Pros & Cons of BYOD

Many workers want to use their personal devices when they are working. Personally owned devices are normally quicker than the desktops supplied by employers. Staff members know how to use the operating system, they have the software they need already downloaded, and it allows them to be more flexible about when and where they do their day’s work.

These are all great advantages for staff members. The power of new technology can be used with minimal expense, and productivity can rise.

There is also a feeling that technology vendors are the main champions of BYOD. It is true that vendors have pushed the BYOD movement and are urging for their new devices to be used in the workplace. However, it is workers who are really driving the push for change. They want to use their own devices in the workplace as it makes their lives less complicated.

Sadly for IT security professionals, keeping control of the devices is thought to be practically impossible. The dangers introduced by personal tablets, Smartphones and laptops are many. BYOD is seen as a data security risk and a security breach just waiting to happen.

But what are the dangers introduced by the devices? Are they as problematic as security workers think?

What are the issues with Bring Your Own Device (BYOD) policies?

  • Many IT workers dislike BYOD, but it is not only for data security reasons. Managing BYOD calls for a considerable amount of planning and time. IT staff are usually short of time as it is, and that is without having to manage personally owned networked devices. Budget increases to account for BYOD are rarely sufficient and extra staff are often not employed to cope with the extra workload.
  • Devices owned by worker must be given access to corporate networks. They are also used to hold sensitive corporate data, yet those devices are taken outside the control and security of the company, used at home, taken to social events and are often misplaced or stolen.
  • The devices can cause issues with compliance, especially in highly regulated sectors.
  • IT workers must ensure data can be remotely deleted, and protections are put in place to stop the devices from being infected with malware.
  • Another issue is how to make sure data can be deleted from the device when an employee leaves the company. Controls must therefore be put in place to ensure data can be wiped remotely, and access to corporate networks and data must be turned off.
  • If data is stored on the device, it must be set up to store personal data and work data separately. The IT department cannot remotely erase all data on the device. Some will belong to the owner of the device.

There are solutions to make BYOD work properly. Work data can be saved in the cloud, instead of on the device itself. This makes data management much easier. Policies can be designed to ensure security flaws are not allowed to develop. Management may be difficult, but software is available to make the process much more straightforward and less labor heavy. Many software security solutions have been designed specifically for BYOD.

New Locky Ransomware Campaign Using Fake Invoices

The WannaCry ransomware campaign may have attracted a lot of media attention, but Locky ransomware presents a bigger threat to organizations with a new Locky ransomware campaign now a regular event. The ransomware was initially seen in February last year and quickly became the biggest ransomware threat. In recent times, Cerber has been extensively shared, but Locky is still being used in widespread attacks on groups.

Those responsible for Locky ransomware are constantly changing tactics to trick end users into installing the malware and encrypting their files.

The Necurs botnet has recently been used to share Jaff ransomware, although now that a decryptor has been produced for that ransomware variant, the actors to blame for Necurs have switched back to Locky. The new Locky ransomware campaign involves millions of spam messages being broadcast using the Necurs botnet, with some reports suggesting around 7% of global email volume at the start of the campaign came from the Necurs botnet and was spreading Locky.

The new Locky ransomware campaign deploys a new variant of the ransomware which does not encrypt files on Windows operating systems newer than XP. This appears to be a mistake, with new, updated version of the ransomware is expected to be released soon. As with previous campaigns, the latest batch of emails uses fake invoices to trick end users into downloading the ransomware.

Fake invoices are typically used to spread ransomware because they are highly successful. Even though these campaigns often include scant details in the email body, many end users open the attachments and enable macros. BY doing this user download Locky. There is still no free decryptor available to recover Locky-encrypted files. Infections can only be mitigated by paying a sizeable ransom payment or restoring files from backups.

Showing end users to be more security aware will help groups to minimize to reduce susceptibility to ransomware attacks, although the best security against email-based ransomware attacks is to use an advanced spam filtering solution to stop the messages from arriving in end users’ inboxes. If emails are obstructed blocked, there is little chance of end users opening malicious attachments and downloading the ransomware.

Millions of Account Details Stolen in Edmodo Data Breach

A data breach at Edmodo has been reported that has affected tens of millions of users of the education platform, among them teachers, students and parents.

Edmodo is a platform used for K-12 school lesson planning, homework assignments and to assign grades and school reports.  There are over 78 million registered users of the platform. The cyber criminal responsible for the Edmodo data breach claims to have obtained the credentials of 77 million users.

This allegation has been partially verified by Motherboard, which was given a sample of 2 million records that were used for verification reasons. While the full 77 million-record data set has not been reviewed, it would appear the claim is authentic.

The hacker, nclay, has placed the data for sale on the darknet marketplace Hansa and has asked to be paid $1,000 for the complete list. The data incorporates usernames, hashed passwords and email addresses. Email addresses for approximately 40 million users are thought to have been obtained by the cyber criminal.

The passwords in question have been salted and encrypted using the bcrypt algorithm. While it is possible that the passwords can be decrypted, it would be a long and painstaking process.  Edmodo users have therefore been given a some time to reset their passwords and safeguard their accounts.

The Edmodo data breach is now being looked into and third party cybersecurity experts have been hired to complete a full analysis to determine how access to its system was obtained. All users of the platform have been emailed and advised to change their passwords.

Even if access to the accounts cannot be obtained, 40 million email addresses would be valuable to online spammers. Users of the platform are likely to face a heightened danger of phishing and other spam emails, should nclay find a buyer for the stolen information.

This is not the only large-scale data breach to impact the education sector this year. Schoolzilla, a data warehousing service for K-12 schools, also suffered a serious cyberattack this year. The data breach was noticed last month and is believed to have lead to in the theft of 1.3 million students’ data. In the case of Schoolzilla, the hacker took targeted a backup file configuration error.

Spam King Arrested In Connection with Kelihos Botnet

The US Department of Justice yesterday revealed that one of the leading email spammers has been apprehended as part of an operation to disrupt and take down the infamous Kelihos botnet.

The Kelihos botnet is a group of tens of thousands of computers that are utilized to deploy massive spamming campaigns including millions of emails. Those spam emails are used for a range of illegal purposes including the distribution of ransomware and malware. The botnet has been widely used to share fake antivirus software and spread credential-stealing malware.

Computers are placed on the Kelihos botnet using malware. Once in place, Kelihos malware runs silently and users are not conscious that their computers have been hacked. The Kelihos botnet can be swiftly weaponized and used for a range of malicious purposes. On previous occasions the botnet has been used for spamming campaigns that artificially inflate stock prices, promote counterfeit drugs and hire people for fraudulent work-at-home schemes.

Pyotr Levashov is thought to be the main user of the botnet along with conducting a wide range of cybercriminal activities out of Russia. In what turned out to be an ill-advised move, Levashov departed from the relative safety of his home country and travelled to Barcelona, Spain on holiday. Levashov was arrested on Sunday, April 9 by Spanish authorities acting on a U.S. issued international arrest warrant.

Levashov is thought to have played a major role in the alleged Russian interference in the U.S. presidential election in 2016, although Levashov is best known for his spamming work, click fraud and DDoS attacks.

Levashov, or Peter Severa as he is alternatively known, is heavily involved in sharing virus spamming software and is believed to have developed numerous viruses and Trojans. Spamhaus lists Levashov in seventh place on the list of the 10 worst spammers.

Levashov is thought to have been responsible for multiple operations that connected virus developers with spamming networks, and is also a main suspect in relation to the running of the Kelihos botnet, the Waledac botnet – which was shut down in 2010 – and the Storm botnet.  Levashov was convicted for his role in the latter in 2009, although he managed to prevent his extradition to the United States. At the time, Storm was the largest spamming botnet in operation and was used to broadcast millions of emails every day. Levashov also moderates a number of spamming forums and is well known. Levashov is thought to have been extensively involved in spamming and other cybercriminal activities for the past 20 years; although to date he has not had to answer for his crimes.

A statement issued by the U.S. Department of Justice states: “The operation announced today targeted an ongoing international scheme that was distributing hundreds of millions of fraudulent e-mails per year, intercepting the credentials to online and financial accounts belonging to thousands of Americans, and spreading ransomware throughout our networks.”

The DOJ operation also included the takedown of domains linked with the Kelihos botnet beginning on April 8, 2017. The DOJ says closing down those domains was “an extraordinary task.”

While it is obviously good news that such a high profile and prolific spammer has been caught and the Kelihos botnet has been severely impacted, other spammers are likely to soon replace Levashov. Vitali Kremez, director of research at Flashpoint said his firm had seen chatter on underground forums alleging that well-known spammers are responding to the news of the arrest by taking acting to safeguard their own operations. There may be a period of less activity in email spam volume, but that blip is only likely to be short-lived.

W-2 Form Phishing Scam Targets Schools

A W-2 Form phishing scam that has been widely used to trick businesses out of the tax information of their staff is now being used on educational institutions. School districts should be on high alert as cybercriminals are focusing on them.

In recent weeks, many school districts have been tricked by the scammers and have disclosed the W-2 Form data of employees. Teachers, teaching assistants, and other members of school staff have had their Social Security numbers and earnings information shared with the fraudsters. The data is being used to file fraudulent tax returns in victims’ names.

The W-2 Form phishing scam is one of the simplest con-tricks deployed by cybercriminals. It involves sharing an email with a member of the HR or payroll team asking for the W-2 Forms of all employees to be sent via email. Why would any staff member send this highly sensitive data? Because the email appears to have been sent from individuals within the school district who have a genuine need for the data. This is why the W-2 Form phishing scam is so successful. In many instances, suspicions are not aroused for a number of days after the emails have been broadcast. By that time, fraudulent tax returns may have been submitted in the names of all of the victims.

It is unknown how many school districts have been hit so far with this W-2 Form phishing scam, although 10 school districts in the United States have revealed that their employees have fallen for the scam this year and have emailed W-2 Form data to the hackers. Overall, 23 organizations have revealed that an employee has fallen for a W-2 Form phishing scam in 2017, and at least 145 groups fell for similar scams last year.

As a result of the number of attacks, the IRS released a warning in early 2016 to alert all groups to the threat. The increase in attacks in 2017 has led to the IRS to issuing a warning once again.  While corporations are in danger, the IRS has issued a warning specifically referring to school districts, as well as non-profits and tribal groups.

The IRS warning outlines how cybercriminals have started even earlier this year. While the W-2 Form phishing scam emerged last year, many attacks took place relatively late in the tax season. Cybercriminals are trying to get the data sooner this year. The sooner a fake tax return is filed, the greater the chance that a refund will be processed.

A variety of spoofing techniques are used to make the email seem like it has come from the email account of an executive or other individual high up in the group. In some instances, criminals have first compromised the email account of a board member, making the scam harder to spot.

2017 has also seen a change to the scam with victims targeted twice. Along with the W-2 Form scam, the victims are also subjected to a wire transfer scam. After W-2 Forms have been sent, a wire transfer request is completed to the payroll department. Some groups have been hit with both scams and have disclosed employees’ tax information and then made a wire transfer of several thousand dollars to the same hackers.

Safeguarding against these scams requires a combination of technology, training and policy/procedural updates. The first task for all organizations – including school districts – is to send an email to all HR and payroll staff advising them about these phishing scams. Staff must be made aware of the scam and told to be cautious.

Policies and procedures should be updated directing payroll and HR staff to authenticate any email request for W-2 Form data by telephone prior to sending the data.

Email Archiving: It Costs Less Than You May Think

Email archiving costs could be less than you may think currently. Although email archiving costs are costs that can be avoided, it is risky approach to be made by businesses. Substantial fines await organizations that cannot recover emails promptly when required.

It is a requirement that U.S. businesses keep their emails emails for several years. Various organizations require companies to keep emails for different amounts of time, depending on their sector; the IRS requires all companies to keep emails for 7 years, the FOIA requires emails to be kept for 3 years, and 7 years again for Healthcare organizations (HIPAA), public companies (Sarbanes Oxley), banking and finance (Gramm-Leach-Bliley Act) and securities firms (SEC).

For large firms, absorbing the cost of email archiving is rarely an issue. However, many SMBs look at the email archiving cost and try to save money by opting for backups instead. While it is possible to save on the email archiving cost through using a backup system, the decision not to use an email archiving service could prove to be very costly and could potentially put the future of the business at risk.

Email backups are (usually) fine for recovering entire email accounts. For example, in the event of a malware or ransomware attack, email backups can be used to recover entire email accounts. However, companies can encounter a number of problems if only certain emails need to be found, for eDiscovery purposes in the event of a lawsuit for example.

An eDiscovery order may be received that requires a retrieval of all email correspondence sent to a particular client/customer. A request such as this may require emails from 100s of employees to be located promptly, even though these emails may date back several years. Finding all these emails would be a difficult and incredibly time-consuming process, and it may not actually be possible to recover all correspondence at the end of it. Backup files should not be a substitute for a well-managed archive. Backup files are just data repositories and cannot easily be searched.

In contrast, with an email archive not only can individual emails be easily recovered, the entire archive can be searched quickly and effectively. If an eDiscovery request is received, all requested emails can be recovered quickly and with ease with the process likely to take a matter of minutes. On the other hand, the recovery of files from a backup could take weeks or even months, assuming that the task is even possible.

The recent wave of ransomware attacks has highlighted a number of examples of data backups that have been corrupted. When this occurs, it leaves organizations no option but to pay the attackers for a key to decrypt locked data. In the case of a ransomware infection, the ransom payment may amount to hundreds, thousands or even tens of thousands of dollars. The failure to produce email correspondence for eDiscovery or a compliance audit can be even higher again.

