TitanHQ Wins Expert Insights’ Awards for Email Security, Web Security and Email Archiving

TitanHQ’s powerful, yet easy to use cybersecurity solutions have been recognized at this year’s Expert Insights’ Best-Of” Awards and have been named winners in their respective categories.

Expert Insights helps organizations make the right cybersecurity decisions with confidence by providing helpful guides, expert advice, and tailored solutions. The Expert Insights’ website receives more than 40,0000 business visitors a month looking for insights into cybersecurity solutions when researching the best products to buy.

Each year, the editorial team at Expert Insights evaluates the leading cybersecurity solutions on the market based on market position, product features, the protection provided, ease of use, and how they are rated by verified users of the products. The team includes technology experts with decades of experience in the cybersecurity industry who select the top product across a wide range of categories.

TitanHQ is thrilled to announce that the ArcTitan email archiving solution, the SpamTitan email security solution, and the WebTitan web filtering solution have all been named winners of Experts Insights’ 2021 Best-Of Awards in the Email Archiving, Email Security Gateway, and Web Security categories.

“2020 was an unprecedented year of cybersecurity challenges, with a rapid rise in remote working causing a massive acceleration in cybercrime,” said Expert Insights CEO and Founder Craig MacAlpine. “Expert Insights’ Best-Of awards are designed to recognize innovative cybersecurity providers like TitanHQ that have developed powerful solutions to keep businesses safe against increasingly sophisticated cybercrime.”

All three solutions are consistently rated highly by Managed Service Providers, enterprise users, and SMB users, and are praised for their ease of implementation, ease of use, effectiveness, and price. The products often attract 5-star reviews from verified users of the Expert Insights’ website, as well as on G2 Crowd, Capterra, Google Reviews, and GetApp.

The products are offered to customers by more than 2,500 MSPs and over 8,500 businesses in 150 countries have adopted the award-winning solutions.

“The recent pandemic and the growth of remote working initiatives have further highlighted the need for multiple layers of cybersecurity and our award-winning solutions form key pillars in this security strategy,” said Ronan Kavanagh, CEO, TitanHQ. “We will continue to innovate and provide solutions that MSPs can use to deliver a consistent, secure and reliable experience to their customers.”

 

How to Prevent CLOP Ransomware Attacks

Since it first emerged on the scene, CLOP Ransomware the number of attacks it has been deployed in have been constantly increasing, with a major increase being experienced during October 2020.

Since that spike in the deployment of CLOP ransomware there have been many different incidents witnessed on large organizations that have been accompanied with huge ransom demands – in one particular incident a attack on Software AG came with a ransom demand issued for $20m.

Similar to many other attacks conducted by ransomware groups , the CLOP ransomware gang steals data before encrypting files. If victims have an authentic backup and try to retrieve their encrypted files without handing over the ransom requested, the group will release stolen data on the darkweb making it available to other hacking operations. The media are made aware of the data dumps, and the following coverage can lead to businesses suffering serious reputational harm. In recent months there have been many class action lawsuits reported after ransomware attacks where stolen data has been leaked over the Internet.

CLOP ransomware is thought to have been conducted by a ransomware group called FIN11, which is an off shoot of a prolific Russian cybercriminal called TA505. FIN11 has focused on many different sectors, although recently production, health and retail have been concentrated on. When attacks are launched on groups and businesses in these sectors, the losses from downtime can be significant, which increases the chances of victims handing over the ransom.

Many ransomware groups have focused on flaws in Remote Desktop Protocol, VPN solutions, and weaknesses in software and operating systems to obtain they access they need to internal networks to place ransomware. However, the first attack vector in CLOP ransomware attacks (and also many other ransomware strains) is spam email. Large scale spam campaigns are carried out, often focusing on certain industry sectors or geographical locations. These are called “spray and pray” campaigns. The hope is to obtain access to as many networks as possible. The ransomware gang can then select which businesses are worthwhile attacking with ransomware.

Once CLOP ransomware is downloaded, detection can be tricky as the threat group has programmed the ransomware to turn off antivirus software such as Microsoft Security Essentials and Windows Defender. The trick to preventing attacks is to stop the first infection, which means stopping the spam emails from reaching inboxes where they can be opened by staff.

Preventing the attacks can be done by using advanced spam filtering solution with robust antivirus protections. SpamTitan, for example, uses dual antivirus engines to catch known malware strains and sandboxing to spot dangerous files including previously unknown malware, ransomware, or malicious scripts. Machine learning processes are also used to spot new threats in real time.

