Recent updates from the K-12 Cybersecurity Resource Center have revealed the number of cyberattacks that targeted US schools tripled during 2019 before accounting for 61% percent of all malware attacks during 2020 – according to Microsoft research. Now is the time for all educational bodies to enhance their cybersecurity measures. There is absolutely no doubt that school districts need to focus on cybersecurity efforts. Here we have listed 5 key characteristic robust K12 compliance security solutions.
- Apply Patches & Updates ASAP: All disruption to the annual school cycle is welcome, even more so after the intermittent lock downs that were caused by the COVID-19 pandemic. However, updates should not be postponed to try and avoid any down time. If software patches and updates are not applied as quickly as possible then bodies are running the risk of having known vulnerabilities targeted. IT staff need to create a process to conduct the update process using a device management system such as Group Policy or an MDM solution.
- Removing Legacy Technology: Schools have a habit, in order to make resources stretch as far as possible, to delay removing legacy tech from their network. While it is natural for teachers and administrators to distribute as many computing devices into the hands of students as they can, it can result in devices that are no longer supported (and therefore vulnerable) creating a vulnerability on the network. These devices should be removed no matter what.
- A Strong Security System: An education enterprise grade email security solution should measures to tackle spam, viruses, ransomware and embedded links to malicious websites while also preventing data leaks from educational bodies. SpamTitan can complete this as it features double antivirus protection as well as protection from zero-day attacks.
- Avoid Allocating Local Admin Rights: When students are assigned local admin privileges it creates a major vulnerability on the network in question. When a user downloads malware or other types of malicious code it obtains the rights and privileges of that user. Children could be tempted to install software and download games without thinking. While allotting local admin rights to all standard users makes it more straightforward for internal IT to deploy machines, it also makes it easier for hackers to distribute malware and viruses.
- Advanced Internet Filtering: All schools that are given e-Rate funding must configure some element of content filtering solution in place. As content filtering is no longer sufficient when it comes to Internet filtering there is also a requirement for an advanced DNS Security and DNS content filtering system such as WebTitan. The DNS Security system of WebTitan prevents students from viewing malicious web pages and internet based malware depositories. It checks for, and spots, malicious threats in real time and removes internet packets of malware and malicious code, in doing so maintaining the safety of the online learning process.
It is crucial that all educational institutions Wsee to it that they are kept safe from the ever increasing threat posed by cybercriminals. Configuring the above five elements to a K12 Security strategy will greatly assist in this happening. In order to keep your K12 body safe using a multi-layer security solution, contact the TitanHQ Security team now to find out how you can safeguard your group.
Businesses that permitted their employees to work from home during the pandemic faced challenges giving their workers to access internal networks remotely while maintaining security. Cybercriminals took advantage of vulnerabilities that were introduced and readily exploited weaknesses. Attacks on businesses increased and remote employees were the natural target. Throughout the pandemic, phishing and ransomware attacks were rife, with many businesses falling victim to attacks.
Now that restrictions have been eased, businesses have been able to open their offices once again, but many have now adopted a hybrid working model where employees continue to work from home at least some of the week. Businesses that have adopted this model need to now focus on cybersecurity strategies to combat phishing and ransomware attacks targeting their home workers.
A recent Osterman Research/TitanHQ survey of cybersecurity professionals revealed the challenges they faced during the pandemic and the extent to which their businesses were attacked. 85% of the 130 security professionals surveyed said they had experienced at least 1 security incident in the past 12 months, with phishing and ransomware perceived to be the biggest threats.
Even though IT professionals are well aware of the seriousness of the threat from phishing and ransomware attacks, only 37% of organizations surveyed rated their defenses as highly effective at combatting these threats. Security budgets had increased by an average of 28% from 2020 to 2021, yet defenses were still not up to the job.
When asked about the biggest threats their organization faced, the top three threats were email related. The biggest threat was business email compromise (BEC) attacks that trick low-level employees into divulging sensitive information, followed by phishing messages that result in malware infections and phishing emails that result in an account compromise.
Phishing emails are commonly used to deliver ransomware, either via the theft of credentials that give the attackers a foothold in the network or via the delivery of malware such as TrickBot, which is subsequently used to deliver ransomware.
The survey revealed many businesses are struggling to deal with phishing and ransomware threats, despite increases in security budgets. To help businesses improve their defenses against phishing and ransomware attacks, TitanHQ and Osterman Research will be hosting a webinar. During the webinar, attendees will learn about the advanced security threats uncovered by the in-depth survey, learn about the most effective mitigations against phishing and ransomware attacks, and will receive actionable information and best practices to reduce the risk of attacks succeeding.
How to Reduce the Risk of Phishing and Ransomware Attacks
Wednesday, June 30, 2021
7:00 p.m. to 8:00 p.m. BST / 2:00 p.m. to 3:00 p.m. EST / 11:00 a.m. to 12:00 p.m. PST
The webinar will be conducted by Michael Sampson, Senior Analyst at Osterman Research and Sean Morris, Chief Technology Officer at TitanHQ.
A recent survey of IT security professionals, conducted by TitanHQ along with Osterman Research, has indicated that businesses most commonly witness security incidents involving business email compromise (BEC) attacks.