Non-compliance with industry legislation such as the Sarbanes-Oxley Act can see fines of several million dollars issued. Only last year, a UK brokerage firm called Scottrade was issued with a fine of $2.6 million by the Financial Industry Regulatory Authority (FINRA). Although it had kept some records of its emails, it had not kept a complete record. In fact, over 168 million emails had not been retained that should have been kept in an archive. When announcing the fine Brad Bennett, Executive Vice President and Chief of Enforcement at FINRA explained, “Firms must maintain sound supervisory systems and procedures to ensure the integrity, accuracy, and accessibility of electronic books and records.” Of course, that includes email correspondence.

Without doubt, the cost of email archiving is much lower than the cost of a regulatory fine. However, email archiving is actually inexpensive in general, especially when using a cloud-based email archiving solution such as ArcTitan. With ArcTitan, emails are securely stored in a cloud without the need for any additional hardware. This can allow businesses to have peace of mind as they know that no email will ever be lost.

In the event of an eDiscovery order or a similar situation, any email can be retrieved almost instantly, no matter when the email was archived. No specific software is needed, emails can be archived from Office 365 and archived messages can be accessed easily using an Outlook plug-in or even directly from the browser. What’s more, the load on an organization’s email server can be greatly reduced, with reductions of 80% being seen by a number of TitanHQ’s clients.

Email Archiving Relating to EU Citizens, and GDPR

The regulations mentioned at the top of the page (Sarbanes-Oxley, HIPAA and the Gramm-Leach-Bliley Act) for the most part affect domestic businesses operating within the domestic market. However, any businesses with a presence in Europe or that retain EU citizens´ personal data on email will also be subject to the EU´s General Data Protection Regulation (GDPR) which is due to be implemented in May 2018.

GDPR states that only the minimum amount necessary to perform a lawful function can be retained by a company. It also ensures steps must be taken to protect EU citizens’ personal data against loss, theft or unauthorized disclosure. Also, because the data must be retained in its original format, measures must also be put in place to prevent unauthorized alteration.

Furthermore, EU citizens have the right to request access to their personal data, restrict its processing or demand its deletion if the lawful basis on which it was obtained is no longer applicable. If only just for this reason, it is financially viable to implement an email archiving service. Data access requests can be complied within minutes with the quick and easy search facility available.

If you’d like to discover more about the full benefits of email archiving and the features of ArcTitan, contact the TitanHQ sales team today. We believe the email archiving costs could be less than you may think.

Cloud-Based Email Archiving: The Benefits

Cloud-based email archiving has a wide array of benefits that you may not be aware of. Despite this being the case, many businesses don’t currently use an archiving system to manage their emails. A large number rely on email backups, even though backups are impractical and data loss is always a real concern with this method. In this article, we will be looking at the benefits of secure, cloud-based email archiving over backups

Email Loss isn’t Possible

One of the most important benefits of a cloud-based email archiving solution could easily be explained by Hilary Clinton. In the case of an email archive being stored locally, should the device on which that archive is stored be lost or stolen, the entire archive would never be seen again. That is precisely what happened last year during her election campaign.

Not only was that archive lost, it could potentially have been accessed by an unauthorized individual. Keen not to make a similar mistake, Donald Trump has reportedly started using a messaging app that deletes all emails once they have been read. While this would certainly prevent accidental disclosure, it would not be an option for many businesses. Regulations require businesses to keep emails for a number of years.

Loss of email is not something that is seen as an option in regulated industries. The reason for this is that huge fines await companies who do not archive or backup their emails. Emails must be stored securely and made available to auditors. If organizations fail to do this, they will be in violation of the Sarbanes-Oxley Act, FINRA, HIPAA and the Gramm-Leach-Billey Act. If a backup or local email archive is misplaced, the fines can be severe.

In the case of healthcare organizations, if a laptop computer is stolen and email backups containing electronic protected health information were on the device, an unauthorized individual could potentially access the data. That would result in a violation of HIPAA Rules. The Office for Civil Rights could fine a healthcare organization millions of dollars for a data breach such as this with ease. If emails are archived and stored in the cloud, a breach such as this would not be possible even if the device was stolen.

Legal Discovery and GDPR Require Fast Email Retrieval

In the case of a lawsuit being filed against a company, it may have to provide copies of emails as part of legal discovery. Although many companies store old emails in backups, searching for emails can be a difficult, time-consuming task. For an average-sized organization searching for emails using this method it could take weeks, even though it is required for emails to be found in minutes. If this company were to be using an email archiving solution, archived messages can be searched and retrieved in a matter of seconds or minutes, not weeks.

This is a similar situation for data access requests under the EU´s General Data Protection Regulation. EU citizens now have the right to request details of any data that could be used to identify them, modify it where necessary, and erase it is there is justifiable cause. Compliance with GDPR for businesses maintaining a database of EU citizens could be simplified significantly by implementing cloud-based email archiving. Cloud-based email archiving, of course, has the benefit of complying with the regulations relating to data security.

Storage Difficulties Resolved with Secure, Cloud-Based Email Archiving

When you consider the number of emails now being sent and received in today’s business environment, and the requirement for those emails to be kept for years in many cases, the space required for storing email is huge. In fact, the average employee sends or receives 121 emails a day, according to a study recently conducted by Radicati Group. To put that into perspective, for an organization with 500 employees that is 60,500 emails a day. With 22 working days each month, that amounts to 15,972,000 emails a year. While each individual email may only take up a small amount of storage (a few KB), over a year the storage space required is significant. Cloud-based email archiving allows millions of emails to be stored without requiring organizations to purchase any hardware for storage.

ArcTitan – The Solution

In conclusion, cloud-based email archiving has a large number of benefits. In order to get the most out of all the benefits cloud-based email archiving as to offer, businesses should look for a provider that can help implement the new system in a way that is easy to use and is cost effective. To meet all these needs, TitanHQ developed ArcTitan – a secure, cloud-based email archiving solution that allows organizations to meet compliance requirements, search email archives quickly, and retrieve messages in minutes. Furthermore, ArcTitan has excellent scalability and can be used for email storage by companies with ten to 10,000+ email accounts.

Emails can be archived from anywhere at any time, and messages can be accessed via a browser or mail client. With a pay as you go subscription, cloud-based email archiving is easily affordable for businesses, whatever the size!

Contact the TitanHQ sales team today to find out more about the benefits of ArcTitan.

$2.6 million Fine for Failing to Keep Emails

In 2015, a fine of $2.6 million was placed on a company called Scottrade by the Financial Industry Regulatory Authority (FINRA) for failing to keep emails. Scottrade, along with other companies who have received a similar fine, could have easily avoided such a fine by making it straightforward to access the company’s archived emails. Fines as big as these should be avoided at all costs by businesses and shouldn’t be suffered over something as simple as failing to keep emails.

Risk Minimization

Every organization exposes itself to risk by its very existence, regardless of whether it is a profit, non-profit or government entity. There always remains the chance that a natural disaster, regulatory audit, lawsuit or cybercrime could strike the organisation. A responsible manager makes every effort to identify the threats to the business and takes all the necessary precautions to minimize the likelihood of these events, as well as to prepare for them should they occur. This planning all goes hand-in-hand with the broader business continuity and disaster strategy, which every successful operation should have in place.

eDiscovery

One component of minimising risk that is often overlooked is the archiving of emails. Several laws and regulations specify how long an organization must maintain records, including emails. Most of the rules covering retention state that emails and other records should be stored for several years. A lawsuit is a practical example of how emails may be needed several years after having been sent or received, as a court may order production of all records associated with a case. The request for these records is defined as eDiscovery and, if required, the company must be able to provide the documents in question.

Organizations’ Electronic Information Requirements

During a lawsuit or investigation, an organization may be required to identify, collect and deliver all electronically stored information (ESI) that are relevant to the matter-at-hand. This information includes, but is not limited to

  • Databases
  • Emails
  • Presentations
  • Social media
  • Voicemails
  • Websites

Complying with an eDiscovery Order Without a Managed System

This can quite easily run into thousands of emails. If the area of interest spans over several years and includes dispatches to and from 100’s of employees in multiple departments, it can prove extremely difficult to locate what you are looking for. An organization that’s lacking an automated and well-managed system would find it near to impossible to comply with the order to produce all relevant emails in a timely manner.

Severe Consequences to Lack of Compliance

Almost every regulation covering records retention stipulates a fine or, in some cases, criminal charges if an organization is unable to produce emails/records that they are required to by law. As mentioned previously, these fines can be substantial. In 2015, when FINRA fined Scottrarde $2.6 million USD, they had failed to retain more than 168 million outgoing emails and record email communications in the proper format. Another example can be seen in 2005, when a Florida jury awarded financier Ronald Perelman $1.45 billion USD in damages after the trial judge issued a default judgment against Morgan Stanley as a sanction for failing to comply with eDiscovery.

Preparing for an eDiscovery Request

It is crucial for any business to have an eDiscovery solution. Because inefficient storage is expensive and makes data difficult to access, companies need to be addressing the storage demands of their ever-growing data. However, every company also needs to be aware of what it needs to do to make sure its data is stored in a manner that’s going to make it legally compliant if it’s involved in a lawsuit.

The majority of an organization’s corporate knowledge is found in its email. Email represents a lot of time and effort on the part of many employees. Therefore, it’s an investment that every business should protect. Archiving not only protects the intellectual property represented by email, it makes email management in general easier. This, in turn, improves productivity and performance.

ArcTitan is a cloud-based archive system designed by TitanHQ. ArcTitan provides cloud-based archiving and retrieval of emails compliant with Sarbanes–Oxley, HIPPA, and other regulations for eDiscovery, retention and audit. Users may search, view and retrieve archived emails from Outlook or any web browser in a matter of seconds. eDiscovery requests can instantly be produced, with search options covering entire organization, departments or groups for content of headers, emails and attachments. Archived emails include an audit trail, documenting any modifications to messages which ensures compliance to regulations.

To learn more about benefits of ArcTitan, email us at info@titanhq.com.

Sharp Increase Gmail Phishing Attacks Recorded

A large number of Gmail phishing attacks was reported in the media this week. While the phishing scam is not previously unseen – it was first identified around 12 months ago – cybercriminals have activated the campaign once more. The phishing emails are used to access Gmail login credentials are highly realistic,. A number of different tactics are used to avoid being detected some of which are likely to trick even the most security aware individuals.

The Gmail phishing attacks begin with an email sent to a Gmail account. Security aware persons would be wary about an email arriving from an unknown source. However, these attacks involve emails sent from a contact in the target’s address book. The email addresses are not hidden to make them look like they have come from a contact. The email is actually shared from a contact’s account that has already been compromised.

Email users are far more likely to open emails that come from their contacts. Many people do not perform any additional checks if the sender is known to them. They believe that emails are genuine solely from the source.

However, that is not the only tactic used to fool targets. The hackers also use data that has been taken from the contact’s sent and received messages and add this to the email. An screenshot or an attachment/image that has already been included in an earlier email between the contact and the target is included in the message. Even if the target is a little suspicious about receiving an email, these additional touches should allay worry.

The target of the email is to get the email user to click on the image screenshot. If they do this they will be directed them to a Gmail login page where the target is needed to sign in again. While this is perhaps odd, the page that the user is directed to looks exactly as it it supposed to. The page exactly mirrors what the user would usually expect.

Reviewing the website address bar should confirm that the site is not genuine; however, in this case it does not. The address bar  confirms if the site is secure – HTTPS – and the web address includes accounts.google.com. The only evidence of the scam is the inclusion of ‘data.text/html’ before accounts.google.com in the address bar.

Providing account credentials will share that information directly to the hackers. The response is extremely quick. Account details are immediately used to log into the victim’s account. Before the victim even thinks they have been scammed, the entire contents of their Gmail account could be taken, including sent and received emails and the address book. Contacts will be subjected to these Gmail phishing attacks in the same manner.

 

New Highly Professional Ransomware Variant Spora Ransomware Detected

Spora ransomware, a new ransomware variant, has been discovered by Emisoft. This ransomware included a new tactic which involves victims having a wide range of their files encrypted as with other forms of file-encrypting malware before being offered the option of preventing more ransomware attacks if they pay up.

The hackers would not be able to stop attacks performed by other gangs – with other ransomware variants – although if the hackers can be believed, victims would only be hacked with Spora a single time if they opt to pay for ‘Spora immunity’ rather than just paying to unlock the encryption once.

Sadly, for the victims, that payment will be required to unlock the infection if a viable backup of data is not in place. Currently, there is no decryptor available for Spora.

Emisoft says that the encryption used is particularly durable and even if a decryptor was developed, it would only be effective for preventing a single user due to the complex method of encryption used – a combination of AES and RSA keys using the Windows CryptoAPI.

Unlike many ransomware variants that communicate using a command and control server, Spora ransomware is not issued any C&C instructions. This means that files can be encrypted even if the computer is offline.

The authors have not requested a fixed ransom amount, as this depend on the ‘value’ of the encrypted data. The ransom payment will be established based on who the user is and the files that have been encrypted. Prior to files being encrypted, a review is performed to see who has been infected. Encrypted files are sorted based on extension type and the data is combined into the .KEY file along with information about the user. The .key file must be given in the payment portal. An HTML file is also placed on the desktop with details of how payment can be completed.

The ransomware is being shared using spam email. Infection happens when an email recipient opens the infected attachment. The attached file seems to be an authentic PDF invoice, although it includes a double file extension which masks the fact it is really a .HTA file. Infection occurs via JScript and VBScript included in the file.

Cling on the file to open it launches a Wordpad file which displays an error message saying the file is invalid. When this is happening the ransomware will be encrypting data.

