SpamTitan and WebTitan Now Part of Pax8 Ecosystem

TitanHQ and Pax8 have formed a new strategic partnership that has seen TitanHQ’s cloud-based email security and web security solutions added to the Pax8 ecosystem and offered to managed service provider partners.

Pax8 is a leading cloud distributor, providing 100% cloud-based productivity, infrastructure, continuity, and security solutions to its partners. The company is a born in the cloud distributor connecting the channel ecosystem to its award-winning transactional cloud marketplace.

Pax8 is a regular recipient of industry awards and has been named as CRN’s Coolest Cloud Vendor, Best in Show at NextGen for two years in a row, as well as having collected two consecutive Best in Show awards at XChange conferences. Pax8 is also enjoying impressive growth, having risen from position 68 in the Inc. 5000 list of the fastest growing companies in 2018 to position 60 in 2019.

The successes are due to the ease at which its partners can find, purchase, and manage cloud solutions and get the most out of their cloud journeys. One of the key areas driving growth in the cloud is cybersecurity. Through Pax8, MSPs can easily find, deploy, and manage cloud-based cybersecurity solutions to protect their own networks and those of their clients.

Pax8 offers cybersecurity solutions to protect the entire attack surface but the partnership with TitanHQ allows Pax8 to better serve MSPs serving the SMB market. Pax8 carefully vets the vendors it works with and only selects companies that have developed powerful, channel-friendly solutions. TitanHQ was therefore a natural fit, being the leading provider of cloud-based email and web security solutions to MSPs serving the SMB market.

TitanHQ has developed its cybersecurity solutions to meet the needs of managed service providers and gives them the features and benefits that are often lacking in many SMB-focused security products. TitanHQ’s email and web security offerings can be hosted within an MSPs own environment and they can be supplied in white-label form ready for MSP branding. MSPs benefit from highly competitive pricing, a fully transparent pricing policy, easy integration into their existing systems through TitanHQ APIs, no minimum users or monthly targets, generous margins, and industry-leading technical support. SpamTitan Email Security and WebTitan DNS filtering are also easy to implement and use and have a low management overhead.

For these reasons the solutions are much loved by end users and consistently achieve high ratings on software review sites such as G2 Crowd Report, Gartner Peer Insights, and Capterra.

“Our partners are excited about the addition of TitanHQ and the ability to protect their clients’ businesses by blocking malware, phishing, ransomware, and links to malicious websites from emails.” said Ryan Walsh, chief channel officer at Pax8.

“I am delighted to partner with the Pax8 team,” said TitanHQ CEO Ronan Kavanagh. “Their focus and dedication to the MSP community is completely aligned with ours at TitanHQ, and we look forward to delivering our integrated solutions to their partners and customers.”

TitanHQ Releases New Version of SpamTitan and RESTapi

TitanHQ Releases New Version of SpamTitan and RESTapi

Version 7.06 of SpamTitan was released on November 12, 2019. The latest version includes several important security updates to address known issues with the reporting engine. The security patches and ISO/OVA images can now be downloaded and have been made available for several packages including OpenSSH, OpenSSL, Sudo, PHP, and ClamAV.

The update has been released for both the cloud-based anti-spam service, which has already been updated for all users, and TitanHQ’s SpamTitan software solution, SpamTitan Gateway. Software users have had the new release downloaded onto their appliances but administrators will need to login to their UI to apply the update and security patches.

The latest release is accompanied by a new RESTapi, which is one of the most important enhancements in SpamTitan v7.06. The RESTapi has been released to make it easier for clients and partners to implement integrations.

“Implementing the RESTapi and encouraging API adoption are vital steps in our partnership expansion plans,” said TitanHQ CEO, Ronan Kavanagh. “After experiencing 30% growth in 2019, TitanHQ expects these product enhancements and new features to make 2020 another record-breaking year.”

Users should not experience any problems upgrading to the latest SpamTitan version, but if any issues are experienced or for advice on upgrading, contact the customer service team on spamtitan@titanhq.com. Technical specifications of the new REStapi can be found on this link.

Patch Released to Fix Actively Targeted Microsoft .Net Framework Vulnerability

Microsoft has addressed 27 critical flaws this Patch Tuesday, including a Microsoft .Net Framework flaw that is being actively exploited to download Finspy surveillance software on devices running Windows 10.

