SpamTitan and WebTitan Now Part of Pax8 Ecosystem

TitanHQ and Pax8 have formed a new strategic partnership that has seen TitanHQ’s cloud-based email security and web security solutions added to the Pax8 ecosystem and offered to managed service provider partners.

Pax8 is a leading cloud distributor, providing 100% cloud-based productivity, infrastructure, continuity, and security solutions to its partners. The company is a born in the cloud distributor connecting the channel ecosystem to its award-winning transactional cloud marketplace.

Pax8 is a regular recipient of industry awards and has been named as CRN’s Coolest Cloud Vendor, Best in Show at NextGen for two years in a row, as well as having collected two consecutive Best in Show awards at XChange conferences. Pax8 is also enjoying impressive growth, having risen from position 68 in the Inc. 5000 list of the fastest growing companies in 2018 to position 60 in 2019.

The successes are due to the ease at which its partners can find, purchase, and manage cloud solutions and get the most out of their cloud journeys. One of the key areas driving growth in the cloud is cybersecurity. Through Pax8, MSPs can easily find, deploy, and manage cloud-based cybersecurity solutions to protect their own networks and those of their clients.

Pax8 offers cybersecurity solutions to protect the entire attack surface but the partnership with TitanHQ allows Pax8 to better serve MSPs serving the SMB market. Pax8 carefully vets the vendors it works with and only selects companies that have developed powerful, channel-friendly solutions. TitanHQ was therefore a natural fit, being the leading provider of cloud-based email and web security solutions to MSPs serving the SMB market.

TitanHQ has developed its cybersecurity solutions to meet the needs of managed service providers and gives them the features and benefits that are often lacking in many SMB-focused security products. TitanHQ’s email and web security offerings can be hosted within an MSPs own environment and they can be supplied in white-label form ready for MSP branding. MSPs benefit from highly competitive pricing, a fully transparent pricing policy, easy integration into their existing systems through TitanHQ APIs, no minimum users or monthly targets, generous margins, and industry-leading technical support. SpamTitan Email Security and WebTitan DNS filtering are also easy to implement and use and have a low management overhead.

For these reasons the solutions are much loved by end users and consistently achieve high ratings on software review sites such as G2 Crowd Report, Gartner Peer Insights, and Capterra.

“Our partners are excited about the addition of TitanHQ and the ability to protect their clients’ businesses by blocking malware, phishing, ransomware, and links to malicious websites from emails.” said Ryan Walsh, chief channel officer at Pax8.

“I am delighted to partner with the Pax8 team,” said TitanHQ CEO Ronan Kavanagh. “Their focus and dedication to the MSP community is completely aligned with ours at TitanHQ, and we look forward to delivering our integrated solutions to their partners and customers.”

Ursnif Banking Trojan Uses New Tactic to Spread More Rapidly

A new strain of the Ursnif banking Trojan has been identified and the actors to blame for the latest campaign have implemented a new tactic to spread the malware more quickly.

The Ursnif banking Trojan is one of the most often witnessed Trojans. As is the case with other banking Trojans, the purpose of the Ursnif Trojan is to take away credentials such as logins to banking websites, corporate bank details, and credit card information. The stolen credentials are then used to complete financial transactions. It is not unusual for accounts to be drained prior to the transactions being discovered, by which time the funds have cleared, have been withdrawn, and the criminal’s account has been closed. Recovering the stolen funds may not be impossible.

Infection will result in the malware stealing a wide range of sensitive data, capturing credentials as they are typed into the browser. The Ursnif banking Trojan also captures screenshots of the infected device and logs keystrokes. All of that information is silently shared to the hacker’s C2 server.

Banking Trojans can be put in place in a number of ways. They are often installed onto websites where they are downloaded in drive-by attacks. Traffic is sent d to the malicious websites using malvertising campaigns or spam emails contacting hyperlinks. Legitimate websites are compromised using brute force methods, and kits installed on the sites that attack people who have failed to keep their software up to date. In a lot of, software is shared using spam email, hidden in attachments.

Spam email has previously been used to share the Ursnif banking Trojan, and the most recent campaign is no different in that regard. However, the latest campaign uses a new tactic to increase the chance of infection and spread infections more quickly and widely. Financial institutions have been the main target of this banking Trojan, but with this most recent attack method they are far more widespread.

Infection will see the user’s contact list scanned and spear phishing emails sent to each of the user’s contacts. Since the spear phishing emails come from a trusted email account, the chances of the emails being opened is significantly heightened. Simply opening the email will not lead to infection. For that to take place, the recipient must click on the email attachment. Again, since it has come from a trusted person, that is more probably.

The actors to blame for this latest Ursnif banking Trojan campaign have another trick to increase trust and ensure their payload is sent. The spear phishing emails contain message threads from past communications. The email looks like a response to a previous email, and include details of past communications.

A short line of text is included as a attempt to get the recipient to open the email attachment – a Word document including a malicious macro. That macro needs to be authorized to run – if macros have not been set to run automatically, but it will not until the Word document is shut. When the macro is enabled, it initiates PowerShell commands that download the Ursnif Trojan, which then starts logging activity on the infected device and sends further spear phishing emails to the new victim’s contacts.

This is not an original tactic, but it is new to Ursnif – and it is likely to see infections spread much more swiftly. Additionally, the malware incorporates a number of additional tactics to hamper detection, allowing information to be stolen and bank accounts emptied before infection is discovered – the Trojan even erases itself once it has run.

Malware is always changing, and new tactics are constantly created to increase the likelihood of infection. The most recent campaign shows just how important it is to block email threats before they reach end users’ inboxes.

If you use an advanced spam filter like SpamTitan, malicious emails can be blocked to prevent them from reaching end user’s inboxes, greatly reducing the danger posed by malware infections.

Tips to Avoid Holiday Season Spam Email Campaigns

In the rush to buy Christmas gifts online, security awareness often is disregarded and hackers are waiting to take advantage. Hidden among the countless emails sent by retailers to inform past customers of the most recent special offers and deals are a great many holiday season email scams. To an unskilled eye, these scam emails seem to be no different from those sent by authentic retailers. Then there are the phishing websites that record details and credit card numbers and websites hosting exploit kits that silently install malware.  It is a dangerous time to be using the Internet for shopping.

However if you are careful, you can avoid holiday season email scams, phishing websites, and malware this Christmas. To help you avoid strife, we have gathered some tips to avoid holiday season email scams, phishing websites and malware this festive season.

Guidelines to Stay Safe This Holiday Season

In the days before Christmas there will be scams aplenty. To stay safe online, remember the following:

Carefully check the URL of websites before parting with your card details every time

Spoofed websites often look just like like the genuine sites that they mimic. They use the same background and style, the same imagery, and the same branding as retail sites. The only thing not the same is the URL. Before filling in your card details or parting with any sensitive data, review the URL of the site and make sure you are not on a spoofed website.

Never permit retailers to hold your card details for future transactions

It is a service that makes for swift purchases. Sure, it is a pain to have to enter your card details each time you want to buy something, but by taking an extra minute to enter your card details each time you will reduce the chance of your account being emptied by scammers. Cyberattacks on retailers are common, and SQL injection attacks can give hackers access to retailer’s websites – and a treasure trove of stored credit card numbers.

Crazy deals are normally just that

You may find out that you have won a PlayStation 4 or the latest iPhone in a competition. While it is possible that you may have won a prize, it doubtful that this will happen if you haven’t actually entered a prize draw. Similarly, if you are offered a 50% discount on a purchase through email, there is a high probability that is a scam. Scammers take advantage of the fact that everyone loves a deal, and never more so than during holiday period.

If you purchase online, use your credit card

Avoid the holiday season crowds and buy presents online, but use your credit card for purchases instead of a debit card.  If you have been captured in a holiday season scam or your debit card details are stolen from a retailer, it is highly unlikely that you be able to recuperate stolen funds. With a credit card, you have better security measures and getting a refund is much more likely.

never Visit HTTP sites

Websites secured by the SSL protocol are safer. If a website address begins with HTTPS it means the connection between your browser and the website is encrypted. It makes it much more difficult for sensitive data to be intercepted. Never hand over your credit card details on a website that does not begin with HTTPS.

Carefully Check of order and delivery confirmations

If you order over the Internet, you will no doubt want to look over the status of your order and find out when your purchases will be delivered. If you your sent an email with tracking information or a delivery confirmation, treat the email as potentially dangerous. Always go to the delivery company’s website by entering in the URL into your browser, rather than visiting links sent through email. Fake delivery confirmations and parcel tracking links are common. The links can bring you to phishing websites and sites that install malware, while email attachments often contain malware and ransomware installers.

Holiday season is a hectic, but be careful online

One of the chief factor in holiday season being successful for email scams is because people are in a hurry and do not take the time to read emails carefully and check attachments and links are authentic. Scammers take advantage of busy individuals. Look over the destination URL of any email link before you click. Take time to consider things prior to taking any action online or respond to an email request.

Have different passwords for different websites

You may decide to purchase all of your Christmas gifts on Amazon, but if you need to sign up[ for a number of different multiple sites, never sue the same password for these websites. Password reuse is one of the main ways that hackers can capture access details for your social media networks and bank accounts. If there is a data breach at one retailer and your password is taken illegally, hackers will attempt to use that password on lots of other platforms.


Holiday Season Gift Card Scams on the Rise

Holiday season gift card scams are very common, and this year is no exception. Many gift card-themed scams were tracked during Thanksgiving weekend that offered free or cheap gift cards to lure online shoppers into sharing publicly their credit card information.

Everyone is a fan of a bargain and the offer of something for nothing may be too tempting. Many people are taken in by these scams which is why threat actors switch to gift card scams around Holiday season.

Consumers can be tricked into parting with credit card information, but companies are also at risk. Many of these campaigns are designed to obtain access to login credentials or are used to install malware. If an end user responds to such a scam during their work day, it is their employer that will likely pay the ultimate price.

This year has seen many businesses hit by gift card scam campaigns. Figures released by Proofpoint indicate that out of the organizations that have been targeted with email fraud attacks, almost 16% had experienced a gif card-themed attack: Up from 11% in Q2, 2018.

This year has also seen a heightened risk due to business email compromise (BEC) style tactics, with emails appearing to have been shared from within a company. The emsay that they have been sent from the CEO (or another executive) requesting accounts and administration staff purchase gift cards for clients or ask for gift cards be bought in order to use them for charitable donations.

To cut the risk from gift card scams and other holiday-themed phishing emails, firms need to see to it that they have powerful spam filtering technology in place to block the emails at source and prevent them from being sent to employee inboxes.

Advanced Anti-Phishing Security for Office 365

Many companies use Office 365, but even Microsoft’s anti-phishing security measure see many phishing emails slip through the security systems, especially at businesses that included the advanced phishing protection subscription. Even with the advanced anti-phishing measures, emails still make it past Microsoft’s filters.

If you wish to block these malicious messages, an advanced third-party spam filter is necessary. SpamTitan has been designed to work side by side with Office 365 to improved protection against malware, phishing emails, and more complex phishing attacks.

SpamTitan can deal with more than 99.9% of spam email, while dual antivirus engines prevent 100% of known malware. What really sets SpamTitan apart from other software is the level of protection it offers against new threats. A combination of Bayesian analysis, greylisting, machine learning, and heuristics help to identify zero-day attacks, which often get by Office 365 defenses.

If you want to enhance security from email-based attacks and reduce the amount of spam and malicious messages that are arriving in Office 365 inboxes, contact TitanHQ and book a product demonstration to see SpamTitan working.

Discover a Cheaper Alternative to Cisco OpenDNS in a Dec 5, 2018 Webinar

There is a cheaper option that Cisco OpenDNS that provides total protection against web-based threats. If you are currently using OpenDNS or have yet to configure a web filtering solution, you can find out about this powerful web filtering solution in a December 5, 2018 webinar.

Cybersecurity solutions can be implemented to secure the network perimeter, but employees often are careless online that can lead to costly data breaches. The online activities of employees can easily lead to in malware, ransomware, and viruses being installed. Staff may also respond to malicious adverts (malvertising) or visit phishing websites where they are relieved of their login details.

Addressing malware infections, solving ransomware attacks, and resolving phishing-related breaches have a negative impact on the business and the resultant data breaches can be incredibly expensive. Due to this, the threat from web-based attacks cannot be disregarded.

Luckily, there is an easy solution that offers protection against web-based threats by carefully managing the web content that their employees can access: A DNS-based web filter.

DNS-based web filtering requires no hardware acquisitions and no software installations. Within around 5 minutes, a business will be able to control employee internet access and block web-based dangers. Some DNS-based web filters such as OpenDNS can be costly, but there is a more cost-effective alternative to Cisco OpenDNS.

TitanHQ and Celestix Networks will be conducting a joint webinar to introduce an alternative to Cisco OpenDNS – The WebTitan-powered solution, Celestix WebFilter Cloud.

Celestix will be implemented by Rocco Donnino, TitanHQ EVP of Strategic Alliances, and Senior Sales Engineer, Derek Higgins who will outline how the DNS-based filtering technology offers total protection from web-based dangers at a fraction of the cost of OpenDNS.

The webinar is at 10:00 AM US Pacific Time on Wednesday December 5, 2018.


TitanHQ Releases New Version of SpamTitan and RESTapi

TitanHQ Releases New Version of SpamTitan and RESTapi

Version 7.06 of SpamTitan was released on November 12, 2019. The latest version includes several important security updates to address known issues with the reporting engine. The security patches and ISO/OVA images can now be downloaded and have been made available for several packages including OpenSSH, OpenSSL, Sudo, PHP, and ClamAV.

The update has been released for both the cloud-based anti-spam service, which has already been updated for all users, and TitanHQ’s SpamTitan software solution, SpamTitan Gateway. Software users have had the new release downloaded onto their appliances but administrators will need to login to their UI to apply the update and security patches.

The latest release is accompanied by a new RESTapi, which is one of the most important enhancements in SpamTitan v7.06. The RESTapi has been released to make it easier for clients and partners to implement integrations.

“Implementing the RESTapi and encouraging API adoption are vital steps in our partnership expansion plans,” said TitanHQ CEO, Ronan Kavanagh. “After experiencing 30% growth in 2019, TitanHQ expects these product enhancements and new features to make 2020 another record-breaking year.”

Users should not experience any problems upgrading to the latest SpamTitan version, but if any issues are experienced or for advice on upgrading, contact the customer service team on Technical specifications of the new REStapi can be found on this link.

Cisco Umbrella Alternative for SMBs and MSPs

In this post we propose an ideal Cisco Umbrella alternative that you can implement at a fraction of the cost of Cisco Umbrella, yet still have excellent protection from web-based threats and precision internet content control for your workforce.

WebTitan Cloud is the leading Cisco Umbrella alternative for SMBs and Managed Service Providers (MSP) that serve the SMB market. WebTitan Cloud is, in many respects, a direct swap out for Cisco Umbrella, and one that will save you a small fortune on DNS filtering costs.

Before we cover the cost of WebTitan versus Cisco Umbrella, it is worthwhile taking a moment to explain why DNS filtering is now an essential part of the security stack and why you need to add this additional layer of security if you are not already using a DNS filter.

Why is a DNS Filter Necessary?

You will no doubt be aware that the internet can be a dangerous place. As an IT professional or SMB owner, you need to make sure that your employees do not venture into areas of the internet that could cause your business harm.

Even general web browsing can pose a risk of a malware infection or ransomware download, and employees can easily be tricked into visiting phishing web pages where credentials are harvested. These are very real threats that need to be mitigated.

Rather than leave things to chance and hope your employees obey the rules and recognize all threats in time, you can implement a content filtering solution such as a DNS filter. A DNS filter requires no hardware purchases nor software downloads. You just reconfigure your DNS and point it to the provider of your DNS filtering service and apply your content controls.

All content filtering takes place in the cloud, there will be no latency, and filtering will take place without any content being downloaded. You can control the categories of content that can be accessed and, if rules are broken by employees, they will be directed to a block page and no harm will be done. You can run reports on web usage, apply controls to conserve bandwidth, and perhaps most importantly, you can prevent employees from visiting malicious websites and can block malware and ransomware downloads. Without this additional security layer, your business will be at risk.

Is It Worth Paying the Cisco Umbrella Price?

We are not going to try to convince you not to look at Cisco Umbrella, as it is an accomplished DNS filtering solution that is suitable for many enterprises and SMBs. The product will certainly protect your business from web-based threats and will allow you to enforce your internet policies. However, there is a but. If you are already using Cisco Umbrella or have made enquiries about the solution, you will be aware that the product comes at a considerable cost.

Cisco Umbrella is not a one-size fits all solution. Cisco caters to a range of different customers, from small businesses to large enterprises and packages have been devised accordingly. The most basic offering is DNS Security Essentials, which is a bare bones DNS filtering package that blocks malware and ransomware downloads and allows you to enforce your internet policies. However, there are many important features lacking that most SMBs will feel are important. For instance, now that most websites have moved over to HTTPS, connections to those sites are encrypted. You therefore need to decrypt, inspect, and then re-encrypt that traffic. The basic package dos not include this feature. Decryption and inspection of all SSL traffic is only available in the top-level package.

DNS Security Advantage is the second package offered, which provides more features such as greater insight for investigations, file threat intelligence, and some other tools. At the top end is the comprehensive Secure Internet Gateway Essentials package, which offers enterprise-grade DNS filtering with a host of features required by enterprises with a huge workforce. For most SMBs, the top package will offer a host of features that will most likely not be used. Unfortunately, the lowest level package is missing some important features that really are required by many SMBs.

What is the Cisco Umbrella Cost Per User?

So, how much does Cisco Umbrella cost? This is a key consideration for SMBs as they are likely to have limited budgets. They need to pay for several layers of cybersecurity to block the threats they are most likely to encounter. Spend top dollar on one solution and it is likely to mean less can be spent on other important security controls.

At the standard level, the Cisco Umbrella cost per user is $2.20 per month, which is considerably more than Cisco Umbrella alternative options such as WebTitan. For 100 users, Cisco Umbrella will cost $2,640 per year and that price does not include support, which Cisco considers an optional extra. If you opt for one of the more advanced packages, that price will increase considerably.

The standard price for a Cisco Umbrella alternative is around $1.00 to $1.50 per user per month, but here at TitanHQ we have a highly competitive pricing policy and can provide you with a Cisco Umbrella alternative for just $0.90 per user per month. That will save you $1,560 per year, based on 100 users.

There is More to Consider than the Cost of Cisco Umbrella Alone

Cost is not the only consideration, although it is certainly important. You will want to ensure that your DNS filter allows you to control content easily and it must provide protection against web-based threats. So, does opting for a Cisco Umbrella alternative reduce the protection you will get? Actually, you can pay less and improve protection, have an easier to use product, with better reporting, and less complexity.

At TitanHQ we have a totally transparent and flexible pricing policy and provide the same, high level of protection for everyone. All customers benefit from full SSL filtering to ensure that HTTPS traffic is inspected and analyzed, and all customers get industry-leading customer support at no extra cost.

WebTitan is also loved by users who rate it highly for ease of setup, ease of use, ease of admin, and for the quality of support provided. This can be seen on review sites such as G2 Crowd, as detailed below.

Cisco Umbrella alternative

The Leading DNS Filtering Solution for MSPs Serving the SMB Market

TitanHQ is the global leader in cloud-based email and web security solutions for the MSP that services the SMB market. WebTitan has been designed to be ideal for MSPs and includes a host of features not offered by Cisco. In contrast to all packages of Cisco Umbrella, we offer a range of hosting options. You can even host in your own environment, something that is important for many MSPs. You can also have WebTitan in white label form, ready to take your own branding, another big plus for MSPs. The solution is also easy to integrate seamlessly into your own environment thanks to a suite of APIs.

Cisco Umbrella alternative for MSPs


Find out More About Our Cisco Umbrella Alternative Today!

Our sales staff will be happy to explain the benefits of WebTitan over Cisco Umbrella and schedule a product demonstration to show you how easy the solution is to use and integrate into your own environment. If you would like to try WebTitan before committing, you can also take advantage of our free 14-day trial. For more information, give the TitanHQ team a call today.

Patch Released to Fix Actively Targeted Microsoft .Net Framework Vulnerability

Microsoft has addressed 27 critical flaws this Patch Tuesday, including a Microsoft .Net Framework flaw that is being actively exploited to download Finspy surveillance software on devices running Windows 10.

Finspy is genuine software created by the UK-based Gamma Group, which is used by governments globally for cyber-surveillance. The software has been downloaded in at least two attacks in the past few months according to FireEye experts, the most recent attack leveraged the Microsoft .Net Framework flaw.

The attack begins with a spam email including a malicious RTF file. The document uses the CVE-2017-8759 vulnerability to create arbitrary code, which installs and executes a VB script including PowerShell commands, which in turn installs the malicious payload, which includes Finspy.

FireEye suggests at least one attack was completed by a nation-state against a Russian target; however, FireEye experts also believe other actors may also be using the vulnerability to conduct attacks.

According to a blog post last Tuesday, the Microsoft .Net Framework flaw has been detected and mitigated. Microsoft strongly recommends downloading the latest update promptly to minimize exposure. Microsoft says the flaw could permit a malicious actor to take full control of an impacted system.

Many Several Bluetooth flaws were discovered and shared on Tuesday by security company Aramis. The flaws impact billions of Bluetooth-enabled devices around the globe. The eight flaws, referred to as BlueBorne, could be used to carry out man-in-the-middle attacks on devices via Bluetooth, sending traffic to the attacker’s computer. The bugs exist in Windows, iOS, Android and Linux.

In order to target the flaws, Bluetooth would need to be turned for the targeted device, although it would not be necessary for the device to be in discoverable mode. A hacker could use the flaws to connect to a device – a TV or speaker for example – and start a connection to a computer without the user’s knowledge. In order to carry out the attack, it would be necessary to be in relatively close physically to the targeted device.

In addition to intercepting communications, a hacker could also take full management of a device and steal data, download ransomware or malware, or perform other malicious activities such as placing the device on a botnet. Microsoft addressed one of the Bluetooth driver spoofing bugs – CVE-2017-8628 – in the latest round of updates.

One of the most pressing updates is for a remote code execution vulnerability in NetBIOS (CVE-2017-0161). The vulnerability impacts both servers and work devices. While the vulnerability is not thought to be currently exploited in the wild, it is of note as it can be exploited just by sending specially crafted NetBT Session Service packets.

The Zero Day Initiative (ZDI) said the flaw “is practically wormable within a Local Area Network. This could also target many virtual clients if the guest OSes all connect to the same (virtual) LAN.”

Overall, 81 updates have been published by Microsoft this Patch Tuesday. Adobe has addressed eight flaws, including two critical memory corruption bugs (CVE-2017-11281, CVE-2017-11282) in Flash Player, a critical XML parsing flaw in ColdFusion (CVE-2017-11286) and two ColdFusion remote code execution flaws (CVE-2017-11283, CVE-2017-11284) relating to deserialization of untrusted data.

Greater Email Security Required According to Healthcare Industry Phishing Report

In the United States, healthcare industry phishing campaigns have been to blame for exposing the protected health records of well in excess of 90 million Americans over the course of the past year. That’s more than 28% of the population of the United States.

This week, another case of healthcare sector phishing has come to light following the announcement of Connecticut’s Middlesex Hospital data breach. The hospital saw that four of its employees responded to a phishing email, resulting in their email account login details being sent to a hacker’s command and control center. In this case the damage inflicted by the phishing attack was limited, and only 946 patients had their data exposed. Other healthcare groups have not been nearly so fortunate.

Industry Latest News

Our industry news section includes a wide range of news items of particular relevance to the cybersecurity sector and managed service providers (MSPs).

This section also sources details of the most recent white papers and research studies relating to malware, ransomware, phishing and data breaches. These articles allow some insight into the general state of cybersecurity, the industries currently most heavily aimed for by cybercriminals, and figures and statistics for your own reports.

Cybercriminals use massive spam campaigns designed to infect as many computers as they can. These attacks are random, using email addresses stolen in large data breaches such as the cyberattacks on LinkedIn, MySpace, Twitter and Yahoo. However, highly targeted attacks are on the up, with campaigns geared to specific sectors. These industry-specific cyberattacks and spam and malware campaigns are covered in this section, along with possible mitigations for reducing the danger of a successful attack.

This category is therefore important for organizations in the education, healthcare, and financial services sectors – the most common attacked industries according to the latest security reports.

The articles cover current campaigns, spam email identifiers and details of the social engineering tactics used to trick end users and gain access to corporate networks. By using the advice in these articles, it may be possible to stop similar attacks.

Network Security

This network security news section contains a variety of articles about safeguarding networks and blocking cyberattacks, ransomware and malware installations. This section also includes articles on recent network security breaches, alerting outfits to the latest attack trends being used by hackers.

Layered cybersecurity defenses are vital due to the increase in hacking incidents and the explosion in ransomware and malware variants over the past 24 months. Outfits can address the threat by investing in new security defenses such as next generation firewalls, end point defense systems, web filtering solutions and advanced anti-malware and antivirus defenses.

While much investment goes on proven solutions that have been highly resilient in the past, many cybersecurity solutions – antivirus software – are not as effective as they were previously. In order to keep pace with hackers and cybercriminals and get ahead of the curve, organizations should consider using a wide variety of new cybersecurity solutions to block network intrusions, stop data breaches and improve protection against the most recent malware and ransomware threats.

This category includes information and guidance on different network security solutions that can be adopted to enhance e network security and ensure networks are not focused on by hackers and infected with malicious software.

TitanHQ Fall 2019 Trade Show Schedule

The TitanHQ team is on the road once again this fall and will be attending some of the biggest and best Managed Service Provider (MSP) conferences and roadshows in Europe and the United States.

The fall schedule of trade shows got underway in Chicago at the Taylor Business Group BIG Conference, followed by Cloudsec2019 in London. September also sees the team attend Datto Dublin on September 17 and the MSH Summit in London on September 18.

If you have not already booked up to attend these events, there will be plenty more opportunities to meet with the TitanHQ team to talk about email security, web security, and email archiving this fall.

TitanHQ will be attending the following MSP-focused events in September, October, and November:

Date Event Location
September 17, 2019 Datto Dublin Dublin, Ireland
September 18, 2019 MSH Summit London, UK
October 6-10, 2019 Gitex Dubai, UAE
October 7-8, 2019 CompTIA EMEA Show London, UK
October 16-17, 2019 Canalys Cybersecurity Forum Barcelona, Spain
October 21-23, 2019 DattoCon Paris Paris, France
October 30, 2019 MSH Summit North Manchester, UK
October 30, 2019 IT Nation Evolve (HTG 4) Florida, USA
October 30, 2019 IT Nation Connect Florida, USA
November 5-7, 2019 Kaseya Connect Amsterdam, Netherlands

The above events give MSPs, ISPs, and VARs the opportunity to meet with the TitanHQ team to discuss the full range of MSP-focused cybersecurity solutions, arrange a product demonstration to see the solutions in action, and discover how to integrate the solutions into your client management systems.

TitanHQ first started developing cybersecurity solutions for SMBs in 1999. While many cybersecurity firms have recently started offering their solutions to MSPs, TitanHQ saw the need to do things a little differently and ensured MSPs were considered from the very start.

TitanHQ has developed a suite of cybersecurity solutions that incorporate all the features demanded by MSPs. With TitanHQ solutions, MSPs can not only meet the needs of their customers and greatly improve their security postures, the solutions save MSPs money by reducing the amount of time they have to spend fighting fires and resolving malware infections and remediating responses to phishing emails. Less time on support and engineering allows MSPs to channel their resources into generating more profit.

The roadshows, conferences, trade shows, and other MSP-focused events give prospective MSP clients the opportunity to quiz TitanHQ about its products and discover how easily the solutions can be incorporated into MSPs technology stacks and rolled out to customers.

If you have not heard of TitanHQ, have yet to incorporate SpamTitan, WebTitan, or ArctTirtan into your service stack, or have unanswered questions about spam filtering, web filtering, and email archiving in the cloud, the TitanHQ team is here to help.

If you do not feel that you can find the time to attend one of the above events, contact the TitanHQ team by phone or email to book a product demonstration, get your questions answered, and sign up for a free trial of any or all of TitanHQ’s email security, web security, and email archiving solutions for MSPs.

If you are attending an event, be sure to pay TitanHQ a visit and feel free to contact TitanHQ in advance of the conference to book an appointment or to get answers to your questions:

Rocco Donnino, Executive Vice President-Strategic Alliances, LinkedIn
Eddie Monaghan, MSP Alliance Manager, LinkedIn
Marc Ludden, MSP Alliance Manager, LinkedIn
Dryden Geary, Marketing Director

Spam Campaigns Delivering Marap and Loki Bot Malware with ICO and IQY Files

A spam email campaign is being conducted focusing on targeting corporate email accounts to share Loki Bot malware. Loki Bot malware is a data stealer capable of obtaining passwords stored in browsers, obtaining email account passwords, FTP client logins, cryptocurrency wallet passwords, and passwords in placed for messaging apps.

Along with stealing saved passwords, Loki Bot malware has keylogging capabilities and is possibly capable of installing and running executable files. All data captured by the malware is transferred to the hacker’s C2 server.

Kaspersky Lab researchers identified an increase in email spam activity focusing on corporate email accounts, with the campaign discovered to be used to spread Loki Bot malware. The malware was sent hidden in a malicious email attachment.

The intercepted emails included an ICO file attachment. ICO files are duplicates of optical discs, which are usually mounted in a virtual CD/DVD drive to open. While specialist software can be used to open these files, the majority of modern operating systems have the ability to access the contents of the files without the need for any extra software.

In this instance, the ICO file includes Loki Bot malware and double clicking on the file will result in a downloading of the malware on operating systems that support the files (Vista and later).

It is relatively unusual for ICO files to be used to deliver malware, although not unheard of. The unfamiliarity with ICO files for malware delivery may see end users try to open the files.

The campaign included a wide variety of lures including fake purchase orders, speculative enquiries from companies including product lists, fake invoices, bank transfer details, payment requests, credit alerts and payment confirmations. Well-known businesses such as Merrill Lynch, Bank of America, and DHL were spoofed in some of the emails.

A different and unrelated spam email campaign has been discovered that is using IQY files to deliver a new form of malware known as Marap. Marap malware is a installer capable of downloading a variety of different payloads and additional modules.

During installation, the malware fingerprints the system and gathers data such as username, domain name, IP address, hostname, language, country, Windows version, details of Microsoft .ost files, and any anti-virus solutions detected on the infected computer. What happens next depends on the system on which it is downloads. If the system is of particular interest, it is earmarked for a more thorough extensive compromise.

Four separate campaigns involving millions of messages were discovered by experts at Proofpoint. One campaign included an IQY file as an attachment, one included an IQY file within a zip file and a third used an embedded IQY file in a PDF file. The fourth used a Microsoft Word document including a malicious macro. The campaigns seem to be targeting financial institutions.