Emisofts says that the ransomware is slick and seems to be highly professional.  Usually, the first versions of ransomware invariably include containmany flaws that allow decryptors to be developed. In this instance, there appear to be none. Spora ransomware also tracks infections via separate campaigns. The data will likely be used to determine the effectiveness of different campaigns and could be used to manage future attacks.

The slick design of the HTML ransom note and the payment portal show significant work has gone into the developing of this new ransomware. Emisoft suggests that Spora ransomware has been developed specifically for the ransomware-as-a-service market.

Prevention this the best option to avoid this malware. As Spora ransomware is shared using spam email, blocking malicious messages is the best defense against infection, while recovery will only be possible by paying the ransom demand or rescuing data from a backup.

ArcTitan Cloud’s New Data Sheet

TitanHQ has published a new data sheet for ArcTitan Cloud, which gives details of the features and benefits of this convenient, secure, and cost-effective email archiving solution for businesses.

Email Storage Causes Difficulties for Most Businesses

In modern times, email has changed the way companies do business in many ways. Just ten years ago, businesses relied on letters and faxes. Today, email serves those needs. Email accounts are now used to store critical business data, receive and send orders, and communicate with staff, clients, and customers.

Email accounts now contain a huge amount of data and this information needs to be accessible at all times. Storage can be a major issue if one considers the volume of emails that are sent and received each day by each employee. Most medium to large businesses have to spend a considerable amount of funds on hardware just to store their emails. Storage requirements are also rapidly changing, so additional capacity is always required to meet changing storage needs.

Although additional storage can be purchased to meet the temporary needs, it doesn’t take long before space is used, servers start to become sluggish, mailbox quotas are reached, and backups start to take an age to complete.

Good email practices can help. However, employees are using email more and more for document storage and are placing a lot of pressure on email storage solutions.

While storage demands can be eased by deleting old and unwanted emails, this is not always possible. Businesses that are required to comply with the Sarbanes Oxley Act or other email archiving legislation may not have this option. Therefore, emails need to be archived so they can easily be accessed at any time.

A lost email could be catastrophic for a business, particularly if there is a legal dispute or an audit in question. Lost emails could result in substantial fines for non-compliance and could even result in imprisonment. Email archiving legislation usually request for emails to be stored for a minimum of seven years. This often results in many companies having frequent organizational storage nightmares.

Businesses can solve their storage needs with additional hardware and internal storage solutions, however this doesn’t fix the whole problem. Recovering the emails can often prove problematic. If emails are not stored or archived correctly, searches can be a frustrating and extremely time-consuming process. PST files in particular can be a nightmare, especially if searches need to be performed or emails need to be retrieved from archives regularly. However, storing emails in SQL databases brings its own issues. Costs can be excessive, backups become exceedingly complex, databases often perform poorly, and there is significant potential for data loss.

Fortunately, there is a solution. Companies can solve their email storage needs by using a secure, cloud-based email archiving system. Through using such a system, it can allow the company to securely store an unlimited number of emails, while also ensuring searches can be quickly performed and emails quickly and easily retrieved at any time.

Benefits of ArcTitan

ArcTitan Cloud from TitanHQ is a powerful, cloud-based email archiving solution that has been designed to meet the needs of businesses of all sizes. It can be particularly useful for companies in heavily regulated industries where audits are to be expected.

ArcTitan Cloud has been designed for long term storage to ensure that no email is ever lost. What’s more, emails can be quickly and easily retrieved at any time. ArcTitan Cloud gives organizations the peace of mind of not having to cope with organizational storage headaches or setting up complex storage and backup systems.

ArcTitan Cloud requires very small on-site hardware, there are no complex installations, with setup taking about 5 minutes on average. Employees are essentially provided with bottomless email accounts. The versatile storage solution is designed to grow as your business does, with no limits on storage space or the number of users.

TitanHQ has recently published a new data sheet for ArcTitan Cloud to explain the features and benefits of ArcTitan Cloud. If you are struggling with storage space, are unhappy with your current email storage or archiving solution or if you are looking to reduce the cost of email storage in your business, ArcTitan Cloud could well be the solution you are looking for.

To find out more about TitanHQ’s innovative email archiving solution, contact TitanHQ today.

Black Friday Onset Sees New Holiday Season Scams Emerge

Thanksgiving weekend sees millions of people begin online Christmas shopping and this year the holiday season scams have already kicked off.

Black Friday and Cyber Monday are the busiest online shopping days, but some retailers are getting their promotions underway early this year and have already started offering Black Friday deals. Amazon.com for example begins its first Black Friday offers tomorrow, well ahead of the big day on 25th November.

It is no shock that retailers are trying to begin early. 41% of shoppers start their holiday shopping in October according to a recent National Retail Federation survey. 41% of shoppers begin in early November. 82% of shoppers like to make an early start, and this year so are the hackers.

A popular tactic used by hackers is typosquatting – the registration of fake domains that closely resemble the brand names of well-known websites. Phishers use this tactic to obtain login details and credit card numbers. In recent weeks, there has been a rise in typosquatting activity targeting banks and retailers.

A fake domain is registered that looks like the targeted website. For example, the Amaz0n.com domain could be purchased, with the ‘o’ replaced with a zero. Alternatively, two letters could be transposed to catch out careless typists. A website is then set up on that domain that closely matches the targeted website. Branding is copied and the layout of the authentic site is replicated.

There is another way that hackers can take advantage of careless computer users. Each country has its own unique top level domain. Websites in the United States have .com. Whereas, websites registered in the Middle Eastern country of Oman have the .om domain. Scammers have been buying up the .om domains and using them to trick careless typists. In the hurry to get a holiday season bargain, many users may not realize they have typed zappos.om instead of zappos.com.

Visitors to these scam websites enter their login details as normal, yet all they are doing is giving them to the hackers. The scammers don’t even need to copy an entire website. When the login doesn’t work, the site can simply redirect the user to the authentic site. Users then login as normal and finish their purchases. However, the scammers will have their login details and will be able to do the same.

However, many websites now have additional security features to stop the use of stolen login credentials. If a login attempt is completed from an unrecognized IP address, this may set off additional security features. in some cases the user may have to answer a security question.

Some hackers have got around this issue. When a user tries to login on a scam site, a login session is automatically opened on the proper website. The information entered on the scam site is then used by the hackers on the genuine site. When the unusual IP address triggers an extra security layer, this is then mirrored on the scam site with the same question forwarded to the user. The question is answered, and an error message is presented saying the login was unsuccessful. The user is then sent to the genuine site and repeats the process and obtains access. Chances are they will not realise their account details have been compromised. Hours later, the hackers will login to the genuine site using the same details.

Companies must also use caution at this time of year and should take steps to reduce the risk of staff members falling for holiday season scams. Staff members keen to get the latest bargains will undoubtedly complete some of their purchases at work.

Email scams are more common at this time of year and business email accounts can be flooded with scam emails. Offers of lower prices and special deals are likely to arrive in inboxes again this year. Email holiday season scams may not focus on stealing login credentials. Given the rise in malware and ransomware infections this year, this holiday season is likely to see many holiday season scams infect companies this year. A careless staff member looking for an online bargain could all too easily click a link that leads to a malware download or ransomware infection.

POS Data Breach Leads to Fine for Trump Hotels

Trump Hotels and Management LLC has suffered for not implementing stronger robust security measures to safeguard its POS system from hackers.

The hotel group, which is headed by Donald Trump and by ona day-to-day basis run by three of his children, has been hit with a $50,000 penalty by the New York Attorney General for a data breach that exposed the credit card details and personal data of over 70,000 guests in 2015.

Banks carried out an investigation following a number of fraudulent credit card transactions in 2015, and found that the common denominator was all of the victims had previously stayed in Trump-owned hotels. In all instances, Trump Hotels was the last merchant to complete a legitimate card transaction, showing there had been a breach of credit card details at the hotel chain.

A further investigation showed that the POS system used by 5 Trump hotels in Chicago, Las Vegas, and New York had been infiltrated with malware. The malware was downloaded on the credit card processing system in May 2014 and access to the system was obtained using legitimate domain administrator credentials. The malware was able to record the payment card information of guests.

The fine, which was revealed by New York Attorney General Eric Schneiderman on Friday, was issued for the failure to properly secure its systems and for the delay in sending out breach notifications to consumers. Trump Hotels did publish a breach notice on the company website, but it took 4 months for that notice to be uploaded – a violation of state laws in New York.

Schneiderman stated “It is vital in this digital age that companies take all precautions to ensure that consumer information is protected, and that if a data breach occurs, it is reported promptly to our office, in accordance with state law.”

A representative for Trump Hotels explained that the hotel industry is under attack by cybercriminals looking to obtain access to guests’ credit card details. “Unfortunately, cyber criminals seeking consumer data have recently infiltrated the systems of many organizations including almost every major hotel company.”

Other notable hospitality industry violations include the cyberattack on Hyatt hotels and Starwood Hotels & Resorts Worldwide. The Hyatt breach impacted 250 hotels, while the Starwood breach lead to the POS systems of 54 hotels being loaded with malware.

Security measures at Trump Hotels appear to been inadequate. A second credit card system data breach was found to have affected the hotel chain in March this year. Investigators found malware had been downloaded on 39 computer systems used at various locations.

Along with the $50,000 fine, Trump Hotels has agreed to put in place a corrective action plan which requires additional security controls to be downloaded to stop future data breaches.

It may not be possible to stop all cyberattacks but, with the hospitality industry coming under the sharp focus of hackers, it is important that security controls are in place that stop the installation of malware. Keyloggers and other data stealing malware are usually delivered via spam email or are unwittingly installed from malicious websites.

In order to stop infections via email, hotel chains can put in place a strong spam filter. Web-borne infections can be stopped by using a powerful web filtering solution to prevent malware downloads.

Dangerous New Mac Backdoor Program Discovered

Security experts at ESET have identified a threatening new Mac backdoor program which allows hackers to gain full control of a Mac computer. Mac malware may be quite low compared to malware used to infect PCs, but the most recent discovery clearly shows that Mac users are not 100% safe from cyberattacks. The new OS X malware has been labelled OSX/Keydnap by ESET. This is the second Mac backdoor program to be found in the past few days.

OSX/Keydnap is sent out as a zip file containing an executable masked as a text file or image. If the file is clicked on, it will install the icloudsyncd backdoor which speaks to the attackers C&C via the Tor network. The malware will try to obtain root access by asking for the users credentials in a pop up box when an application is run. If root access is obtained, the malware will run each time the device is turned on.

The malware can download files and scripts, running shell commands, and sending output to the hackers. The malware also has the capability to update itself and also exfiltrates OS X keychain data.

The news of OSX/Keydnap comes very soon after security researchers at Bitdefender revealed the discovery of another Mac backdoor program called Eleanor. Hackers were able to get the Backdoor.MAC.Eleanor malware onto MacUpdate. It is disguised in a free downloadable app titled EasyDoc Converter.

EasyDoc Converter permitted Mac users to quickly and easily change files into Word document format; however, rather than doing this, the app downloaded a backdoor in users’ systems. Infections with Eleanor will be restricted as the app does not include a certificate issued to an Apple Developer ID. This will make it more difficult for many individuals to open the app.

However, if users do download the app, a shell script will be run that will search to see if the malware has already been downloaded and whether Little Snitch is on the device. If the Little Snitch network monitor is not downloaded, the malware will install three LaunchAgents together with a hidden folder full of executable files utilized by the malware. The files are labelled to make them look as if they are dropbox files.

The LaunchAgents open a Tor hidden service through which hackers can communicate with a web service component, which is also launched by the LaunchAgents. A Pastebin agent is also started which is used to upload the Mac’s Tor address to Pastebin where it can be accessed by the hackers. The Mac backdoor program can reportedly implement remote code execution, to access the file system, and also to obtain access to the webcam.

Scam Uncovered Involving Illegal Game of Thrones Downloads

A new authentic-looking Game of Thrones-styled phishing campaign has been identified which is targeting people who illegally download pirated copies of the HBO series. Game of Thrones is, to date, the most pirated TV show in history, with many people opting to illegally obtain the most recent episodes. Hackers have chosen to take advantage if this.

The hackers have utilized a sophisticated scam to make their scam more genuine. The emails purport to have been sent by IP-Echelon, the company that is used by HBO and other entertainment companies to enforce copyright legislation. IP-Echelon has already issued many copyright infringement emails to illegal downloaders of movies and TV shows on behalf of a number of corporations.

This scam uses emails that seem to have been shared by IP-Echelon. The emails are very well written and contain the same language that is used by the organization when sending out legitimate correspondence to ISPs.

The ISPs, believing the copyright infringement notices to be authentic,  send the emails to customers. Since the notice is broadcast by the ISP, the Game of Thrones phishing scam appears to be real.

The customer is advised that they must settle the case quickly – within 72 hours – in order to avoid penal action. To settle the case, the customer must go to a link to review the settlement offer and complete a payment.  If they do not do so the settlement offer is withdrawn and they are advised that the settlement about will increase.

The phishing scam has discovered in the United States, although there have been a number of reports of individuals in Canada, Europe, and Australia also having been the victims of the same email scam.

It is not yet obvious whether the scammers are specifically targeting people who have accessed torrent sites and have downloaded torrent files, or whether the emails are being sent out with no specific target in mind. Some individuals have taken to Internet forums to claim say they have not downloaded any illegal video, while others have been using torrent sites to illegally obtain TV shows and movies.

On an earlier occasion HBO has taken action over illegal downloaders and has used IP-Echelon to issue notices very similar to those being used by the scammers. Since the Game of Thrones phishing scam seems to be so genuine, many illegal downloaders may be tricked into completing the payment. However, that payment will go straight to the scammers.

