10 Reasons Why Archiving Email Is Important for Your Business

Any possibility of losing email would be detrimental to the workings of a modern company. The vast majority of the information held in old emails is, typically, not saved elsewhere so losing emails due to a technology issues or having it stolen/locked by a hackers is not a desirable course of events.

Along with the inconvenience of business interruption there are also regulatory issues to take into account as you could be fined if a breach takes place. in addition to this email may be need in the event of an official investigation and not maintaining them on your databases could result in a costly mistake to make. Even though the majority of companies complete backups in order to be prepared for a disaster, there can be issues with this solution. These backups are not searchable in the same way that archives are. The best solution for backing up you emails is to establish a relaiable archives. here we have listed the 10 reasons for doign this.

10 Reasons Why Businesses Should Archive Emails

  1. Stopping Data Loss: Emails are placed in your archive for long term, safe storage. Emails can be easily retrieved from here should an employee accidentally accidentally remove something important from their inbox.
  2. Mail Server Performance: As emails make up so much of the correspondence that your company handles they place a massive strain on email servers. Moving a lot of email to the archive will release this pressure and can result in servers that are working better.
  3. Litigation and eDiscovery: In the event of a lawsuit, you are likely to be required to produce emails related to the case and you will only have a short period of time in which to respond. Finding emails in PST files and backups can be an extraordinarily time-consuming process, and you may have to search through several years of email data to find all the emails you need. You must also ensure that the messages are original and have not been altered in any way. An email archive makes responding to eDiscovery requests and finding and producing emails a quick and simple process.
  4. Less work for IT Departs: If employees delete or lose important emails, the IT support desk will be the point of call for addressing this. Placing emails in an archive eliminates email storage issues and makes the work that they have to do much easier, especially if staff members can access their own email archives.
  5. Recovery during Disaster: Email data can easily be lost if there is an issue with hardware or the theft of a device. When emails are moved to the archive they can be swiftly and simply retrieved.
  6. Regulatory Compliance: An email archive assists with all regulatory compliance tasks. Data can be categorized and retention periods can be created with emails automatically erased when the legal retention period is ended.
  7. Data Access and Right to be Forgotten Requests: The General Data Protection Regulation (GDPR) and other laws allow people the right to have access to all data that a company holds on them. If a request for access to personal data is registered, the data must be produced promptly. An email archive allows you to quickly review for email data and process right-of-access and right-to-be-forgotten requests.
  8. Internal Audits: An email archive makes the internal review process quick and simple and negates the need to include the IT department.
  9. Business Continuity: No matter what happens you can simply access old emails with the advanced search capability of an email archiving solution, you will be able to ensure business can continue as you always were.
  10. Addressing Costs: Looking for lost emails, managing email servers, answering eDiscovery requests, and producing email data for audits can take a massive amount of time. An email archive will cut the amount of time that needs to be dedicated to these issues and allow you avoid unnecessary expense.

Solution: Use ArcTitan

ArcTitan is a strong, safe, cloud-based email archiving solution provided by TitanHQ that means emails will never be lost. Quick searches can be completed when you need to find old emails, with emails sent to the archive automatically at a rate of 200 emails a second with searches of 30 million emails taking less than one single second. There are no restrictions on storage space, no onsite hardware needed and you only pay for the number of active mailboxes. Companies that use ArcTitan normally save up to 80% of email storage space.

 

Media and Finance Attacked in Palmerworm Espionage Malware Targeting Campaign

A recent Symantec has indicated that Palmerworm attacked are on the rise for the first time since 2013.

It was recently discovered that the malware has had more persistent activity in 2020 and even remained on an unnamed corporate network for almost six months. Hackers behind Palmerworm have added new malware to the advanced persistent threat (APT) aimed at mainstream media and financial groups in the US, Japan, Taiwan, US, and China.

Even though Symantec was unable to discover the initial attack vector, it is thought that these attacks have begun with a phishing campaign. Palmerworm uses a unique approach to fooling users into running malicious content. Included in the malware is stolen signed certificates making users believe that the software is genuine.

