Cyber threat actors are conducting increasingly sophisticated attacks on businesses of all sizes. Defending against these threats requires a comprehensive suite of cybersecurity solutions that provide overlapping layers of protection, which are constantly updated in response to threat actors’ changing tactics, techniques, and procedures. TitanHQ has developed a package of AI-driven cybersecurity solutions that work seamlessly with each other and provide protection against email and web-based attacks and data loss.
SMBs, enterprises, and managed service providers (MSPs) can easily take advantage of the TitanSecure bundle of products that include AI-driven threat intelligence and advanced email security through SpamTitan, DNS-based web filtering with WebTitan, data loss protection with ArcTitan email archiving, and comprehensive security awareness training and phishing simulations with the SafeTitan platform.
Updates Released for TitanHQ Solutions
In July, TitanHQ announced upgrades to three of its solutions – SafeTitan, WebTitan, and SpamTitan to improve usability and efficiency.
SafeTitan Security Awareness Training and Phishing Simulation Platform
In early July, a new feature was added to the SafeTitan platform to improve usability for MSPs and eliminate the complexity of creating ongoing phishing simulation campaigns for their clients. The new Auto Campaigns feature allows MSPs to automate the delivery of phishing simulation campaigns for their clients by creating annual campaigns, which significantly reduces the time and resources required for planning and management of cybersecurity initiatives, helping to improve efficiency and profitability. The new feature allows a set of campaigns to be created for customers in just a few minutes and automate those campaigns to ensure they are delivered continuously throughout the year.
WebTitan DNS Filter
TitanHQ has also released WebTitan 5.03, which is now being rolled out to all existing customers. The latest update includes several new features that have been requested by users to improve usability and operational efficiency. The update includes a new summary report page, an improved layout for the custom block page, several bug fixes, and the following new features:
- Customization of the Global Default policy on the MSP level – Allows a custom default policy when creating a customer account.
- Customization of the Default Policy on the Customer level.
- Inherit the Allowed & Blocked Domains from the Customer Default Policy.
- Blocking of a top-level domain (TLD) on a customer policy and global domains.
SpamTitan Email Security
TitanHQ is just finalizing version 9.01 of SpamTitan email security solution, which is now due for imminent release. The latest version of the award-winning email security solution includes several requested features to improve usability for MSPs. Some of the new features with the 9.01 release include:
- Availability of history/quarantine for MSPs allowing MSPs to act on customer emails at the MSP level.
- Pattern Filtering for MSPs – Simplification of the administration of SpamTitan allowing customers to be secured from one place.
- Link Lock Inheritance – Link lock is inherited from the MSP level, so MSPs no longer need to drill down into individual domains to make changes.
- Simplified Mail View – Improved user experience and easier email analysis.
- ‘Other Products’ option – Makes it easier for MSPs to offer multiple TitanHQ solutions to their customers.
There is growing evidence that cybercriminals are leveraging AI chatbots for nefarious purposes such as phishing. AI chatbots such as ChatGPT are capable of generating content that is grammatically correct, and free of spelling mistakes, and they are capable of generating convincing content for social engineering and phishing. AI-generated phishing and social engineering content can be very difficult to identify as malicious, as the emails lack many of the tell-tale signs of a phishing email. While AI chatbots certainly have the potential to change the phishing landscape, that is not the only way that cybercriminals are using AI chatbots for phishing.
Chatbots such as ChatGPT have proven incredibly popular, and many companies have rushed to release their own AI chatbots. With multiple chatbots available and high demand for these tools, phishers have been taking advantage and have been creating websites offering fake AI chatbots. These websites claim that their AI chatbot is even more advanced than ChatGPT and can be used by anyone to get rich quick or can be used by businesses for handling customer service inquiries, eliminating the need for expensive human labor.
Links to these websites are sent out in phishing emails that promote these new tools. If the link is clicked, the user is directed to a website where they are asked to register and disclose sensitive information or download a chatbot app. The latter includes Trojan malware that provides the attacker with access to the victim’s device, spyware or a keylogger that can steal personal information and credentials, or other forms of malware.