As is the case with all email requests like this, the recipient should take measures to verify the authenticity of the email before taking any action. Contacting the company that issued the message – using the contact telephone number on the company’s official website – is the most effective way to confirm authenticity. Email recipients should never use any contact details that is included in the email body.

Some ISPs have taken measures to prove confirm the authenticity of the emails and have identified that they are a scam, but not all. Many have been sent on by ISPs who thought that the scam emails were genuine.

Increase in Facebook Phishing Witnessed

Facebook phishing attacks are a common occurrence. The social media platform has 1.65 billion active monthly subscriber, a significant portion of which log on to the social media platform everyday. With such a huge number of subscribers, it is to be expected that criminals often target users of the social media service.

However, the most recent phishing scam to target Facebook users is different to the other due to the speed and scale of the hacking attacks. Kaspersky Lab reports that the latest Facebook phishing campaigns have been registering a new victim every 20 seconds.

The Facebook phishing attacks were seen over a period of two days, during which over than 10,000 Facebook users had malware place on their computers.

In the phishing users are sent a message from their ‘friends’. The messages say the user has been tagged in a comment on a Facebook post. However, when they reply to the message they download a Trojan onto their computers which installs a malicious Chrome browser extension. The second phase of the attack is where the Trojan and the browser extension are switched on.

When the victim next logs into Facebook the login details are recorded and sent to the hacker. This gave the hackers full control of the victims’ Facebook accounts. This enables them to make amendments to the privacy settings, steal data, and send their own messages to all of the victims’ Facebook contacts. The hacking campaign was also used to register fraudulent likes and shares.

The hackers took steps to restrict the infections from being noticed. The malware could block access to specific websites which could possibly lead to the victims discovering the malware infection. The websites of a number of cybersecurity sites were restricted, for instance.

The phishing attack mostly impacted Facebook users on Windows computers, although Kaspersky Lab commented that Windows mobile phones were also compromised in the attacks. Peoples who accessed Facebook via Android and Apple phones were not impacted.

The attacks focused on users in South America, with Brazil the worst affected, registering 37% of the Facebook phishing attacks. Columbia, Ecuador, Mexico, Peru, and Venezuela were also heavily concentrated on. Attacks in Europe were mostly carried out on users in Poland, Greece, and Portugal, with Germany and Israel strongly targeted.

The malware deployed in the latest Facebook phishing attacks is not new. It was first discovered about 12 months ago. Kaspersky Lab reports that the hackers are most likely Turkish natives, or at least Turkish-speaking individuals.

What makes this phishing scam different from the many others is the speed at which users were impacted. However, the response to the attacks was also quick. Users who noticed infections spread the news on Facebook, while the media response assisted in raising awareness of the scam. Google has also implemented steps and has now blocked the malicious Chrome extension.

Business Login Credentials Stolen Using Blurred Image Phishing Scam

A new phishing scam has been identified that attempts to obtain the login credentials and phone numbers of  staff members. The new hacking scam utilizes blurred images of invoices to trick victims into sharing sensitive information. If someone wishes to view the document or spreadsheet in higher resolution, the victim must provide their email address and password. It is not clear whether this blurred image phishing scam is being employed for targeted attacks on businesses or whether the emails are being sent out with a ‘scatter gun’ approach.

A number of alternative versions of the same scam have been identified by the Internet Storm Center, each of which uses a different file to fool the reader.

The initial email seems to have been shared from a legitimate company – a well-known company likely to be very familiar to most corporate users. The emails include corporate logos and are well articulated. They include a link that must be visited to view a purchase order or invoice.

VIsiting the link will bring the email recipient to a webpage where they are shown what appears to be a legitimate document. The hackers use a screenshot of an excel spreadsheet (or word document) which seems to be blurred. The screenshot was captured on a low resolution yet is shown in high resolution to ensure it cannot be read, although it is obvious what the document is.

For a reader to view the file they must enter their email and password in a popup box to confirm their identity. The popup requests the victim’s email account credentials. The hackers use a JavaScript file to validate the email address.

The login details are gathered and shared with the hacker along with the victim’s location and IP address. Users are then taken to a fake Google authentication portal where they are asked to provide their phone number. If the victim provides their details and clicks to view the document, a PDF file will open.

This blurred image phishing scam is not exactly complicated or sophisticated – it employs simple JavaScript, HTML and PHP – but it is still likely to be successful. The blurred images and company images may be sufficient to trick many users into believing the emails are authentic.

Warning Issued for Brexit-related Phishing Attacks

The EU referendum that took place in the United Kingdom in 2016 has resulted Brexit phishing attacks. Brexit – the UK exit from the European Union – has inflicted major economic turmoil in the UK and a great deal of uncertainty. It is not only the UK that has been impacted. The decision of 52% of British voters to leave the EU has had an impact on markets globally.

Whenever a big news story is released, criminals seek to take advantage. Cybercriminals have been swift to take advantage of the UK EU referendum result and have initiated a wave of Brexit phishing attacks which fool people into downloading malware onto their devices.

The Brexit phishing attacks are being carried out using spam email messages. Hackers are sending out emails in the millions with subject lines mentioning the Brexit result. The emails use the uncertainty of the financial markets, the economic turmoil that has been caused and the political upheaval that has followed, to create some worry for the reader.

The emails include malicious attachments which, if opened, install malware onto the victims’ devices. Many email messages include links to malicious websites where drive-by malware downloads take place. Some of the emails offer victims guidance to keep their bank accounts and savings safe from currency fluctuations. In order to safeguard accounts, the victims must share highly sensitive information such as bank account details via scam websites.

The malware being broadcast is capable of logging keystrokes made on computers. These malicious software programs then relay sensitive information including online banking login information to the hackers, allowing them to make fraudulent transfers.

All computer users should be very wary about unexpected email messages. Opening file attachments sent from unknown individuals is dangerous and may lead to malware being loaded onto computers. Ransomware can also be downloaded. The malicious software locks files until a ransom payment is made to the hackers.

Any email that includes a link to a news story should be deleted. The story will be covered by the usual news agencies if it is authentic. Those sites should be logged onto directly through the browser or via the search engines.

 

IT Specialists Concerned about CEO Fraud Scams

There has been an increased number of CEO fraud scams being carried out in recent months and many companies have already fallen victim to these cyberattacks. Many groups have lost a huge amount of money due to these campaigns.

CEO Fraud Scams Defined

CEO fraud scams iare when a hacker impersonating the CEO of an organization and sending an email to the CFO asking for a bank transfer to be made. The account details of the attacker are given together with a legitimate reason for requesting the transfer. In some case, these scams include more than one email. The first asks for the transfer and then the second included the specific details of the amount and the bank details for the transaction. Once the fraudulent transfer is identified, the funds have been taken out of the account and cannot be retrieved.

The FBI has published warnings in the past regarding these CEO fraud scams. A spate of attacks took place in Arizona recently. The average transfer request has asked for between $19,000 and $75,000. An April 2016 FBI warning stated that $2.3 billion in losses had been recorded between October 2013 and February 2016, with CEO fraud scams rising by 270% since January 2015.

By training all staff on the common identifiers of phishing emails and also to be more security aware, groups can reduce the risk of attacks being successful. However, while training is often given to staff, it is not always given to executives and the CEO. A recent survey carried out by Alien Vault, only 44% of IT security professionals said every individual – including the CEO – received training on how to spot a phishing email.

Preventing CEO Fraud Scams

You can take steps to prevent CEO fraud scams. Email security solutions – SpamTitan for example – can be set up to stop emails from spoofed domains from being delivered; however, if the email comes from the account of a CEO, there is not much that can be done to prevent that email from being sent. It is therefore vital that training is provided to all employees – including executives – on phishing email identification techniques.

Alien Vault surveyed 300 IT security professionals at Info Security Europe 2016 to determine how prepared groups were for phishing attacks and what steps had been taken to minimize risk. The results of the survey show that most organisations now provide training to minimize risk, although almost one in five are not taking proactive steps to lessen the risk of phishing and CEO fraud scams.

Almost 45% of companies said they train every single staff member in the organization on phishing email identification techniques, while 35.4% said that most workers are trained how to identify malicious emails. 19.7% said they do not take proactive measures and deal with phishing problems as and when they happen.

Phishing Scam Impacts 37% of Executives

Out of the 300 respondents, 37% said that at least one executive had fallen for a phishing scam previously, while 23.9% of respondents were not sure if they had. However, even though many had suffered phishing attacks, IT security professionals were not confident that such attacks would not happen again going forward.

More than 50% of respondents believed that company executives could be fooled by a scam, while nearly 30% said that if the scam was realistic, their executives may be fooled. Only 18.5% said that their executives had been thoroughly briefed and were knowledgeable of the dangers and would not fall for such a scam.

CEO fraud scams can be very lucrative for hackers, and oftentimes a massive amount of time is spent researching companies and crafting clever emails. A range of social engineering techniques are used and the emails can be very difficult to spot.

Training is crucial, but it is also vital that attempts are made to ensure the training has been successful. The best way to ensure that all people have understood the training is to carry out phishing exercises – broadcasting dummy phishing emails in an attempt to get a reply. This allows IT departments to provide direct further training programs and ensure that weak links are tackled.

789% Rise in Phishing Email Attacks During Q1

The most recent phishing email statistics published by the anti-phishing training company PhishMe show the surge in the use of phishing has increased in recent months.

PhishMe puts together quarterly phishing email statistics and tracks the volume of phishing emails being broadcasted. During the first three months of 2016, the volume of phishing emails increased by a staggering 789%. More than 6.3 million more phishing emails were sent in Q1, 2016 than in Q4, 2015.

The quarterly report says that the biggest issue currently faced by personal and corporate computer users is ransomware. Ransomware emails now account for more than 93% of all phishing emails. Ransomware offers a quick payout for cybercriminals and the campaigns can be quickly developed and set live. In fact, ransomware emails are being sent by cyber criminals with little or no programming expertise. They can simply buy ransomware kits on darknet marketplaces and obtain a cut of the ransom payments that are completed.

Targeted ransomware attacks are now being carried out on businesses of all sizes. Hackers are well aware that many organizations do not regularly complete backups of critical data. Even when backups are in place,  many organizations do not unplug their backup devices. The most recent ransomware variants are capable of erasing Windows shadow copies and encrypting backup files on linked storage devices. This gives organizations no option but to pay the ransom demand to recover files. The biggest threat is now Locky. Locky is sent using spam email using JSDropper or malicious Word macros.

PhishMe’s phishing email statistics also show two other main trends. Cybercriminals are starting to concentrate on soft-targeted campaigns. Spear phishing emails target just one or two people, but the latest trend sees malicious emails messages sent to a group of individuals in a group – the accounts department for instance. The emails are targeting specific roles in a group rather than specific individuals.

The phishing email statistics also show an increase in the use of JSDropper applications. JSDropper applications are currently being spotted in around a third of all phishing emails. Malicious Word macros are still widely used to infect computers with malware and ransomware, but JavaScript applications are now the most common sort of malicious files sent in phishing emails according to the report.

The rise in malicious spam email shows how important it is for groups to employ a strong spam filtering solution.

$1 Million Ransom Payment Made Following Erebus Ransomware Attack

A $1 million ransom payment has been transferred to cybercriminals who deployed Erebus ransomware to attack the South Korean web hosting company Nayana.

Erebus ransomware was first seen in September last year and was installed via websites hosting the Rig exploit kit. Traffic was sent to the malicious website hosting the Rig EK via malvertising campaigns. Vulnerable computers then had Erebus ransomware installed. This Erebus ransomware attack is unlikely to have happened the same way. Trend Micro suggests the attackers leveraged flaws on the company’s Linux servers, used a local exploit or both.

The infection spread to all 153 Linux servers that Nayana utilizes. Those servers hosted the websites of 3,400 companies. All of the firm’s customers seem to have been affected, with website files and databases encrypted.

Nayana was hacked on June 10, 2017. Following this hosting company responded quickly. Law enforcement agencies were contacted and it was initially hoped that it would be possible to decipher the ransomware and decrypt files without paying the ransom. It soon became obvious that was not an option.

Businesses can prevent avoid paying ransom payments following ransomware attacks by ensuring backups are completed of all data. Having a number of backups increases the likelihood of files being recoverable. In this case, Nayana had an internal and external backup; however, both of those backups were also encrypted in the hacking attack. Nayana therefore had no option but to negotiate with the hackers.

While ransom payments for companies are often in the $10,000 to $25,000 price bracket, the gang responsible this attack demanded an astonishing 550 Bitcoin for the keys to unlock the encryption – Approximately $1.62 million. On June 14, Nayana reported that it had settled for a ransom payment of 397.6 Bitcoin – Approximately $1.01 million, making this the largest known ransomware payment completed reported to date.

That payment is being made in three parts, with keys supplied to restore files on the servers in batches. When one batch of servers was successfully rescued, the second ransom payment was made. Nayana said that the recovery process would take around two weeks for each of the three batches of servers, leading to considerable downtime for the company’s business customers. Nayana experienced some issues restoring databases but says it is now transferring the final payment.

This incident shows how costly ransomware resolution can be and emphasises how important it is to ensure that operating systems and software are updated constantly. Patches should be conducted quickly to address flaws before they can be exploited by cybercriminals.

Simply having a backup is no guarantee that files can be rescued. If the backup device is linked to a networked machine when a ransomware attack takes place, backup files can also be encrypted. This is why it is essential for groups to ensure one backup is always offline. It is also advisable to partition networks to limit the damage caused by a ransomware attack. If ransomware is downloaded, only part of the network will be impacted.

