Blog

Tom Watson Appointed as New TitanHQ Channel Chief

TitanHQ has recruited the popular channel veteran Tom Watson, who will serve as the company’s new Channel Chief to help bring profitable growth to all TitanHQ Managed Service Provider (MSP) partners.

TitanHQ is committed to serving the MSP community and channel and offers a wide range of cybersecurity solutions that have been developed from the ground up to meet the needs of MSPs. The TitanHQ product portfolio now includes best-in-class email security, DNS filtering, email archiving, email encryption, and security awareness training and phishing simulation solutions, that are easy to implement, manage, and fit seamlessly into MSP’s service stacks. The solutions are delivered through an MSP-centric platform to allow MSPs to provide defense-in-depth security solutions to their SMB and enterprise clients.

Demand from MSPs in North America for TitanHQ solutions has prompted a major expansion of US operations. TitanHQ is well aware that such tremendous growth must be supported by locally sourced experienced advisors such as Tom Watson. Tom brings considerable experience to TitanHQ, having previously owned an MSP business and served as Channel Chief at top-level vendors such as NinjaOne and Axcient. Tom will be based at TitanHQ’s new North American base in Shelton, Connecticut, where he will be working alongside locally sourced talent such as TitanHQ VP of Sales, Jeff Benedetti, and his North American team.

Tom has been tasked with managing TitanHQ’s MSP tradeshows, roadshows, and webinars, and will oversee the creation of a brand-new MSP partner program. “I see my role as being more of a liaison than anything,” said Tom, regarding his new position at TitanHQ. “TitanHQ already has a fantastic offering. You’ll be hearing me talk about that in the future. For now, I think it’s more important to highlight the commitments TitanHQ has made to the channel. This is a company that is 100% dedicated to making sure they serve the MSP community.”

Tom went on to explain the reason why he chose to join the TitanHQ team. “I’ve wanted to work for a rising cybersecurity company for quite a while now. Here I know I can use my skills and understanding of MSP operations, sales, and marketing to help MSPs succeed. Working together with TitanHQ we can give MSPs everything they need to provide quality cyber services to their clients.”

Everyone at TitanHQ is excited about Tom joining the company and the role he will play in ensuring TitanHQ remains the leading provider of cloud-based cybersecurity solutions to MSPs serving the SMB market by supporting growth in the North American market.

“As we continue to further expand into the North American market, introducing industry experts like Tom to our team is vital to allow us to continue to partner with MSPs looking for best in class cybersecurity solutions,” said TitanHQ CEO, Ronan Kavanagh. “We are thrilled to welcome Tom to the team, his wealth of experience working with the MSP sector will serve us well as we continue on our growth journey.”

New ‘Eternity Project’ Malware-as-a-Service Operation Offers Extensive Attack Capabilities

A new malware-as-a-service operation has been identified named Eternity Project which is offering a modular malware with extensive capabilities, allowing threat actors to conduct a range of malicious activities based on the modules they pay for. The capabilities of the malware are being enhanced to include further modules. Currently, the threat group is offering an information stealer, clipper, miner, dropper, worm, and ransomware, with distributed-denial-of-service (DDoS) bots to be provided in an upcoming module.

The threat actors claim the stealer module will allow users to obtain passwords stored in multiple browsers, data from email clients, instant messaging services, password managers, VPN clients, gaming software, system credentials, cryptocurrency wallets, and more. The miner allows victim devices to become cryptocurrency mining slaves, the clipper allows data to be stolen from the clipboard, which specifically targets cryptocurrency wallets and replaces them with the threat actors’ crypto-wallet addresses, with the ransomware allowing data encryption, although no data exfiltration. The worm module allows the user to infect other devices on the network, with the dropper used to drop the payload of choice onto infected devices. The Eternity Project malware was analyzed by researchers at Cyble, who report that the malware is being offered via a Telegram channel which, at the time of publication, had over 500 subscribers, as well as on the threat group’s TOR website.

Malware-as-a-service operations such as the Eternity Project give unskilled hackers the capability to conduct a range of attacks that they would otherwise not be able to perform. According to Cyble, the malware modules are being offered from as little as $90 up to $490 for the most expensive module – ransomware. Those costs could easily be recovered from the capabilities provided. The methods used to distribute Eternity malware will depend on the capabilities of the threat actors that pay for the modules. Since multiple methods of distribution could be used, defending against Eternity malware and other malware-as-a-service offerings requires a defense-in-depth approach and for security best practices to be followed.

Email Security

Phishing remains the number one vector for delivering malware. Campaigns are easy and cheap to conduct, and phishing campaigns can be very effective. Email security solutions are fed threat intelligence and have anti-virus components, but many solutions rely on signature-based detection and are only effective at detecting known malware. Behavior-based detection methods are needed for detecting heavily obfuscated malware and zero-day threats. SpamTitan combines signature-based threat detection using dual AV engines and a Bitdefender-powered sandbox for identifying zero-day malware threats and allows the blocking of specified attachments such as zip files and executable files. SpamTitan protects against malicious links in emails and scans all inbound emails in real-time, using advanced threat protection methods such as Bayesian analysis, machine learning, greylisting, and heuristics which provide a market-leading 99.99% spam catch rate with a 0.003% false-positive rate

DNS Filtering

Defense-in-depth against phishing is critical for blocking malware threats. Protection can be significantly improved using DNS filtering. DNS filtering is used to block the web-based component of phishing attacks by providing time-of-click protection to prevent users from visiting malicious web pages linked in phishing emails. DNS filtering is used to filter out malicious websites by preventing users from visiting those sites when web browsing, blocking redirects to malicious sites, and category and keyword-based filters to control the content that users can access, preventing access to risky websites. DNS filters can also be used to block downloads of certain file types from the Internet, such as those associated with malware.

The WebTitan DNS Filter provides these capabilities without latency, and protections can be applied for users on or off the network, no matter where they access the Internet. WebTitan is fed threat intelligence from more than 500 million endpoints worldwide and provides AI-based protection against active and emerging phishing URLs and zero-minute threats.

Security Awareness Training & Phishing Simulations

Technical measures to block email and web-based threats are essential, but it is also important to provide security awareness training to the workforce on security best practices and to teach employees how to recognize and avoid threats such as phishing. