TitanHQ News

Spam Emails Spreading Squirrelwaffle Malware Loader

 

Squirrelwaffle, a new strain of malware that is being distributed using spam email messages, has been discovered in the last six weeks.

The disabling of the Emotet botnet last January 2021 created a vacuum within the malware-as-a-service market, a gap that a number of malware strains have attempted to take advantage of. Squirrelwaffle boasts similar capabilities to the Emotoet banking malware. Squirrelwaffle allows threat actors to gain a foothold in networks, which the operators of the malware can abuse. However, the access is being sold to other cybercriminals.

A review of this campaign has indicated that it is being leveraged to download Qakbot and Cobalt Strike. However, there is nothing to suggest that these are the only two malware strains that are being delivered by this malware. The Squirrelwaffle emails feature a hyperlink to a malicious website which is used to download a .zip file that includes either a .doc or .xls file. The Office files contain a malicious script that will install the Squirrelwaffle payload.

The Word documents implement the DocuSign signing service to trick recipients into enabling macros, stating that the document was set up with an older version of Microsoft Office Word so the user must “enable editing” then click “enable content” to access the contents of the file. Doing so will run code that will install and execute a Visual Basic script, which downloads the Squirrelwaffle payload from one of 5 hardcoded URLs. Squirrelwaffle is sent as a DLL which is then executed when downloaded and then silently places Qakbot or Cobalt Strike on the device/network, which will allow constant access to compromised devices.

As happened with the Emotet Trojan, Squirrelwaffle can take over message threads and insert malware. As replies to authentic messages are sent from a legitimate email account, a reply to the message is more likely. This attack method was very successful for the Emotet Trojan. In most cases, the attacks take place in English; however, security experts have discovered emails in different languages such as French, German, Dutch, and Polish.

Due to the similarities with Emotet, it is likely that those responsible for the deactivated botnet are trying to make a comeback. However, it is possible that this is an attempt by unrelated threat actors to fill the market vacuum that was created when Emotet was taken down. At present, the malware is not being distributed to the same extent that Emotet was but that may change in the near future. 

The best way to protect devices and servers from an attack like this is to configure email security measures to block the malspam at source and see to it that the malicious messages do not land in inboxes. It is important to implement a spam filtering solution that also scans outbound emails to identify compromised devices and stop attacks on other employees and business contacts from corporate email accounts.

Lots of Awards for TitanHQ at Expert Insights Annual Awards

TitanHQ’s products have ranked No1 in their respective categories by Expert Insights for the Fall 2021 Best-of Cybersecurity Awards.

This means that TitanHQ has now completed a clean sweep and headed the list for Best Email Security Gateway, Best Web Security Solution, and Best Email Archiving Solution for Business for two years running. Additionally the Best Email Security Solution for Office 365 category was won by SpamTitan.

Ronan Kavanagh, TitanHQ CEO commented on the achievement saying: “TitanHQ are proud to have received continued recognition for all three of our advanced cybersecurity solutions. As the threat landscape continues to be a significant risk to organizations across the globe, we are dedicated to continuous innovation to provide consistent, secure, and reliable protection to our customers”. The annual awards aim to award the best cybersecurity and their solutions, with the winners chosen after taking into account industry recognition, customer feedback, and research conducted by its editorial team and independent technical specialists.

Expert Insights is a recognized online cybersecurity publication and industry analyst that has technical and editorial teams in both the United States and United Kingdom. The publication covers cybersecurity and cloud-based technologies, and its website is used by more than 80,000 business owners, IT admins, and others each month to research B2B solutions. Expert Insights produces editorial buyers’ guides, blog posts, conducts interviews, and publishes industry analyses and technical product reviews from industry experts.

SpamTitan Email Security and WebTitan Web Security were both recognized for their powerful threat protection, and along with ArcTitan Email Archiving, were praised for ease-of-use, cost-effectiveness, and industry-leading technical and customer support.