Locky Ransomware Emails Surge as Necurs Botnet Reactivated

There have been recent reports that the Necurs botnet has been enabled once agains after a number of security companies have reported a massive increase in botnet activity which began on June 21, 2016.

Prior to this, the Necurs botnet has been used to transmit huge volumes of Dridex malware and Locky; a sophisticated ransomware variant that was first identified in February 2016. It is not yet clear whether this is just a temporary spike in activity or whether the botnet will be broadcasting emails at the levels seen before the recent downtime.

Necurs botnet activity fell off on May 31. The volume of malicious emails being broadcast using the botnet fell to as few as 3 million emails daily. However, the number of emails being sent rose on June 21, shooting up to around 80 million emails. One day later the volume of malicious emails had doubled to 160 million. The increase in activity comes is connected to a massive spam email campaign that is delivering emails containing malicious attachments which download Locky ransomware.

It is not yet clear why there was a period of quiet. Security specialists having been pondering this since the dramatic fall in activity on May 31.

The Necurs botnet is huge and is believed to include approximately 1.7 million computers, spread over 7 separate botnets. It is obvious that the botnet had not been disable, although activity across all seven of the botnets halted. In April and May of this year, spam email volume was constantly exceeding 150 million emails a day. Now the Necurs botnet seems to be back up to speed.

Around the same time as the lull in activity, Russia’s FSB security service carried out raids resulting in the arrests of around 50 hackers. This group of hackers was using the Lurk Trojan to defraud banks and other targets in Russia. It is not known which issues the operators may have had with the C&C infrastructure. If the botnet has changed ownership, a single organization would likely be in control as activity across all seven botnets resumed at the same time.

The return of the Necurs botnet is bad news. Proofpoint is reporting the resurrection of the botnet has been coupled with a new Locky variant which has new capabilities. The latest strain Locky is better at being undetectable and determining whether it is operating in a sandbox. The new features were detected by Proofpoint shortly before the Necurs botnet went quiet.

Customer Warning Following Eir Phishing Scam

A new eir phishing scam has been identified which has led to the Irish communications company to send out a warning to customers. Hundreds of customers were sent emails offering them a refund yesterday. In order to process the refund, the email recipients have been advised to login to their My Eir account. A fake link is given in the email which must be clicked to receive the refund.

That link brings the email recipient to a fake website. The malicious website has been set up to look identical to the Eir website. Users are asked to confirm their credit card details in order to process the refund. Those details are logged by the website and are forwarded to the criminals running the Eir phishing scam.

Eir has told customers to be wise to the threat of the fraudulent email messages and to erase them if they are received. Any person who has fallen for the Eir phishing scam and has provided credit card details via the malicious website faces a high danger of credit/debit card fraud.

Phishing email campaigns such as this are regularly seen. Hackers use a variety of social engineering techniques to get users to reveal sensitive data such as credit and debit card numbers, which are used by the hackers to make online purchases and register huge debts in the victims’ names.

The malicious emails can be quite authentic. Criminals use legitimate imagery in the phishing emails to trick email recipients into believing the emails are genuine. The malicious spam messages usually include a link that directs to victims to malicious websites where personal data must be disclosed in order to receive a refund, free gift, or to view important documents. The websites can look practically the same as the legitimate sites.

Email scams often bring victims to malicious websites containing exploit kits which search for weaknesses in browsers and plugins and leverage those flaws to download malware.

The malware poses a massive risk for businesses. Malware is used to obtain a foothold in a computer network, which can be used to initiate cyberattacks to steal valuable data or to gain access to corporate email and bank accounts.

To safeguard against such attacks, staff members should be instructed never to use links sent in emails and to login to websites directly through their browsers. Employees should be given training to help them identify phishing emails and email and web spam.

1 Million WordPress Websites in Danger Due to Jetpack Plugin Flaw

Security experts have identified a major Jetpack plugin vulnerability that places sites in danger of attack by hackers. If you operate WordPress sites for your company and you use the Jetpack website optimization plugin, you must carry out an update as soon as possible to stop the flaw from being attacked.

The Jetpack plugin vulnerability can be used to inject malicious JavaScript code into websites, or to place links, videos, documents, images and other resources. This would put visitors to the site in danger of malware or ransomware downloads. Malicious actors could insert malicious JavaScript code in the site comments, and every time a visitor views a malicious comment it would permit JavaScript code to be run. Visitors could be redirected to alternative websites, the flaw could be used to illegally obtain authentication cookies and hijack administrator accounts, or to embed links to websites including exploit kits.

The weakness can also be used by competitors to negatively impact search engine rankings by using SEO spamming techniques, which could have significant consequences for site ranking and traffic.

The Jetpack plugin flaw was recently discovered by experts at Sucuri. The flaw is a stored cross-site scripting (XSS) vulnerability that was first seen in 2012, impacting version 2.0 of the plugin. All subsequent versions of Jetpack also include the same Shortcode Embeds Jetpack module flaw.

Jetpack is a popular WordPress plugin that was introduced by the people behind WordPress.com – Automattic – and has been downloaded and used on in excess of one million websites. This is not only an issue for website managers, but for web visitors who could easily have this vulnerability exploited to infect their computers with ransomware or malware. Weaknesses such as this emphasize the importance of using web filtering software that blocks redirects to malicious websites.

While many WordPress plugin flaws require a substantial skill level to exploit, the jetpack plugin vulnerability takes very little expertize to exploit.Luckily, Jetpack has not found any active exploits in the wild; however, now the vulnerability has been revealed, and details published online about how to exploit the vulnerability, it is only a matter of time before hackers and malicious actors target it.

The vulnerability can only be exploited if the Shortcode Embeds Jetpack module is turned on, although all users of the plugin are strongly encouraged to carry out a site update as soon as possible. Jetpack has worked with WordPress to get the update pushed out using the WordPress core update system. If you have version 4.0.3 in place, you will already be protected.

Jetpack  has said that even if the vulnerability has already been exploited, updating to the latest version of the software will delete any exploits already on the website.

Personalized Phishing Scam Uses Names and Addresses to Fool Victims into Installing Malware

Companies have been warned to remain diligent following the identification of a new personalized phishing scam that tries to fool users into downloading malware on their company’s computers. These new personalized phishing campaigns are primarily being used to share CryptoWall ransomware.

Arsnif/RecoLoad POS reconnaissance Trojan si the software that is being used to target organizations in the retail and hospitality industries, as well as the Ursnif ISFB banking Trojan.

The current campaign does not target all staff. Instead it is used to try to install malware on the computers of users with elevated network privileges including as senior executives, CFO’s, senior vice presidents, CEO’s, heads of finance, and company directors. These staff members not only have access more data, they are also likely to have access to corporate bank accounts.

If the payload is sent it can lead to POS systems being infected, access to bank accounts being obtained, as well as widespread data encryption with ransomware. A single email could cause a considerable amount of damage. The emails are currently being implemented to target organizations in the financial services, although the retail, manufacturing, healthcare, education, business services, technology, insurance, and energy sectors have also received these phishing emails.

The emails have not been delivered to random individuals, something that is unusual in phishing campaigns. Many spammers share phishing emails in the millions in the hope that some people will respond. However, this is a personalized phishing scam targeting specific people. Those people have been researched and the emails include data specific to that person.

Each email corresponds with the recipient using their name and includes their job title, address, and phone number in the body of the email. The subject is specific, the email crafted for a specific industry, and the attached files and links have been labelled to make them appear genuine. The emails have also been well articulated and do not include the spelling and grammar mistakes typical of spam email.

A personalized phishing scam like this is not usually carried out on such a large scale. Spear phishing emails are normally sent to just a small number of individuals, but this personalized phishing scam is being shared with many thousands of people, in particular those in the Unites States, United Kingdom, and Australia.

The data included in the email body could have been gathered from a social media site such as LinkedIn, although the scale of the attack suggests data has been taken from elsewhere, such as a previous cyberattack on another company such as a supplier or an online portal. Companies that do not implement a robust spam filter will be in danger.

Tax Professionals Alerted About New IRS e-Services Phishing Scam

The Inland Revenue Service has released a warning to tax professionals about a new IRS e-Services phishing scam that has recently been discovered.

With the tax return deadline coming quickly, it is the last chance for the fraudsters to steal identities and submit fraudulent tax returns. Recent days have seen a surge in phishing attacks on tax professionals.

The focus of the IRS e-Services phishing scam is to obtain tax professionals’ e-Services usernames and password details. The emails use a range of subject lines that have been crafted to attract attention and ensure the emails are read.

The emails claim to have been issued by the IRS about issues with the user’s e-Services account. The emails warn that the user’s e-Services account has been shut, suspended or blocked. In order to reactivate the account or stop its closure, the email recipient is asked to login to their account.

A link is given in the email that allows the recipient to take the required action. Clicking on the link will take the user to a login page that closely resembles the IRS e-Services portal. Typing in a username and password into the login page will see the details recorded by the attackers.

Reacting to the high volume of phishing attacks on tax professionals, the IRS has been enhancing account security in recent weeks. The IRS has been directing tax professionals to revalidate their accounts to prevent delays when accessing their e-Services accounts. The hackers appear to be taking advantage and piggybacking on those recent communications.

The IRS advises all tax professionals that if for any reason their e-Services account has been shut down, they should contact the e-Services Help Desk to reactivate their account, but never to visit any links contained in emails. While links to malicious websites are enabled for this scam, users should also be wary about any attachment files sent in e-Services emails.

This tax season has seen a major surge in tax-related email scams, most notably a massive rise in W-2 Form phishing scams. At least 140 successful W-2 Form phishing attacks have already been revealed, although with two weeks left of tax season that figure is sure to rise. K12 schools, colleges and other higher education institutions have been targeted this year, as has the healthcare sector. Some of the phishing scams have lead to thousands of employees’ tax details being accessed by fraudsters.

The final few days before the April 18 deadline for sending in tax returns is likely to see many more phishing attacks carried out. All companies should therefore be on their guard and should exercise extreme care.

Darknet Agents Selling Bitcoin Ransomware Kits for $100

The FBI released warnings in 2015 in relation to the rise in popularity of Bitcoin ransomware and very recently the same the law enforcement agency contacted to companies asking for assistance in tackling the threat from the latest ransomware variants, just days before the malicious software was targeted on MedStar Health System.

A number of healthcare institutions have recently reported being attacked with ransomware, and there is no way of knowing for sure how many companies have had corporate and customer data encrypted by hackers. Most companies choose not to advertise the fact they have been attacked.

While attacks on people only lead to relatively small ransoms being paid, the same cannot be held true for firms. Ransom demands of tens of thousands of dollars are being send and many companies feel they have little option but to pay the ransom demand to recover their data.

Sadly for enterprises, the threat from Bitcoin ransomware is unlikely to decline any time soon. More cybercriminals are participating and attacks will continue as long as they prove to be profitable. The bad news is Bitcoin ransomware is very successful. Worse still, attacks require little technical knowhow and cost very little to pull off.

A recent report in the Italian newspaper La Stampa says the cost of conducting a ransomware attack can be extremely low and requires little in the way of skill. One reporter at the newspaper set out to find out just how easy it is to buy ransomware and conduct an attack. After logging onto underground forums on the darknet, the researcher found a board where ransomware-as-a-service was being sold.

One poster on a Russian forum was not only selling ransomware but also made it exceptionally easy for would-be cybercriminals to run campaigns. The purchaser would be given the ransomware, distribution tools to send out the malicious file-encrypting software via email and advertising networks, and this Bitcoin ransomware service could be purchased for as little as $100.

The article says that the purchaser would be permitted to keep 85% of the ransoms that were gathered, with the remaining 15% going to the seller of the service. There appears to be no shortage of buyers. The hacker to blame for this campaign allegedly has between 300 and 400 active customers. This is only one vendor but there are many more offering such a service. The campaigns may not be particularly complex.

Some vendors even offer Bitcoin ransomware kits where purchasers only need to enter in their Bitcoin address for the payment of the ransom, the figure they wish to charge their victims for the security keys, and they can download everything they need, including instructions on how to conduct the campaign. These services are not being sold for huge profits. The sellers know they can earn considerable sums by taking a cut of the ransoms that are required.

The standard for releasing security keys for single computer infections is between 0.5 and 1 Bitcoin – around $200-$425. All that is needed for a hacker to make a profit is one or two victims to download the Bitcoin ransomware and pay for a security key. According to data published by Tripwire, 50% of American ransomware victims have ended up paying the ransom demand to restore their data.

Until law enforcement agencies are effectively tracking down attackers and shut down underground forums, and victims put an end to paying ransoms, the attacks are likely to continue to rise.

Firms need to do is to ensure they are better protected to stop Bitcoin ransomware from being installed and to ensure they have viable backups in case ransomware does get downloaded to their networks.

ArcTitan Email Archiving Solution for Office 365 Launched

Over a number of years, ArcTitan have developed a powerful cloud-based email archiving solution that is ideal email archiving solution for Microsoft Office 365. Although Microsoft Office 365 combines many useful applications into a single package, often those tools are in fact just watered-down versions of the real thing. One particular feature that is not up to standard is the Office 365 email archiving tool.

Email archiving has become an essential function for all modern organizations to have. However, it’s no longer enough to simply store your messages, it’s also required to have them easily searchable and retrievable. This is an area where standard Office 365 archiving could be letting your business down.

Office 365 can search through approximately 50 different attachment file types most of them being Microsoft files. However, there are hundreds of other potential files that Office 365 doesn’t have the ability to search through. Due to Office 365 permitting only 50GB of email storage capacity (including your archive), you can run out of space rapidly.