This type of attack is when a hacker pretends to be a genuine contact or company to fool someone into completing a fraudulent financial transfer, shreare protected information or attempt to encrypt servers in order to demand a ransom for this to be removed.
These attacks can pretend to be a known company or else leverage a contact’s email that has already been infiltrated in a hacking attack. The other route of attack normally is as simple as altering the display name to make the recipient believe the email has been sent by a real contact, often the CEO, CFO, or a supplier.
Lookalike or similar domains are also deployed in BEC attacks. This is where the cybercriminal copoes the spoofed company’s email template or layout so that it seems perfectly real to the recipient.
BEC emails are expertly composed, most of the time, and aim to take advantage of an individual within an organization or a person in a specific position, more often than not the finance section of the organization. However, attacks have also been known to aim for the HR department, marketing department, IT department, and management.
In a lot of cases the hackers use the fact that the emails are quite realistic to engage with an employee in a stream of emails before asking for a money transfer or data swap to be completed. Even though this style of hacking attack is not as common as phishing attacks, the money stolen using it is much greater year on year.
There are a number of important steps to take to defend against these attacks:
- Raise awareness of the threat by conducting staff training sessions that teach individuals how to spot a BEC attack.
- Created policies and processes that state all email requests in relation to bank account details, payment methods, or make changes to direct deposit information for payroll to be verified by calling the known contact directly via the telephone number that you have on file.
- Implement a solid email security system.
A solid email security system mitigates the chance of human error leaving you vulnerable to BEC attacks. it will prevent all efforts hackers make to steal email credentials. If there are machine learning techniques then you will be protected from zero-day attacks and DMARC and sender policy framework (SPF) will identify emails from individuals not permitted to send messages from a particular domain.
Ideally you should use an email security system like SpamTitan. This solution used all of the aforementioned methods of securing your organization from BEC attacks. When this is used along with the correct staff training and administrative measures, your group will be properly kitted out to address the threat posed by BEC attacks.
If you would like to learn more about how SpamTitan secures your company, call the TitanHQ team as soon as you can.
There has been a surge in phishing since the beginning of the COVID-19 pandemic in early 2020 and there is no sign, or likelihood, that this wille ase off due to the massive profits that cybercriminals are making from these attacks. Hackers continues to devise new and more believable strategies in order to counter individuals and group becoming aware of their attack methods and cybersecurity measures are enhanced to takcle them. Recently, a sharp focus from hackers on the leverage of PDF files for phishing purposes has been noticed.
The use of files like this permits the use of rich-text information such as URLS, pictures, GIFs, and internal scripts linked to the file. In the most recent string of attacks, phishing campaigns incorporate PDF attachments that conduct a range of tactics to bring users to a malicious site as they try to harvest data. Here are five styles of PDF phishing attacks to look be aware of at present:
- File Sharing and Phishing: The majority of web users either a Google Drive account or a Microsoft OneDrive account. Access one of these will give hackers enough info and private data to. Cybercriminals implement the use of PDF files to make viewers hand over the private log on details which will allow them to infiltrated targeted victim accounts. The picture shows a prompt that will grant access a file that the user instinctively knows should click on within their cloud drive. However a phishing page appears when the user clicks the URL. This phishing page identical to OneDrive or Google Drive’s landing page, so users who do not see the actual domain name in their browser window will just hand over their username and password details. Once they do this the hacker will receive it and be able to access the cloud drive account.
- Fake CAPTCHA Redirects: A CAPTCHA is a recognized symbol for Internet users and therefore is a straightforward way to fool users into visiting a URL. This attack features the hacker placing an image of the common Google CAPTCHA interface within the sent email. Users recognize the image and choose “Continue” and expect to see the website that they are attempting to access. When the link is visited, the user is taken to a cybercriminal-controlled site where users must hand over their private information.
- Ecommerce Site Scams: The most recent PDF phishing attacks feature popular common ecommerce logos to trick users into thinking that clicks are genuine. Ecommerce portals often require private information and credit card data, so attackers can harvest products using the targeted victim’s data information. In some cases the PDF file might include the official Amazon logo and request users to visit the link to buy products. Rather that visiting Amazon in the user’s browser, a cybercriminal-controlled website pretending to be the legitimate portal asks users to authenticate. When users hand over details credentials, the cybercriminal gains their login information to access their ecommerce account.
- Play Buttons on Static Images: If there is a play button present on a picture it will, typically, be clicked on in order to play a video. A recent scam, targeting cryptocurrency traders and investors, gets PDF readers to open the file in the hop ethat they will click the link on the fake video image. Rather than playing a video, users are taken to a phishing website that asks them to hand over their credit card information for a dating portal.
- Using Popular Logos for Malicious Redirects: It is not difficult to prompt users to click links using recognizable logos. When hackers use a logo from a well-known brand, they can fool users into visiting the logo. With this attack, an image of a well-known brand is placed within the PDF file with the offer of a discount. It appears to be the same as a common brand sale, so it fools users into clicking on the image. After the user does so, a browser opens and targets a redirect site. The redirect site then shares an attacker-controlled phishing page to the user. Just like with the CAPTCHA scam, users who do not realizethat the redirect is not what it seems may hand over private data or login credentials to access the platform.
