Businesses have been forced to change their working practices as a result of COVID-19. The lockdowns introduced by governments around the world have meant businesses have had to rapidly change from an office-based workforce to having virtually everyone working remotely.
The restrictions on office work may have now eased, and employees are starting to be encouraged to return to working from the office, but remote working to some extent is now here to stay.
Most businesses have coped well with the new remote working environment. Many report that their employees have been just as productive, if not more productive, working from home. However, remote working is not without its challenges. Many businesses are concerned about how to ensure compliance with regulations with a remote workforce and how to ensure business and email continuity.
On Tuesday, September 22, 2020, TitanHQ is hosting a webinar to discuss some of the key challenges faced by businesses with a remote workforce and to introduce a solution to keep businesses moving forward when employees are working remotely and ensure business continuity.
During the webinar TitanHQ experts will discuss the following topics:
- The Current 2020 Technology Landscape
- Security & Compliance in a time of Global Remote Working
- Increase in Companies Relying Solely on Office 365
- Protecting Business Critical Data
- The Importance of Continuity in the Era of Remote Working
Attendees will also be given a live demo of TitanHQ’s cloud email archiving solution, ArcTitan.
Title: How to Ensure Business Continuity with Email Archiving for your Remote Workforce
Date: Tuesday, September 22, 2020
Time: London/Dublin: 5:00 pm (GMT +1) ¦ USA: 12:00 pm ET; 09:00 am PT
Hosts: James Clayton, ArcTitan Product Specialist ¦ Derek Higgins, Engineering Manager, TitanHQ
Companies are always facing attacks from hackers using many different vector. Email is one of the main ways that they will target a company, typically using a lure email to get someone to download malware or visit a malicious URL that includes tacking cookies that will infiltrate your databases. Once a browser visits this site their information will be available to the hackers.
A recent attack took place on the SANS Institute, a leading information security training and certification group which specializes in anti-phishing guidance. However, in August 2020, the group made it public that one of its staff members had been taken in by a phishing attack and handed over their database access details. After stealing the details were stolen a new accounts was created and a mail forwarder was implemented to forward all emails to the hackers emails account. In total, 513 emails were forwarded that included some private data belonging to SANS account holders. Once the attack was discovers it was calculated that the private information of 28,000 SANS members was stolen. Now the attack is being used by the SANS Institute to show people that no group or company is safe.
Even the best trained individual can be taken in by lures and hackers are constantly changing their methods of attack. A new style of attack may be even more authentic looking than anything that has eern been seen previously so you always need to be on your guard.
In most cases you can block phishing attacks by uses a number of different security steps. The reason for using so many tactics is that one will work if another one doesn’t. As the success of phishing attacks are constantly improving using a security solution that works like this has never been more important.
Along with conducting normal end user training and phishing simulation emails to enhance your staff’s awareness of cyber attacks you will need to deploy an advanced spam filter. Office 365 comes with a low entry level of protection that comes with the software called Exchange Online Protection (EOP). However you will need to add a third-party solution like SpamTitan to prevent more threats from infiltrating your systems. EOP prevents spam, recognized malware and vast majority of phishing emails, but SpamTitan will greatly improve security against more complex phishing attacks and zero-day malware.
You should also think about using a web filter to prevent the web-based component of phishing emails from hitting your databases successfully. When a staff members tries to view a malicious web page that is used to steal details and other sensitive data, a web filter can stop that website from being viewed.
using a spam filter, web filter, and end user training, means you will be fully secured, but you should also use two-factor authentication. If details are illegally obtained, two-factor authentication can stop those credentials from being used by the hacker to obtain access to the account.
Football transfers involved huge amounts of money being shifted, often electronically, between clubs to bring in new players. If hackers were to place themselves into the communications between clubs, huge payments could easily be stolen.
This is exactly what happened recently when a scam was conducted against a Premier League football club in England. The hackers obtained access to the email account of the managing director of the club through a phishing campaign after directing the MD to a domain where Office credentials were gathered. Those details were then used to access the MD’s email account, and the scammers inserted themselves into and email conversation with another club looking to buy a player. Luckily, the scam was detected by the bank and a £1 million fraudulent payment was prevented.
This variety of scam starts with a phishing email but is referred to as a Business Email Compromise (BEC) scam. BEC scams are widespread and often successful. They range from straightforward scams to complicated multi-email communications between two parties, whether one party believes they are communicating with the real email account holder when they are actually communicating with the scammer. When the time comes to make payment, the scammer supplies their own account credentials. All too often, these scams are not detected until after payment is completed.
That is far from the only cyberattack on the sports sector in recent weeks and months. There have been numerous attempted cyberattacks which prompted to the UK’s National Cyber Security Center (NCSC) to release a warning advising the UK sports sector to be on high alert.