The spam emails used in these campaigns try to steal details such Office 365 logins and passwords or get users to install malware downloaders. Extra protection against this phase of the attack can be supplied by a web filter such as WebTitan. WebTitan prevents the phishing component of these attacks by stopping these malicious URLs from being accessed by employees, as well as preventing downloads of malware from the Internet.

Employee training is also crucial for helping employees spot phishing emails and multi-factor authentication should be turned on to spot stolen details from being used to access email accounts and cloud apps.

If you want to enhance your security measure in the face of ransomware, malware and phishing campaigns, call the TitanHQ team now for a SpamTitan and WebTitan free trial.

Businesses Faced Twice as Many Phishing Attacks During 2020

During the COVID-19 pandemic there have been many new possible attack vectors for hackers to target due to the changes required of workplaces in the face of national lockdowns.

This resulted in a more spread out, remotely-based workforce. Reacting to this hackers increased their phishing attacks to try and steal log on details for email accounts, VPNs, and remote access solutions.

The rise cybercriminal campaigns  was recently shown by the Anti-Phishing Working Group which has been putting together data on phishing attacks from its member groups during 2020. Its most recent report shows phishing attacks grew to more that twice that experienced during 2020, peaking in October 2020 when previous records were broken. In October, 225,304 new phishing sites were detected, compared with under 100,000 during January 2020. During the time period from August to December 2020, over 200,000 new phishing sites were discovered every month.

Links to these phishing portals are shared in large scale phishing campaigns and the majority of the messages arrive in inboxes where they are then clicked on. The pandemic resulted in it being much more simple for hackers to successfully target those seeking details about COVID-19. As the year went on COVID-19 themed lures were deployed masking as information about COVID-19 relief payments for businesses, offers of early vaccines, small business loans, tax deadline extensions, and other similar campaigns.

Hackers often create compromised websites for hosting their phishing forms, but it is now much more typical for the hackers to purchase their own domains that are tailored for each phishing campaign. These lookalike domains can easily trick people into thinking they are on a genuine site website.

Hackers have also been deploying encryption to mask their phishing URLs and fool employees. Hosting phishing URLs on HTTPS sites can trick staff into thinking the web content is authentic, and many security solutions do not review encrypted content which makes the URLs tricky to spot and block. In Q4, 2020, 84% of phishing URLs used SSL encryption.

The rise in deployment of SSL encryption is a worry, as many people mistakenly believe that a URL beginning with HTTPS is secure when that is not so. SSL inspection means the link between the browser and the website is secure, which means users are safeguarded against the interception of sensitive information, but a hacker may own or control that website. The secure connection just means other hackers will not be able to intercept login credentials as they are entered on a phishing web portal.

The issue for companies has been how to address these attacks as they increase in number and complexity. Many companies have previously depended on Office 365 anti-spam protections for preventing spam and phishing threats, but large amounts of these malicious emails are broadcast to Office 365 inboxes. When that happens and a malicious link is visited, they have no way of stopping employees from disclosing sensitive data.

One method that businesses can better safeguard their databases from these phishing attacks is by putting in place a web filtering solution that features SSL inspection. WebTitan has the ability to decrypt websites, review the content, and then re-encrypt which means hacking portals websites are not hidden and can be identified and prevented.

WebTitan also uses a range of threat intelligent feeds to see to it that once a phishing URL is discovered, all WebTitan users will be instantly protected. WebTitan makes sure that protection is in place from emerging phishing URLs and zero-minute attacks. When linked with an advanced spam filtering solution like SpamTitan to prevent phishing emails at source and ensure they do not land in inboxes, companies will be well secured from phishing attacks.

Ransomware Attacks Unlikely to Fall Off during 2021

The business world has been hit very hard during 2020 due to the COVID19 pandemic, resulting in massive complications as most try to simple stay alive as a competitive entity. Complicating this even further has been the increase in ransomware attacks as cybercriminals sough to use the pandemic as leverage in their bid to steal money from anywhere possible.

Ransomware is not a new phenomenon and was first witnessed inflicting damage during the early 2000s in order to steal money from individuals and companies. It became more widespread during the 2010s and it s now the biggest cyber threat for businesses.

According to data from Kroll, during the third quarter of 2020, ransomware attacks grew by 40% with around 200 million attacks taking place during that time. Additionally a recent H1 2020 Cyber Insurance Claims Report released by Coalition states that 87% of all cyber-related insurance claims are filed due to ransomware attacks.