The high standard of threat protection, simplicity-of-use, and competitive pricing of the solutions are just some of the factors that make TitanHQ the leading provider of cloud-based security products solutions for managed service providers currently on the SMB market. These factors have resulted in the TitanHQ product range being marked as the gold standard for SMBs looking to enhance security and make compliance easier.

Email Retention Legislation in the U.S.

Email retention legislation in the U.S. requires companies to maintain copies of emails for many years. There are federal laws that apply to all companies, data retention laws for specific industries, and a swathe of email retention laws in the United States at the individual state level. Ensuring compliance with all the proper email retention laws in the United States is vital. Noncompliance can prove incredibly expensive and multi-million-dollar fines await any company found to have breached federal, industry, or state regulations.

Certain types of data must be retained by U.S companies in case the information is required by the courts, and that includes email. eDiscovery requests often require massive volumes of data to be provided for use in lawsuits and the failure to provide the data can land a company in serious trouble. Not only are heavy fines issued if data cannot be produced in eDiscovery, companies  can face criminal proceedings if certain data has been erased.

For decades, U.S companies have been required to store documents by law. Document retention laws are included in numerous legislative acts such as the Civil Rights Act of 1964, the Executive Order 11246 of 1965, the Freedom of Information Act of 1967, the Occupational Safety and Health Act of 1970, and the Reform and Control Act of 1986, and data retention laws in the United States were updated a dozen years ago to expand the definition of documents to include electronic communications such as emails and email attachments.

To enhance awareness of the many different email retention laws in the United States, a summary has been included below. Please remember that this is for information purposes only and does not constitute legal advice. For legal counsel on data retention laws in the United States, we recommend you get in touch with your legal representatives and industry and federal electronic data and email retention legislation in the United States are periodically updated.

As you can see from the list below, there are several federal and industry-specific email retention legislative acts in the United States. These laws apply to emails that are sent and received, and include internal as well as external emails.

Federal Email Retention Legislation in the U.S.

Email retention legislation Who it is applicable to How long emails must be kept
IRS Regulations All companies 7 Years
Freedom of Information Act (FOIA) Federal, state, and local agencies 3 Years
Sarbanes Oxley Act (SOX) All public companies 7 Years
Department of Defense (DOD) Regulations DOD contractors 3 Years
Federal Communications Commission (FCC) Regulations Telecommunications companies 2 Years
Federal Deposit Insurance Corporation (FDIC) Regulations Banks 5 Years
Food and Drug Administration (FDA) Regulations Pharmaceutical firms, food manufacturers, food storage and distribution firms, manufacturers of biological products Minimum of 5 years rising to 35 years
Gramm-Leach-Bliley Act Banks and Financial Institutions 7 Years
Health Insurance Portability and Accountability Act (HIPAA) Healthcare groups (Healthcare providers, health insurers, healthcare clearinghouses and business associates of covered bodies) 7 Years
Payment Card Industry Data Security Standard (PCI DSS) Credit card businesses and credit card processing groups 1 Year
Securities and Exchange Commission (SEC) Regulations Investment banks, investment advisors, brokers, dealers, insurance agents & securities companies Minimum of 7 years up to a lifetime

Email retention legislation in the United States at the state level has not been included in this article. You should seek legal advice about any state-level laws. You should must also consider legislation in other countries where you do business. If you deal with individuals in Europe, or they can access your website, you will need to comply with the General Data Protection Regulation (GDPR) email requirements.

Storing emails for a few years is not likely to take up masses of storage for a small company with a few of members of staff; however, the more employees a company has, the greater the need for extensive resources just to store emails. The average size of a business email may only be 10KB, but multiply that by 123 – the average number of emails sent and received each day by an average company employee (Radicati email statistics report 2015-2019), by 365 days each year, and by the number of years that those emails need to be maintained, and the storage requirements become massive.