Additionally, Office 365 links the archive life to the life of your mailbox. This means if you happen delete a mailbox (e.g., if an employee were to leave your business), then the archive is also deleted. These inadequate features can have damaging effects to the business, including exposure to litigation risk. There’s a large amount of danger associated with not being able to properly retain and search your emails as you’re in danger of non-compliance with government regulations. This can ultimately lead to substantial fines or even imprisonment.

As a result of archiving legislation generally mandating a 7-year retention period, responsible organizations essentially require a better solution, i.e. one that enables the organization to archive their emails in a fully compliant manner. This is precisely where ArcTitan feels they can help.

ArcTitan – An Introduction

ArcTitan is a powerful cloud-based email archiving solution developed by TitanHQ for small to medium sized businesses.

ArcTitan integrates smoothly with Office 365 and most other corporate email systems, including Lotus Domino, MS Exchange, Kerio, MDeamon, Zimbra and Google Apps.

In today’s business world, email remains as one of the most crucial applications. ArcTitan gives organizations the opportunity to offload their email storage requirements to the cloud, streamline search functionality, maintain audit-ready compliance and offer multi-tiered, permissions-based access to archived messages. What’s more is it offers unlimited archiving of both inbound and outbound mail, as well as attachments, folders, contacts and calendar entries.

ArcTitan gives you and your business peace of mind. You can be confident that your critical business mail and attachments are securely archived to the cloud, even if they’re deleted from your own servers.

And if you work in an industry which is highly regulated (such as education, health care or banking) then ArcTitan helps you to maintain compliance in case of an audit. ArcTitan is flexible, you can define retention policies to suit your business. It is also fully compliant with Sarbanes–Oxley, HIPPA, and other e-discovery, retention and audit legislation.

ArcTitan Functionality with Office 365 Features

ArcTitan’s functionality is far superior to Microsoft’s standard Office 365 archiving tool in many ways. It supports comprehensive policy-based archiving, which includes message and attachment de-duplication for faster search and retrieval.

It is also possible to customize retention periods and policies based on user, email content, or attachments, and ArcTitan can archive up to 200 emails per second.

ArcTitan makes it straightforward to search, discover and retrieve your Office 365 emails and files in seconds, and this even includes compressed files. All common file attachments are supported, including MS Office documents, PDF files, ZIP, TAR, GZ, RTF to name but a few. Search results are returned within milliseconds, and ArcTitan can search through up to 30 million emails in less than a second.

ArcTitan’s Outlook plugin also lets users easily and quickly search, view and retrieve their messages directly from their own Outlook client.

Convenient and Cost Effective to Use

ArcTitan has been tailored to cater for the flexibility and control needed by modern enterprises in our ever-evolving business environment. The intuitive interface is simple to use, and even easier to administer, lightning the workload of your IT department. ArcTitan also reduces the costs typically associated with hardware deployment, management and maintenance.

Resilience and Scalability that is Enterprise-Grade

ArcTitan scales to over 60,000 users, and in the event that a disaster causes a shut-down of your local servers, it enables you to rest assured that you have a secure off-site backup of all your critical Office 365 data.

ArcTitan’s enterprise-grade infrastructure is solid and fully redundant, built on Amazon’s Virtual Private Cloud (Amazon Web Services) for total peace of mind. ArcTitan gives your business an extra layer of protection that is invaluable as it gives you the confidence that you’ll never lose another critical email.

ArcTitan Cloud’s storage capacity also expands seamlessly as your business grows so you’ll never have to worry about running out of storage space. What’s more, your transfer speeds will never decrease and you’ll never need to add more capacity.

Outstanding Security Standards

Email is stored using AES 128 encryption and can easily be transmitted from your business to the cloud using TLS encryption. Data is stored, retrieved and transferred using Open Standards. Furthermore, passwords are encrypted and hashed, and access is controlled via certificate and delegated management. ArcTitan also supports antivirus scanning of your archived Office 365 data.

Conclusion

If your organization is dependent on Office 365, then you can’t afford to be without a reliable, secure and feature-rich email archiving solution. ArcTitan ensures your critical business communications are properly archived, and fully compliant with retention and audit legislation, filling the gap left by Microsoft’s standard archiving tool. If you’d like to receive more information about how ArcTitan can help your business, get in touch with TitanHQ today.

New Email Spam Campaign Using Nemucod Malware

A new spate of spam emails has lead to prompted antivirus companies broadcasting warnings regarding emails infected with Nemucod malware. The emails are quickly spreading around the globe, with Japan currently the worst hit; however, the spam email has also been recorded in Europe, Australia, Canada, and the United States.

Nemucod malware is a Trojan downloader that is used to download ransomware. Currently Nemucod malware is being  transmitted using spam email and is being used to download Locky and Teslacrypt ransomware onto the devices of anyone who clicks on the infected email attachments.

Nemucod malware (JSTrojan/Downloader.Nemucod) is a JavaScript downloader. The malware is being sent as a ZIP file and will run when clicked on, downloading a payload of file-locking ransomware. The ransomware will lock numerous files and a ransom will be sought by the hackers. Only if that ransom demand is met will a security key be provided to unlock data.

Unlike most other malware-infected emails which contain numerous grammatical and spelling errors, the emails being used to spread this nasty malware are well written and seem authentic. The emails say that the attachment is an invoice or an official document such as a notice requiring the target to make a court appearance.

Teslacrypt and Locky ransomware are particularly vindictive ransomware. Once installed they search the user’s computer for a wide variety of file types and lock all of those files with strong encryption. They will also search for files on attached portable storage devices, virtual devices, and network drives. Locky can also delete volume shadow copies (VSS) making it impossible for infected users to restore their devices to a point before the ransomware infection took place.

Documents, images, spreadsheets, system files, and data backups are all encrypted. Locky has been developed to encrypt hundreds of file types. Luckily, there are a number of steps that can be taken to stop malware and ransomware infections.

Measure can be implemented to reduce the risk of ransomware being installed, but even the best defenses can be broken. It is therefore also essential to ensure that all critical data files are backed up constantly. If a daily backup is completed, at worst, an organization should only lose a maximum of one day’s worth of data.

It is vital that once backups are completed, the drive used to store the backup files is disconnected. Some ransomware variants are able to scan network drives and can encrypt backup files on connected backup devices.

Just receiving a malicious spam email that has been infected with malware will not lead to a device being infected. A device will only be infected if an end user clicks on the infected attachment.

 

Major Email Threat in Locky Ransomware Detected

Locky ransomware may be a comparatively new threat for IT security specialist to worry about, but it has not taken long for the malicious malware to have an effect. It has already impacted a number of high profile victims and is fast becoming one of the most most experienced forms of ransomware.

Early last month Hollywood Presbyterian Hospital in California suffered a ransomware attack that took some of its systems out of action for a week until a ransom demand of $17,000 was met and the hospital’s EHR was decrypted. During that week, employees at the hospital were forced to record data on paper, were not able to check medical records, and X-Ray, CT scans and other medical imaging files were disabled. The hospital was not targeted, instead it was the victim of a random attack. That attack was connected to Locky ransomware.

Locky ransomware infections take place via spam email messages and it seems that Hollywood Presbyterian hospital’s systems were infected using an email campaign. Locky ransomware is not broadcasted via spam email directly, instead infection occurs via a malicious Word macro.

When the macro is deployed, the malicious code saves a file to the disk and downloads the ransomware from a remote server. once installed download the malware searches for a range of file types located on the device on which it is saved, as well as searching portable drives, virtual devices, and network drives to which the computer is linked. Volume Snapshot Service (VSS) files are also deleted, removing the option of restoring via Windows backup files.

Employee training on malicious file detection often includes common file types used to mask malicious software such as screensaver files (SCR), executables (EXE), and batch files (BAT). In the case of Locky ransomware, users are more likely to be tricked as infections take place due to a result of Word document (DOC) macros. Any user who receives and opens an infected Word document will automatically install Locky to their device if they have macros set to run automatically. Since users are told to enable macros upon opening the infected document, many may do so in order to decipher the contents of the file.

That is not the only way that Locky is transmitted. It is also being downloaded via a ZIP file, which when run, downloads a JavaScript installer that in turn downloads and deploys the ransomware.

Trustwave SpiderLabs have revealed that 18% of the spam emails it had collected over the course of the past week were ransomware, and Locky is thought to comprise a large percentage of those emails. The ransomware is being sent by the same botnet that was used to send out Dridex malware last year. While the brains behind the Dridex banking malware, Moldovan Andrey Ghinkul, has now been caught and extradited to the U.S, the botnet infrastructure is being used for this much more simplistic attack.

The hacking campaign may be simpler but they are proving to be effective.

Malware being Sent via Zika Virus Email Scam

Recently a healthcare supplier had its electronic health record system locked by ransomware; now a Zika virus email malware campaign has been discovered, revealing the depths that some hackers and cybercriminals will go to so that that can make some money.

This scam email scam takes advantage of the public interest in the Zika virus epidemic which is being experienced in Brazil. Since April last year, the amount of reported cases of Zika fever has increased. Zika fever is spread by Aedes mosquitoes. Zika fever causes similar symptoms to Dengue fever, although the symptoms are often milder.

Scientists have also been warned of an increase in the number of cases of microcephaly reported in Brazil. Microcephaly is a birth defect that causes in babies to be delivered with a smaller than average head as well as other poor pregnancy outcomes. The increase in microcephaly has been connected to the the increase in cases of Zika virus.

While no solid evidence has been found to suggest that pregnant women who get Zika are likely to give birth to babies with microcephaly, there is a worry that Zika can lead to the birth defect. The World Health Organization (WHO) says that the virus has now spread to 23 countries. People are naturally concerned. Women in Brazil and Columbia have been told to delay becoming pregnant until th crisis passes, while the government in El Salvador has told women not to get pregnant until at least 2018.

A possible global health issue such as Zika is naturally a concern for any woman looking to start a family, and understandably the most recent news about the virus is likely to be of interest. Scammers have been quick to take advantage of the media coverage, and a scam has been designed to take advantage and infect computers with malware

The Zika virus email scam is currently being seen in Brazil and is being sent in Portuguese. The Zika virus email scam seems to have been issued from Saúde Curiosa (Curious Health), which is a legitimate health and wellness web portal in Brazil. The email includes an attachment infected with JS.Downloader. JS. Downloader is a malware that is used to install malicious malware to infected users’ devices.

The subject line of the email reads “ZIKA VIRUS! ISSO MESMO, MATANDO COM ÁGUA!” which translates as Zika Virus! That’s Right, killing it with water!” The email advises the recipient to click on the link included in the email to discover how to kill the mosquitos that carry the virus, although the email also includes a file attachment which the email recipient is told to open. Doing so will download the malware onto the user’s device. The link sends the user to Dropbox with the same result.

Anyone receiving an unsolicited email with information about the Zika virus, irrespective of the language it is written in, should treat the email with suspicion. This is probably not going to be the only Zika virus email scam sent by cybercriminals in 2016. With the Olympics being held in Brazil this summer, criminals are likely to use topics such as the Zika virus to spread malware.

If you want more details about Zika, visit the WHO website.

Malware Shared Via Zika Virus Email Scam Used to Deliver

A Zika virus email scam has been uncovered following a healthcare supplier having its electronic health record system locked using ransomware.

This email scam tries to prosper thank to the public interest in the Zika virus epidemic in Brazil. Since April last year, the amount of reported instances of Zika fever has grown. Zika fever is caused by the transmission of the Zika virus by Aedes mosquitoes. Zika fever produces similar symptoms to Dengue fever, although the symptoms are often less serious.

Scientists have also been warned regarding an increase in the number of cases of microcephaly reported in Brazil. Microcephaly is a birth defect in babies being born with a smaller than average head along with other poor pregnancy outcomes. The surge in microcephaly has been linked to the rise in instances of the Zika virus.

While no definitive proof has been found to suggest that pregnant women contracting Zika are likely to give birth to babies with microcephaly, there is some worry that Zika can lead to birth defects. The World Health Organization (WHO) states that the virus has now spread to 23 countries. People are naturally concerned. Women in Brazil and Columbia have been told to avoid pregnancy while the government in El Salvador has told women not to get pregnant until at least 2018.

A global health with the magnitude of Zika is naturally a worry for any woman looking to start a family, and understandably the latest reports regarding the virus is likely to be viewed. Scammers have been quick to take advantage of the media interest, and a scam has been formulated to take advantage and infect computers with malware

The Zika virus email scam is currently being spread in Brazil and is being issued in Portuguese. The Zika virus email scam seems to have been sent from Saúde Curiosa (Curious Health), which is a legitimate health and wellness entity in Brazil. The email includes an attachment infected with JS.Downloader. JS. Downloader is a malware that is used to place malicious malware on infected users’ devices.

The subject line of the email reads “ZIKA VIRUS! ISSO MESMO, MATANDO COM ÁGUA!” which translates as Zika Virus! That’s Right, killing it with water!” The email advises the recipient to click on the link included in the email to discover how to kill the mosquitos that carry the virus, although the email also includes a file attachment which the email recipient is asked to open. Doing so will download the malware onto the user’s device. The link sends the user to Dropbox with the same outcome.

Anyone who is sent an unsolicited email with advice about the Zika virus, regardless of the language it is written in, should deal the email carefully. This is unlikely to be the only Zika virus email scam issued by cybercriminals in 2016. With the Olympics being held in Brazil in the summer, hackers are likely to use topics such as the Zika virus to share malware.

If you want data regarding Zika, check the WHO website.

Indianapolis Spammer Jailed for 27 Months

31-year-old Phillip Fleitz from Indianapolis was recently sentenced to 27 months jail time after breaching the CAN-SPAM Act of 2003: A law passed to make the spamming of cell phones and email accounts illegal. The law was brought in by George W. Bush to protect U.S. citizens from unwanted marketing messages and pornography. Under the CAN-SPAM Act of 2003, the penalties for spamming include long jail terms and massive fines.