Before lockdown, a football club in the UK was hit with a ransomware attack that encrypted essential databases, including the computer systems that controlled the turnstiles, preventing them from working. A game nearly had to be called off due to the attack. The ransomware attack is suspected to have also begun with a phishing email.
The recent attacks are not restricted to football clubs. NCSC data show that 70% of sports institutions in the United Kingdom have suffered a cyberattack in the past year.
NCSC figures show around 30% of incidents lead to financial losses, with the average loss being £10,000, although one organization lost £4 million in a scam. 40% of the attacks involved the use of malware, which is often sent using spam email. 25% of attacks involved ransomware.
While malware and ransomware attacks are costly and disruptive, the main cause of losses is BEC attacks. Reports released by the FBI show these scams accounted for around 50% of all losses to cybercrime in 2019. $1.77 billion was lost to BEC attacks in 2019, with an average loss of $75,000 (£63,333). The true figure is likely to be even higher, as not all BEC attacks are reported. The FBI expects even greater losses this year.
While there are many different attack tactics, email remains the most common vector used in cyberattacks on companies. It is therefore vital to put in placea robust email security solution that can block malicious emails and stop them from being delivered to inboxes.
TitanHQ has created a powerful, advanced email security solution that can help businesses improve their email security measures and block phishing, spear phishing, BEC, malware, and ransomware attacks. SpamTitan incorporates many threat intelligence feeds, machine learning systems to identify phishing scams, dual anti-virus engines, and a sandbox to subject suspicious email attachments to in-depth analysis. SpamTitan also incorporates SPF and DMARC to identify and block email impersonation campaigns.
If you are worried about email security and want to improve your defenses against email dangers, call the TitanHQ team a call now to discover more about SpamTitan and other security solutions that can help you defend your company from cyberattacks.
Managed Service Providers are a lucrative victim for hackers. If a threat actor can obtain access to an MSP’s network, they can use the same remote management tools that MSPs use to carry out attacks on the MSPs clients.
Many businesses are now turning to MSPs for IT support and management services. This is typically the most cost-effective solution, especially when firms lack the in-house IT expertise to manage their networks, applications, and security. An MSP will typically supply IT management services for many different firms. A successful cyberattack on the MSP can result in a threat actor gaining access to the networks of all the MSPs clients, which makes the attack extremely worthwhile.
There was a marked rise in cyberattacks on managed service suppliers in 2019, in particular by ransomware gangs using GandCrab, Sodinokibi BitPaymer and Ryuk ransomware. The MSPs were attacked in a variety of ways, including phishing, brute force attacks on RDP, and exploitation of unpatched flaws.
Once access has been obtained to an MSP’s network, hackers search for remote management tools such as Webroot SecureAnywhere and ConnectWise which the MSP uses to access its clients’ networks to supply IT services. Several 2019 ransomware attacks on MSPs used these tools to access clients’ networks and install ransomware. MSPs such as PerCSoft, TrialWorks, BillTrust, MetroList, CloudJumper, and IT by Design were all attacked in 2019 and ransomware was deployed on their and their clients’ databases.
Kyle Hanslovan, CEO at Huntress Labs, told ZDNet in a recent telephone interview that his company had provided support to 63 MSPs that had been targeted in 2019 but believes the total number of attacks was likely to be more than 100. However, the number of MSPs that have been attacked is likely to be much higher. It is likely that many cyberattacks on MSPs are not even seen.
The attacks have shown no sign of dropping off. Recently the U.S. Secret Service issued a TLP Green alert warning MSPs of a rise in targeted cyberattacks. Compromised MSPs have been used to carry out business email compromise (BEC) attacks to get payments sent to hacker-controlled accounts. Attacks have been carried out on point-of-sale (POS) systems and malware has been deployed that intercepts and exfiltrates credit card data, and there have been several successful ransomware attacks.
Along with hackers, nation state-sponsored hacking groups have also been carrying out cyberattacks on MSPs, notably hacking groups connected with China. The National Cybersecurity and Communications Integration Center (NCCIC) issued an alert about the threat to MSPs from state-sponsored hacking groups in October 2019.
There are many best practices that can be implemented by MSPs to improve security and prevent these attacks. MSPs may currently be incredibly busy helping their clients deal with IT issues linked to the COVID-19 pandemic, but given the increase in focused cyberattacks on MSPs, time should be spent improving their own security, not just security for their clients.
The U.S Secret Service advises MSPs keep up to date on patching, especially patches for any remote administration tools they implement. ConnectWise issued a security advisory last month and patched a vulnerability in the ConnectWise Automate solution. The API vulnerability could be successfully targeted remotely by a threat actor to execute commands and/or modifications within an individual Automate instance. Vulnerabilities such as these are actively sought by hackers.
The principle of least privilege should be used for access to resources to restrict the damage inflicted in the event of a breach. It is also wise to have well-defined security controls that are fully compliant with industry standards.