Another trend is that the hackers are seeking larger amounts of money in order to release the data that they are encrypting according to a report from Coveware, a firm that assists companies recovering from ransomware attacks. It says that ransom demands grew by 200% during Q4, 2019 and repeating this growth during 2020.

Ransomware gangs have created a previously unseen tactic of stealing data prior to encrypting files in order to use double extortion tactics. So even if a company pays to recover data, victims still have to hand over money to stop the public sharing of their stolen data. The healthcare industry was hit particularly hard by during the last 12 months as Healthcare systems and hospitals had to deal with fighting the pandemic at  the same time as a huge increase in attacks on hospitals was registered.

The pandemic has given ransomware gangs new chance to carrying out campaign to target remote workers with new database vulnerabilities identified to exploit. COVID-19 has also been targeted using lures that share ransomware, first saying that they have new advice on the new virus, then possible cures, and latterly vaccine linked lures.

The huge rise  in attacks at the back end of 2020 indicates that they will continue to rise during 2021, and there is nothing to suggest otherwise. These types of attack are likely to persist as long as they continue to be profitable so companies must take care to do everything possible to prevent all attacks.

Some of the most crucial measure to implement include:

  • Configure a proven spam filter with the strongest protection against malware and ransomware. Make sure it uses signature-based detection to block known ransomware variants and sandboxing to identify new ransomware strains.
  • See to it patches are applied at once and software is updated quickly to the most recent version.
  • Show your employees how to spot ransomware and malware emails and conduct general security training.
  • Configure a web filtering solution to prevent access to risky and malicious websites to stop installations of ransomware.
  • Insist on the creation of strong passwords to obstruct brute force attacks.
  • Turn on multi-factor authentication wherever it is available.

Detection

If you can spot unauthorized accessing of your databases as it occurs , you may be able to prevent an attack before ransomware is installed. Most hackers spend time moving laterally to identify as many devices as possible before deploying an attack and they will try to find and steal data, which allows you a window to detect and block the attack. You should configure a monitoring system in place that launches alerts when suspicious activity is spotted and, ideally, one that can automatically remediate attacks when they are discovered. Many attacks take place at the weekend and public holidays when monitoring by IT teams is likely to be at a lower level so think about the mechanisms you have in place when staffing levels are minimal.

Remediation

You may not be able to prevent an attack, but you can ready your team(s) and restrict the damage inflicted. First and foremost, create a backup of your data. Store the backup is stored in a location that cannot be accessed from the network where the data is held, store a copy of a backup on a non-networked device, and ensure backups are carried out regularly and are checked to make sure data can be rescued.

You should also set up a disaster recovery plan that can go live as soon as an attack takes place to ensure your company can go on working until the attack is addressed.

How to Tackle Vishing and Smishing Attacks

Hacker use many tactics to steal details that they then use to remotely log onto corporate accounts, cloud services, and obtain access to business databases. Phishing is the most witnessed method, which is most commonly carried out over email.

Hackers design emails using a range of tricks to fool the recipient into visiting a malicious website where they must hand over credentials that are recorded and used by the hackers to remotely access the accounts.

Companies are now realizing the advantages of configuring an advanced spam filtering solution to prevent these phishing emails at source and ensure they do not land in inboxes. Advanced anti-spam and anti-phishing solutions will prevent practically all phishing attacks, so if you have yet to put in place such a solution or you are depending on Microsoft Office 365 protections, we urge you to get in touch and give SpamTitan a trial.

Phishing is not only carried out using email. Rather than using email to share the hook, many threat collectives use SMS or instant messaging services and increasing numbers of phishing campaigns are now being managed by telephone and these types of phishing attack are harder to prevent.

When phishing takes place via SMS messages it is known as Smishing. Instead of email, an SMS message is shared with a link that users are instructed to visit. Instant messaging platforms like WhatsApp are also used. A range of lures are in play, but it is typical for security alerts to be shared that warn the recipient about a fraudulent transaction or other security threat that depends on them them logging in to their account.

In December 2019, the U.S. Federal Bureau of Investigation (FBI) discovered a campaign where hackers were carrying out phishing campaigns using telephones – called vishing. Since then, the number of instances of vishing attacks has grown, leading to the FBI and the Cybersecurity and Infrastructure Security Agency to release a joint alert in the summer about a campaign aiming for remote workers. This month, the FBI has released another alert following a spike in vishing attacks on companies.