IQY files are used by Excel to download web content straight into spreadsheets. They have been used in many spam email campaigns in recent weeks to install a range of different malware variants. The file type is proving popular with cybercriminals because many anti-spam solutions fail to recognize the files as malicious.

Since most end users would not have any need to open ICO or IQY files, these file types should be placed on the list of blocked file types in email spam filters to prevent them from being shared to end users’ inboxes.

Campaigns using WannaCry Phishing Emails Detected

hackers are using WannaCry phishing emails to conduct campaigns using the fear surrounding the global network worm attacks.

An email campaign has been discovered in the United Kingdom, with BT customers being focused on. The hackers have been able to spoof BT domains and made their WannaCry phishing emails look very realistic. BT branding is used, the emails are well composed and they claim to have been shared from Libby Barr, Managing Director, Customer Care at BT. A quick review of her name on Google will reveal she is who she claims to be. The WannaCry phishing emails are realistic, cleverly put together, and are likely to trick many customers.

The emails claim that BT is working on enhancing its security after the massive ransomware campaign that impacted over 300,000 computers in 150 countries on May 12, 2017. In the UK, 20% of NHS Trusts were impacted by the incident and had data encrypted and services majorly damaged by the ransomware attacks. It would be extremely hard if you live in the UK to have avoided the news of the attacks and the extent of the damage they have inflicted.

The WannaCry phishing emails provide a very good reason for taking quick action. BT is offering a security upgrade to stop its customers from being harmed by the attacks. The emails claim that in order to keep customers’ sensitive data secure, access to certain features have been turned off on BT accounts. Customers are told that to restore their full BT account functionality they need to confirm the security upgrade by selecting the upgrade box contained in the email.

Of course, visiting the link will not lead to a security upgrade being applied. Customers are required to share their login credentials to the hackers.

Other WannaCry phishing emails are likely to be issued claiming to be originating from other broadband service providers. Similar campaigns could be used to quietly install malware or ransomware.

Hackers often take advantage of global news events that are garnering a lot of media interest. During the Olympics there were many Olympic themed spam emails. Phishing emails were also prevalent during the U.S. presidential elections, the World Cup, the Zika Virus epidemic, and following every major news stories.

it is vital never to click on links sent in email from people you do not know, be extremely careful about visiting links sent from people you do know, and assume that any email you receive could be a phishing email or other malicious message.

Just one phishing email sent to a member of staff can lead to a data breach, email or network compromise. It is therefore crucial for employers to be careful. Employees should be provided with phishing awareness training and taught the giveaway signs that emails are not authentic.  It is also vital that an advanced spam filtering solution is employed to stop most phishing emails from landing in end users inboxes.

In relation to that, TitanHQ is here to help you out. get in touch with the team now to see how SpamTitan can protect your business from phishing, malware and ransomware campaigns.

Malspam Campaign Spreading NetWiredRC RAT to U.S. Hotel

In the United States hotel are being targeted by hackers with a remote access Trojan (RAT) titled NetWiredRC. The RAT is spread using spam emails aimed at financial departments in the hospitality sector.

In most cases the campaign sees a standard lure being deployed in order to trick staff into opening the attached malicious file. Urgency is created in the email stating that invoices are outstanding and must be authenticated, an action which will be completed by opening the attached zip file. However the file will install a Trojan with a PowerShell script when it is clicked on. The Trojan installs itself in the startup folder and will operate every time the computer boots.  Once in place the hacker full management control over an infected device.

it remains unknown what the hackers are aiming to achieve with this campaign. If it is installed on POS systems it will allow hackers to skim credit card details for their own use. This will become known over time and hotel may not realize that their databases have been hacked.

This comes at a time when a number of instances of hackers infiltrating hotels guest databases have been witness with the stolen data on the darknet. For example, the Marriott Hotel data breach lead to the theft of 339 million records and Huazhu Hotels Group in China suffered a breach of 130 million records.

Data breaches can prove massively expensive for organizations. The cost of the data breach at Marriott could yet be over $200m, but even lower end data breaches can prove costly to resolve and can cause serious harm to a hotel’s reputation.

The more recent spam campaign indicated just how simple it is to access a database that results in a three-year data breach or the theft of more than 300 records: The opening of an attachment by a busy staff member.

Hotels can enhance their security measures through implementing solutions to address this threat.  SpamTitan safeguards companies thanks to the email system being locked down and practically impenetrable in the face of spamming attacks. WebTitan is an advanced web filtering solution that will obstruct malware installations and manage the websites that can be accessed by staff and customers.

For additional information on TitanHQ’s cybersecurity solutions for hotels, contact us now.

Dangerous Spora Ransomware Ransomware Threat Discovered

A new and very dangerous ransomware threat to deal called Spore has been discovered.

Locky and Samas ransomware have certainly been major headaches for IT departments. Both forms of ransomware have a host of smart features designed to prevent detection, grow infections, and inflict the most damage possible, leaving companies with little option but pay the ransom demand.

However, there is now a new ransomware threat to address, and it could well be even bigger than Locky and Samas. Luckily, the ransomware authors only seem to be targeting Russian users, but that is likely to change. While a Russian version has been used in hacking attacks so far, an English language version has now been created. Spora ransomware attacks will soon be a global issue.

A massive portion of time and effort has gone into producing this very dangerous new ransomware variant and a decryptor is unlikely to be created due to the way that the ransomware encrypts data.

As opposed to many new ransomware attacks that rely on a Command and Control server to receive instructions, Spora ransomware can encrypt files even if the user is offline. Closing down Internet access will not stop an infection. It is also not possible to restrict access to the C&C server to prevent infection.

Earlier Ransomware variants have been created that can encrypt without C&C communication, although unique decryption keys are not necessary. That means one key will unlock all infections. Spora ransomware on the other hand needs all victims to use a unique key to unlock the encryption.  A hard-coded RSA public key is used to create a unique AES key for every user. That process happens locally. The AES key is then used to encrypt the private key from a public/private RSA key pair set up with each victim, without C&C communications. The RSA key also encrypts the separate AES keys for each user. Without the key supplied by the hackers, you cannot unlock the encryption.

This complex encryption process only represents part of what makes Spora ransomware unique. Different to many other ransomware variants, the hackers have not set the ransom amount. This gives the hackers a degree of flexibility and importantly this process occurs automatically. Security experts believe the degree of automation will see the ransomware provided on an affiliate model.

The flexibility allows companies to be charged a different amount to a person. The ransom set is calculated based on the extent of the infection and types of files that have been encrypted. Since Spora ransomware gathers data on the user, when contact is made to pay the ransom, amounts could easily be changed.

When victims visit the hacker’s payment portal to pay the ransom, they must supply the key file that is set up by the ransomware. The key files contains a range of data on the user, including details of the campaign used. The hackers can therefore carefully monitor infections and campaigns. Those campaigns that are successful and result in more payments can then be repeated. Less effective campaigns can be brought to an end.

At present there are a number of different payment options, including something quite different. Victims can pay to unlock the encryption, or pay extra to avoid future attacks, essentially being given immunity.

Emisoft Internet experts who have analyzed Spora ransomware say it is far from a run of the mill variant that has been quickly thrown together. It is the work of a highly knowledgeable group. The encryption process contains no weaknesses – uncommon for a new ransomware variant – the design of the HTML ransom demand and the payment portal is highly sophisticated, and the payment portal also contains a chat option to allow communication with the hackers. This degree of professionalism only comes from a lot of investment and massive work. This threat is unlikely to disappear soon. In fact, it could prove to be one of the most serious threats in 2017 and into the future.

Infection currently takes place through spam email containing malicious attachments or links. Currently the attachments look like PDF invoices, although they are HTA files including JavaScript code. Preventing emails from being sent is the best form of defense. Since no decryptor is available for Spora, a backup will be necessary to recover for the infection or the ransom will need to be met.


DNS Based Web Filtering

DNS based web filtering takes advantage of cloud based technology to provide an Internet content filtering service equally as powerful as hardware or software solutions, but without the capital investment and high maintenance costs of those. As with most cloud-based technologies, DNS based web filtering software is handy and reliable, and extremely scalable.

Any Internet filtering solution has to have SSL inspection so that it can examine the content of encrypted web pages. Whereas SSL inspection can drain CPU resources and memory when included in hardware and software solutions, with DNS based web filtering the inspection process is done in the cloud – thus enhancing network operations.

How DNS Based Web Filtering Operates

In order to filter Internet content using a Domain Name Server (DNS), you need to register for a web filtering service. The service provider gives you a browser-based account you log into, submit your external IP address and set your web filtering policy. Then you just redirect your DNS system settings to the service provider´s web filtering service.

If you have a range of web filtering policies for different positions within your company, tools are available to link management tools such as LDAP and Active Directory with the web filtering service. It is also possible to put in place a DNS proxy for per user reporting and select from a variety of predefined reports. Alternatively, it is a simple process to set up your own bespoke reports.

Due to the way in which DNS based web filtering works, it can be applied with every type of network and operating system. Multiple locations and domains can be managed from one management portal, and – due to the SSL inspection process being conducted in the cloud – end users will not suffer the latency usually associated with hardware and software solutions.

Highly Granular Controls Maximize Your Security Strength

The most common given reasons given for adding an Internet content filter are to safeguard the company from web-borne dangers and to enforce acceptable use policies. DNS based web filtering achieves both these aims by deploying a three-tier mechanism for filtering Internet content. The three tiers work in tandem to maximize the company´s defenses and prevent users accessing material that could be an obstruction to productivity or cause offense.

The first tier includes SURBL and URIBL filters. These are commonly referred to as blacklists and they compare each request to view a website against IP addresses from which malware downloads, phishing attacks and spam emails are known to have been initiated. When matches are located, the request to visit the website is denied.  Blacklists are given and updated by your service provider.

Behind the blacklists, category filters and keyword filters make up the second and third lines of defense. These can be applied by system administrators to stop users visiting websites within some categories (social networking for example), or those likely to include material that would be inappropriate for an office environment. Keyword filters can also be used to prevent users accessing specific content or web applications, or downloading files with extensions most linked with malware.

Exemptions to general policies can be set up by user or user group if access to a website or web application is required by a certain department within the company. For example, you may not want your employees to engage in personal Internet banking during working hours, but it is likely crucial for your finance department has access to online banking services. Similar exemptions could be established (say) if your marketing department needed access to the company´s Facebook or Twitter accounts.

DNS Based Web Filtering Provided by SpamTitan

SpamTitan offers businesses a range of DNS based web filtering solutions – WebTitan Cloud for companies with fixed networks, and WebTitan Cloud for WiFi for companies providing a wireless service to end users. Both DNS based web filtering solutions have been created with maximum ease of use, maximum granularity and maximum security from web-borne threats.

Along with being versatile and effective DNS based web filtering solutions, both WebTitan Cloud and WebTitan Cloud for WiFi include many features to safeguard your company. Both solutions have best-in-class malicious URL detection, phishing protection and antivirus software – all of which is updated automatically. Both also update our filtering mechanisms in actual time – including the categorization of new websites as they are released.

The service grows in line with your company, so you never have to worry about registering new users or even multiple networks. WebTitan Cloud and WebTitan Cloud for WiFi are infinitely scalable, with no bandwidth limits, and no latency problems. Unless you advise them, your users will never know they are being safeguarded from web-borne threats until they try to visit an unsafe or inappropriate web pagesite.


Email Spam and Botnet Infection Levels Quantified

Although many reports seem to indicate that email spam is dropping, email spam and botnet infection is still a major danger for most U.S organizations and people – with criminal practices netting hacking gangs billions of dollars every year.

Estimating the infection levels and the amount of spam being sent was one of the chief aims of the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG). M3AAWG, is a global network tasked with promoting cybersecurity best practices and tackling organized internet crime. M3AAWG was created 10 years ago by a number of leading internet service providers, with the goal of enhancing collaboration and sharing knowledge to make it more complicated for criminals to spam account users. By reducing the impact of email spam on individuals and organizations, ISPs would be able to better secure users, IPS’s email platforms and their reputations.

It was noticed that quantifying email spam and botnet infection levels was an extremely difficult task; one that was only possible with collaboration between internet service suppliers. Arising out of this collaboration, the organization has produced reports on the global state of email spam and botnet infection. Its latest analysis suggests that approximately 1% of computer users are part of a botnet network.

The data gathered by M3AAWG involved assessing 43 million email subscribers in the United States and Europe.,The data analysis showed that IPS’s normally block from 94% to 99% of spam emails. The company’s report suggests that overall, IPS’s do a good job of blocking email spam.

The figures look good but, taking into account the huge scale of email spam, billions of spam emails are still making it through to users, with financial organizations and other companies now being regularly focused on with spam and malware.

Email spammers are well backed financially, and criminal organizations are using email spam as a means of getting hold of tens of billions of dollars annually from internet fraud. Spam emails are sent to phish for sensitive information, such as bank account information, credit card details and other highly sensitive data including Social Security numbers. Accounts can be cleaned out, credit cards maxed out and data used to carry outt identity theft; racking up tens of thousands of dollars of debts in the victims’ names.

In previous years, email spammers were dedicate to sending emails randomly to accounts with offers of cheap Rolexes, Viagra, potential brides and the opportunity to claim an inheritance from a long lost relative. Currently, spammers have realized there are far greater rewards to be gained, and emails are now sent containing links to malware-infected websites which can be used to gain access to users’ PCs, laptops and Smartphones, gaining access to highly sensitive data or locking devices and seeking ransoms.

Some emails may still be shared manually, but the majority are sent via botnets. Networks of infected machines that can be used to send huge volumes of spam emails, spread malware or organize increasingly complex attacks on individuals and organizations. The botnets are available via rental, with criminals able to rent botnet time and use them for any number of taks.

A large number of attacks are now coming from countries where there is little regulation and a very low risk of the perpetrators being caught. Africa states, as well as Indonesia and the Ukraine house huge volumes of scammers. They have even established call centers to deal with the huge amount of enquiries from criminals seeking botnet time to carry out phishing and spamming campaigns. Tackling the issue at the source is difficult, with corruption rife in the countries where the perpetrators live.

However, it is possible to lower spam level, and the danger of staff members being tricked by a scam or downloading malware by installing a robust email spam filter, reducing the potential for spam emails and phishing campaigns getting through to individual accounts.  A report from Verizon showed that 23% of users view phishing emails and 11% open attachments and visit links included. Making sure that the emails reaching users is therefore one of the most successful methods of defense against these attacks.

How to Create a Strong Security Awareness Program

Due to the ever evolving and more intricate nature of hacking, spamming and activity of cyber criminals, it is now vital that all companies, groups and organizations have an effective security awareness program and to make sure all employees, staff and workers know how to recognize email threats.

Threat actors are now creating very sophisticated tactics to download malware, ransomware, and obtain login credentials and email is the attack style of choice. Companies are being targeted and it will only be a matter of time before a malicious email is delivered to an worker’s inbox. It is therefore crucial that employees are trained how to identify email threats and told how they should respond when a suspicious email lands in their inbox.

If security awareness training is not made available for staff then there will be a huge hole in your security defenses. To assist yo in getting back on the right track, we have listed some vital elements of an effective security awareness strategy.

Vital Important Elements of an Strong Security Awareness Program

Have C-Suite Involved

One of the most vital starting points is to see to it that the C-Suite is on board. With board involvement you are likely to be able to dedicate larger budgets for your security training program and it should be simpler to get your plan adapted and followed by all departments in your organization.

In practice, getting the backing of executives to support a security awareness program can tricky. One of the most effective ways to increase the chance of success is to clearly explain the importance of developing a security culture and to back this up with the financial advantages that come from having a strong security awareness program. Provide data on the extent that businesses are being hit, the volume of phishing and malicious emails being shared, and the money that other businesses have had to cover to address email-based attacks.