AI chatbots are incredibly expensive to develop and train, with analysts estimating that the cost of training these AI tools is at least $4 million, and the running costs of ChatGPT have been estimated to be around $700,000 per day. AI chatbots are also attracting a lot of media attention, so the release of a new chatbot, especially one that is better than ChatGPT, is unlikely to fly under the radar. If you receive an email offering a new AI chatbot, it likely is a scam.
You could perform a check of the website to see when it is registered, see if there is any contact information on the site, or do a quick Google search to see if there has been any news coverage. The best thing to do, however, is to simply delete the email or report it to your security team. If you want to use an AI chatbot, use one of the reputable chatbots such as ChatGPT, Microsoft’s Bing, or Google’s Bard.
Cybercriminals can use other methods to drive traffic to their malicious websites, including malicious Google Ads. There has been an increase in ‘malvertising’ for malware delivery and phishing in recent months, where malicious ads are used to drive traffic to attacker-controlled websites. While these adverts are often rapidly identified and taken down by Google, they do not have to be active for long to drive huge amounts of traffic to malicious websites. Businesses can protect against these attacks by using a web filter such as WebTitan. For consumers, the same advice applies as to phishing. Be very cautious and if there is an offer that seems too good to be true, it is most likely a scam.
Due to the popularity of AI chatbots, businesses should consider adding chatbot-related lures to their phishing simulations to see how many employees click these links. This is easy to do with the SafeTitan security awareness training and phishing simulation platform. Any employee that clicks the link in the email will be automatically provided with training content relevant to that threat. By providing intervention training, the next time a similar email is received, employees will be more likely to recognize the scam and avoid it. For more information on SafeTitan, give the TitanHQ team a call.
Several new malware campaigns have been identified recently that are being used to deliver a range of malicious payloads, including malware downloaders, information stealers, remote access Trojans (RATs), backdoors, and ransomware. These threats are delivered through a range of attack vectors, including email, SMS messages, and even over the telephone.
An as-of-yet-unknown malicious actor has been conducting a phishing campaign that distributes PureCrypter malware as the first stage of an attack that involves other malicious payloads. PureCrypter is an advanced, fully featured malware downloader that was first identified in March 2021 and is now being provided to threat groups under the malware-as-a-service model. The operator rents out access to other threat actors to allow them to deliver a range of malicious payloads, the majority of which are information stealers and RATs.
The latest campaign, identified by researchers at Menlo Security, primarily targets government entities in North America and the Asia Pacific region. The attacks start with a malicious email that includes a Discord app URL. If the link is clicked, a password-protected ZIP archive is downloaded from Discord, containing an executable file that delivers the PureCrypter downloader.
While the payloads change, the latest campaign is being used to deliver AgentTesla malware, which is hosted on a legitimate but compromised domain belonging to a non-profit organization. AgentTesla is an advanced backdoor that can steal passwords from browsers, the content of the clipboard, log keystrokes, and perform screen captures. That information is then exfiltrated to a command-and-control server located in Pakistan. PureCrypter has also been used to deliver the RedLine information stealer, the Blackmoon banking Trojan, and Eternity and Philadelphia ransomware.
Email campaigns distributing malware and links to phishing URLs are still common, but threat actors have branched out and are using a range of other methods for distributing malware and stealing credentials. SMS-based phishing campaigns have been soaring as threat actors take advantage of poor protections against SMS-based phishing attacks, and telephone-orientated attack delivery (TOAD) attacks are growing at an incredible rate.
TOAD attacks usually see initial contact made via email, yet the emails contain no malicious content or malware. They have a plausible call to action and provide a telephone number for the recipient to call to resolve a pressing problem. These emails can be very difficult for email security solutions to identify as they contain no malicious content. The phone lines are manned by the threat actor, oftentimes from call centers in India, and the telephone operators convince victims to download a malicious file, which provides the attacker with remote access to their device. The malicious files are typically remote access software or malware downloaders such as BazarLoader, which like PureCrypter, are used to deliver a range of malicious payloads, especially ransomware.
With such a variety of threats to defend against, and the difficulty of identifying these threats using standard cybersecurity solutions, security awareness training has never been more important. Employees need to be made aware of these threats and be trained how to recognize them.