If any emails ever need to be obtained, it is vital that an email archive or backup can be searched. In the case of standard backups, that is likely to be an incredibly long process. Backups were not created to be searched and finding the right backup alone can be almost impossible, let alone finding all emails sent to, or received from, a specific company or person. Backups have their uses, but they are not suitable for companies for email retention purposes.

For that, an email archive is necessary. Email archives contain structured email data that can easily be reviewed and searched. If ever an eDiscovery request is received, finding all email correspondence is a quick and simple task. Since many email archives are cloud based, they also do not require large and expensive op-premises storage resources. Emails are stored in the cloud, with the space provided by the service supplier.

ArcTitan is a cost-effective, quick and easy-to-manage email archiving solution supplied by TitanHQ that meets the needs of all businesses and enables them to adhere with all email retention laws in the United States.

ArcTitan includes a variety of security protections to ensure stored data is kept 100% secure and confidential, with email data encrypted in transit and storage, replicated and backed up to ensure constant availability. As opposed to many email archiving solutions, ArcTitan is fast. The solution can process 200 emails per second from your email server and archived emails can be retrieved instantly though a a browser or Outlook plugin. Emails can be archived from any location, whether in the office or on the go via a laptop or tablet. There are no restrictions on storage space or the number of users and the solution can be scaled up to meet the needs of companies of all sizes.

To find out more about ArcTitan, get in touch with the TitanHQ team today.

Frequently Asked Questions (FAQs)

How does email archiving work?

Email archiving involves sending an exact copy of a message outside the email system for long term storage. The messages are usually deduplicated and compressed to save on storage space and are indexed prior to archiving to ensure the archive can be rapidly searched. Email archiving solutions typically have end-to-end encryption to ensure messages cannot be intercepted and the emails are maintained in a tamper-proof repository and can be quickly retrieved on demand.

Is email archiving necessary?

Emails must be retained for compliance and need to be produced quickly for audits and e-discovery. Email recovery is far faster with an email archive. Most businesses have important data stored in email accounts that is stored nowhere else. That data is at risk if it is not sent to an archive. In the event of a ransomware attack that also encrypts backups, email data could be lost forever or cost millions to recover. The regulatory fines for loss of email data can be astronomical. Data loss is not possible with an email archive.

Is email archiving expensive?

Email archiving in the cloud is a low-cost solution that allows businesses to retain a tamper-proof copy of all messages to meet compliance requirements and for disaster recovery. An email archive saves on mail server storage space, which will increase performance. When you factor in productivity improvements and the reduced time producing emails to resolve customer complaints, for audits, and E-discovery requests, an email archive is money well spent.

Is email archiving the same as backing up email?

Email archiving and backing up email are not the same. Backups are intended for short term email storage for disaster recovery purposes. Entire mailboxes can quickly be restored from a backup if a mailbox is corrupted, deleted, or encrypted with ransomware. An email archive is a long-term email storage solution. In contrast to a backup, an archive can be rapidly searched allowing individual emails to be quickly found and recovered.

How much space can be saved with an email archive?

The amount of space saved by implementing an email archiving solution will vary from business to business, but typically businesses can reduce storage space by up to 80% by implementing an email archive and further, if emails ever need to be recovered, the archive can be rapidly searched, and emails retrieved in seconds.

Tackling Phishing Scams in 2021

 

There was a huge surge in phishing campaigns conducted during 2021, most companies are now very familiar with them and the danger(s) that they pose. Due to this is it now more important than ever to be aware how to tackle this type of attack head on.

This type of attack typically begins with an email being sent to your inbox which appears 100% authentic and includes a request for you to complete an action urgently.  While you probably think that you would be adept at spotting a ploy such as this, every day three billion spoofing emails are transmitted so there is every chance that if you are not tricked, someone in your organization make take the bait and click a link that will lead to a lot of pain for your group.

To assist you in your fight against spamming, we have put together a number of measures you can introduce at your organization.