The Ponemon Institute has completed several major surveys and provides annual reports on the expense of cyberattacks and data breaches and is a good source for facts and figures. Security awareness training companies are also good sources of figures. Current data indicates the benefit of the program and what you require to ensure it is a success.

Get Other Departments On Board

The IT department should not be the only one responsible for developing a strong security awareness training program. Other departments can supply help and may be able to offer additional materials. Try to get the marketing department to support this, human resources, the compliance department, privacy officers. Those outside of the security team may have some valuable input not only in terms of content but also how to provide the training to get the best results.

Create a Continuous Security Awareness Strategy

A one-time classroom-based training session conducted once annually may have once been enough, but due to the rapidly changing threat landscape and the volume of phishing emails now being sent, an annual training session is no longer adequate.

Training should be conducted an ongoing process provided during the year, with up to date information included on present and emerging threats. Each employee is different, and while classroom-based training sessions work for some, they do not work for all employees. Create a training program using a variety of training methods including annual classroom-based training sessions, constant computer-based training sessions, and use posters, games, newsletters, and email alerts to keep security issues to the fore of workers’ minds.

Provide Incentives and Gamification

Reward individuals who have finished training, alerted the group to a new phishing threat, or have scored well in security awareness training and tests. Try to establish competition between departments by publishing details of departments that have performed very well and have the highest percentage of employees who have finished training, have reported the most phishing threats, scored the highest in tests, or have correctly identified the most phishing emails in a round of phishing simulations.

Security awareness training should ideally be interesting. If the training is fun, employees are more likely to want to participate and retain knowledge. Use gamification methods and choose security awareness training providers that offer interesting and engaging content.

Test Knowledge with Phishing Email Simulations

You can conduct training, but unless you test your employees’ security awareness you will not know how effective your training program has been and if your staff have been paying attention.

Before you begin your training program it is important to have a baseline against which you can gauge success. This can be achieved using security questionnaires and completing phishing simulation exercises.

Running phishing simulation exercises using real world examples of phishing emails following training has been completed will highlight which employees are security titans and which need further training. A failed phishing simulation exercise can be transformed into a training opportunity.

Comparing the before and after results will let you see the advantages of your program and could be used to help get more funding.

Train your staff constantly and review their understanding and in a relatively short space of time you can create a highly effective human firewall that complements your technological cyber security security measures. If a malicious email breaks through your spam filter, you can be happy that your employees will have the skills to recognize the threat.

Enterprise Web Filtering

An enterprise web filtering solution must provide a robust defense against web-borne threats along with being flexible in order to meet the requirements of the enterprise. However, flexibility without ease-of-use can result in the solution being useless. If enterprise web filtering software is difficult to configure, filtering parameters may either be set too high – obstructing workflows – or set too low, allowing a gateway for hackers.

At SpamTitan, we are conscious of the possible issues related to enterprise web filtering, and we have developed a range of flexible and easy-to-use enterprise Internet filtering solutions that can be set up and in minutes, that have no upfront costs, and that have low maintenance overheads – releasing IT resources to focus on other important problems. We also provide guidance on how to optimize filtering parameters.

In order to maximize the flexibility of our enterprise web filtering software, we deploy a three-tier filtering mechanism and whitelists to allow access to websites that may otherwise be restricted and to reduce the strain on CPU resources when the solution is reviewing encrypted websites. The three tiers consist of URIBL/SURBL filters, category filters and keyword filters:

  • URIBL/SURBL filters manages requests to visit websites against blacklists of websites known to be harboring malware or who mask their true identities behind proxy servers. They also review for any IP addresses associated with phishing attacks and block access if a match is discovered.
  • Our category filters sort more than six billion web pages into fifty-three different categories (abortion, adult entertainment, alternative beliefs, alcohol, etc.). Network Administrators can block access to any of the categories with the click of a mouse via the centralized management portal.
  • Keyword filters restrict access to websites containing specific words, using specific apps, or inviting installations with specific file extensions. This third tier of our enterprise web filtering software supplies a high level of granularity to prevent workflow obstruction or gateways for hackers.

All the filtering parameters are subject to user policies, which can be established and managed by individual user, user group or enterprise-wide. For ease of use, our enterprise Internet filtering solution can be integrated with Active Directory and LDAP, and allows for many different administrative roles to be created for network managers, policy managers, and reporting managers.

SpamTitan’s variety of flexible and simple-to-use enterprise Internet filtering solutions consist of WebTitan Gateway, WebTitan Cloud, and WebTitan Cloud for WiFi. Each can be deployed within minutes and each has automatic network configuration.

  • WebTitan Gateway is a virtual appliance that is downloaded behind the firewall and can be run as an ISO directly on existing hardware or a virtual infrastructure. It can be used on most operating systems, scalable to thousands of users and supports both HTTP and HTTPS web filtering.
  • WebTitan Cloud takes advantage of cloud-based technology to send an unmatched combination of coverage, accuracy and flexibility with imperceptible latency. Deployment only needs a quick redirection of the enterprise´s DNS to our servers.
  • WebTitan Cloud for WiFi has been specifically created to supports both static and dynamic IP addresses. It keeps wireless networks, single WiFi access points and nationwide networks of WiFi hotspots safe from web-borne threats with the same flexibility and ease of use.

All of our enterprise Internet filtering solutions provide actual-time oversight of network web activity and a suite of reporting options that can be set up to provide deep insight into activity by user, user group, URL or IP address and identify trends or policy violations. Network Administrators can also set up email alerts to notify of any attempts to circumnavigate the enterprise web filtering software.

If your interest in enterprise Internet filtering solutions is a result of you being a Managed Service Provider (MSP) or reseller, you will appreciate that flexibility and ease-of-use is of paramount importance when supplying an enterprise Internet filtering service to clients. The option of managing the solution yourself, or delegating responsibility to each of your clients, may also be of interest to you.

However, some of the biggest benefits of providing our WebTitan service to your clients are that all three WebTitan solutions are multi-tenanted enterprise Internet filtering solutions, they can be provided in white label format for re-branding, and we offer a range of hosting options – in our infrastructure, in your infrastructure, or in a private cloud for each client via AWS. Please speak with us for more information about our services for MSPs.

If you would like to discover more about our flexible enterprise web filtering software, do not hesitate to contact us and talk about your requirements with one of our Sales Technicians. The discussion will help decide the most appropriate enterprise Internet filtering solution for your circumstances, after which you will be asked to take advantage of a thirty day free trial.

During the trial period, you will be supported by our industry-leading Customer and Technical Support experts. They will provide advice about optimizing the filtering parameters, and take you through fine-tuning the enterprise web filtering software to achieve optimum effectiveness. Then, at the end of the free trial, if you choose to continue with our service, no further configuration will be rnecessary.

We are happy that you will find our enterprise web filtering software a strong defense against web-borne threats, flexible and easy-to-use. Contact us today to begin your free trial and you could be evaluating the merits of our enterprise Internet filtering solutions in your own environment quickly.

Network Security

In too many cases, news of data breaches comes with details of the failures in network security that allowed a hacker access to confidential data. Many of these failure are preventable with adequate precautions such as a spam email filter and mechanism for managing access to the Internet.

Almost as many breaches in network security can be blamed on poor employee training. Password sharing, unauthorized installations and poor online security practices can result in hackers gaining easy access to a network and extracting confidential data when they wish to.

It has been well reported that hackers will bypass groups with strong network security and turn their attention to fish that are simpler to catch. Make sure your group does not get caught in the net – set upappropriate web filters and educate your staff on the importance of network security.

Cybercriminals Steal $1.9m in Southern Oregon University Phishing Attack

A Southern Oregon University phishing attack has demonstrated exactly why so many hackers have opted for phishing as their main source of profits.

The Southern Oregon University phishing attack involved just one phishing email. The attackers pretended to be a construction company – Andersen Construction – that was erecting a pavilion and student recreation center at the University.

The attackers spoofed the email address of the construction firm and asked for all future payments be directed to a separate bank account. The university then transferred the next payment of €1.9m to the new account in April.

The university saw that the construction firm had not received the funds three days later. The FBI was made aware of the situation as soon as the fraud was discovered and efforts are continuing to recover the funds. The university reports that the hackers have not withdrawn all of the funds from their account, although a sizeable chunk cannot be located. Joe Mosley, a representative for SOU said, “It’s certainly not all of the money that was transferred, but it’s not just nickels and dimes, either.”

In order for a scam like this to be successful, the hackers would need to be aware that the construction project was taking place and the name of the firm. Such data is not hard to find and universities often have construction projects operational.

These attacks are referred to as Business Email Compromise (BEC) scams. They typically involve a contractor’s email account being hacked and used to send an email to a vendor. It is not known whether the vendors email account had been hacked, but that step may not be necessary to pull off a phishing attack such as this.

Increase in BEC Attacks Prompts FBI Alert for Universities

In this instance, the payment was massive but it is far from an isolated incident. Last month, the FBI published a public service announcement warning universities of attacks such as this.

The FBI warned that access to a construction firm’s email account is not required. All that is required is for the scammer to buy a similar domain to the one used by the firm. Accounts department employees may check the email address and not notice that there is a letter changed.

By the time the university saw that a payment has not been sent, the funds have already been removed from the scammer’s account and cannot be recovered. Payments are often of the order of several hundred thousand dollars.

The FBI advised SOU that there have been 78 such attacks in the past 12 months, some of which have been carried out on universities. However, all groups are in danger from these BEC scams.

The Southern Oregon University phishing attack shows just how simple it can be for cybercriminals to pull off a BEC attack. Securing against this time of scam requires employees to be vigilant and to use extreme caution when requests are made to alter bank accounts. Such a request should always be verified by some means other than email. A telephone call to the construction firm could easily have prevented this scam before any transfer was completed.

Privacy Online

Despite the high profile given to Internet privacy on mainstream media, there still appears to be naivety among certain Internet users about keeping their personal details safe. Thousands of data breaches impacting millions of people are reported every year, yet one still comes across the same stories about Internet users having the same passwords for a range of different sites.

Whether a password is in place for a social media account, an online shopping site or an online banking portal, it should be a) unique, b) hard to guess, and c) changed often. To manage your Internet privacy, only ever give the minimum amount of information required and only if you have complete confidence in the website you are giving it to.

Social Media

Social media can be a key factor of a  group’s marketing operations – it can also be the gateway for many online threats. Internet users who choose not to use unique passwords for their online activities, share their passwords, or willingly provide confidential information without due consideration for the security implications can be risking the online security of an entire group.

Instead of an employee threaten the integrity of your group’s online security, it is in your best interests to implement an Internet filtering solution from TitanHQ. An Internet filtering solution – and proper training about the risks of communicating confidential data online – can address the risk of your organization´s online defenses being compromised by an staff member’s carelessness or naivety.

Email Spam & Phishing Campaigns

Phishing and email spam is thought to cost businesses over $1 billion each year, and hackers are becoming more complex in the campaigns they launch to try to steal confidential data or passwords from innocent Internet users.

Part of the reason why phishing and email spam still work is the language used within the communication. The message to “Act Now” because an account seems to have been impacted, or because a colleague seems to need urgent support, often causes people to act before they think.

Even experienced security consultants have been caught by phishing and email spam, and the advice provided to every Internet user is:

  • If you do not know whether an email request is legitimate, try to verify it by contacting the sender independently of the information given in the email.
  • Never handover confidential data or passwords requested in an email or on a web page you have arrived at after clicking on a link in an email.
  • Turn on spam filters on your email, keep your anti-virus software up-to-date and turn on two-step authentication on all your accounts whenever you can.
  • Always use different passwords for separate accounts, and amend them frequently to stop being a victim of keylogging malware downloads.
  • Remember that phishing and email spam is not restricted to email. Watch out for scams sent through social media channels.

Phishing in particular has become a popular attack vector for hackers. Although phishing goes back to the first days of AOL, there has been a tenfold increase in phishing campaigns over the past 10 years reported to the Anti-Phishing Working Group (APWG).

Phishing is an extension of spam mail and can focus on small groups of people (spear phishing) or target executive-level management (whale phishing) in order to gather data or obtain access to computer systems.

The best way to safeguard yourself from phishing and email spam is to use the advice provided above and – most importantly – enable a reputable spam filter to block possibly unsafe emails from being sent to your inbox.

Advice on Spam

The main focus of our spam advice section is to keep you informed with the latest news on new email spam campaigns, email-based threats and anti-spam solutions that can be deployed to prevent those threats.

Email spam is more than an annoyance. Even if the amount of spam emails received by employees is relatively small, it can be a major drain on productivity, especially for groups with hundreds or thousands of employees. This section includes articles offering advice on how to reclaim those lost hours by cutting the number of messages that are delivered to your employees’ inboxes.

However, much worse than the lost hours are the malware and ransomware threats that arrive through spam email. Email is now the number one attack vector used by hackers to deliver malware and ransomware. Hackers are now using increasingly sophisticated methods to get around security solutions. Today’s spam emails use advanced social engineering tactics to trick end users into revealing login details and other sensitive information, and installing malicious software on their computers.

Major advances have also been made to malware and ransomware. Self-replicating worms are being used to infiltrate entire networks before ransomware attacks take place, maximizing the damage caused and the ransom payments that can be generated. The cost to industry is significant. In 2018 ransomware attacks resulted in $1 billion in losses by companies, with 2017 expected to see those losses increase to a staggering $4 billion. Blocking spam email messages from being sent  is therefore an essential element of any cybersecurity policy.

Good spam advice can help groups take action promptly to reduce the danger of email-based attacks.

DattoCon2019 Sponsor TitanHQ Helps Solve MSP Woes in San Diego

TitanHQ is excited to announce it will be a sponsor of the upcoming DattoCon19 MSP conference in San Diego on June 17-19.

The three-day conference is the premier event for managed service providers in the United States. Industry-leading MSPs, industry experts, and vendors will be holding sessions where MSPs can gain valuable insights into the business, learn best practices for maximizing profits and boosting sales growth, and discover the myriad of opportunities to boost monthly recurring revenue (MRR). Training will be offered on Datto solutions and vendors will be on hand to answer questions and solve MSP problems.

The focus on improving business impact growth and profitability, learning sessions, and networking opportunities greatly benefit MSPs. On average, DattoCon attendees achieve an increase of 41% year-over-year growth in MMR compared to those that failed to attend the conference.

TitanHQ will be on hand to provide MSPs with information on three cloud-based MSP solutions:

DattoCon19 attendees are encouraged to visit TitanHQ at booth 23 at the conference to:

  • Learn about TitanShield, TitanHQ’s exclusive partner program for MSPs
  • Find out about the TitanHQ technology that provides the web security layer for Datto D200 and DNA boxes
  • Discover TitanHQ solutions for MSPs
    • SpamTitan Cloud – Spam filter offering phishing and malware protection
    • WebTitan Cloud – DNS Filter for content control and protection from web-based attacks
    • ArcTitan – Email archiving for compliance
  • Find out how to better protect Office 365 from email-based attacks
  • Discover the considerable benefits switching from Cisco Umbrella to WebTitan
  • Benefit from DattoCon19 show pricing

TitanHQ will also be running a daily raffle to win a bottle of vintage Irish whiskey and will be co-hosting two parties at DattoCon19: GasLamp District Takeovers on Monday 6/17 and Wednesday 6/19.

Rocco Donnino, Executive Vice President-Strategic Alliances, TitanHQ will be a panel member at the Datto Select Avendors!! Event on Monday June 17, between 3PM and 5PM.

This new event aims to solve some of the most pressing MSP problems with a panel of experts on hand to offer potential solutions.

TitanHQ Vintage Whiskey Raffle Winners

DattoCon Details

DattoCon19 will be taking place in San Diego, California on June 17-19, 2019
If you are not yet registered for the event you can do so here.

TitanHQ will be at booth 23

Contact the TitanHQ team in advance:

  • Rocco Donnino, Executive Vice President-Strategic Alliances, LinkedIn
  • Eddie Monaghan, MSP Alliance Manager, LinkedIn
  • Marc Ludden, MSP Alliance Manager, LinkedIn

TitanHQ Ranks Top in G2 Best Software Companies in EMEA 2019 List

The global user review website G2 has produced a list of the best software companies in EMEA in 2019, highlighting the companies that are the most loved by users of their products.

G2 is a business software and services review website that allows confirmed users of software products and services to give their honest feedback on the products and services that they use at their place of work on a day to day basis.

The G2 website now covers more than 80,000 products, has more than 750,000 user reviews, and is used by millions of business users to help them make smarter purchasing decisions.

“G2’s ever-expanding breadth and depth of product, review, and traffic coverage provide over 5 million data points to help buyers navigate the complex world of digital transformation”, said G2 CEO Godard Abel. “In our Best Software Companies in EMEA list, we leverage this data to identify the companies our users tell us are best helping them reach their potential”.

The list was compiled after assessing more than 66,000 user reviews and examining more than 900 companies. Thanks to overwhelming positive feedback by users of its products, TitanHQ has earned top spot in the Q2 Best Software Companies in EMEA 2019 List.

“TitanHQ earned its place on the list thanks to the value our customers place on the uncompromised security and real-time threat detection we provide,” said Ronan Kavanagh, CEO, TitanHQ. “The overwhelmingly positive feedback from on G2 Crowd is indicative of our commitment to ensuring the highest levels of customer success.”

Irish Phishing Study Shows Millennials’ Confidence in Security Awareness is Misplaced

A recent study on phishing activity in the Irish market has revealed that up to 185,000 office workers in the country have fallen victim to phishing scams.

Phishing messages are broadcast in bulk in the hope that some people will reply, or campaigns can be much more targeted. The latter is referred to as spear phishing. With spear phishing attacks, hackers often research their victims and tailor messages to maximize the probability of them eliciting a reply.

A successful phishing attack can see workers share their email credentials which allows their accounts to be accessed. Then the hackers can search emails accounts for sensitive data or use the accounts to conduct further phishing attacks on other employees. When financial data is shared is disclosed, business bank accounts can be drained.

Businesses can suffer major financial losses due to employees responding to phishing emails, the reputation of the business can be damaged, customers can be lost, and there is also a risk of major regulatory penalties.

The Irish phishing study surveyed 500 Irish office workers using consultancy firm Censuswide. Respondents to the Irish phishing study were asked questions about phishing, whether they had fallen for a phishing scam historically, and how they rated their ability to spot phishing attacks.

In line with findings from surveys carried out in other countries, 14% of respondents confirmed that they had been a victim of a phishing attack. There were also marked differences between different age groups.  Censuswide analyzed three age groups: Millennials, Gen X, and baby boomers. The latter two age groups were fairly resistant to phishing efforts. Gen X were the most phishing-savvy, with just 6% of respondents in the age group admitting to having been tricked by phishing emails in the past, closely followed by the baby boomer generation on 7%. However, 17% of millennials confirmed that they have fallen for a phishing scam – The generation that should, in theory, be the most familiar with technology.

Interestingly, millennials were also the most confident in their ability to spot phishing attempts. 14% of millennials said they would not be certain that they could spot fraud, as opposed to 17% of Gen X, and 26% of baby boomers.

It is simple to be confident about one’s ability to recognize standard phishing efforts, but phishing attacks are becoming much more complex and very realistic. Complacency can be harmful.

The outcomes of the Irish phishing study make it obvious that companies need to do more to protect themselves from phishing attacks. Naturally, an advanced spam filtering solution is necessary to ensure that employees do not have their phishing email identification skills put to the test constantly. SpamTitan, for example, prevents more than 99.9% of spam and phishing emails, thus reducing reliance on employees’ ability to spot scam emails.

The Irish phishing study also emphasises the importance of providing security awareness training to employees. The study showed that 44% of the over 54 age group had opened an attachment or clicked on a link in an email from an unknown source, as had 34% of millennials and 26% of the Gen X age group. Alarmingly, one in five respondents said that their employer had not given any security awareness training whatsoever.

Employees need to be aware of how to identify scams, so security awareness training must be provided. Since cybercriminals’ tactics are always evolving, training needs to be continuous. Annual or biannual training sessions should be conducted along with shorter refresher training sessions. Businesses should also think about conducting phishing email simulations to test resilience to phishing attacks and uncover weak links.


Free Bart Ransomware Decryptor Made Available

Bitdefender has created a free Bart ransomware decryptor that permits victims to unlock their files without meeting a ransom demand.

Bart Ransomware was first discovered in June 2016. The ransomware variant stood out from the others due to its ability to encrypt files even without an Internet connection. Most ransomware variants rely on a link to their command and control server to generate public-private key pairs; however, Bart ransomware does not. Only the decryption process needs an Internet connection to transfer the ransom payment and get the decryption key.

Bart ransomware posed a major threat to corporate users. Command and control center communications could possibly be prevented by firewalls preventing encryption of files. However, without any C&C contact, corporate users were in danger.

Bart ransomware was thought to have been developed by the gang behind Locky and the Dridex banking Trojan. Bart ransomware shared a large portion of code with Locky, was distributed in the same manner and used a ransom message very similar to that implemented by Locky.

As with Locky, Bart ransomware encrypted a wide variety of file types. While early versions of the ransomware variant were fairly uncomplicated, later versions saw flaws addressed. Early versions of the ransomware variant prevented access to files by locking them in password-protected zip files.

The initial method of locking files was ‘cracked’ by AVG, although only by guessing the password using brute force tactics. In order for the brute force method to work, a copy of an encrypted file along with its unencrypted original was necessary. In later versions of the ransomware, the use of zip files was ended and AVG’s decryption technique was rendered ineffective. The encryption process used in the more recent versions was much stronger and the ransomware had no known weaknesses.

Until Bitdefender developed the most recent Bart Ransomware decryptor, victims had two choices – recover encrypted files from backups or pay the attackers’ ransom demand.

Luckily, Bitdefender was able to create a Bart Ransomware decryptor from keys supplied by Romanian police which were obtained during a criminal review. The Bart ransomware decryptor was created by Bitdefender after working with both the Romanian police and Europol.

From April 4, 2017, the Bart ransomware decryptor has been made available for free installation from the No More Ransom website. If your files have been encrypted by ransomware, it is possible to see if the culprit is Bart from the extension added to encrypted files. Bart uses the .bart, .perl, or extensions.

Bart ransomware may be thought to have links to Locky, although there is no indication that keys have been obtained that will permit a Locky ransomware decryptor to be created. The best form of security against attacks is blocking spam emails to stop infection and ensuring backups of all sensitive data have been put in place.

Web Filtering – DNS Based

DNS based web filtering employs cloud technology to send an Internet content filtering service equally as effective as hardware or software solutions, but without the capital spending and high maintenance overheads of either. As with most cloud-based technologies, DNS based web filtering software is convenient and reliable, and –vital for many businesses these days – scalable.

Additionally, in order to be fully effective against online threats, any Internet filtering solution has to have SSL inspection in order to review the content of encrypted web pages. Whereas SSL inspection can drain CPU resources and memory when incorporated in hardware and software solutions, with DNS based web filtering the inspection process is done in the cloud – thus enhancing network performance.

In order to filter Internet content through a Domain Name Server (DNS), you need to sign up for a web filtering service. The service provider gives you a browser-based account you sign into, add your external IP address and set your web filtering policy. Then you simply send your DNS system settings to the service provider´s web filtering service.

If you have multiple web filtering policies for different roles within your group, tools are in place to integrate management tools such as LDAP and Active Directory with the web filtering service. It is also possible to implement a DNS proxy for per user reporting and select from a number of predefined reports. Alternatively, it is a simple process to customize your own reports.

Because of the way in which DNS based web filtering works, it is compatible with every type of network and operating system. Multiple locations and domains can be managed from one management portal, and – due to the SSL inspection process being conducted in the cloud – end users will not experience the latency usually associated with hardware and software solutions.

The two most recorded reasons given for putting in place an Internet content filter are to safeguard the company from web-borne threats and to enforce acceptable use policies. DNS based web filtering achieves both these targets by using a three-tier mechanism for filtering Internet content. The three tiers work together to maximize the company’s security and stop users accessing material that could hinder productivity or cause offense.

The first tier includes SURBL and URIBL filters. These are commonly referred to as blacklists and they compare each request to visit a website against IP addresses from which malware downloads, phishing attacks and spam emails are known to have spawned from. When matches are found, the request to visit the website is denied.  Blacklists are supplied and updated by your service provider.

Behind the blacklists, category filters and keyword filters provide the second and third lines of security. These can be applied by system administrators to stop users visiting websites within certain categories (social networking for instance), or those likely to contain material that would be inappropriate for an office setting. Keyword filters can also be used to prevent users obtaining specific content or web applications, or downloading files with extensions most associated with malware.

Exemptions to general policies can be applied to user or user group if access to a website or web application is required by a department within the company. For instance, you may not want your employees to engage in personal Internet banking during working hours, but it is likely vital your finance department has access to online banking services. Similar exemptions could be made (say) if your marketing department needed view to the company´s Facebook or Twitter accounts.

SpamTitan offers businesses a choice of DNS based web filtering solutions – WebTitan Cloud for companies with fixed networks, and WebTitan Cloud for WiFi for companies supplying a wireless service to end users. Both DNS based web filtering solutions have been created with maximum ease of use, maximum granularity and maximum defense against web-borne threats.

Along with being versatile and effective DNS based web filtering solutions, both WebTitan Cloud and WebTitan Cloud for WiFi are packed full of features to safeguard your company. Both solutions have best-in-class malicious URL detection, phishing protection and antivirus software – all of which is updated automatically. We also update our filtering mechanisms in real time – including the categorization of new websites as they are released.

Our service grows in line with your company, so you never have to be concerned about adding new users or even multiple networks. WebTitan Cloud and WebTitan Cloud for WiFi are infinitely scalable, with no bandwidth restrictions, and no latency issues. Unless you advise them, your users will never know they are being protected from web-borne threats until they try to visit an unsafe or inappropriate web page.


  • No capital outlay or high maintenance overheads.
  • Convenient, trustworthy and infinitely scalable.
  • SSL inspection carried out in the cloud.
  • Enhanced network performance.
  • Supports unrestricted web filtering policies.
  • Compatible with every operating system.
  • Centralized, Internet-based management.
  • Can be used on fixed and wireless networks.
  • No bandwidth restrictions or latency problems.

If you would like to get a feel for the benefits of DNS based web filtering for free, do not hesitate to get in touch with us. We are offering firms the chance to try WebTitan Cloud or WebTitan Cloud for WiFi for free, with no set up costs or credit cards required, no contracts to complete, and no commitment to continue using our service at the end of the thirty-day trial time duration.

To discover more about this opportunity, talk with one of our Sales Technicians today. They will answer any questions you have about DNS based web filtering and guide you through the process of establishing your free account. If you later require any help redirecting your DNS or navigating the management portal, we are always here to assist you.

Email Retention Legislation in the U.S.

Email retention laws in the United States require companies to maintain copies of emails for many years. There are federal laws applying to all companies and groups, data retention laws for specific industries, and a swathe of email retention laws in the United States at the individual state level. Ensuring compliance with all the proper email retention laws in the United States is vital. Non-compliance can prove incredibly expensive Multi-million-dollar fines await any group found to have breached federal, industry, or state regulations.

All electronic files must be retained by U.S groups, which extends to email, in case the information is required by the courts. eDiscovery requests often require massive volumes of data to be provided for use in lawsuits and the failure to provide the data can land a group in serious trouble. Not only are heavy fines issued, groups can face criminal proceedings if certain data is erased.

For decades, U.S groups have been required to store documents. Document retention laws are included in numerous legislative acts such as the Civil Rights Act of 1964, the Executive Order 11246 of 1965, the Freedom of Information Act of 1967, the Occupational Safety and Health Act of 1970, and the Reform and Control Act of 1986; however, just over 10 years ago, data retention laws in the United States were updated to grow the definition of documents to include electronic communications such as emails and email attachments.

To enhance awareness of the many different email retention laws in the United States, a summary has been included in this article. Please remember that this is for information purposes only and does not constitute legal advice. For legal counsel on data retention laws in the United States, we recommend you get in touch with your legal representatives. Industry and federal electronic data and email retention legislation in the United States are also subject to amendment. Up to date information should be sought from your legal team.

As you can see from the list here, there are several federal and industry-specific email retention pieces of legislation in the United States. These laws apply to emails received and shared, and include internal as well as external emails.

Email retention legislation Who it is applicable to How long emails must be kept
IRS Regulations All companies 7 Years
Freedom of Information Act (FOIA) Federal, state, and local agencies 3 Years
Sarbanes Oxley Act (SOX) All public companies 7 Years
Department of Defense (DOD) Regulations DOD contractors 3 Years
Federal Communications Commission (FCC) Regulations Telecommunications companies 2 Years
Federal Deposit Insurance Corporation (FDIC) Regulations Banks 5 Years
Food and Drug Administration (FDA) Regulations Pharmaceutical firms, food manufacturers, food storage and distribution firms, manufacturers of biological products Minimum of 5 years rising to 35 years
Gramm-Leach-Bliley Act Banks and Financial Institutions 7 Years
Health Insurance Portability and Accountability Act (HIPAA) Healthcare groups (Healthcare providers, health insurers, healthcare clearinghouses and business associates of covered bodies) 7 Years
Payment Card Industry Data Security Standard (PCI DSS) Credit card businesses and credit card processing groups 1 Year
Securities and Exchange Commission (SEC) Regulations Investment banks, investment advisors, brokers, dealers, insurance agents & securities companies Minimum of 7 years up to a lifetime


Email retention legislation in the United States that are applied by each of the 50 states are beyond the reach of this article.  There area also European Union laws, such as the GDPR email requirements.

Storing emails for a few years is not likely to take up masses of storage for a small company with a couple of members of staff. However, the more employees a group has, the greater the need for extensive resources just to store emails. The average size of a business email may only be 10KB, but multiply that by 123 – the average number of emails sent and received each day by an average company user in 2016 (Radicati email statistics report 2015-2019), and by 365 days in each year, and by the number of years that those emails need to be maintained, and the storage requirements become massive.

If any emails ever need to be obtained, it is vital that any email archive or backup can be searched. In the case of standard backups, that is likely to be an incredibly long process. Backups were not created to be searched. Finding the right backup alone can be almost impossible, let along finding all emails sent to, or received from, a specific company or person. Backups have their uses, but are not suitable for companies for email retention purposes.

For that, an email archive is necessary. Email archives contain structured email data that can easily be reviewed and searched. If ever an eDiscovery order is received, finding all email correspondence is a quick and simple task. Since many email archives are cloud based, they also do not require large storage resources. Emails are stored in the cloud, with the space provided by the service supplier.

ArcTitan is a cost-effective, quick and easy-to-manage email archiving solution supplied by TitanHQ that meets the needs of all businesses and enables them to adhere with all email retention laws in the United States.