Code-signing is a way to inform operating systems and users who developed the software. When users attempt to download software, the operating system shows the publisher. The publisher employs a signing method using specific keys only available to the publisher. An example of a code-signing message is included here:

 

In this image, the user can see that the publisher is Microsoft and will allow the program to be installed. Palmerworm authors use stolen code-signing keys to sign software, which makes it highly likely that users will install the malware.

Palmerworm uses custom malware and some freely available software to send the payload. The malware is a group of backdoors giving the hackers access to the network and allows them to remain on a corporate network even after administrators think that it’s been deleted.

The custom malware sent with Palmerworm are:

  • Backdoor.Consock
  • Backdoor.Waship
  • Backdoor.Dalwit
  • Backdoor.Nomri

The software included that assist Palmerworm install and scan the network includes:

  • Putty – gives hackers remote access
  • PSExec – used to run commands on a Windows network
  • SNScan – Scans the network to find other possible targets.
  • WinRAR – archiving tool to transfer data to the hacker, hide malware and extract it to a new target.

The backdoor malware gives hackers a high level of access across devices. Once an attacker has full management of one device, the malware can be shared across other devices on the network.  The network reconnaissance and administration tools assist the hacker find additional vulnerable devices so that backdoors and remote control can be created.

Palmerworm is not a new advanced persistent threat. It has been inexistence since 2013, so strong anti-malware programs can detect and prevent the backdoors from downloading to a device. Groups with enterprise-level anti-malware should have it downloaded on all devices including desktops and mobile devices.

As it’s presumed that Palmerworm starts with a phishing campaign, it’s even more important than ever to use email filters. Content filters will also prevent users from accessing malicious sites where hackers could host Palmerworm malware and trick users into installing it. Email filters will prevent malicious emails with attachments that could contain Palmerworm malware or macros that will download it form an hacker-controlled server.

Training users on the dangers of phishing and identifying red flags linked with phishing also helps. Users with adequate education are less likely to install malicious content or open attachments. They will also be aware of suspicious links from unknown senders.

TitanHQ supplies a cloud-based solution for email filters that blocks Palmerworm and other advanced persistent attacks. By implementing the cloud-based WebTitan platform, your organization will be safeguarded from Palmerworm and other web-based attacks that need users to initially access a hacker-controlled site where malware can be downloaded and downloaded.

 

Webinar Sept 22, 2020 – How Email Archiving Can Ensure Business Continuity with a Remote Workforce

Businesses have been forced to change their working practices as a result of COVID-19. The lockdowns introduced by governments around the world have meant businesses have had to rapidly change from an office-based workforce to having virtually everyone working remotely.

The restrictions on office work may have now eased, and employees are starting to be encouraged to return to working from the office, but remote working to some extent is now here to stay.

Most businesses have coped well with the new remote working environment. Many report that their employees have been just as productive, if not more productive, working from home. However, remote working is not without its challenges. Many businesses are concerned about how to ensure compliance with regulations with a remote workforce and how to ensure business and email continuity.

On Tuesday, September 22, 2020, TitanHQ is hosting a webinar to discuss some of the key challenges faced by businesses with a remote workforce and to introduce a solution to keep businesses moving forward when employees are working remotely and ensure business continuity.

During the webinar TitanHQ experts will discuss the following topics:

  • The Current 2020 Technology Landscape
  • Security & Compliance in a time of Global Remote Working
  • Increase in Companies Relying Solely on Office 365
  • Protecting Business Critical Data
  • The Importance of Continuity in the Era of Remote Working

Attendees will also be given a live demo of TitanHQ’s cloud email archiving solution, ArcTitan.

Webinar Information

Title:       How to Ensure Business Continuity with Email Archiving for your Remote Workforce

Date:     Tuesday, September 22, 2020

Time:    London/Dublin: 5:00 pm (GMT +1)  ¦  USA:      12:00 pm ET; 09:00 am PT

Hosts:     James Clayton, ArcTitan Product Specialist  ¦  Derek Higgins, Engineering Manager, TitanHQ

 

Click Here to Register for the Webinar

Case Study: Phishing Attack on a Security Awareness Training Group

Companies are always facing attacks from hackers using many different vector. Email is one of the main ways that they will target a company, typically using a lure email to get someone to download malware or visit a malicious URL that includes tacking cookies that will infiltrate your databases. Once a browser visits this site their information will be available to the hackers.