Investigate How the Sender is Aware of You

All a phisher will do is sometimes launch a campaign where millions of spoof emails are broadcast pretending to be genuine well-known and reputable companies. They know that companies that operate on a global basis will have millions of customers so there is an excellent chance that the message will reach the inboxes of some actual clients. Always treat the message with suspicion even if it is from a company that you have an existing business relationship with.

Check for Spyware

It is important to check for spyware if you are finding yourself in receipt of a large number of spoof emails that appear to be sent from companies whose web portals you use a lot. If this is the case it is likely that one of your devices has been infiltrated with spyware which is recording your web traffic. This can be managed with a strong endpoint security application or spyware cleaner to make your device safe again.

Review the Email Address that is Contacting You

Even if a phishing email includes everything to make the message appear authentic such as a company logo/image and corporate header, you should pay very close attention to the sending email. Phishing emails are normally uncovered by the sending name and sending email address being completely different from each other. 

Check for Standard Phishing Email Claims

These include: 

  • Someone contacts you to confirm some personal information in relation to an account you hold.
  • You are made aware of suspicious activity on an account that you hold and asked to complete an action like visiting a link to change your password.
  • You are informed that you are entitled to claim a tax refund or government subsidy
  • An email from “IT Department” or “Help Desk”  asking you to complete an action.

Tackling Phishing Emails

Using a strong security solution like SpamTitan will prevent phishing, ransomware, and malware variants attacks while also safeguarding all financial accounts using multi-factor authentication.  

Having this in place will prevent your details from ever being exposed. It is important for companies to recognise the danger posed by cyberattacks and take steps, like configuring SpamTitan, in order to address it. 

Contact TitanHQ as soon as you can in order to find out more about how SpamTitan Email Security helps you tackle phishing attacks.

 

Supply Chain Targeted by Hackers

Supply Chain Targeted by Hackers

As cybercriminals look for more new targets that might bear them some profit it appears that they have now shifted some focus towards infiltrating supply chains.

These attacks occur when hacking groups manage to infiltrate servers and components that companies will likely buy from third party suppliers. IT departments would presume that new equipment has not been infiltrated and happily install it onto their networks. This type of attack is now increasing, particularly evident within state-sponsored campaigns that may make it easier for cybercriminals to gain access during the production process. 

Igt will come as no surprise that, due to lower costs, the majority of technology components are manufactured in China. These components are then ordered by the manufacturer and they are instructed how to add them to their own equipment. The manufacturing/purchaser configures these components to build their systems locally before sending them on to the final destination. This means that all #malicious components inserted into hardware design will, more than likely, not be detected.

There is a small chance that some groups will carry out penetration tests on new equipment installed into their infrastructure. However, the vast majority of IT professionals will take it for granted that a brand new system will not feature weak points once it is set up and all software remains updated. Sadly there is a possibility that an opening could have been created for cybercriminals to target, allowing private data to be accessed. 

Occasionally, new equipment will transmit a signal to alert cybercriminals that malicious components are now operational. Once this is sent it is possible that a hacker could access data, review the network, remove data to a third-party server, download passwords, or configure more malware on other equipment. In more complex attacks, the malicious equipment could allow a state-sponsored threat actor remote management of the local system.

Anything configured on your network should be dealt with carefully until it’s validated and tested. Most system managers conduct tests on new hardware to see to it that there are no bugs or defects so that performance is at an optimal level. It is now just as important to review this hardware for any possible security issues.

Penetration testing should be completed in order to guarantee that there is no chance of malicious activity taking place after the system becomes operational. Any company installing hardware from third parties can mitigate risk by mapping the supply chain carefully. System penetration testing should also be completed to uncover unusual traffic patterns and activity on the local network. Backdoors might be present in order to transmit data back to the cybercriminals. 

As the targeting of supply chains becomes more prevalent companies will have to increase their testing efforts to ensure the new hardware is safe before it is made operational within a system. TitanHQ can safeguard supply chains from cybercriminal-led.