Finspy is genuine software created by the UK-based Gamma Group, which is used by governments globally for cyber-surveillance. The software has been downloaded in at least two attacks in the past few months according to FireEye experts, the most recent attack leveraged the Microsoft .Net Framework flaw.

The attack begins with a spam email including a malicious RTF file. The document uses the CVE-2017-8759 vulnerability to create arbitrary code, which installs and executes a VB script including PowerShell commands, which in turn installs the malicious payload, which includes Finspy.

FireEye suggests at least one attack was completed by a nation-state against a Russian target; however, FireEye experts also believe other actors may also be using the vulnerability to conduct attacks.

According to a blog post last Tuesday, the Microsoft .Net Framework flaw has been detected and mitigated. Microsoft strongly recommends downloading the latest update promptly to minimize exposure. Microsoft says the flaw could permit a malicious actor to take full control of an impacted system.

Many Several Bluetooth flaws were discovered and shared on Tuesday by security company Aramis. The flaws impact billions of Bluetooth-enabled devices around the globe. The eight flaws, referred to as BlueBorne, could be used to carry out man-in-the-middle attacks on devices via Bluetooth, sending traffic to the attacker’s computer. The bugs exist in Windows, iOS, Android and Linux.

In order to target the flaws, Bluetooth would need to be turned for the targeted device, although it would not be necessary for the device to be in discoverable mode. A hacker could use the flaws to connect to a device – a TV or speaker for example – and start a connection to a computer without the user’s knowledge. In order to carry out the attack, it would be necessary to be in relatively close physically to the targeted device.

In addition to intercepting communications, a hacker could also take full management of a device and steal data, download ransomware or malware, or perform other malicious activities such as placing the device on a botnet. Microsoft addressed one of the Bluetooth driver spoofing bugs – CVE-2017-8628 – in the latest round of updates.

One of the most pressing updates is for a remote code execution vulnerability in NetBIOS (CVE-2017-0161). The vulnerability impacts both servers and work devices. While the vulnerability is not thought to be currently exploited in the wild, it is of note as it can be exploited just by sending specially crafted NetBT Session Service packets.

The Zero Day Initiative (ZDI) said the flaw “is practically wormable within a Local Area Network. This could also target many virtual clients if the guest OSes all connect to the same (virtual) LAN.”

Overall, 81 updates have been published by Microsoft this Patch Tuesday. Adobe has addressed eight flaws, including two critical memory corruption bugs (CVE-2017-11281, CVE-2017-11282) in Flash Player, a critical XML parsing flaw in ColdFusion (CVE-2017-11286) and two ColdFusion remote code execution flaws (CVE-2017-11283, CVE-2017-11284) relating to deserialization of untrusted data.

TitanHQ Fall 2019 Trade Show Schedule

The TitanHQ team is on the road once again this fall and will be attending some of the biggest and best Managed Service Provider (MSP) conferences and roadshows in Europe and the United States.

The fall schedule of trade shows got underway in Chicago at the Taylor Business Group BIG Conference, followed by Cloudsec2019 in London. September also sees the team attend Datto Dublin on September 17 and the MSH Summit in London on September 18.

If you have not already booked up to attend these events, there will be plenty more opportunities to meet with the TitanHQ team to talk about email security, web security, and email archiving this fall.

TitanHQ will be attending the following MSP-focused events in September, October, and November:

Date Event Location
September 17, 2019 Datto Dublin Dublin, Ireland
September 18, 2019 MSH Summit London, UK
October 6-10, 2019 Gitex Dubai, UAE
October 7-8, 2019 CompTIA EMEA Show London, UK
October 16-17, 2019 Canalys Cybersecurity Forum Barcelona, Spain
October 21-23, 2019 DattoCon Paris Paris, France
October 30, 2019 MSH Summit North Manchester, UK
October 30, 2019 IT Nation Evolve (HTG 4) Florida, USA
October 30, 2019 IT Nation Connect Florida, USA
November 5-7, 2019 Kaseya Connect Amsterdam, Netherlands

The above events give MSPs, ISPs, and VARs the opportunity to meet with the TitanHQ team to discuss the full range of MSP-focused cybersecurity solutions, arrange a product demonstration to see the solutions in action, and discover how to integrate the solutions into your client management systems.

