicious actors to spoof legitimate domains and easily bypass legacy email security solutions.”

If one of the recipients was to visit the website included in the email they would be brought to a web page loaded to malware and phishing lures. This website would steal their log in credentials and allow access to their company email address. After this email addresses can be leveraged to share the campaign further within that company, resulting in even more cyber crime. The phishing website is hosted on a compromised, outdated WordPress webpage.

Another characteristic of this type of campaign is that the URL has a degree of personalization as as the email address of the recipient (target) is auto-completed in a HTML form on the malicious webpage. In addition to this the username field and the correct email field address (found in the URL’s “email” parameter) are also filled out. Such precision can presuade the recipients of the email think that the website they are viewing is genuine and result in them supplying log in details.

To prevent attacks like this you should install a cybersecurity solution like SpamTitan. SpamTitan is a powerful cybersecurity package that stop phishing emails at source, stopping dangerous messages from landing in mailboxes. WebTitan and SpamTitan can be used as part of a free trial of SpamTitan.

Higher Incidence of Exploit Kit Activity on Adult Ad Networks Reported

Malwarebytes has recently released a report that show a campaign is being carried out using the Fallout exploit kit to distribute Racoon Stealer using popular adult websites.

This cyber attack was made known to the ad network and the malicious advert was taken down. However, it was soon replaced with an advert bringing visitors to a site hosting the Rig exploit kit. Following this a separate campaign was discovered where another threat, renowned for targeting various adult ad networks. The malicious adverts were served via a wide range of different adult websites, including one of the most popular adult websites that boasts more than 1 billion page views monthly.

The threat actor had filed bids for users of Internet Explorer only, as the exploit kit included an exploit for an unpatched IE flaw. The flaw exploited were CVE-2019-0752 and CVE-2018-15982, the former is an IE vulnerability and the latter is a vulnerability in Adobe Flash Player. In this campaign, Smoke Loader malware was shared, along with Racoon Stealer and ZLoader.

For an exploit kit to be effective, a computer must have an unpatched flaw, an exploit for which must be included in the EK. Prompt patching is almost always one of the most effective methods for ensuring that these attacks are not successful. It is important to stop using Internet Explorer and Flash Player. Vulnerabilities in each are frequently attacked.

These campaigns can also be simply prevented by using a web filter. Unless your business is working in the adult entertainment sector, access to adult content on work devices should be prevented. A web filter permits your business to block access to all adult websites, and other categories of web content that employees should not be accessing in the office.

A cloud-based web filter such as WebTitan is cost effective option to address this that can safeguard against a web-borne attacks such as exploit kits and drive-by malware downloads, while also helping companies to improve productivity by stopping staff members from viewing websites that have no work purpose. Web filters can also reduce legal liability by preventing employees from participating in illegal online activities, such as copyright infringing file installations.

Once configured – a quick process – access to specific categories of website can be blocked with the click of a mouse and staff will be stopped from viewing websites known to host malware, phishing kits, and other potentially dangerous malicious websites.

For more details on WebTitan and protecting your company from web-based attacks contact TitanHQ now.

New Phishing Campaign Spoofs Security Awareness Training Company

A new spoofing campaign has been discovered that attacked businesses in a bid to steal their Microsoft Outlook credentials. The campaign is spoofing KnowBe4, a company that provides security awareness training for staff – Training that helps companies train their employees how to recognize a phishing attack.

The emails warn the recipient that the coming expiration of a security awareness training module is getting close. The recipient is informed that they only have one day left to finish the training. Three links are given in the email that look like, at face value, a genuine KnowBe4 URL; however, they bring the user to a phishing page on a compromised website where Outlook credentials and personal information are stolen using a realistic login page for the Outlook Web App.

Guidelines are given for conducting the training outside of the network, with the user instructed to supply their username and password before clicking the sign in button. Doing so, it is claimed, will bring the user to the training module. While the site to which the phishing email links is realistic, the giveaway sign that this is a scam is the domain. Many different URLs across a range of different sites have been used in this campaign, all of which are not linked to the security awareness training provider. However, busy employees may fail to check the URL before disclosing their details.

It is a brave move to spoof a cybersecurity company dedicated to phishing prevention; one that may trick staff into believing the email is genuine.  Any company can be spoofed in a phishing campaign. Just because the company provided services to tackle phishing does not mean that the email should not be subjected to the usual checks to prove its validity, which is something that should be emphasized in employee security awareness training modules.

Cofense, the group which reviewed the websites, report that the compromised sites have recently hosted a web shell that allowed the hackers to upload and edit files. The websites had been impacted since at least April 2020, unbeknown to the site owners. The phishing kit implemented in this campaign has been installed onto at least 30 different websites since the campaign commenced in mid-April.

Employees are sent hundreds of emails each week and spotting all phishing emails can be a complex task, especially when many phishing emails are realistic and are very similar to genuine emails that staff members are sent every day. Security awareness training is crucial, but it is also important to configure an advanced spam filtering solution that is capable of blocking virtually all (in excess of 99.9%) malicious emails.

With an advanced spam filtering solution like SpamTitan configured these emails can be stopped at source and will not be sent to end users’ inboxes, negating the danger posed.