ArcTitan includes a variety of security protections to ensure stored data is kept 100% secure and confidential, with email data encrypted in transit and storage. As opposed to many email archiving solutions, ArcTitan is fast. The solution can process 200 emails per second from your email server and archived emails can be retrieved instantly though a a browser or Outlook (using a plugin). Emails can be archived from any location, whether in the office or on the go via a laptop or tablet. There are no restrictions on storage space or the number of users. The solution can be scaled up to meet the needs of companies of all shapes and sizes.

To find out more about ArcTitan, get in touch with the TitanHQ team today.

Paypal Phishing Scam

An important factor in a successful phishing attack is establishing trust.  Users need to trust the source that the phishing message is sent from.  That’s why hackers often spoof the email address of a senior executive or vendor contact message so the payload looks like it was sent from a credible source. Phishing can be sent via email or your phone via voice or SMS. Currently doing the rounds is a very believable Paypal text phishing attempt.

The text message is sent from from a shortcode number *729724*  and reads:


Upon first viewing, it may appear to be a PayPal link, but on closer inspection, it clearly takes you to a different domain.  The text warns that your PayPal account has been locked out and asks you to follow a link to restore access.  If you visit the link as requested, a fake PayPal webpage is loaded in your smartphone’s browser.

Everyone who is sent one of these Paypal texts to delete it at once. Always review your messages before you click, or even better – just don’t visit the link and contact PayPal directly.

Phishing messages can originate from an increasing number of sources, such as:

  • Email accounts
  • Phone calls
  • Fraudulent software (e.g, anti-virus)
  • Social Media communications (e.g., Facebook, Twitter)
  • Adverts
  • SMS

In most cases random phishing attacks are identified by email filters, but spear phishing attacks are much more complex and use employee background data to avoid filters and provide a higher level of ROI for the hacker. A hacker can spend days (weeks even) gathering data on employees and use this data to email them directly.

With the SpamTitan Email Filter, you can fully safeguard your exchange server and every recipient within the group. SpamTitan provides phishing protection to stop whaling and spear phishing by scanning all inbound email in actual time.

SpamTitan searches for standard indicators in the email header, domain information, and content. SpamTitan also carries out reputation analysis on all links (including shortened URLs) included in emails and block malicious emails before being sent to the end user.

How SpamTitan pro from phishing attacks:

  • URL reputation analysis during scanning for multiple reputations.
  • Discover and block malicious spear-phishing emails with either current or new malware.
  • Heuristic rules to identify phishing based on message headers et al. These are updated often to address new threats.
  • Simple synchronization with Active Directory and LDAP.
  • Spam Confidence Levels can be entered by user, user-group and domain.
  • Whitelisting or blacklisting senders/IP addresses.
  • Infinitely scalable and universally applicable

How WebTitan Internet Filtering Solutions Protect against Phishing

WebTitan provides an advanced yet easy to use DNS-based solution to safeguard your company and users when online. In real-time, it both secures and protects your business from online threats including malware, phishing, botnets and malicious sites.  WebTitan uses multiple mechanisms to help network administrators filter web access properly. The threats from malware, ransomware, and phishing are addressed with pre-installed and automatically updated blacklists, SURBL filters, and URIBL filters. SSL inspection checks for the presence of malware in encrypted websites, and every web page is virus scanned.

The WebTitan range of Internet filtering solutions has been specifically created with protection against malware, ransomware, and phishing as a priority, and flexibility and ease of use in mind also. Each WebTitan solution is backed up with industry-leading customer and technical service to help network administrators apply the optimum settings to filter web access effectively in all cases.

If you are searching for an effective Internet filtering solution, or you have tried different solutions to filter web access and found them not to be effective, please do not hesitate to contact us and ask for a free trial of a WebTitan Internet filtering solution. Our team of Sales Technicians will help figure out which solution is the most appropriate for your specific requirements and explain our free trial for you.

We would also like to hear from any Managed Service Provider searching for a multi-tenanted solution to filter web access on behalf of SMBs. Our free trial gives you the chance to evaluate our industry-leading Internet filtering solution in your own environment, and your clients the opportunity to supply feedback on how effective WebTitan is at stopping all types of malware, ransomware and phishing campaigns.

To safeguard against advanced threats you need advanced security. Take a better look at SpamTitan and WebTitan today – and sign up for a free demo.

Campaigns Delivering Marap and Loki Bot Malware Using CO and IQY Spam Files

A spam email campaign is being carried out aimed at corporate email accounts to share Loki Bot malware. Loki Bot malware is an information stealer that can obtain passwords saved on browsers, obtaining email account passwords, FTP client logins, cryptocurrency wallet passwords, and passwords used for messaging applications.

In addition to obtaining saved passwords, Loki Bot malware has can complete keylogging and download/run executable files. All data  captured by the malware is sent to the hacker’s C2 server.

Kaspersky Lab security experts recorded an increase in email spam activity targeting corporate email accounts, with the campaign found to be used to share Loki Bot malware. The malware was sent hidden in a malicious email attachment.

The intercepted emails included an ICO file attachment. ICO files are duplicates of optical discs, which are usually mounted in a virtual CD/DVD drive to open. While expert software can be implemented to open these files, most modern operating systems can access the contents of the files without the need for any other software.

In this instance, the ICO file includes Loki Bot malware and double clicking on the file will lead to the installation of the malware on operating systems that support the files (Vista and later).

It is relatively unusual for ICO files to be used to send malware, although not unheard of. The unfamiliarity with ICO files for malware delivery may see end users try to open the files.

The campaign included a wide variety of lures including spoof purchase orders, speculative enquiries from businesses including product lists, fake invoices, bank transfer details, payment requests, credit notifications, and payment confirmations. Well-known businesses such as Merrill Lynch, Bank of America, and DHL were just some of the emails.

Half a Million Routers Infected by VPNFilter Malware

What is believed to be a nation-state sponsored hacking group has managed to infect around half a million routers with VPNFilter malware.

VPNFilter is a modular malware that can carry out various functions, including the reviewing all communications, beginning attacks on other devices, theft of credentials and data, and even destroying the router on which the malware has been placed. While the majority of IoT malware infections – including those used to create large botnets for DDoS attacks – are not capable of surviving a reboot, VPNFilter malware can survive a reset like this.

The malware can be downloaded on the type of routers often used by small companies and consumers such as those produced by Netgear, Linksys, TP-Link and MikroTik, as well as network-attached storage (NAS) devices from QNAP, according to security experts at Cisco Talos who have been monitoring infections over the last while.

The ultimate target of the hackers is unknown, although the infected devices could potentially be used for a wide variety of malicious activities, including major cyberattacks on critical infrastructure, such as disrupting power grids – as happened with BlackEnergy malware.

Since it is possible for the malware to turn off Internet access, the threat actors to blame for the campaign could easily stop large numbers of individuals in a targeted region from going online.

While the malware has been placed on routers around the world – infections have been seen in 54 countries – the majority of infections are in Ukraine. Infections in Ukraine have increased greatly in recent weeks.

While the investigation into the campaign is still current, the decision was taken to go public due to a huge increase in infected devices over the past three weeks, together with the incorporation of advanced capabilities which have made the malware a much more major threat.

While the security expert researchers have not blamed Russia directly, they have found parts of the code which are identical to that used in BlackEnergy malware, which was implemented in many attacks in Ukraine. BlackEnergy has been linked to Russia by some security experts. BlackEnergy malware has been deployed by other threat actors not believed to be tied to Russia to the presence of the same code in both forms of malware is not solid proof of any link to Russia.

The FBI has gone an additional step by attributing the malware campaign to the hacking group Fancy Bear (APT28/Pawn Storm) which has links to the Russian military intelligence agency GRU. Regardless of any nation-state backing, the complex nature of the malware means it is the work of a particularly advanced hacking group.

Most of the infiltrated routers are aging devices that have not received firmware updates to address known flaws and many of the attacked devices have not had default passwords changed, leaving them vulnerable to attack. It is not entirely obvious how devices are being infected although the exploitation of known flaws is most probable, rather than the use of zero-day exploits; however, the latter has not been eliminated.

There had been Some progress has been made disrupting the VPNFilter malware campaign. The FBI has seized and sinkholed a domain in use by the malware to send information to the threat group behind the campaign. Without that domain, the hackers cannot manage the infected routers and neither identify new devices that have been infected.

Making sure a router is updated and has the most recent version of firmware will offer some degree of protection, as will changing default passwords on vulnerable devices. Sadly, it is not easy to tell if a vulnerable router has been infected. Carrying out a factory reset of a vulnerable router is strongly recommended as a precautionary measure.

Resetting the device will not remove he malware, but it will succeed in removing some of the additional code installed on the device. However, those additional malware components could be installed again when contact is re-established with the device.

Zyklon Malware Spam Campaign Discovered

Hackers are focusing on the insurance, telecoms, and financial service sectors with Zyklon malware. A large-scale spam email campaign has been discovered that leverages three separate Microsoft Office vulnerabilities to install the malicious payload.

Zyklon malware has been seen before. The malware variant was first seen at the beginning of 2016, but it stopped being seen soon after and was not extensively used until the start of 2017.

Zyklon malware is a backdoor with a wide variety of malicious functions. The malware behaves as a password harvester, keylogger, and data scraper, obtaining sensitive data and obtaining credentials for further attacks. The malware can also be implemented to complete DoS attacks and mine cryptocurrency.

The most recent variant of Zyklon malware can install and run various plugins and additional malware variants. It can spot, decrypt, and steal serial keys and license numbers from over 200 software packages and can also hijack Bitcoin addresses.  All told, this is a strong and particularly nasty and damaging malware variant that is best avoided.

While the most recent campaign uses spam email, the malware is not shared as an attachment. A zip file is attached to the email that includes a Word document. If the document is extracted, opened, and the embedded OLE object run, it will lead to the download of a PowerShell script, using one of three Microsoft Office weaknesses.

The first vulnerability is CVE-2017-8759: A Microsoft NET vulnerability that was addressed in a patch released by Microsoft in October.

The second ‘vulnerability’ is Dynamic Data Exchange (DDE) – a protocol part of Office that allows data to be shared via shared memory. This protocol is used to deliver a dropper that will download the malware payload. This vulnerability has not been addressed with a patch, although Microsoft has released guidance on how to disable the feature to prevent exploitation by hackers.

The third vulnerability is much older. CVE-2017-11882 is a remote code execution flaw in Microsoft Equation Editor that has been in existence  in 17 years. The flaw was only recently identified and patched by Microsoft in November.

The next stage of infection – The PowerShell script – serves as a dropper for the Zyklon malware payload.

According to the FireEye security experts who identified the campaign, the malware can remain unseen by hiding communications with its C2 using the Tor network. “The Zyklon executable contains another encrypted file in its .Net resource section named tor. This file is decrypted and injected into an instance of InstallUtiil.exe, and functions as a Tor anonymizer.”

Campaigns like this highlight the importance of applying patches quickly. Two of the vulnerabilities were patched in the Autumn of 2017, yet many groups have yet to apply the patches and remain vulnerable. If patches are not run, it will only be a matter of time before vulnerabilities are targeted.

FireEye researchers have warned that while the campaign is currently only focusing on three industry sectors, it is probable that the campaign will grow to target other industry sectors in the near future.

The advice is to put in place an advanced cloud-based anti-spam service such like SpamTitan to identify and quarantine malicious emails,  and ensure that operating systems and software is kept updated.

Kelihos Botnet Takedown: Spam King Arrested

Recently the U.S. Department of Justice revealed that a world-renowned email spammer had been apprehended as part of an operation to disrupt and take down the infamous Kelihos botnet.

The Kelihos botnet is a group of tens of thousands of computers that are used to deploy massive spamming campaigns comprising millions of emails. Those spam emails are used for a range of nefarious purposes including the spreading of ransomware and malware. The botnet has been widely deployed to spread fake antivirus software and spread credential-stealing malware.

Computers are placed to the Kelihos botnet with malware. Once installed, Kelihos malware runs silently and users are not conscious that their computers have been hijacked. The Kelihos botnet can be quickly weaponized and deployed for a rangeof malicious purposes. The botnet has, on earlier occasions, been used for spamming campaigns that artificially inflate stock prices, promote counterfeit drugs and recruit people to fraudulent work-at-home projects.

Pyotr Levashov is thought to manage the botnet in addition to conducting a wide range of cybercriminal activities out of Russia. In what turned out to be an unwise decision, Levashov left the relative safety of his home country and travelled to Barcelona, Spain on holiday. Levashov was apprehended on Sunday, April 9 by Spanish authorities acting on a U.S. backed international arrest warrant.

Levashov is thought to have played a role in the alleged Russian interference in the U.S. presidential election in 2016, although Levashov is most famous for his spamming activities, click fraud and DDoS attacks.

Levashov, or Peter Severa as he is otherwise referred to, is heavily involved in sharing virus spamming software and is thought to have created many numerous viruses and Trojans. Spamhaus lists Levashov in seventh place on the list of the 10 worst spammers.

Levashov is thought to have operated many operations that connected virus developers with spamming networks, and is suspected of running the Kelihos botnet, the Waledac botnet – which was decommissioned by law enforcement in 2010 – and the Storm botnet.  Levashov was indicted for his participation in the latter in 2009, although he managed to avoid extradition to the United States. At the time, Storm was the biggest spamming botnet in operation and was deployed to send millions of emails every day. Levashov also moderates many spamming forums and is a prominent figure in underground circles. Levashov is believed to have been extensively participating in spamming and other cybercriminal projects for the past 20 years; although to date he has not  been convicted.

A statement published by the U.S. Department of Justice say: “The operation announced today targeted an ongoing international scheme that was distributing hundreds of millions of fraudulent e-mails per year, intercepting the credentials to online and financial accounts belonging to thousands of Americans, and spreading ransomware throughout our networks.”

The DOJ project a;so included the takedown of domains associated with the Kelihos botnet starting on April 8, 2017. The DOJ says closing down those domains was “an extraordinary task.”

While it is definitely good news that such a high profile and prolific spammer has been arrested and the Kelihos botnet has been severely hampered, other hackers are likely to soon take Levashov’s place. Vitali Kremez, director of research at Flashpoint said his firm had seen chatter on underground forums indicating other major hackers are reacting to the news of the arrest by taking acting to safeguard their own operations. There may be a blip in the amount of email spam broadcast, but that blip is only likely to be temporary.


SpamTitan Named Leader in G2 Crowd Secure Email Gateway Performance Report

SpamTitan from TitanHQ has been named the leader in the Spring 2019 G2 Crowd Secure Email Gateway Performance Report.

Chicago, Illinois-based G2 Crowd was formed in 2012 to help businesses make the right software purchasing decisions. The company runs a peer-to-peer review platform that amalgamates software reviews to give business professionals an accurate picture of the usability of software solutions and how they match up to expectations.

Finding a software solution that ticks all the right boxes is one thing. Finding a solution that works in practice and is easy to use is another matter entirely. Many businesses only discover that a poor purchasing decision has been made after licenses have been purchased and a product has been implemented, by which time it is too late to change.

The G2 Crowd platform informs purchasing decisions and allows business professionals, investors, and buyers to make the right choice first time. The platform incorporates more than 500,000 user reviews and attracts more than 1.5 million visitors a month.

In addition to the website, G2 Crowd compiles and published a series of Grid reports each quarter. The grid reports are based on customer satisfaction and market presence and let businesses know the best software solutions to purchase.

In order to be included in the Spring 2019 G2 Crowd Secure Email Gateway Performance Report, secure email gateway solutions had to have the following capabilities:

  • Ability to scan incoming messages for potentially malicious content
  • Scan for malware, viruses and other malicious code and filter out those messages
  • Allow whitelisting or blacklisting to control suspicious accounts
  • Securely encrypt communications
  • Incorporate email archiving functionality for compliance.