If you want to improve your defenses against increasingly sophisticated attacks targeting employees, give the TitanHQ team a call to find out more about how the SafeTitan security awareness training platform can be leveraged to greatly improve your security posture by addressing the human vulnerabilities that threat actors are so often exploiting.
An SMS phishing attack on Zendesk employees has allowed access to be gained to sensitive customer data. The data breach highlights the importance of implementing a defense-in-depth approach to security that includes multiple layers of protection against all forms of phishing.
Phishing is most commonly conducted via email; however, improvements in email security solutions have made it harder for malicious actors to get their emails delivered to inboxes. Advanced email security solutions such as SpamTitan incorporate many layers of protection, including machine-learning algorithms to predict novel phishing attacks. Advanced malware protection prevents the delivery of malicious files, combining signature-based antivirus engines with behavioral detection through sandboxing, and the solution also scans emails for malicious links and blocks those messages.
Over the past couple of years, there has been an increase in other forms of phishing that take advantage of the paucity of protection against malicious messages sent via the SMS network and instant messaging platforms and the lack of protection against voice phishing. Businesses typically lack technical defenses against these forms of phishing, which allows employees to be reached more easily.
SMS phishing – or smishing as it is commonly known – involves malicious SMS messages, typically including a link to a malicious website where credentials are harvested. This type of phishing is employed by many different threat actors, including a threat group known as 0ktapus. In 2022, the group conducted a campaign targeting more than 130 companies, including Twilio and Cloudflare. An analysis of the campaign revealed the group had successfully compromised at least 9,930 accounts at more than 130 organizations. That campaign saw credentials stolen as well as multi-factor authentication codes.
While it is currently unclear which threat actor was behind the attack on the customer service software provider Zendesk, the phishing attack was conducted via SMS messages. Zendesk has yet to make an official announcement, but the cryptocurrency trading firm Coinigy said it has been notified by Zendesk about the data breach and said it was informed that several Zendesk employee accounts were compromised, in what Coinigy said was “a sophisticated SMS phishing campaign”. Those accounts contained unstructured data from a logging platform from September to October 2022. Other cryptocurrency platforms appear to have also been affected.
SMS phishing takes advantage of a common hole in businesses’ security defenses that is difficult to address with technical solutions. The best defense against these attacks is security awareness training for employees. This is an area where TitanHQ can help. TitanHQ offers businesses a comprehensive security awareness training platform called SafeTitan, which provides training on all aspects of cybersecurity and phishing, including email phishing, SMS phishing, and voice phishing. The platform provides training in short modules of no more than 10 minutes, with the training content gamified to improve knowledge retention and make it enjoyable. Training courses can easily be developed and automated to provide constant training to employees, teaching them the signs of phishing and other malicious attacks and training them on how to respond when threats are encountered.
With phishing attacks becoming more sophisticated and taking many forms, it has never been more important for businesses to ensure that they have appropriate defenses in place, which should include spam filtering, web filtering, and security awareness training, all of which are provided by TitanHQ.
In recent years there has been a shift from classroom-based to online security awareness training. Although some of the shift is attributable to the social distancing requirements of the COVID-19 pandemic, it is noticeable that many organizations have not returned to classroom environments to deliver security awareness training having witnessed the benefits of providing training online.
This article discusses seven benefits of online security awareness training. Not all will apply to every organization, while other organizations may find more than seven benefits. If you would like to find out more about how online security awareness training could benefit your organization, do not hesitate to get in touch to request a free demo of SafeTitan´s security awareness training platform.
1. Online Training is Easier to Organize
Organizing large groups of employees to be in a classroom at the same time can be an administrative nightmare. Who is late? Who is absent? Who needs to leave early to attend a meeting? Who needs more training than time is available to provide? With online training, system administrators can remotely send training modules to each employee for them to complete in their own time.
2. The Completion of Training is Quantifiable
The completion of each module is recorded via a simple acknowledgement or the modules can have a quiz attached to them for employees to answer. This enables system administrators to see not only who has completed each training module, but also how much of the information has been absorbed in order to assess whether more training is required and on what subject(s).
3. Online Security Awareness Training Can be More Specialized
While it is not impossible to provide specialized security awareness training in a classroom environment, online security awareness training can be delivered by group or department according to their roles and any unique threats they may encounter. This may be particularly relevant for employees working in finance or with escalated administrator privileges.