Annual data audits should be completed along with regular scans to identify malware that may have been downloaded on systems. Logging should be turned on, and logs should be regularly checked to spot potentially malicious activity. MSPs should also ensure that their employees receive ongoing security awareness training to teach cybersecurity best practices and how to spot phishing and BEC scams.
A new phishing campaign has been discovered that uses calendar invites to try and steal banking and email details. The messages in the campaign have an iCalendar email attachment which may trick employees as this is a rare file type for phishing. These attachments are therefore unlikely to have been included in security awareness training.
iCalendar files are the file types used to save scheduling and calendaring information including tasks and events. In this instance, the messages in the campaign have the subject line “Fault Detection from Message Center,” and have been issued from a legitimate email account that has been compromised by the attackers in a previous campaign.
As the email comes from a real account rather than a spoofed account, the messages will get around checks such as those conducted through DMARC, DKIM, and SPF, which identify email impersonation attacks where the true sender spoofs an account. DMARC, DKIM, and SPF check to see if the true sender of an email is authorized to send messages from a domain.
As with most phishing campaigns, the hackers use fear and urgency to get users to click without thinking about the legitimacy of the request. On this occasion, the messages include a warning from the bank’s security team that withdrawals have been made from the account that have been marked as suspicious. This campaign is aimed at mobile users, with the messages asking for the file to be opened on a mobile device.
If the email attachment is clicked on, the user will be presented with a new calendar entry titled “Stop Unauthorized Payment” which includes a Microsoft SharePoint URL. If that link is visited, the user will be directed to a Google-hosted website with a phishing kit that spoofs the login for Wells Fargo bank. Both of these websites have authentic SSL certificates, so they may not be marked as suspicious. They will also display the green padlock that shows that the connection between the browser and the website is encrypted and secure, as would be the case for the actual bank website.
The user is then asked to type their username, password, PIN, email address, email password, and account numbers. If the information is entered it is captured by the hacker and the information will be used to gain access to the accounts. To make it appear that the request is authentic, the user will then be directed to the legitimate Wells Fargo website once the information is handed over.
There are warning signs that the request is not authentic, which should be identified by security conscious people. The use of SharePoint and Google domains rather than a direct link to the Wells Fargo website are suspect, the request to only open the file on a mobile device is not explained. The phishing website also requests a lot of information, including email address and password, which are not relevant.
These flags should be enough to trick most users that the request is not real, but any phishing email that bypasses spam filtering defenses and is sent to inboxes is a danger.
TitanHQ has announced the company has secured investment from Livingbridge, one of the UK’s leading mid-market private equity firms. Livingbridge has offices in UK, the US and Australia and invests in companies with a value of up to £200 million.
Livingbridge has been investing in firms for two decades, during which time more than 150 companies have benefited from investment and have thrived with the injection of capital. Many of the firms Livingbridge has invested in have gone on to become household names.
TitanHQ similarly has a history spanning two decades. The company was formed as Copperfasten Technologies in 1999 in Galway, Ireland where the company is still based. The firm started life selling spam filtering appliances to companies in its native Ireland and has since grown into a truly global company with its solutions used by companies in 150 countries around the world.
TitanHQ has developed three SaaS-based solutions – SpamTitan Email Security, WebTitan Web Security, and ArcTitan for email archiving. These solutions have multiple deployment options, with the cloud-based deployments hugely popular. The solutions have been adopted by more than 8,500 businesses around the world and they have been incorporated into the security stacks of more than 2,500 managed service providers (MSPs).
TitanHQ now has an ARR of $15 million and is the leading provider of cloud-based security solutions to managed service providers serving the SMB market. TitanHQ has recorded impressive, consistent growth and as more companies have adopted WFH initiatives, its security solutions have been in even greater demand.
Livingbridge identified TitanHQ as an attractive target for investment, thanks to the company’s strong growth and proven track record for delivering powerful and popular SaaS solutions.
Livingbridge used its Enterprise 3 fund, which is set aside to invest in fast-growing companies up to the value of £50 million. The funds will be used to accelerate TitanHQ’s ambitious growth plans and will be used to increase investment in product development and people.
“We are excited to be taking this next step in our growth journey with Livingbridge, a partner that understands the unique strengths of our business, shares our vision for success and has the experience and resources to help us to achieve it,” said Ronan Kavanagh, Chief Executive Officer of TitanHQ.
“We are delighted to be partnering with TitanHQ, a uniquely positioned business with a well-differentiated product portfolio operating in a fast-growing, attractive market that is benefiting from strong macro tailwinds,” said Nick Holder, Director at Livingbridge. “There is a tremendous opportunity for Titan HQ to accelerate its growth trajectory over the coming years and we look forward to working closely with the management team to fulfil the company’s potential.”
Bill Mc Cabe’s Oyster Technology Investments invested in TitanHQ at inception and will continue to maintain a significant stake in the business.