Hackers often target users with high levels of privileges, but not always. There has been an increasing trend for hackers to target every credential, so all users are in danger. Once one set of details is captured, efforts focus on elevating privileges and reconnaissance is carried out identify targets in the company with the level of permissions they need – I.e. permissions to perform email updates.

The hackers make VoIP calls to workers and convince them to view a webpage where they need to login. In one attack, a staff member of the firm was identified in the company’s chatroom, and was contacted and convinced to login to their group’s VPN on a fake VPN page. Credentials were obtained and used to carry outer connaissance.

How to Deal with Smishing and Vishing

Dealing with these types of phishing attacks requires a range of processes. As opposed to email phishing, these threats cannot be easily stopped at source. It is therefore crucial to cover these threats in security awareness training classes as well as warning about the dangers of email phishing.

A web filtering solution is ideal for preventing attempts to visit the malicious domains where the phishing pages are hosted. Web filters such as WebTitan can be used to manage the websites that staff members can access on their company phones and mobile devices and will supply protection no matter where an employee uses the Internet.

It is also crucial to configure multi-factor authentication to stop any stolen credentials from being implemented by hackers to remotely log on to accounts. The FBI also advises allowing network using the rule of least privilege: ensuring users are only allowed access to the resources they need for work projects. The FBI also advises regularly scanning and auditing user access rights allocated and reviewing any amendments in permissions.

Private Data Stolen from Within PDF Files Using Code Injection Technique

A new form of hacking has been discover that allows cybercriminals to carry out cross-site scripting attacks from within PDF files.

PDF files have been a favouritContact ,dfgn.df/gm.df,gmdf,.gm./,dfmg./d,fgmdf,./gmdf,./gmdf/.gmdf,./mgdf,./mg,.df/mg,e tool of hackers for some time in order to run for phishing attacks and distribute malware. In a lot of cases emails are shared using PDF file attachments that include hyperlinks to malicious websites. By placing these URLs into the files rather instead of the body of the email message, it is more difficult got harder for security solutions to spot those malicious links.

This more recent for of hacking also includes the used of PDF files, but instead of tricking employees into handing over their login details or visiting a malicious website where malware is downloaded, the hackers attempt to obtain sensitive information included in PDF files.

The technique is similar to those deployed by hackers in web application attacks. Cross-site scripting attacks – or XXS attacks for short – normally involve injecting malicious scripts into authentic websites and applications. When a user views a website or a hacked application, the script runs. The scripts give the hackers access to user information such as cookies, session tokens, and sensitive data saved in browsers, such as passwords. Since the website or application is genuine, the web browser will not identify the script as malicious. These attacks are possible in websites and web applications where user input is used to create output without correctly validating or encoding it.

A similar technique has been shown to also work within PDF files and is used to inject code and record data. This is completed by taking advantage of escape characters such as parentheses, which are often used to accept user input. If the input is not validated correctly, hackers can place malicious URLs or JavaScript code into the PDF files. Even injecting a malicious URL can be enough to record data in the document and exfiltrate it to the attacker-controlled website, as was shown at the Black Hat online conference this month.

What sort of data could be stolen in such an attack? A massive amount of sensitive data is included in PDF files. PDF files are used extensively for reports, statements, logs, e-tickets, receipts, boarding passes, and a lot more. PDF files may include passport numbers, driver’s license numbers, bank account data, and a variety of other sensitive data. The presenters at the conference said that they discovered some of the largest libraries of PDF files globally were sensitive to XXS attacks.

In the most part, the flaws in PDF files that allow XXS attacks are not due to the PDF files themselves, but incorrect coding. If PDF libraries fail to properly parse code of escape characters and allow unprotected formats, they will be susceptible. Luckily, Adobe made available an update on December 9 which stops this type of security vulnerability from being targets, although firms that create PDF files must update their software and apply the update to be secured.

This is just one method way that malicious attachments can be leveraged to steal sensitive data. As was referred to earlier, malicious macros are often added to office documents, executable files are added as attachments to emails and pretend to be as legitimate files, and malicious code can be injected into a variety of different file types.

One of the best ways to secure your network from attacks via email using malicious attachments is to use an advanced email security solution that can spot not just known malware but also never-before-seen malicious code. This is an area that is a speciality of SpamTitan Email Security. SpamTitan uses dual anti-virus engines (Bitdefender/ClamAV) to block recognized malware threats and sandboxing to spot malicious code that has been placed in email attachments. Files are put through rigorous analysis in the security of the sandbox and are checked for any malicious intent.

Contact the TitanHQ to to discover more about making your organization safe from malicious emails and malware.