Contact the TitanHQ team now to discover more about the cybersecurity solutions like email filtering that can be added to your company’s security suite. 

 

Cyberloafing Costs Revealed in New Study

A study published in the Journal of Psychosocial Research on Cyberspace has highlighted the cost of cyberloafing to businesses. Cyberloafing has a massive impact on productivity, yet it is all too common. The cyberloafing costs for businesses are considerable and employees who partake in cyberloafing can seriously damage their career trajectory.

Employers are paying their employees to carry out work duties, yet a huge amount of time is lost to cyberloafing. Cyberloafing dramatically cuts productivity and gobbles up company profits. The study was carried out on 273 employees and cyberloafing was measured along with the characteristics that led to the behavior.

The study indicated a correlation exists between dark personality traits such as psychopathy, Machiavellianism and narcissism, but also suggested that employees are wasting huge amounts of time simply because they can do so. The sites most commonly viewed were not social media sites, but news websites and retail sites for online shopping.

In a perfect world, employees would be able to complete their duties and allocate some time each day to personal Internet use without any reduction in productivity. Some employees do just that and curb personal Internet use and do not let it impact their work duties. However, for many employees, cyberfloafing is an issue and huge losses are suffered by employers.

A report on cyberloafing published by Salary.com indicated 69% of employees waste time at work every day, with 64% visiting non-work related webs pages. Out of those workers, 39% said they wasted up to an hour on the Internet at work, 29% wasted 1-2 hours, and 32% wasted over two hours a day.

Cyberloafing can have a huge impact in company profits. A company with 100 workers, each of whom spend an hour daily on personal Internet use, would see productivity losses of in excess of 25,000 man-hours annually.

Productivity losses caused by cyberloafing are not the only problem – or cost. When employees use the Internet for personal reasons, their actions slow down the network resulting in slower Internet speeds for all. Personal Internet use increases the chance of malware and viruses being introduced, which can cause further productivity losses. The cost of addressing those infections can be huge.

What Can Employers do to Reduce Cyberloafing Costs?

First of all, it is vital that the workforce is educated on company policies relating to personal Internet use. Advising the staff about what is an acceptable level of personal Internet use and what is considered unacceptable behavior ensures everyone is aware of the rules. They must also be told about the personal consequences of cyberloafing.

The Journal of Psychosocial Research on Cyberspace study says, “a worker’s perceived ability to take advantage of an employer is a key part of cyberloafing.” By improving monitoring and making it clear that personal Internet use is being recorded, it acts as a good deterrent. When personal Internet use reaches problem levels there should be repercussions for the employees involved.

If there are no sanctions for employees that break the rules and company policies are not enforced, little is likely to change. Action could be taken against the workers concerned through standard disciplinary procedures such as verbal and written warnings. Controls could be implemented to curb Internet activity – such as blocks applied for certain websites – social media sites/news sites for example – when employees are wasting too much time online. Those blocks could be temporary or even time-based, only permitting personal Internet use during breaks or at times when workloads are usually low.

WebTitan – An Easy Solution to Cut Productivity Losses and Curb Cyberloafing

Such controls are simple to apply using WebTitan. WebTitan is an Internet filter for SMBs and enterprises that can be deployed in order to reclaim lost productivity and block access to web content that is unacceptable in the workplace.

WebTitan allows administrators to apply Internet controls for individual employees, user groups, or the entire company, with the ability to apply time-based web filtering controls as appropriate.

Stopping all employees from logging onto the Internet for personal reasons may not be the best way forward, as that could have a negative impact on morale which can similarly impact productivity. However, some controls can certainly help employers reduce productivity losses. Internet filtering can also reduce the risk of lawsuits as a result of illegal activity on the network and blocking adult content in the workplace and can help to stop the development of a hostile work environment.

If you would like to increase productivity and start enforcing Internet usage policies in your company, contact TitanHQ today. WebTitan is available on a free trial to test the solution in your own environment before making a decision about a purchase.