A recent attack took place on the SANS Institute, a leading information security training and certification group which specializes in anti-phishing guidance. However, in August 2020, the group made it public that one of its staff members had been taken in by a phishing attack and handed over their database access details. After stealing the details were stolen a new accounts was created and a mail forwarder was implemented to forward all emails to the hackers emails account. In total, 513 emails were forwarded that included some private data belonging to SANS account holders. Once the attack was discovers it was calculated that the private information of 28,000 SANS members was stolen. Now the attack is being used by the SANS Institute  to show people that no group or company is safe.

Even the best trained individual can be taken in by lures and hackers are constantly changing their methods of attack. A new style of attack may be even more authentic looking than anything that has eern been seen previously so you always need to be on your guard.

In most cases you can block phishing attacks by uses a number of different security steps. The reason for using so many tactics is that one will work if another one doesn’t. As the success of phishing attacks are constantly improving using a security solution that works like this has never been more important.

Along with conducting normal end user training and phishing simulation emails to enhance your staff’s awareness of cyber attacks you will need to deploy an advanced spam filter. Office 365 comes with a low entry level of protection that comes with the software called Exchange Online Protection (EOP). However you will need to add a third-party solution like SpamTitan to prevent more threats from infiltrating your systems. EOP prevents spam, recognized malware and vast majority of phishing emails, but SpamTitan will greatly improve security against more complex phishing attacks and zero-day malware.

You should also think about using a web filter to prevent the web-based component of phishing emails from hitting your databases successfully. When a staff members tries to view a malicious web page that is used to steal details and other sensitive data, a web filter can stop that website from being viewed.

using a spam filter, web filter, and end user training, means you will be fully secured, but you should also use two-factor authentication. If details are illegally obtained, two-factor authentication can stop those credentials from being used by the hacker to obtain access to the account.

 

Phishing Warning Issued Follow Sports Industry Attacks

Football transfers involved huge amounts of money being shifted, often electronically, between clubs to bring in new players. If hackers were to place themselves into the communications between clubs, huge payments could easily be stolen.

This is exactly what happened recently when a scam was conducted against a Premier League football club in England. The hackers obtained access to the email account of the managing director of the club through a phishing campaign after directing the MD to a domain where Office credentials were gathered. Those details were then used to access the MD’s email account, and the scammers inserted themselves into and email conversation with another club looking to buy a player. Luckily, the scam was detected by the bank and a £1 million fraudulent payment was prevented.

This variety of scam starts with a phishing email but is referred to as a Business Email Compromise (BEC) scam. BEC scams are widespread and often successful. They range from straightforward scams to complicated multi-email communications between two parties, whether one party believes they are communicating with the real email account holder when they are actually communicating with the scammer. When the time comes to make payment, the scammer supplies their own account credentials. All too often, these scams are not detected until after payment is completed.

That is far from the only cyberattack on the sports sector in recent weeks and months. There have been numerous attempted cyberattacks which prompted to the UK’s National Cyber Security Center (NCSC) to release a warning advising the UK sports sector to be on high alert.

Before lockdown, a football club in the UK was hit with a ransomware attack that encrypted essential databases, including the computer systems that controlled the turnstiles, preventing them from working. A game nearly had to be called off due to the attack. The ransomware attack is suspected to have also begun with a phishing email.

The recent attacks are not restricted to football clubs. NCSC data show that 70% of sports institutions in the United Kingdom have suffered a cyberattack in the past year.

NCSC figures show around 30% of incidents lead to financial losses, with the average loss being £10,000, although one organization lost £4 million in a scam. 40% of the attacks involved the use of malware, which is often sent using spam email. 25% of attacks involved ransomware.

While malware and ransomware attacks are costly and disruptive, the main cause of losses is BEC attacks. Reports released by the FBI show these scams accounted for around 50% of all losses to cybercrime in 2019. $1.77 billion was lost to BEC attacks in 2019, with an average loss of $75,000 (£63,333). The true figure is likely to be even higher, as not all BEC attacks are reported. The FBI expects even greater losses this year.