The secure email gateway solutions assessed for the report were offerings from TitanHQ, Cisco, McAfee, SolarWinds, Barracuda, Barracuda Essentials, Proofpoint, Symantec, MobileIron, Sophos, Security Gateway, and Mimecast.

Each solution was assessed and assigned a position in the G2 Crowd Grid. Niche solutions had a small market presence and low customer satisfaction level, Contenders had strong market presence but low customer satisfaction level. High Performers had low market presence but scored highly for customer satisfaction, and the Leaders quadrant contained products that scored highly for customer satisfaction with a strong market presence.

SpamTitan was the out and out leader, scoring highest for customer satisfaction across all categories under assessment: Quality of support, ease of use, meets requirements, and ease of administration. Scores in those categories ranged from 90% to 94%.

TitanHQ the leader in business email security, today announced it has been recognized as a leader in the G2 Crowd Grid? Spring 2019 Report for Email Security.

97% of users of SpamTitan gave the product a score of 4 or 5 stars out of 5 and 92% said they would recommend SpamTitan to other businesses.

TitanHQ’s web security gateway was also rated in the Spring 2019 G2 Crowd Secure Web Gateway Performance Report, and was named a Strong Contender, achieving a score of 94% compared to the average of 87%.

“Our customers value the uncompromised security and real-time threat detection. The overwhelmingly positive feedback from SpamTitan users on G2 Crowd is indicative of our commitment to ensuring the highest levels of customer success” said Ronan Kavanagh, CEO, TitanHQ.

Webinar: New SpamTitan Updates and How They Protect Against Zero-Day and Email Impersonation Attacks

TitanHQ has been developing cybersecurity solutions for SMBs, SMEs, and MSPs for more than 25 years. During that time, the threat landscape has changed dramatically, which has called for regular updates to its cybersecurity solutions to ensure they continue to protect against the latest threats.

In the past couple of years, the number of email attacks being conducted on businesses have skyrocketed and the methods used to spread malware and phish for sensitive information have become much more sophisticated.

TitanHQ regularly performs updates to its cybersecurity solutions to respond to the changing tactics of cybercriminals and the latest update to SpamTitan has seen even more powerful features added to take protection against email threats to the next level: Sandboxing and DMARC authentication.

The sandboxing feature serves as a secure container where suspicious email attachments can be analysed in detail to determine whether they perform any malicious actions. The Bitdefender-powered sandbox is used to execute suspicious files where they can cause no harm, and monitor for C2 calls, and suspicious and malicious actions.

This new feature helps to ensure that more genuine email messages and attachments are delivered, and zero-day malware threats are detected and eradicated from the email system.

DMARC authentication has also been incorporated, which provides greater protection against email impersonation attacks which spoof legitimate senders. It has become increasingly common for cybercriminals to spoof domains to make phishing emails appear genuine and bypass standard email filtering controls. By using DMARC to verify the sender of the domain, detection of phishing and spear phishing emails has been greatly improved.

TitanHQ will be explaining these two new features, how they work, and their benefits for SMBs, SMEs, and MSPs that serve the SMB/SME market in an upcoming webinar.

If you are a current SpamTitan customer and would like to learn more about these new features, an MSP looking for a powerful email security solution to protect your clients, or you work at an SMB/SME and want to improve your email defenses, register for the webinar and find out more about the new and improved SpamTitan.

Webinar Information:

Date:     Thursday, April 4, 2019

Time:    12pm, EST

The webinar will last 30 minutes, and advance registration is necessary.

Ransomware CryptXXX Emails Discovered

CryptXXX has quickly become one of the main strains of ransomware, although until recent times infection was only possible via malicious websites. Now I.T. experts Proofpoint have discovered CryptXXX ransomware emails. The group behind the attacks have created a new attack vector. CryptXXX ransomware emails include a Word document containing a malicious macro. If the macro is permitted to run it will load a VB script into the memory which will use Powershell to make contact with the attackers’ command and control server. Once a connection has been established, CryptXXX will be installed onto the victim’s computer. Authors have realized the benefits to be obtained from implementing an affiliate model to help infect machines and now a number of new players have joined the ransomware market.

If a “ransomware kit” is supplied, individuals with little hacking expertise can carry out own ransomware campaigns. The ransomware authors can charge a nominal amount for supplying the kit, and can also take a share on the back end. When an affiliate infects a computer and a ransom is given, the authors receive a cut of the payment. This model works well and there is no shortage of hackers willing to try their hand at running ransomware campaigns. The CryptXXX ransomware emails are being shared by an affiliate (ID U000022) according to Proofpoint.

Spotting CryptXXX Ransomware Emails

The CryptXXX ransomware emails are being transmitted with a subject line of “Security Breach – Security Report #Randomnumber.” The emails include only basic details about a supposed security breach that has happened. The security report is sent as an attached Word document. The body of the email includes the date, time of the attack, the provider, location, IP address, and port. The email recipient is told to open the file attachment to view details of the attack and find out about the actions that should be implemented.

The file attachment titled like “info12.doc” according to Proofpoint. If the attached Word file is downloaded, a Microsoft Office logo is displayed. The user is told that the document has been created in a newer version of Microsoft Office. The content of the document will only be shown if macros are enabled. Enabling the macros will lead to the VB script being loaded. Then ransomware will then be installed and users’ files encrypted.

There is no remedy action if files are encrypted. The victim must pay the ransom or lose their files. Once an infection has taken place, files can only be rescued from backups if the victim does not pay the ransom requested.

CryptXXX Ransomware Still Being Sent by Neutrino

Since the demise of the Angler exploit kit, CryptXXX was transferred to Neutrino. There was a dramatic drop in infections as activity temporarily stopped; however, Invincea recently reported a surge in activity via compromised company websites. The SoakSoak botnet is being implemented to scan the Internet for vulnerable websites. The websites being hit run the WordPress Revslider slideshow plugin. Scripts are appended to the slideshow that send visitors to a malicious site including Neutrino.

CryptXXX will only be installed if the endpoint lacks specific security tools that would detect an installation. If Wireshark, ESET, VMware, Fiddler, or a Flash debugging utility is present, the ransomware will not be installed.

TitanHQ Releases New Version of SpamTitan and RESTapi

TitanHQ Adds DMARC Authentication and Sandboxing to SpamTitan

TitanHQ is pleased to announce that the SpamTitan email security solution for SMBs and managed service providers (MSPs) has been updated and has two brand new features to improve detection rates of zero-day malware, advanced persistent threats (APTs), and sophisticated phishing attacks.

From today, users of SpamTitan and all new customers will benefit from DMARC email authentication for incoming messages and advanced protection from new malware threats with a new sandboxing feature. Both of these new features have already been rolled out and have been made available at no extra cost.

SpamTitan has already become the gold standard for email security for SMBs and MSPs serving the SMB market. With SpamTitan in place, all incoming messages are subjected to checks using award-winning anti-malware technologies. Static analysis and advanced behavior detection technologies ensure a catch rates in excess of 99.9% and a low false positive rate of just 0.03%. The new sandboxing feature will improve catch rates and reduce false positives further.

When emails pass SpamTitan’s checks, files attached to the emails will be sent to the sandbox for in-depth analysis. The sandbox is a quarantine area from which there is no escape. When files are detonated in the sandbox, their actions can be studied without causing any harm.

All actions of the files are recorded, including attempts to evade detection. The Bitdefender-powered sandbox leverages purpose-built, advanced machine learning algorithms, conducts aggressive behavior analysis, and studies anti-evasion techniques. A memory snapshot comparison is also conducted to detect previously unknown threats.

The sandbox is used for testing application files, executable files, and documents for malicious actions. The results of the analysis are then checked against online repositories to identify potentially malicious actions. If the files are determined to be malicious, they are quarantined and the threat intelligence is passed to Bitdefender’s cloud threat intelligence service. All Bitdefender and SpamTitan users will then be automatically protected if that threat is encountered again.

The new sandboxing feature takes SpamTitan threat protection to the next level and provides superior protection against elusive threats in the pre-execution stage, including targeted attacks, obfuscated malware, custom malware, ransomware, and APTs.

DMARC is the gold standard for protecting against email impersonation attacks. These attacks impersonate known contacts, government agencies, and well-known brands, with email messages appearing to have been sent from their trusted domains. DMARC authentication allows these email impersonation attacks to be detected and blocked.

These two new features have been provided at no extra cost and are immediately available to current users of SpamTitan products to provide even greater protection against the most difficult to detect threats.

Halloween-Themed Spam Campaigns

Halloween is a focus for many hackers when they wish to launch new cyberattacks and scams to fool internet users into revealing their personal data. They aim to drain a personal or business bank account of data and then reap the rewards that can be gained from identity theft. Halloween-Themed spam attacks are typical in the run up to Halloween.

For SpamTitan, Halloween is a busy time with many new Halloween-themed spam and phishing scams identified. This holiday time is expected to be no different. Many new Halloween phishing scams can be expected to be kicked off this year as cybercriminals try to take advantage of the unprepared.

The focus of all of these spam emails is to get users to hand over their personal information, such as account login details and credit card details. Often the emails deliver malware and viruses to inboxes, other times they share links to phishing websites that harvest information. It is not always credit card details that the hackers seek. Social Security numbers, dates of birth and other personal data are highly valuable; as are telephone numbers which can be used by scammers to carry out bogus phone calls.

You could be thinking “I would never fall for a phishing campaign,” but millions do. Can you be so sure that your employees will be able to identify a fake email or website, or a sophisticated phishing campaign? Will they be able to identify these scams 100% of the time?

Even if one email turns out to be successful, the damage caused can be massive, as Sean Doherty, senior engineer with SpamTitan Technologies outlines. “To date it is estimated that over $40 billion has been lost to 419 scams alone.”

Given the massive sums of cash that criminals can obtain from these emails, it is clear why the threat is growing and more and more campaigns are initiated every year. If a scheme is profitable, it will be repeated and new campaigns are sure to be developed.

If criminals did not gain from these types of scams, they would very quickly stop using them. However, the reality is they do, as Doherty remarks: “These scam emails continue to exist and grow in frequency and ferocity. The simple fact is that these scams wouldn’t be repeated if they didn’t reap rewards for the cybercriminals.”

All that it needs is for an absent minded employee to visit on a Twitter link that directs them to a phishing website, and malware can be automatically installed to their computer. Following that, a network can be infiltrated. Data is then stolen, deleted, or encrypted and only released when a ransom is met. The cost of cyber attack resolution can be huge. If all of your company data was suddenly encrypted, would you meet a ransom demand to get it back? Would you have any other option?

Remain on the lookout for scams, phishing campaigns, and unknown email attachments, and ensure all of your security software is up to date.

Should You Block File Sharing Websites to Stop Malware Infecting Your Network?

There are some very valid reasons why you should block access to file sharing websites. These websites are mainly used to share pirated software, music, films, and TV shows. It would be improbable that the owner of the copyright would take action against an employer for failing to stop the illegal sharing of copyrighted material, but this is an unnecessary legal danger.

However, the chief risk from using these websites comes in the form of malware. Research completed by IDC in 2013 indicated that out of 533 tests of websites and peer-2-peer file sharing networks, the downloading of pirated software lead to spyware and tracking cookies being downloaded to users’ computers 78% of the time. More concerning is the fact that Trojans were downloaded with pirated software 36% of the time.

A survey carried out on IT managers and CIOs at the time showed that malware was downloaded 15% of the time with the software.  IDC found that overall there was a 33.3% chance of infecting a machine with malware by using pirated software.

Even browsing on torrent sites can be harmful. This week Malwarebytes said that visitors to The Pirate Bay were shown malicious adverts. An advertiser used a pop-under to silently redirect users to a malicious site that had the Magnitude exploit kit which was used to install Cerber ransomware onto users’ devices.

A study completed by UC San Diego involved testing pirated software downloads using VirusTotal. VirusTotal reviews files against the databases of 47 different anti-virus services. The research team found that 50% of pirated files were infected with malware.

Dealing with malware from pirated software was found to take around 1.5 billion hours per year. For companies the cost can be considerable. IDC estimated the cost to enterprises to be around $114 billion in 2013 alone. And that was just for the clean-up. The cost of data breaches caused by illegal software installations was calculated at around $350 billion.

Groups can monitor devices and check for unauthorized software downloads on individual devices; however, by the time a software installation has been identified, malware is likely to already have been downloaded. A recent report by Verizon indicates that on average, hackers are able to extract data within 28 minutes of obtaining access to a system.

One of the simplest ways to manage risk is to block file sharing websites including P2P and torrent sites. A web filter can be easily set up to block file sharing websites and stop them from being accessed. Many web filters can also be set up to block specific file types from being installed, including keygens and other executables.

By preventing access to file sharing websites organizations can ensure that copyright-violating activities are stopped and malware risk is effectively handled. Additionally, web filters can be used to block web-borne threats including phishing websites, compromised webpages, spam and botnets, adware, malware, ransomware, and anonymizers.

Choosing not to block file sharing websites could turn out to be expensive for a company. It is far better to block possibly dangerous websites and online activities than to have to cover the cost of removing malware infections and managing with data breaches.

Practical Approach Vital for Network Security

The best security against malware, spam, hacker attacks, policy breaches and other email and web threats is a layered set of defenses in which software, services, hardware and policies are incorporated to safeguard data and other assets at the network, system and application tiers. However, an obvious – but often-disregarded – layer in this cake of protection is the common sense of your staff – one of the critical layers to stop threats from gaining a foothold. As the picture says ‘just because you can, doesn’t mean you should’, this is where common sense is important.

Spear phishing is an increasing issue where a targeted false email that seems to be legitimate is sent to individuals or a company in order to obtain data. For instance e, by looking at a Facebook page of someone with whom I am not connected. I can see that she is a realtor, has listed a home at 657 Noble in [city name withheld], was born on January 26th, has a cat named Lou, is a member of the Agent Leadership Council at a southern California realty organization, likes ice skating, resides in Thousand Oaks, speaks French, and took a vacation to Orlando on February 11th. If I was a hacker intent on sending her a spear phishing email – perhaps with the intent of infecting her PC with Zeus – I could use these details to craft an email that she would be likely to click on. For example, an email with the title “Need to schedule a vet appointment for Lou” or “We mistakenly overcharged you on your recent trip to Orlando”, or maybe even a LinkedIn invitation that includes personal details, would likely get her attention and increase the possibility of her becoming a victim of a spear phisher. This is not to say that this Facebook customer lacks common sense, but the details she has posted could be used against her and her company and needs to be looked at in that light.

Spam filtering technology is successful at preventing spam emails that include links to malware sources (albeit with some spam filters more effective than others). The RSA exploit in April 2011, in which some staff members received an email with an Excel attachment, was due to spear phishing emails that were effectively quarantined by spam filtering technology, but later opened by staff members from the quarantine. A spear phishing email at the Oak Ridge National Laboratory in April 2011 was received by 530 workers, 11% of whom clicked on a malicious link. Many users are not adequately when asked for information. For instance, before last year’s royal wedding between Prince William and Kate Middleton, a Facebook hacking scam was doing the rounds asking respondents to create their royal wedding guest name. This name consisted of one grandparent’s name, the name of a first pet, and the name of the street on which the victim lived when they were younger – all likely responses to security questions one might get asked when resetting a password.

TitanHQ 2019 Schedule of MSP Roadshow Events

TitanHQ kickstarted its 2019 MSP roadshow program on February 14 with events in London and Florida. The 2019 season will see the TitanHQ team attend 15 roadshows and conferences in Ireland, Canada, the Netherlands, the UK, and the USA and meet new and prospective MSP partners, Wi-Fi providers, and ISPs.

