Banking Credentials Targeted in iCalandar Phishing Scam

A new phishing campaign has been discovered that uses calendar invites to try and steal banking and email details. The messages in the campaign have an iCalendar email attachment which may trick employees as this is a rare file type for phishing. These attachments are therefore unlikely to have been included in security awareness training.

iCalendar files are the file types used to save scheduling and calendaring information including tasks and events. In this instance, the messages in the campaign have the subject line “Fault Detection from Message Center,” and have been issued from a legitimate email account that has been compromised by the attackers in a previous campaign.

As the email comes from a real account rather than a spoofed account, the messages will get around checks such as those conducted through DMARC, DKIM, and SPF, which identify email impersonation attacks where the true sender spoofs an account. DMARC, DKIM, and SPF check to see if the true sender of an email is authorized to send messages from a domain.

As with most phishing campaigns, the hackers use fear and urgency to get users to click without thinking about the legitimacy of the request. On this occasion, the messages include a warning from the bank’s security team that withdrawals have been made from the account that have been marked as suspicious. This campaign is aimed at mobile users, with the messages asking for the file to be opened on a mobile device.

If the email attachment is clicked on, the user will be presented with a new calendar entry titled “Stop Unauthorized Payment” which includes a Microsoft SharePoint URL. If that link is visited, the user will be directed to a Google-hosted website with a phishing kit that spoofs the login for Wells Fargo bank. Both of these websites have authentic SSL certificates, so they may not be marked as suspicious. They will also display the green padlock that shows that the connection between the browser and the website is encrypted and secure, as would be the case for the actual bank website.

The user is then asked to type their username, password, PIN, email address, email password, and account numbers. If the information is entered it is captured by the hacker and the information will be used to gain access to the accounts. To make it appear that the request is authentic, the user will then be directed to the legitimate Wells Fargo website once the information is handed over.

There are warning signs that the request is not authentic, which should be identified by security conscious people. The use of SharePoint and Google domains rather than a direct link to the Wells Fargo website are suspect, the request to only open the file on a mobile device is not explained. The phishing website also requests a lot of information, including email address and password, which are not relevant.

These flags should be enough to trick most users that the request is not real, but any phishing email that bypasses spam filtering defenses and is sent to inboxes is a danger.

TitanHQ Secures Investment from UK Private Equity Firm Livingbridge

TitanHQ has announced the company has secured investment from Livingbridge, one of the UK’s leading mid-market private equity firms. Livingbridge has offices in UK, the US and Australia and invests in companies with a value of up to £200 million.

Livingbridge has been investing in firms for two decades, during which time more than 150 companies have benefited from investment and have thrived with the injection of capital. Many of the firms Livingbridge has invested in have gone on to become household names.

TitanHQ similarly has a history spanning two decades. The company was formed as Copperfasten Technologies in 1999 in Galway, Ireland where the company is still based. The firm started life selling spam filtering appliances to companies in its native Ireland and has since grown into a truly global company with its solutions used by companies in 150 countries around the world.

TitanHQ has developed three SaaS-based solutions – SpamTitan Email Security, WebTitan Web Security, and ArcTitan for email archiving. These solutions have multiple deployment options, with the cloud-based deployments hugely popular. The solutions have been adopted by more than 8,500 businesses around the world and they have been incorporated into the security stacks of more than 2,500 managed service providers (MSPs).

TitanHQ now has an ARR of $15 million and is the leading provider of cloud-based security solutions to managed service providers serving the SMB market. TitanHQ has recorded impressive, consistent growth and as more companies have adopted WFH initiatives, its security solutions have been in even greater demand.

Livingbridge identified TitanHQ as an attractive target for investment, thanks to the company’s strong growth and proven track record for delivering powerful and popular SaaS solutions.

Livingbridge used its Enterprise 3 fund, which is set aside to invest in fast-growing companies up to the value of £50 million. The funds will be used to accelerate TitanHQ’s ambitious growth plans and will be used to increase investment in product development and people.

“We are excited to be taking this next step in our growth journey with Livingbridge, a partner that understands the unique strengths of our business, shares our vision for success and has the experience and resources to help us to achieve it,” said Ronan Kavanagh, Chief Executive Officer of TitanHQ.