Using email filters to stop these attacks will mean that malicious attachments are recognized and prevented from reaching the intended recipient’s inbox. A SpamTitan email filter will prevent blocks spam, viruses, malware, phishing attempts and other email threats that are targeting companies, MSP’s and educational bodies worldwide.
Arrests have been made in the United Kingdom after a group of hacker was discovered to be sending large amounts of text messages to try and trick recipient into sharing their login details.
The Birmingham-based cybercriminals published their own website and using online advertising to reach more potential victims. When these activities were discovered police issued a warrant for the arrest of those responsible.
The group, referred to as ‘SMS Bandits’ advertised across several mediums and sent text messages which included a link to a malicious website that request visitors to share their login credentials and other sensitive data. SMS Bandits pledged to attack a large amount of phone numbers with smishing messages for just $40 to $125 per week using the service they called ‘OTP Agency’.
The service they advertised was offering to conduct smishing attacks, the SMS bandits offered “bulletproof hosting,” meaning the attack site could not be taken down by standard legal efforts. In most cases, these attacks fail when the site is reported and hosting is disable by the host. The smishing attacks could be bespoke, allowing the specific targeting of small businesses, large businesses, and individuals.
It is important for organization to be conscious of the threat posed by smishing and take steps to training staff in relation to this. Hacker aim to use smishing to begin an attack and steal intellectual property or private corporate information that could be damaging to an organization reputation.
Email filters are a excellent at preventing messages from spoofed senders and malicious message content, but text messages do no tnormally have a feature like this. This best tactic to prevent smishing is to educate staff members in relation to spotting them. The content is typically similar to a phishing attack with offers of discounts or money in exchange for clicking a link and entering private data. If this data happens to be corporate data, then it would be disclosed to the cybercriminals.
One of the main characteristics of a smishing attack is the use of short links – denying readers full visibility of the site behind the URL. Short links should be the first warning sign in relation to smishing, the second being the promise of money or discounts. Seeing both of these together is a sure sign that message is malicious and should be deleted.
Companies need to train staff members so they can spot these signs and characteristics of smishing attacks. The importance of never handing over credentials to any third party, or filling out a form that included them on a linked website, needs to be emphasised.
Using a solution like that offered by multi-award winning TitanHQ would add a security suite renowned for advanced email security, DNS filtering and safe email archiving. Make the first move and get in touch with the team at TitanHQ today.
TitanHQ has released WebTitan Cloud 4.16 which adds new functionality to the DNS-based web filtering solution to make management even easier. The latest release also includes a new school web filtering solution.
WebTitan Cloud 4.16 includes DNS Proxy 2.06, which allows filtering of users in Azure Active Directory, as well as on-premise AD and directory integration for Active Directory to make the management of filtering controls for users, groups of users, and organization-wide controls even easier. The latest version includes several fixes and enhanced security to better protect users from web-based threats.
TitanHQ is pleased to announce the release of WebTitan OTG (on-the-go) for Chromebooks with the latest version of WebTitan Cloud. This new service has been specifically developed for the education sector to ensure students can access the Internet safely and securely.
The use of Chromebooks has been growing, with the devices popular in schools as they are a cost-effective way of giving students Internet access. While the Internet offers many learning opportunities, it is important to protect students from threats and web content that could cause them harm.
Schools should implement controls to restrict access to inappropriate content as well as block threats such as phishing, malware, and ransomware. WebTitan OTG for Chromebooks makes that a very quick and simple process.
WebTitan OTG (on-the-go) for Chromebooks allows IT professionals in the education sector to apply web filtering controls for individuals, school years, all students, and separate controls for staff members. From start to finish, set up takes just a few minutes.
Administrators have precision control over the content that can be accessed, allowing them to easily comply with state and federal laws, including the Children’s Internet Protection Act (CIPA).
WebTitan OTG for Chromebooks is a DNS-based web filter that filters the Internet before any content is downloaded. As such, there is no latency, regardless of where the Internet is accessed – in the classroom, at home, or elsewhere.
No hardware is required, there are no proxies or VPNs, and administrators have full visibility into Internet access, including locations, web pages visited, and attempts made to visit restricted content.
Key Features of WebTitan OTG for Chromebooks
- Cost effective web filtering for schools.
- Easy to install and manage remotely.
- Full reporting across Chromebook users and locations.
- User level policies.
- No additional on-premises hardware required.
- No slow & expensive VPNs or Proxies required.
- Chromebooks can be locked down to avoid circumvention.
- Fast, customizable & accurate DNS filtering.
Using WebTitan OTG for Chromebooks provides an effective way to apply filtering policies to your Chromebooks from the cloud.
“This new release comes after an expansive first quarter. The launch of WebTitan Cloud 4.16 brings phenomenal new security features to our customers,” Said TitanHQ CEO, Ronan Kavanagh. “After experiencing significant growth in 2020, TitanHQ expects these product enhancements and new features to make 2021 another record-breaking year.”