In the summer of 2018, TitanHQ formed a strategic alliance with Datto which saw WebTitan Cloud and WebTitan Cloud for WiFi web filtering solutions incorporated into the Datto networking range. TitanHQ has been working closely with Datto MSPs ever since and has been helping them add web filtering to their security stacks and start providing their clients with world-class web filtering services.

Following on from a highly successful series of Datto roadshows in 2017, the TitanHQ team is back on the road and will be attending 7 Datto roadshow events over the coming 5 months, finishing off at DattoCon in June. The campaign started today at the TitanHQ-sponsored Datto Roadshow in Tampa, Florida. TitanHQ Alliance Manager Patrick Regan attended the roadshow and has been meeting with MSP to explain about WebTitan Cloud, WebTitan Cloud for WiFi, SpamTitan, and ArcTitan, and how they can benefit MSPs an help them build a high margin security practice.

For two years now, TitanHQ has been a member of the IT Nation community and has been helping MSPs get the most out of TitanHQ products to better serve the needs of their clients. It has been a great learning experience and a thoroughly enjoyable couple of years. The first of three IT Nation event took place today – The IT Nation Q1 EMEA Meeting in London. The event was attended by TitanHQ Alliance Manager Eddie Monaghan, who will be helping MSPs discover TitanHQ email security, DNS filtering, and email archiving solutions all week.

TitanHQ Alliance Manager, Eddie Monaghan.

If you were unable to attend either of these events, there are plenty more opportunities to meet with TitanHQ over the coming months. The full schedule of events that will be attended by members of the TitanHQ team are detailed below. We look forward to meeting you at one of the upcoming roadshow events in 2019.

TitanHQ 2019 MSP Roadshow Dates

February 2019

Date Event Location
February 14, 2019 IT Nation (HTG) Q1 EMEA Meeting London, UK
February 14, 2019 Datto Roadshow Tampa, FL, USA

March 2019

Date Event Location
March 5, 2019 CompTIA UK Channel Community Manchester, UK
March 7, 2019 Datto Roadshow EMEA Dublin, IE
March 11, 2019 CompTIA Community Forum Chicago, IL, USA
March 12, 2019 Datto Roadshow NA Norwalk, CT, USA
March 19, 2019 Datto Roadshow EMEA London, UK
March 26, 2019 Datto Roadshow EMEA Houten, Netherlands
March 26, 2019 Datto Roadshow NA Toronto, Canada

April 2019

Date Event Location
April 25, 2019 Datto Roadshow Long Island, NY, USA
April 29, 2019 IT Nation Evolve (HTG 2) Dallas, TX, USA

May 2019

Date Event Location
May 6, 2019 Connect IT Global (Kaseya Connect) Las Vegas, NV, USA
May 13, 2019 IT Nation (HTG) Q1 EMEA Meeting Birmingham, UK
May 14, 2019 Wifi Now Washington DC, USA

June 2019

Date Event Location
June 17, 2019 DattoCon San Diego, CA, USA


Need for Advanced Spam Filters Emphasised by Valentine’s Day Email Scams

Dating email scams have experienced a significant rise during January and went on into February. You have probably already witnessed emails like this landing in your inboxes.

The emails look like they were sent by Russian women seeking love. Unsolicited emails from attractive women that include suggestive pictures and messages claiming the recipient is particularly attractive are certain to be spam, yet the emails are effective. The FBI’s figures show that approximately $230 million is lost to these scams alone each year. In 2016, the FBI received was sent 15,000 complaints in relation to financial losses as a result of dating and romance scams.

There were two major spikes in spam email volume between January 15 and 17 and January 29 and February 2 when around 35 million dating spam messages were sent using the Necurs botnet. Over 230 million messages were shared during a two-week period in January. The focus of the campaign is to steal credit card information, payments to cover flights to take the women over to the US, but in many cases the purpose is to fool the email recipient into installing malware.

Hackers use all types of tactics to entice users to click. Another effective tactic, highlighted by security awareness training firms KnowBe4 and PhishMe, is the use of eCards, particularly on Valentine’s Day. Links are sent that appear to be from genuine eCard sites that require users to click the link to view a Valentine’s day card from a secret admirer. The purpose is to share malware.

Valentine’s day email scams this year also come with messages warning the recipient about the failed delivery of flowers from Interflora and email attachments claiming to be delivery receipts.

It is highly probably that these emails being clicked on makes defending against them a major pain for companies. Just one click is all it takes for malware to be downloaded, and since many malware variants can rapidly spread laterally, one click could be all it takes to impact a complete network.

Winter Olympics Scams Persist

This month has also borne witness to a number of Winter Olympics phishing campaigns. Hackers have been focusing on the games to get their emails clicked on. Malicious links are used to direct users to websites that claim to have recent news on the events, the competitors, fake news, and the results of events.

Instead of this these links direct users to phishing websites, exploit kits, and sites where malware is silently installed. With workers not able to watch the sports live at work, these malicious emails stand a high chance of being clicked on.

With Valentine’s day and the Winter Olympics, February has been a fruitful busy month for scammers and with the Pyeongchang Winter Olympics still in full flow, companies need to be on high alert.

Luckily, there is one technology in particular that can help businesses counter these email-based dangers. An advanced spam filtering solution: The most successful security measure against email-based attacks. An advanced spam filter such as SpamTitan blocks more than 99.9% of spam emails, 100% of known malware, and ensures that phishing and other malicious emails do not land in inboxes.

Contact the TitanHQ team today to find out more about SpamTitan.

Lion Air Spear Phishing Campaign Spreading Stealthy Cannon Trojan

A newly-identified malware variant, labelled the Cannon Trojan, is being deployed in targeted attacks on government agencies in the United States and Europe. The new malware strain has been connected with a threat group known under many names – APT28, Fancy Bear, Sofacy, Sednet, Strontium – that has links to the Russian government.

The Cannon Trojan is being used to collate data regarding possible targets, collecting system information and taking screenshots that are returned sent back to APT28. The Cannon Trojan is also a downloader capable of downloading additional malware variants onto an infiltrated system.

The new malware strain is stealthy and uses a variety of tricks to prevent detection and hide communications with its C2. Rather than sharing via over HTTP/HTTPS, like other malware variants used by APT28, the Cannon Trojan communicates using email over SMTPs and POP3S.

Once downloaded, an email is sent over SMTPS through port 465 and an additional two email addresses are obtained through which the malware communicates with its C2 using the POP3S protocol to receive instructions and send back data. While the use of email for communicating with a C2 has been seen before, it is relatively unusual One advantage provided by this method of communication is it is more difficult to identify and tackle that HTTP/HTTPS.

The Cannon Trojan, like the Zebrocy Trojan which is also being shared by APT28, is being shared using spear phishing emails. Two email templates have been tracked by Palo Alto Networks’ Unit 42 team, one of which takes advantage of interest in the Lion Air plane crash in Indonesia.

The Lion Air spear phishing campaign seems to supply data on the victims of the crash, which the email claims are included in an attached Word document titled Crash List (Lion Air Boeing 737).docx. The user must ‘Enable Content’ to look at the contents of the document. It is alleged that the document was created in an earlier version of Word and content must be turned on for the file to be displayed. Opening the email and enabling content would allow the macro to run, which would then silently install the Cannon Trojan.

Instead of the macro running and installing the payload straightaway, as an anti-analysis mechanism, the hackers use the Windows AutoClose tool to delay completion of the macro routine until the document is closed. Only then is the Trojan installed. Any sandbox that analyzes the document and exits before closing the document would be unlikely to see that it is malicious. Further, the macro will only run if a connection with the C2 is created. Even if the document is opened and content is turned on, the macro will not run without its C2 channel open.

The tactics deployed by the hackers to obfuscate the macro and hide communications make this threat difficult to spot. The key to blocking infection is blocking the threat at source and stopping it from reaching inboxes. The provision of end user training to help staff identify threats including emails with attachments from unknown senders is also important.

Enhance Security Against Zero-Day Malware & Spear Phishing

TitanHQ has created a strong anti-phishing and anti-spam solution that is effective at tackling advanced constant threats and zero-day malware, which does not depend on signature-based detection methods. While combined anti-virus engines offer security from against 100% of known malware, unlike many other spam filtering solutions, SpamTitan uses a range of predictive techniques to identify previously unseen threats and spear phishing attacks.

Greylisting is used to find domains used for spamming that have yet to be blacklisted. All incoming emails undergo a Bayesian analysis, and heuristics are used to spot new threats.

To additionally safeguard against phishing attacks, URIBL and SURBL protocols are used to scan embedded hyperlinks. SpamTitan also scans outbound mail to stop abuse and identify efforts at0 data theft.

For further information on SpamTitan, to book a product demonstration, or to sign up for a free trial of the full product, contact the TitanHQ team now.

Enhancing Office 365 Security

Office 365 currently has 155 million global users and is an ideal target for cybercriminals due to that fact.

A recent study this year has confirmed that this is, indeed, so. A 13% increase in attacks on Office 365 email accounts has been recorded this year, and many of those attacks succeed. Due to this is it vital to enhance your Office 365 security.

Hackers are searching Office 365 for vulnerabilities that can be exploited. They have created emails that bypass Microsoft’s anti-phishing protections, mass email campaigns are initiated on Office 365 users. Companies using Office 365 can easily be found and targeted because it is made clear that they use Office 365 through public DNS MX records.

It is very important to put in place a strong password policy and stop users from setting passwords that are easy to brute force. You should not permit dictionary words or any commonly used weak passwords, that otherwise meet your password policy requirements – Password1! for example.

The minimum length for a password should be 8 characters but think about increasing that minimum. A password of between 12 and 15 characters is recommended. Make sure you do not set a too restrictive maximum number of characters to encourage the use of longer passphrases. Passphrases are much more difficult to crack than 8-digit passwords and easier for users to remember. To make it even easier for your users, think about using a password manager.

Even with strong passwords, some users’ passwords may be guessed, or users may reply to phishing emails and disclose their password to a scammer. An extra login control is therefore required to prevent compromised passwords from being implemented to access Office 365 accounts.

Multi-factor authentication is not perfect, but it will help you enhance Office 365 security. With MFA, in addition to a password, another method of authentication is required such as a token or a code sent to a mobile phone. If a password is stolen by a hacker, and an attempt is made to login from a new location or device, additional authentication will be required to access the account.

Mailbox auditing in Office 365 is not enabled on by default so it needs to be enabled. You can set different parameters for logging activity including successful login attempts and various mailbox activities. This can help you spot whether a mailbox has been infiltrated. You can also logs failed login attempts to help you spot when you are being attacked.

As previously referred to, hackers can test their phishing emails to see if they bypass Office 365 anti-phishing controls and your organization can be identified as using Office 365. To enhance Office 365 security and reduce the number of phishing emails that are sent to end users’ inboxes, consider using a third-party spam filter rather than relying on Microsoft’s anti-phishing controls. Dedicated email security vendors, like TitanHQ, offer more effective and more flexible anti-spam and anti-phishing solutions than Microsoft Advanced Threat Protection at a lower expense.

Threat of Exposure & Multiple Malware Infections being Combined with Sextortion Scams

Sextortion scams have proven popular with hackers in 2019. A well-composed email and an email list are all that is necessary. The latter can easily be bought for next to nothing via darknet marketplaces and hacking forums. Next to no technical skill is required to run sextortion scams and as hackers’ Bitcoin wallets show, they are effective.

Many sextortion scams use the tried and tested method of threatening to expose a user’s online activities (pornography habits, dating/adultery site usage) to all their contacts and friends/family unless a payment is completed. Some of the recent sextortion scams have added credibility by stating that they had users’ passwords. However, new sextortion scams have been detected in the past few days that are using a different tactic to get users to pay up.

The email template used in this scam is like other recent sextortion scams. The hackers claim to have a video of the victim viewing adult content. The footage was recorded through the victim’s webcam and has been spliced with screenshots of the content that was being looked at.

In the new campaign the email includes the user’s email account in the body of the email, a password (Most likely an old password impacted in a previous breach), and a hyperlink that the victim is encouraged to click to download the video that has been created and see exactly what will soon be shared via email and social media networks.

Visiting the link in the video will trigger the installation of a zip file. The compressed file contains a document including the text of the email along with the supposed video file. That video file is actually an information gatherer – The Azorult Trojan.

This form of the scam is even more likely to be successful than past campaigns. Many individuals who receive a sextortion scam email will see it for what it really is: A mass email including an empty threat. However, the inclusion of a link to download a video is likely to see many people download the file to find out if the threat is real.

If the zip file is opened and the Azorult Trojan executed, it will silently gather information from the user’s computer – Similar information to what the attacker claims to have already obtained: Cookies from websites the user has seen, chat histories, files stored on the computer, and login information entered through browsers such as email account and bank details.

However, it doesn’t finish here. The Azorult Trojan will also install a secondary payload: GandCrab ransomware. Once information has been gathered, the user will have their personal files encrypted: Documents, spreadsheets, digital images, databases, music, videos, and more. Recovery will depend on those files having been backed up and not being encrypted by the ransomware. Aside from permanent file loss, the only other alternative will be to pay a high ransom for the key to decrypt the files.

If the email was sent to a business email account, or a personal email account that was being logged onto at work, files on the victim’s work computer will be encrypted. Since a record of the original email will have been extracted on the device, the reason why the malware was downloaded will be made clear to the IT department.

The key to not being tricked is to ignore any threats sent via email and never click links in the emails nor click on email attachments.

Companies can plan for the threat by using cybersecurity solutions such as spam filters and web filters. The former stop the emails from being sent while the latter blocks access to sites that host malware.

New Ovidiy Stealer Password Stealing Malware Priced to Boost Sales

The malware known as ‘Ovidiy Stealer’ is password stealing software that will capture login details and send the information to the hacker’s C2 server. As with most other password stealers, information is captured as it is entered into websites such as banking portals, web-based email accounts, social media accounts and other online services.

However, even if a device is infected, the Ovidiy Stealer will not capture information entered via Internet Explorer or Safari. The malware is also not persistent and if the computer is rebooted the malware will stop trying to complete its task.

Sadly, if you use Chrome or Opera, your confidential personal data is likely to be compromised. Other browsers known to be supported include Orbitum, Torch, Amigo and Kometa. However, sd the malware is being regularly updated it is likely other browsers will come online soon.

Ovidiy Stealer is a new malware, first identified only a month ago. It is chiefly being implemented in attacks in Russian-speaking regions, although it is possible that multi-language versions will be developed and attacks will soon be seen in other regions.

Proofpoint Researchers, who first detected the password stealing malware, are of the opinion that email is the primary attack vector, with the malware packaged in an executable file shared as an attachment. Proofpoint also thinks that rather than email attachments, links to download pages are also being implemented. Samples have been seen bundled with LiteBitcoin installers and the malware is also being sent through file-sharing websites, in particular via Keygen software cracking programs.

New password stealers are regularly being released, but what make the Ovidiy Stealer different and makes it particularly dangerous is it is being made available online at a particularly low price. Just $13 (450-750 Rubles) will get one build bundled into an executable ready for delivery using a spam email campaign. Due to the low cost there are likely to be many malicious actors carrying out campaigns to spread the malware, hence the range of attack vectors.

Would be hackers willing to part with $13 are able to see the number of infections using a web control panel complete with login. using the control panel they can control their account, view the number of infections, build more stubs and review the logs generated by the malware.

Safeguarding against malware such as Ovidiy Stealer demands caution as it requires time before new malware are discovered by AV solutions. Some AV solutions are already identifying the malware, but not all of them. As ever, when receiving an email from an unknown sender, do not click on attachments or visit hyperlinks.