“We are delighted to be partnering with TitanHQ, a uniquely positioned business with a well-differentiated product portfolio operating in a fast-growing, attractive market that is benefiting from strong macro tailwinds,” said Nick Holder, Director at Livingbridge. “There is a tremendous opportunity for Titan HQ to accelerate its growth trajectory over the coming years and we look forward to working closely with the management team to fulfil the company’s potential.”

Bill Mc Cabe’s Oyster Technology Investments invested in TitanHQ at inception and will continue to maintain a significant stake in the business.

MVP GrowthFest: A Virtual MSP Event Featuring Magic Johnson and TitanHQ

The worldwide COVID-19 pandemic has forced businesses to make huge changes very quickly. Many managed service providers have shown resilience and met the challenge head on, showing that while we are now living in very uncertain times there are opportunities for expansion.

Efficient MSPs have not only adapted their business to ensure their survival, they have identified the opportunities and are gaining considerable growth momentum and have shown it is possible to prosper in spite of an very challenging economy.

At MVP GrowthFest on June 23, 2020 you will be able to discover how successful MSPs are turning adversity into growth and profit and will learn from an all-star line up of Channel experts in relation to the state of the Channel and what you must do to adapt to these challenging times. You will also be given guidance on the steps you can take now to ensure success and grow your business and prosper.

MVP GrowthFest is a 3-hour virtual event that will supply valuable insights and advice that can be used immediately to help you expand your business. The event is being headlined by a conversation with Earvin “Magic” Johnson Jr., the 3-time NBA MVP Award winner.

Matt Solomon, VP of Business Development at ID Agent, will be chatting to Magic Johnson, who will explain how he succeeded by overcoming obstacles during his lifetime, and how tenacity and commitment to the community were key to his success.

MVP GrowthFest will be celebrating the energy that powers growth and the drive to thrive during challenging times and, along with the interview, MSPs will hear from 15 Channel all-stars in four powerhouse panels.

TitanHQ is happy to announce that Sales Director Conor Madden will be leading the panel in the security session titled “Leading with Security through Education.” The key to selling products in your security stack is to inform your clients about the need for cybersecurity. Given the fact that cyber actors have been attacking companies with increased vigor during the pandemic, positioning your security stack front and central is the sensible step.

TitanHQ can provide web and email security solutions that will not only keep you and your clients safe, they can be efficiently set up in your security stack and can be easily packaged. Plus, a very competitive price point means they are affordable solutions for your clients and generous margins will help you improve your bottom line.

Also attending the security powerhouse are:

  • Jon Murchison – CEO, BlackPoint Cyber
  • Kevin Lancaster – CEO, ID Agent & GM Security, Kaseya
  • Jessvin Thomas – President & CTO, SKOUT

Attendees will also get to hear from Channel leaders in three additional Powerhouse sessions that will provide invaluable advice on how to grow your business and boost profits during the current crisis.

Managing Through Change

Featuring:

  • Dan Wensley – CEO, Warranty Master
  • Joe Alapat – CEO & Founder, Liongard
  • Ryan Walsh – Chief Channel Officer, Pax8

Establishing Trust in the New Normal

Featuring:

  • Dave Goldie – Vice President of Channel, Cytracom
  • Ted Roller – Channel Chief, ConnectBooster
  • Andra Hedden – CMO, Marketopia
  • Frank DeBenedetto – Founder, AudIT

Leading & Accelerating through the Recovery

Featuring:

  • Tim Conkle – Founder, The 20
  • Dennis O’Connell – Vice President, Taylor Business Group
  • Ted Roller – Channel Chief, Zomentum

Advance registration is mandatory.

 Click Here to Book Your Virtual Place at MVP GrowthFest

MVP GrowthFest: A Must Attend Virtual MSP Event Featuring TitanHQ and Magic Johnson

The Channel has shown considerable strength and resilience during the COVID-19 pandemic. Managed service providers have adapted to a new way of working during lockdown and now that the economy is opening up once again are looking to increase growth and boost profits.

Many MSPs have already gained growth momentum and, despite the uncertain times, are managing to grow their business and succeed even with an extremely challenged economy. MVP GrowthFest will help you become one of the MSP success stories of the pandemic.