TitanHQ first started developing cybersecurity solutions for SMBs in 1999. While many cybersecurity firms have recently started offering their solutions to MSPs, TitanHQ saw the need to do things a little differently and ensured MSPs were considered from the very start.

TitanHQ has developed a suite of cybersecurity solutions that incorporate all the features demanded by MSPs. With TitanHQ solutions, MSPs can not only meet the needs of their customers and greatly improve their security postures, the solutions save MSPs money by reducing the amount of time they have to spend fighting fires and resolving malware infections and remediating responses to phishing emails. Less time on support and engineering allows MSPs to channel their resources into generating more profit.

The roadshows, conferences, trade shows, and other MSP-focused events give prospective MSP clients the opportunity to quiz TitanHQ about its products and discover how easily the solutions can be incorporated into MSPs technology stacks and rolled out to customers.

If you have not heard of TitanHQ, have yet to incorporate SpamTitan, WebTitan, or ArctTirtan into your service stack, or have unanswered questions about spam filtering, web filtering, and email archiving in the cloud, the TitanHQ team is here to help.

If you do not feel that you can find the time to attend one of the above events, contact the TitanHQ team by phone or email to book a product demonstration, get your questions answered, and sign up for a free trial of any or all of TitanHQ’s email security, web security, and email archiving solutions for MSPs.

If you are attending an event, be sure to pay TitanHQ a visit and feel free to contact TitanHQ in advance of the conference to book an appointment or to get answers to your questions:

Rocco Donnino, Executive Vice President-Strategic Alliances, LinkedIn
Eddie Monaghan, MSP Alliance Manager, LinkedIn
Marc Ludden, MSP Alliance Manager, LinkedIn
Dryden Geary, Marketing Director

Dangerous Spora Ransomware Ransomware Threat Discovered

A new and very dangerous ransomware threat to deal called Spore has been discovered.

Locky and Samas ransomware have certainly been major headaches for IT departments. Both forms of ransomware have a host of smart features designed to prevent detection, grow infections, and inflict the most damage possible, leaving companies with little option but pay the ransom demand.

However, there is now a new ransomware threat to address, and it could well be even bigger than Locky and Samas. Luckily, the ransomware authors only seem to be targeting Russian users, but that is likely to change. While a Russian version has been used in hacking attacks so far, an English language version has now been created. Spora ransomware attacks will soon be a global issue.

A massive portion of time and effort has gone into producing this very dangerous new ransomware variant and a decryptor is unlikely to be created due to the way that the ransomware encrypts data.

As opposed to many new ransomware attacks that rely on a Command and Control server to receive instructions, Spora ransomware can encrypt files even if the user is offline. Closing down Internet access will not stop an infection. It is also not possible to restrict access to the C&C server to prevent infection.

Earlier Ransomware variants have been created that can encrypt without C&C communication, although unique decryption keys are not necessary. That means one key will unlock all infections. Spora ransomware on the other hand needs all victims to use a unique key to unlock the encryption.  A hard-coded RSA public key is used to create a unique AES key for every user. That process happens locally. The AES key is then used to encrypt the private key from a public/private RSA key pair set up with each victim, without C&C communications. The RSA key also encrypts the separate AES keys for each user. Without the key supplied by the hackers, you cannot unlock the encryption.

This complex encryption process only represents part of what makes Spora ransomware unique. Different to many other ransomware variants, the hackers have not set the ransom amount. This gives the hackers a degree of flexibility and importantly this process occurs automatically. Security experts believe the degree of automation will see the ransomware provided on an affiliate model.

The flexibility allows companies to be charged a different amount to a person. The ransom set is calculated based on the extent of the infection and types of files that have been encrypted. Since Spora ransomware gathers data on the user, when contact is made to pay the ransom, amounts could easily be changed.

When victims visit the hacker’s payment portal to pay the ransom, they must supply the key file that is set up by the ransomware. The key files contains a range of data on the user, including details of the campaign used. The hackers can therefore carefully monitor infections and campaigns. Those campaigns that are successful and result in more payments can then be repeated. Less effective campaigns can be brought to an end.

At present there are a number of different payment options, including something quite different. Victims can pay to unlock the encryption, or pay extra to avoid future attacks, essentially being given immunity.