US District Judge Maurice Cohill Jr. passed sentence in a Philadelphia court earlier, saying the spam campaign orchestrated by Fleitz was “sophisticated and serious,” and lead to millions of spam messages being sent to U.S. citizens. Fleitz, along with two other people involved in the massive spamming campaign, were making between $2,000 and $3000 per week. They were paid for the clicks they were able to generate by sending users to marketing websites.

The marketing websites obtained contact details from visitors, a practice which is legal. What is not legal, and is in violation to the CAN-SPAM Act of 2003, is using spam marketing to generate traffic to those websites.

Fleitz was the only individual from the trio to receive a jail term as he was the director architect of the scheme. “It was his idea. He was the first to do it,” said US attorney Jimmy Kitchen. In 2015, Fleitz pled guilty to using a secured computer to relay or retransmit multiple commercial electronic mail messages with the intent to deceive or trick recipients, with the sentence only just being passed.

Flietz was arrested as part of an FBI investigation into Darkode, a website used by hackers and cybercriminals to promote market illegal computer skills. The shutting down of the website resulted in 12 individuals being charged for cyber crimes.

The two other people involved in the spam campaign, Naveed Ahmed, 27, wrote the program that enabled the scheme to operate. He was given 2-years’ probation and was sentenced in 2015. Dewayne Watts, wrote the spam messages which were developed to trick users into responding. He received 2-months’ probation, including a period of 6 months of house arrest.

The spamming campaign was conducted using via servers based in China between September 2011 and February 2013. Fleitz hired Ahmed to write a computer program that allowed the spammers to send millions of spam text messages and emails to mobile phones and computers. Ahmed’s program gathered cellphone numbers and matched them up with carriers.  The messages composed by Watts advised the recipients they had won gift cards that could be redeemed by clicking the links contained in the messages.

The financial penalties for spamming under the CAN-SPAM Act of 2003 can be prohibitory. While Fleitz only received 27 months in jail, he could possibly have been sentenced to a maximum of 60 months of jail time and fined up to $250,000. When deciding the penalties for spamming, judges take previous history into consideration as well as the magnitude of the offences.

Increase seen in Domain Spoofing Whaling Attacks

If you are employed in the accounting department of your organisation, you must need to be more safety conscious as cybercriminals are now targeting account department executives. Whaling attacks are on the rise and cybercriminals are using domain spoofing techniques to trick end users into completing bank transfers from corporate accounts. Once money has been sent into the account of the hacker, there is a strong probability that the funds will not be retrievable.

Whaling is a form of phishing that involve individuals being targeted and a smaller number of emails being sent than is normally the case with phishing attacks. Cybercriminals are investing a lot of time and effort into researching their targets before initiating their attack.

The aim is to capture intel on a person that has the authorization to make bank transfers from company accounts. Individuals are usually identified and researched following research on social media websites such as Twitter, LinkedIn, and Facebook.

When individuals are identified and the name and email address of their boss, CFO, or CEO is found, they are sent an email asking for a bank transfer be made. The email is well articulated, there is a pressing need for the transfer to be completed and full details are supplied in the email. They are also given a believable explanation as to why the transfer must be completed. The email appear to have been sent from senior management.

In the most of the cases, the transfer request will not follow standard company procedures as these are not known by the hackers. However, since an email will seem to have been broadcast from a senior figure in the company, some account department staff members will not question the request. They will do as the are asked due to fear of the individual in question, or in an effort to show willingness to do what is required of them by their superiors.

Sadly for IT security professionals, whaling emails are difficult to identify without an advanced spam filtering solution in place. No attachments are placed in the email, there are no malicious links, just a set of directions. The attack just uses social engineering techniques to trick end users into completing the transfer.

The whaling attacks are often successful, as users are tricked by a technique titled domain spoofing. Domain spoofing involves the setting up of an email account using a domain that is very similar to that normally sent by the company. Provided the attacker can get the proper format for the email, and has the name of a high-level account executive, at first viewing the email address will appear to be correct.

However, a closer view will show that one character in the domain name is different. Typically, an i will be replaced with an L or a 1, an o with a zero, or a Cyrillic character may be used which is automatically changed into a standard letter. If the recipient looks at the email address, they may not notice the small difference.

To minimize the risk of account department staffing being fooled by whaling attacks, anti-spam solutions should be put in place and configured to block emails from similar domains. Employees must also be told not to complete any transfer requests that arrive via email without first reviewing with the sender of the email that the request is authentic, and to always carefully check the email address of the sender.

Customers Advised to Watch for Electric Ireland Phishing Scam

Phishing emails, which seem to be genuine have been recently targeting Electric Ireland customers. They give a genuine reason for clicking on the link included in the email and have been well written. The link brings the recipient to a phishing website that looks authentic. Even the request published on the website does not appear unreasonable.

For a customer to receive the refund, they must provided their banking information to allow the electricity company to complete a transfer. In order to prove their identity, current and former customers must supply proof of identity. The scammers request a scan of customers’ passports.

Other reports suggest that some customers have been issued links to fake websites that require them to disclose their mobile phone numbers along with security codes and passwords.

It is not yet known how the scammers have obtained the email addresses of Electric Ireland customers, as according to the utility company there has been no security violationand the database in which customer account information is stored remains safe. However, an audit is being completed by the company’s IT department to determine if any individual has logged onto its network or has otherwise gained access to customer data.

A Garda representative has confirmed that many Irish citizens have already being tricked by the Electric Ireland phishing scam and have said that fraudulent withdrawals have been made from their personal bank accounts.

The Electric Ireland phishing scam is one of a number of convincing campaigns to have been discovered in recent weeks. Hackers have become gifted at crafting emails and setting up malicious websites, and it can be difficult to determine whether a request is authentic or fake.

The Electric Ireland phishing scam may appear authentic, however legitimate companies would not issue emails requesting sensitive information of that nature to be shared over the Internet. It should also be noted that if a company has taken excess funds from a bank account to pay a bill, the company would be able to complete a refund directly to the same bank account. They would not ask for those details to be given again – nor request copies of ID, mobile phone numbers or passwords.

If any person has being tricked by the Electric Ireland phishing scam they should contact their bank quickly and place a block on their account. This will stop the criminals from making any fraudulent transfers. However, it may be too late for many customers to stop losses being incurred.

Bermuda Electricity Company Customers Targeted with Ransomware

Citizen of Bermuda and holiday home owners have been warned to be diligent following the identification of a new BELCO email scam. Guidance has now been issued by the company after some customers were targeted by scammers and were issues with malware-infected emails from the company’s email domain.

BELCO, the Bermuda Electric Light Company Limited, provides electricity to homes in Bermuda and is the only supplier available in the British Overseas Territory. All people who own or rent a property on the islands are in danger of receiving a spam email that could possibly infect their computer, mobile phone, tablet or laptop with malware.

The sort of malware included in the spam emails is a type of ransomware. This sort of malware is particularly dangerous as it will permit the perpetrators of the campaign to lock files on an infected computer and possibly also on a business network to which the device logs onto. The malware sent in the BELCO email scam can also cause corruption of computer files. The hackers behind the campaigns have designed the malware to give victims little option but to pay the ransom.

Critical files are encrypted via the ransomware to stop the user from obtaining access. The only way of regaining access to the files is to restoring them from a backup or by agreeing to the ransom demand. Once a ransom has been paid, the criminals behind the BELCO malware attack will issue a security key that can be used to rescue the data. There is no guarantee that the security key will be issued once the ransom has been paid and it is conceivable that the criminals persist with extorting customers who give into their demands.

On a personal computer, files including personal documents or family photographs could possibly be encrypted and lost. For business users the danger is even higher. Without access to critical files, all business could effectively come to a halt. Even if a backup can be implemented to restore the ransomware-encrypted files, major losses could be suffered. Carrying out a full restoration of data takes time and unless a backup was completed just minutes before files were encrypted, some data will be lost in any case. Customers will also suffer disruption to services while remediation takes place and systems are restored.

Spotting spam and scam emails

The BELCO email scam is realistic. It could easily be considered a genuine email if the recipient of the email is not very security conscious. There are giveaway signs that it is not genuine:

  • The email address is not the same as the one usually used by the company to issue electronic electricity bills
  • There is a threat included in the email – Swift action is needed to avoid unpleasant consequences
  • There is inadequate information included in the email body, requiring the user to click on an attachment
  • The email address includes spelling mistakes not typically seen with correspondence used by reputable company – billerz

Peoples, and especially companies, should think about implementing additional controls to stop emails such as this from being delivered. Implementing a spam filtering solution will stop the vast majority of spam and scam emails from being issued. As more phishing and spam emails are being broadcast, and the perpetrators are growing more skilled at coming up with convincing campaigns, this is one of the wisest defenses to stop accidental malware infection. The price of an Anti-Spam solution will be significantly less than the cost of a ransom to unlock vital files.

Email Scam Uncovered Involving DRIDEX Malware

A new DRIDEX email scam campaign has been identified that has resulted in an angry response from Swedish furniture retailer Ikea. The hackers to blame for the malware have targeted Ikea customers by sending fake emails asking them to open a DRIDEX-infected email attachment. It is thought that hundreds of thousands of emails have been sent in the past few days.

As is usually the case with spam emails, users are not specifically targeted. The hacker rely on volume for success. This is why targeting a retailer the size of Ikea is particularly desirable. The potential for an email landing in the inbox of a customer is relatively high in Europe.

What is most worrying about this campaign is the fact the emails look authentic. They include an attachment which appears to be a purchase receipt issued  by IKEA. The receipt looks identical to one supplied by the store.

IKEA is worried that the spam emails will impact the company’s reputation, even though there is nothing the company could have done to stop the campaign. The guidance provided is not to click on any attachments in emails that appear to have been sent by the furniture retailer.

DRIDEX Malware Features

DRIDEX is a dangerous malware designed to obtain online banking login names and passwords and is a new variant of CRIDEX: A known variety of malware with a worm and Trojan variant (W32.Cridex and Trojan.Cridex). The new form of the Cridex malware tries to complete its aim using HTML injection. This is a technique used by hackers to utilize code to exploit vulnerabilities in popular applications such as Java or ActiveX. HTML injection changes page content.

This hacking method of attack as the user is tricked into thinking a site being visited can be trusted, as the page has a trusted domain. When the user enters a login name and password, these are then forwarded to the hacker. In this scenario, the user would share their bank logins and passwords, which would then be used to make fraudulent financial transfers to a hacker’s account.

Email scams likes these on the rise and users can easily be fooled into installing malware. DRIDEX appears to be primarily sent by spam email attachments.

AS new malware is constantly being devised and broadcast with increasing regularity, all email users should also be shown how to spot potential phishing emails as a failsafe to ensure. This will help to make sure they do not become another email hacking, or inadvertently compromise their employer’s databases.

Credit Card Numbers Captured in iTunes Email Scam

A recent report published by Malwarebytes has revealed that a new email scam campaign has been identified which tries to con users to trick users into sharing the credit card numbers that they use for iTunes.

This email scam involves contacting iTunes subscribers to offer them a refund for a purchases that was completed using their iTunes account, stating they have been impacted by an email scam already. If users decide that they will try and process a refund, they will be asked to provide their Apple ID, password, and credit card details so the refund can be completed.

iTunes subscribers have been sent emails advising them that their account has been hacked and used to purchase an app valued at £34.99 ($53), with the emails containing a fake receipt for the purchase. The app is question is provided by CoPilot Premium HD, which claims to be a navigation service. The receipt includes a link that the recipient of the email must click in order for their refund to be issued, if the purchase is not authentic.

This app does not exist. Any steps that iTunes users take to try and stave off this supposed fraud will. sadly, lead to them genuinely being hacked.

There have been a number of similar only email phishing scam targeting Apple users in recent weeks. Another email spam campaign tried to get subscribers to click a link to update their credit/debit card, which users have been told is about to expire. Users have been asked to click a link and enter their new card details, including the CSC code on the back of their card, as well as the new expiry details.

The email, as is common in campaigns like this, is sent with a threat of account suspension if they do not agree. In this instance, users have a short period of time to respond. The email link is said to expire in 60 minutes, minimizing the time for users to verify if the email is in fact authentic.

They are given a link to store.apple.com which is seemingly authentic; however, hovering over the link will show that the link directs them to a different destination.

There are other common revealing signs that the email is a fraudulent, even though the correspondence does include seemingly genuine Apple imagery and seems to have been sent from Apple’s customer service department. One of the most revealing things is the volume of spelling errors included in the email. Any email issued by Apple is likely to have at least been run through a spell check before being used as a template for millions of Apple device owners. A sure sign that the email is not authentic.

The email includes spelling and grammatical mistakes such as informing the recipient that the link will “expire one hours after the email was sent.” iPhone “ore” iPads is another, and feature is spelt “feauter.”

Apple users must carefully read any email issued from Apple, and to attempt to verify any request to provide ID numbers or financial details.

Advantages of Email Archiving Solution for Exchange

The importance of email archiving in today’s business world is undeniable, but many businesses may be questioning why a true email archiving solution is far superior to exchange for archiving.

The term archive’s technical meaning is ‘a collection of information that is permanently stored and unalterable.’ Archives are necessary for all businesses to comply with regulations and in the case of litigation, although the degree of which they are necessary depends on the sector of the business.

The terms “backup” and “archive” shouldn’t be confused with one another. A backup’s intended purpose is to restore the system in the event of data corruption or loss. It is also worth noting that backups are overwritten with more recent information as time progresses. In contrast, archives preserve data for longer periods of time and are easily searchable.