On June 23, 2020 at MVP GrowthFest you will hear from Channel All-Stars who help you through these challenging times. They will provide insights into the current state of the channel, along with actionable advice that you can use to adjust your business to drive growth and succeed.

MVP GrowthFest celebrates the energy that powers growth and the drive to thrive during challenging times. The 3-hour virtual event is being headlined by none other than the 3-time NBA Most Valuable Player (MVP) Award winner, Earvin “Magic” Johnson Jr.,

Magic Johnson will be interviewed by Matt Solomon, VP of Business Development at ID Agent, and will explain how he has overcome many challenges throughout his life, and how his success came through a combination of talent, tenacity, and commitment to the community.

MVP GrowthFest provides a great opportunity for learning through four powerhouse panels consisting of 15 Channel all-stars. The first powerhouse panel – Security – is led by TitanHQ Sales Director, Conor Madden. Conor will be explaining the importance of “Leading with Security through Education.” Selling security through education is essential and should be first and foremost in the modern-day MSP tech stack.

TitanHQ has developed MSP-friendly web and email security solutions that can be efficiently implemented into your security stack and packaged easily with your existing security offerings. These solutions are affordable for clients, will keep them well protected from the increasing number of threats that have emerged during the pandemic, and they are offered with generous margins to help boost MSP profits.

At the security powerhouse, attendees will also hear from:

  • Jon Murchison – CEO, BlackPoint Cyber
  • Kevin Lancaster – CEO, ID Agent & GM Security, Kaseya
  • Jessvin Thomas – President & CTO, SKOUT

Three further Powerhouse sessions will be taking place at MVP GrowthFest to give you important insights into how successful MSPs are succeeding during the pandemic.

Managing Through Change

Featuring:

  • Dan Wensley – CEO, Warranty Master
  • Joe Alapat – CEO & Founder, Liongard
  • Ryan Walsh – Chief Channel Officer, Pax8

Establishing Trust in the New Normal

Featuring:

  • Dave Goldie – Vice President of Channel, Cytracom
  • Ted Roller – Channel Chief, ConnectBooster
  • Andra Hedden – CMO, Marketopia
  • Frank DeBenedetto – Founder, AudIT

Leading & Accelerating through the Recovery

Featuring:

  • Tim Conkle – Founder, The 20
  • Dennis O’Connell – Vice President, Taylor Business Group
  • Ted Roller – Channel Chief, Zomentum

Advance registration is required

 Click Here to Secure Your Place at MVP GrowthFest

Fake Supreme Court Summons to Obtain Office 365 Credentials Used in Phishing Campaign

A U.S. Supreme Court phishing campaign has been discovered that sends a fake subpoena to appear in court as a lure to obtain Office 365 details.

The emails are customized and are addressed to the victim and claim to be a writ issued by the Supreme Court demanding the recipient attend a hearing. This is a targeted campaign and not a scattergun approach that attempts to obtain the credentials of high value targets such as C-Suite users.

The emails have a link that the recipient is asked to visit to view the subpoena. Clicking the link in the email directs the user to a malicious website where they are asked to enter their Office 365 credentials to view the subpoena.

The domain used has not been seen before and, as such, it is not recognized as malicious by many security solutions, including the default anti-phishing measures of Office 365. The scammers have also deployed  multiple redirects to hide the destination URL in another attempt to thwart anti-phishing defenses.

Before the user being directed to the phishing page, they are shown a CAPTCHA page. CAPTCHA is used to prevent web visits by bots, but in this instance, it may be used to add legitimacy to the phish to make the request appear authentic. The CAPTCHA page is real, and the user must properly select the images in order to proceed. The page also includes the name of the user, further adding a more genuine feel to the scam. The CAPTCHA may also be a additional attempt to make it difficult for the destination URL to be reviewed by security solutions.

This phishing campaign is realistic and uses urgency to trick the user to take action quickly, rather than stopping to think about the request. There are indications that this is a scam, such as the domain name which clearly has nothing to do with the U.S. Supreme Court, and a few grammatical and spelling errors which would not be expected of any Supreme Court request.