4. Online Training Can Reach Remote Workforces
With classroom training, workforces in satellite offices or in the field may have to take considerably more time away from producing for the organization to attend training. Alternatively, organizations may have to send trainers and training materials out to remote workforces. Online security awareness training overcomes these issues by standardizing training across the whole workforce.
5. Micro-Training has Higher Retention Rates
It is difficult to find unbiased sources that prove online training has higher retention rates than classroom training; however, there is evidence to suggest that micro-training – which is only realistically providable via online training – is more effective for information retention due to the average adult having a maximum attention span of around twenty minutes.
6. Online Training Supports Greater Interaction
Interaction with the content of any security awareness training can help trainees better understand the content of the training, put it into context, and apply it in their daily roles. Due to the nature of online security awareness training, there are more opportunities for interactive training via (for example) videos, quizzes, and simulated phishing tests.
7. The Success of Online Training is Measurable
Online training platforms such as SafeTitan include enterprise level reporting that demonstrate behavioral change and how this has improved organizational security. From these metrics, it is possible to calculate a monetary return for the investment in online security awareness training and facilitate informed decisions about security moving forward.
As mentioned previously, if you would like to know more about SafeTitan online security awareness training, do not hesitate to get in touch.
There is little doubt that the volume of phishing attacks is increasing and that phishing attacks are becoming more sophisticated. To counter the threat from phishing, many organizations are implementing phishing awareness solutions. However, some phishing awareness solutions fail to reduce the susceptibility of users in real-life scenarios.
The reason for some phishing awareness solutions failing to reduce the susceptibility of users in real life scenarios is that the solutions are provided with a library of phishing scenarios that does not reflect the organization´s operations or that are easy to spot as phishing simulations due to being delivered to an email address the apparent sender of the email would not be aware of.
For example, if an organization does not use Microsoft365, a simulated phishing email alerting a user that their Microsoft365 password is about to expire is going to easily be identified by the user as a test. Similarly, a simulated phishing email advising a user of unusual activity on their personal social media account is not going to be treated as genuine if sent to a corporate email address.
Limited Templates Can Result in a False Sense of Security
The other issue with phishing awareness solutions with fixed libraries of phishing scenarios is that, if an organization only uses the phishing templates appropriate for the organization´s operations, the organization has less scenarios to choose from, and the likelihood increases that users will recognize simulated phishing emails as a test, because they have seen the simulations before.
When simulated phishing emails are easy to spot or the same tests are used repeatedly, employees score highly in phishing susceptibility tests – giving organizations a false sense of security that their “last line of defense” is stronger than it actually is. Consequently, phishing awareness solutions with fixed libraries could actually exacerbate the threat of phishing rather than help prevent it.
Many Solutions Also Overlook the Threat from Inside
An often overlooked threat from phishing exists when an external bad actor takes remote control of an employee´s corporate email account. Once in the control of an external bad actor, the corporate email account can be used to conduct spear phishing or business email compromise attacks on selected members of the workforce or to phish the entire workforce into revealing credentials.
However, despite the potential seriousness of the threat from inside, many phishing awareness solutions do not account for this possibility in phishing simulations. Therefore, any phishing awareness solution deployed by an organization not only has to be customizable to reflect the organization´s operations, but also to account for the possible threat from inside.
Customizable Phishing Awareness Solutions from SafeTitan
SafeTitan is an enterprise-scale security awareness training and phishing simulation platform within the TitanHQ portfolio of cybersecurity solutions. The phishing simulator includes more than 1,800 customizable templates for conducting real-life phishing tests on employee, with automatically generated training content delivered immediately if a user falls for a simulated phish.
With regards to the “threat from inside”, SafeTitan´s enables organizations to change the sender email address to a corporate email account with a simple modification to the SPF record, and every user interaction is recorded so that system administrators can identify repeat offenders, specific weaknesses, and high-risk departments to direct training where it is needed.
To find out more about SafeTitan´s customizable phishing awareness solutions, do not hesitate to get in touch to discuss your requirements with one of our security experts. Alternatively, you are invited to book a demo of SafeTitan in action to see how SafeTitan security awareness training can help protect your users and your organization from email-borne threats.