Emisoft Internet experts who have analyzed Spora ransomware say it is far from a run of the mill variant that has been quickly thrown together. It is the work of a highly knowledgeable group. The encryption process contains no weaknesses – uncommon for a new ransomware variant – the design of the HTML ransom demand and the payment portal is highly sophisticated, and the payment portal also contains a chat option to allow communication with the hackers. This degree of professionalism only comes from a lot of investment and massive work. This threat is unlikely to disappear soon. In fact, it could prove to be one of the most serious threats in 2017 and into the future.

Infection currently takes place through spam email containing malicious attachments or links. Currently the attachments look like PDF invoices, although they are HTA files including JavaScript code. Preventing emails from being sent is the best form of defense. Since no decryptor is available for Spora, a backup will be necessary to recover for the infection or the ransom will need to be met.

 

DNS Based Web Filtering

DNS based web filtering takes advantage of cloud based technology to provide an Internet content filtering service equally as powerful as hardware or software solutions, but without the capital investment and high maintenance costs of those. As with most cloud-based technologies, DNS based web filtering software is handy and reliable, and extremely scalable.

Any Internet filtering solution has to have SSL inspection so that it can examine the content of encrypted web pages. Whereas SSL inspection can drain CPU resources and memory when included in hardware and software solutions, with DNS based web filtering the inspection process is done in the cloud – thus enhancing network operations.

How DNS Based Web Filtering Operates

In order to filter Internet content using a Domain Name Server (DNS), you need to register for a web filtering service. The service provider gives you a browser-based account you log into, submit your external IP address and set your web filtering policy. Then you just redirect your DNS system settings to the service provider´s web filtering service.

If you have a range of web filtering policies for different positions within your company, tools are available to link management tools such as LDAP and Active Directory with the web filtering service. It is also possible to put in place a DNS proxy for per user reporting and select from a variety of predefined reports. Alternatively, it is a simple process to set up your own bespoke reports.

Due to the way in which DNS based web filtering works, it can be applied with every type of network and operating system. Multiple locations and domains can be managed from one management portal, and – due to the SSL inspection process being conducted in the cloud – end users will not suffer the latency usually associated with hardware and software solutions.

Highly Granular Controls Maximize Your Security Strength

The most common given reasons given for adding an Internet content filter are to safeguard the company from web-borne dangers and to enforce acceptable use policies. DNS based web filtering achieves both these aims by deploying a three-tier mechanism for filtering Internet content. The three tiers work in tandem to maximize the company´s defenses and prevent users accessing material that could be an obstruction to productivity or cause offense.

The first tier includes SURBL and URIBL filters. These are commonly referred to as blacklists and they compare each request to view a website against IP addresses from which malware downloads, phishing attacks and spam emails are known to have been initiated. When matches are located, the request to visit the website is denied.  Blacklists are given and updated by your service provider.

Behind the blacklists, category filters and keyword filters make up the second and third lines of defense. These can be applied by system administrators to stop users visiting websites within some categories (social networking for example), or those likely to include material that would be inappropriate for an office environment. Keyword filters can also be used to prevent users accessing specific content or web applications, or downloading files with extensions most linked with malware.

Exemptions to general policies can be set up by user or user group if access to a website or web application is required by a certain department within the company. For example, you may not want your employees to engage in personal Internet banking during working hours, but it is likely crucial for your finance department has access to online banking services. Similar exemptions could be established (say) if your marketing department needed access to the company´s Facebook or Twitter accounts.

DNS Based Web Filtering Provided by SpamTitan

SpamTitan offers businesses a range of DNS based web filtering solutions – WebTitan Cloud for companies with fixed networks, and WebTitan Cloud for WiFi for companies providing a wireless service to end users. Both DNS based web filtering solutions have been created with maximum ease of use, maximum granularity and maximum security from web-borne threats.

Along with being versatile and effective DNS based web filtering solutions, both WebTitan Cloud and WebTitan Cloud for WiFi include many features to safeguard your company. Both solutions have best-in-class malicious URL detection, phishing protection and antivirus software – all of which is updated automatically. Both also update our filtering mechanisms in actual time – including the categorization of new websites as they are released.

The service grows in line with your company, so you never have to worry about registering new users or even multiple networks. WebTitan Cloud and WebTitan Cloud for WiFi are infinitely scalable, with no bandwidth limits, and no latency problems. Unless you advise them, your users will never know they are being safeguarded from web-borne threats until they try to visit an unsafe or inappropriate web pagesite.