However, the sender name in the email was spoofed to make it look like it was sent by the “Supreme Court”, the request is certain to trick some recipients into clicking the link, and the landing page is sufficiently realistic to fool busy employees into sharing their login credentials.

Exchange Online protection (EOP), which is supplied by Microsoft free of charge with all Office 365 accounts, often fails to spot these zero-day attacks.

To enhance protection against new phishing campaigns, an anti-spam solution is required that uses predictive techniques, threat intelligence feeds, and machine learning algorithms. SpamTitan leverages these and several other layers of protection to identify zero-day phishing, malware, and ransomware campaigns and email impersonation campaigns.

SpamTitan can be placed on top of Microsoft’s Exchange Online Protection to serve as an extra layer to your email security defenses to ensure that more malicious emails are prevented and never land in end users inboxes.

For additional information on SpamTitan and how the solution can keep your group’s inboxes free from phishing threats, give the TitanHQ team a call as soon as you can.

Spike in Cyberattacks on Remote Workers During Coronavirus Lockdown

In the United Kingdom research published by Darktrace has indicated that the amount of malicious email traffic within six weeks, targeting remote workers has grown from 12% to 60%.

The range of malicious emails being broadcast to remote workers has varied greatly. Hackers are using all manner of lures to get remote workers to click links and share their details or open malicious attachments and trigger malware installations. Financial fraud has also grown with BEC gangs using the COVID-19 pandemic to fraudulently steal funds from company accounts.

At the beginning of the pandemic when information about the virus was scarce, emails were being sent offering important advice about preventing infection along with fake news on cases. As the pandemic progressed and the effects started to be felt, hackers started sending fake requests for donations to charities to help individuals adversely affected by COVID-19. As governments put in place furlough schemes and set up funds to help the employed and self-employed, campaigns were carried out that linked to websites that claimed to offer grants, permit workers to choose to be furloughed, or request financial support.

Attacks have focused on the tools that are being used by remote workers to connect to their offices and communicate with co-workers, with the likes of Zoom, Skype, GoToMeeting, and other corporate messaging systems being spoofed to infect users with malware. File sharing platforms have similarly been spoofed to trick workers to share their credentials. Darktrace’s data shows there has been a huge increase in spoofing attacks during lockdown, increasing from around 25% of attacks before lockdown to 60%.

It is not just cybercrime groups that are conducting attacks. State-sponsored hacking groups have similarly been taking advantage of the pandemic to take sensitive data, including the most recent COVID-19 research data on potential cures, vaccines, and treatments to enhance the response efforts in their own countries.

What is not always transparent from the new reports is how the increase in cyberattacks targeting remote workers has translated into genuine data breaches. Are these attacks working or are companies managing to thwart the attacks and keep the cybercriminals at bay?

There is a time difference between intrusions being discovered, breaches being confirmed, and announcements being made but it seems that many of these attacks are succeeding. In April, the International Association of IT Asset Managers released a warning that while a rise in data breaches was to be expected as a result of the pandemic, the amount of incidents was actually far higher than anticipated. It is also obvious that ransomware attackers have increased their efforts to attack businesses. Even groups on the frontline in the fight against COVID-19 have not been immune.

Threat actors have focused on the opportunities offered by the pandemic. It is up to companies to make sure their security measures are sufficient to address attacks. Tackling cyberattacks on remote workers requires additional security measures to be put in place. One measure that is often overlooked but can greatly enhance protection is DNS filtering.

A DNS filter provides security against the web-based component of cyberattacks and is an important measure to implement to enhance defenses against phishing and malware. Even with strong email security defenses in place, some messages will land in inboxes. A DNS filter provides an extra tier of protection by preventing users from visiting malicious website addresses in emails.

When a malicious link is visited, a DNS query is issued, and a DNS lookup is performed to find the IP address of the URL. DNS filtering ensures that the IP address is not returned if the URL is malicious. A DNS filter like WebTitan also permits IT teams to block malware installations, review internet activity, and carefully manage the types of websites their remote users can access on corporate devices.

If you have not yet put in pace a DNS filtering solution and would like more advice on how it can secure against cyberattacks on remote workers, give the TitanHQ team a call now