Why Archiving is Necessary for Businesses

By moving emails to archives, you are helping to limit the amount of data storage needed for mailboxes. A good archiving solution can also help pinpoint the source of data leaks or even security disasters, however these are side benefits.

Archiving is necessary for regulatory compliance and as a repository of information for eDiscovery, a legal requirement in many countries. eDiscovery is defined as the process of finding electronically stored information for use in litigation. This is not only restricted to email. For example, Word and Excel files on your server may also be needed during litigation.

Without archives in place, the cost of eDiscovery can be detrimental to businesses. It would, in fact, require the analysing of each computer in the company to find email copied to folders on the hard drive. Because of this, the search and organizational aspects of archiving are invaluable. In the Nortel Networks executive criminal case, the prosecution delivered 23 million pages of electronic records. Ontario Superior Court Justice Cary Boswell understandably described this as an “unsearchable morass” and requested for the prosecution to organize the information and re-present it to the defense.

Issues with Microsoft Exchange 2010 and 2013 Archiving

Microsoft has applied the term “archiving” to describe the journaling and Personal Archive functions of Microsoft Exchange since its 2007 version.

Email copies can be created in Exchange Standard with journaling. Furthermore, with Exchange Premium, these copies can be directed to specific mailboxes or distribution lists. Journaling does not provide the same function as archiving because:

  • It lacks the indexing and searching capabilities necessary
  • Journaling has no data retention configuration settings
  • Users can still create their own PSTs (copies of email that they keep on their own computer). These copies may not necessarily satisfy eDiscovery requirements.

The Personal Archive function addresses some of the shortcomings of journaling. Exchange 2010 has more capabilities than Exchange 2007 in this regard. In terms of Exchange 2010, each user can establish an “archive” for the mailbox. Microsoft TechNet’s description of these is “secondary mailboxes in which users can store messages they need to keep for a longer duration.”  Additionally, Microsoft explain “the whole idea behind creating personal archive mailboxes is to avoid the constraints of mailbox quotas.” This does not provide an archiving function.

The Personal Archive doesn’t necessarily need to reside in the same production database, it can even live in the cloud. Users have two options: they can move the email manually or let it be moved automatically based on retention tags. The major downside of Personal Archive lies in the cost. The reason for this is using Personal Archive requires enterprise client access licenses (CALs) and Office 2010 Professional Plus for Outlook.

However, it is noted that Personal Archive “may not meet your archiving needs”. Users have control over their own Personal Archive. The Personal Archive is often seen as a questionable repository for compliance and eDiscovery data as users are in fact able to delete items and modify retention tags.

Microsoft maintains that users with the Discovery Management role can take advantage of indexing and multiple mailbox searching to meet eDiscovery needs. However, Exchange 2010’s Exchange Control Panel is clunky and difficult to use, making it far from ideal for eDiscovery.

Exchange 2013 and Exchange Online Improvements

With the newer Exchange versions, users still hold a large amount of control over their mailboxes. Not only can they define their own policies, users can also use creative ways to try bypass imposed corporate policies, e.g. “archiving” items in the Deleted Items folder. Although the Exchange administrator can use Policy Tips to notify users of possible compliance issues with data in their e-mails, the administrator still can’t override user settings unless Litigation Hold or In-Place Hold is applied to a mailbox.

Microsoft Exchange has added improved features for eDiscovery, requiring a SharePoint 2013-based portal to search across all mailboxes. There are two main drawbacks with this approach:

  1. Companies must purchase/upgrade to SharePoint 2013
  2. It makes it necessary to have a monolithic mail store with rapidly growing online storage. Data must be held on an online Exchange server to use Exchange’s In-Place Discovery tools.

Advantages of True Archiving

Microsoft Exchange “archiving” is not a complete compliance and litigation tool by any means. A true email archiving solution is far superior to exchange for archiving.

The approach made by Microsoft towards eDiscovery presupposes that all email that ever passed through your organization resides on an Exchange server. The issue with this idea is data storage needs skyrocket over time. It is worth noting that an estimated 90 percent of the information stored in Exchange is never accessed again. True archiving removes a large chunk of this 90 percent. By doing this it reduces not only storage, but also backup and recovery time.

This is where ArcTitan can help. ArcTitan is a true archiving solution that can meet all your eDiscovery and data storage needs. Here are some of the features of the product:

  • Unlimited cloud based email archiving including inbound/outbound/internal email, folders, calendar and contacts
  • Complete Audit trail
  • Data retention and eDiscovery policy
  • Encrypted storage on AWS cloud
  • HIPAA, SOX (and more) standards compliance and Audited access trail
  • Instantly searchable via your browser – find archived emails in seconds
  • No hardware / software  required
  • Secure transfer from your email server
  • SuperFast Search™ – email compressed, Zipped, message de-duplication, attachment de-duplication allowing for the fastest search and retrieval
  • Web console access with multi-tiered and granular access options; you decide user access permissions.
  • Works with All Email Servers including MS Exchange,Zimbra, Notes, SMTP/IMAP/Google/PO
  • Optional Active Directory integration for seamless Microsoft Windows authentication
  • Optional Outlook email client plugin

If you have not yet implemented an email archiving solution, if you are unhappy with the native Microsoft Exchange email archiving features, or if you are finding your current archiving solution too expensive or difficult to use, contact TitanHQ today to find out more about the benefits of ArcTitan and the improvements it can offer to your business.

WhatsApp Relayted Scam Email Discovered

Warnings have been issuing to advise anyone receiving an email about a new WhatsApp voicemail message to disregard it as it could well be the latest WhatsApp scam email that is currently doing the rounds. This new scam is particularly dangerous.

The WhatsApp scam email is forming part of an attack on businesses and consumers, and will lead to Nivdort malware being installed onto the device used to read the email.

Security experts Comodo found the WhatsApp scam email and have said that the malware contained in the email attachment has been designed to affect users of Android phones, iPhones, as well Mac and PC users.

The WhatsApp scam email appears to have been sent by WhatsApp, although there are a few of tell-tale signs that the WhatsApp scam email is authentic. WhatsApp will not broadcast messages to a user’s email account, but will only inform users of a missed call or voicemail message using the app itself. However, many of the 900 million users of the chat software program will not be conscious of that.

The email includes the imagery normally associated with the Facebook-owned messaging platform, but a review of the sender’s address will show that this email has not been issued from WhatsApp. The email also includes a zipfile attachment. Opening the zip file will lead to malware being downloaded onto the device used to open the attachment.

The hackers are sending out multiple variants of the email with alternative subject lines. Each subject line also includes a string of three, four, or five randomly generated characters after the message, such as “xgod” or “Ydkpda”

The subject lines in some of the scam emails have been listed here:

If you receive any email from WhatsApp you should act carefully. You should never click on any email attachment from any person you do not recognize, and must be particularly careful with .zip files. If in doubt, delete the email and remove it from your erased email folder.

Nivdort is a group of Trojans that collect data from the computers on which they are  downloaded. In order to avoid being noticed the malware is loaded into the Windows folder. The latest variant is installed to multiple system folders and also the registry. Even if identified by anti-virus software it is possible that not all parts of the malware will be deleted. The malware may could still receive commands and extract data from the infected computer.

Cloud Archiving Reduces your Company’s Onsite Data Footprint

Cloud archiving reduces your company’s onsite data footprint, gives the ability to access a range of enterprise level services easily such as cloud archiving, spam filtering, data storage, web filtering, crm and much more. As well as the obvious advantage of a reduction in IT costs, there is also the reduced responsibility for housing one’s own data. Overall, there are a number of benefits for reducing ones onsite data footprint in this manner.

Is a Proprietary Device Necessary for Every Function?

For decades, companies purchased their own hardware and built facilities to house that. This was what was happening until Amazon AWS convinced business that it made more sense to make use of economies of scale by renting space on servers rather than acquiring their own. The reason that all this was possible; virtualization. VMware and Microsoft Hypervisor now allowed more than one operating system to run on one computer at a time. This, in turn, time-sliced the hardware among different applications and customers.  Standardization was also a big factor in driving the movement to the cloud, as networking and security professionals questioned the need to have a proprietary device for every function.

Not only does the price of hardware go down with cloud computing, software licenses are lower too. This is due to the cloud vendor having the ability to negotiate a better price than the average company plus usage-based billing matches up licensing fees more closely with actual usage. In addition to that, there is the need for fewer people to administer all these systems. Programmers and architects are still needed as ideas is what drives commerce. However, one single individual manning the control room at a cloud data center has tools that makes it far easier for him or her to administer many more machines per person than someone working in a smaller facility.

Cloud Vendors Employ Additional Resources Compared to an Average Company

Security is also boosted through archiving data and keeping live data in the cloud. Large corporations such as J.P. Morgan Bank, Target, eBay, and others have all been victims of hacker attacks. If some of the world’s largest companies can be affected by hackers, then what is to keep them from attacking and stealing smaller companies’ data? No cloud facility is not 100% secure, but a cloud vendor would suffer serious damage to their business if they were not on top of their security standards. Cloud vendors use multiple layers of security, eyes-on 24×7 monitoring, and analytics to stay a step ahead of the criminals. They can bring resources to the security task that the average company just can’t.

Another reason to reduce your onsite data footprint is to meet regulations. An example of this can be seen with SOX, which requires that you maintain an offsite, secure backup and archive. The offsite part of that is clear, but “secure” can have different interpretations. Encrypted data is the most secure data. Resting data and data in transit is encrypted by the cloud vendor. A hacker can only steal this data if they have compromised the encryption keys or managed to gain access to a machine’s memory, where the data is in clear text.

An Archive is Different to a Back-Up

Litigation, due diligence, and common sense shows that in addition to keeping data backups a data archive is necessary. If your data is stored in the cloud, this does not necessarily mean you have an archive, even if you are doing backups there. An archive is quite different from a backup. A backup can only be restored in its entirety. In contrast, an archive lets you restore and access only the items that you require. For example, if you have a lawsuit over a contract from 7 years ago, it would be almost impossible to restore transactions with your defendant without erasing the current production accounting system, which of course you cannot do. So, the archive is a type of journal that would let you bring back closed accounting periods on line. In simpler terms, old data is stored in archive format instead of native database backup format.

ArcTitan Email Archiving

ArcTitan has such a solution for email and eDiscovery. It allows email archiving for all email clients including Office 365, Google Docs, Exchange, Lotus and Zimbra to name but a few. Backing up PST files is one way to solve your business’ eDisocvery requirements. However, a far better method would be to make individual emails readily accessible by firm’s attorneys or executives. ArcTitan allows Office 365, Google Docs, Exchange, Lotus, Zimbra, and other email users retrieve emails from the archive. For clients that use Outlook, the user can query mail that has been moved to the archive within Outlook. Clients using web or mobile too can use plain English-type queries to search for items in the archive, even without bringing them back online or having to engage with someone from IT. Once what they are searching for is brought up, the parties to the lawsuit, or whoever is looking for instructions they wrote 3 years ago, can then simply choose to restore individual mail.

In summary, moving data to the cloud reduces costs and boosts security. But it is worth noting that data is not the same as backup and backup is not the same as an archive. A company can reduce its onsite footprint and eliminate any possibility of lost mail through implementing a full cloud-based email archiving system in addition to archiving other types of data to the cloud.

Save Money and Boost Productivity in your Business with Email Archiving

A simple method to save money and boost productivity in your business is to put an effective email archiving system in place. Every business should know that there can be legal ramifications to getting rid of the wrong data. That being said, many businesses have an idea that they need to save emails, but don’t really know how to go about it.

A lot of businesses think that backups are a substitute for archiving, however this is not the case. This means that when it comes to storing emails, they’re spending far too much money on the wrong technology. A backup’s intended purpose is to restore the system to the state it was in at a specified time in the past. Backups don’t require for data to be easily searchable, they just need it to be accurate. Backups are usually only going to be kept for a couple of months, therefore they don’t need to be storehouses of knowledge. There purpose only needs them to be faithful pictures of a particular slice of time.

In contrast, an archive needs to contain a lot of information that can be accessed quickly and easily. One of the major reasons for archiving emails is to satisfy legal requirements. However, this isn’t the only reason archives are useful for businesses; email can contain a wealth of information about a company, and proper archiving can make that information readily available.

Email Archiving and Saving Money

In the event of data being legally requested, an old-fashioned backup system will require that data from tapes is transcribed and filtered through. On the other hand, in an archived system, the relevant data, and only the relevant data, can be easily accessed.

Email archiving ultimately saves money by freeing up storage space. Archiving is a more efficient use of space. What’s more, it can be made even more efficient by removing duplicates. It can, in fact, improve the performance of the entire system. Over a third of companies store email only on a server, making email storage space difficult to come by and expensive. From time to time businesses even set up limits on mailboxes, which is not a good idea as it can lead to important emails being deleted.

Archived email is much easier to use. It’s simplicity itself to migrate archived email to an updated server without causing any disruption.

Archiving can make an office run much more efficiently and effectively. Discarded or deleted that critical email, and not even noticed it was missing until we needed it six months later, we’ve all done it. This is the kind of situation where archiving can really shine. If a good archiving system is in place, lost emails with important document attachments couldn’t be easier to replace.

A good email archive is invaluable for aiding with monitoring in highly regulated industries. Not only this, it can also pinpoint data leaks or even security disasters. Also, any company doing creative data mining is going to prosper from the wealth of information stored in emails.

Email has rapidly become the most important means of communication for businesses and is showing no signs of slowing down. It’s a critical asset that every business needs to protect. Archiving provides the flexibility and security to make email valuable and useful for all businesses.