While there are many different attack tactics, email remains the most common vector used in cyberattacks on companies. It is therefore vital to put in placea robust email security solution that can block malicious emails and stop them from being delivered to inboxes.

TitanHQ has created a powerful, advanced email security solution that can help businesses improve their email security measures and block phishing, spear phishing, BEC, malware, and ransomware attacks. SpamTitan incorporates many threat intelligence feeds, machine learning systems to identify phishing scams, dual anti-virus engines, and a sandbox to subject suspicious email attachments to in-depth analysis. SpamTitan also incorporates SPF and DMARC to identify and block email impersonation campaigns.

If you are worried about email security and want to improve your defenses against email dangers, call the TitanHQ team a call  now to discover more about SpamTitan and other security solutions that can help you defend your company from cyberattacks.

 

Preventing Cyberattacks for Managed Services Providers

Managed Service Providers are a lucrative victim for hackers. If a threat actor can obtain access to an MSP’s network, they can use the same remote management tools that MSPs use to carry out attacks on the MSPs clients.

Many businesses are now turning to MSPs for IT support and management services. This is typically the most cost-effective solution, especially when firms lack the in-house IT expertise to manage their networks, applications, and security. An MSP will typically supply IT management services for many different firms. A successful cyberattack on the MSP can result in a threat actor gaining access to the networks of all the MSPs clients, which makes the attack extremely worthwhile.

There was a marked rise in cyberattacks on managed service suppliers in 2019, in particular by ransomware gangs using GandCrab, Sodinokibi BitPaymer and Ryuk ransomware. The MSPs were attacked in a variety of ways, including phishing, brute force attacks on RDP, and exploitation of unpatched flaws.

Once access has been obtained to an MSP’s network, hackers search for remote management tools such as Webroot SecureAnywhere and ConnectWise which the MSP uses to access its clients’ networks to supply IT services. Several 2019 ransomware attacks on MSPs used these tools to access clients’ networks and install ransomware. MSPs such as PerCSoft, TrialWorks, BillTrust, MetroList, CloudJumper, and IT by Design were all attacked in 2019 and ransomware was deployed on their and their clients’ databases.

Kyle Hanslovan, CEO at Huntress Labs, told ZDNet in a recent telephone interview that his company had provided support to 63 MSPs that had been targeted in 2019 but believes the total number of attacks was likely to be more than 100. However, the number of MSPs that have been attacked is likely to be much higher. It is likely that many cyberattacks on MSPs are not even seen.

The attacks have shown no sign of dropping off. Recently the U.S. Secret Service issued a TLP Green alert warning MSPs of a rise in targeted cyberattacks. Compromised MSPs have been used to carry out business email compromise (BEC) attacks to get payments sent to hacker-controlled accounts. Attacks have been carried out on point-of-sale (POS) systems and malware has been deployed that intercepts and exfiltrates credit card data, and there have been several successful ransomware attacks.

Along with hackers, nation state-sponsored hacking groups have also been carrying out cyberattacks on MSPs, notably hacking groups connected with China. The National Cybersecurity and Communications Integration Center (NCCIC) issued an alert about the threat to MSPs from state-sponsored hacking groups in October 2019.

There are many best practices that can be implemented by MSPs to improve security and prevent these attacks. MSPs may currently be incredibly busy helping their clients deal with IT issues linked to the COVID-19 pandemic, but given the increase in focused cyberattacks on MSPs, time should be spent improving their own security, not just security for their clients.

The U.S Secret Service advises MSPs keep up to date on patching, especially patches for any remote administration tools they implement. ConnectWise issued a security advisory last month and patched a vulnerability in the ConnectWise Automate solution. The API vulnerability could be successfully targeted remotely by a threat actor to execute commands and/or modifications within an individual Automate instance. Vulnerabilities such as these are actively sought by hackers.

The principle of least privilege should be used for access to resources to restrict the damage inflicted in the event of a breach. It is also wise to have well-defined security controls that are fully compliant with industry standards.

Annual data audits should be completed along with regular scans to identify malware that may have been downloaded on systems. Logging should be turned on, and logs should be regularly checked to spot potentially malicious activity. MSPs should also ensure that their employees receive ongoing security awareness training to teach cybersecurity best practices and how to spot phishing and BEC scams.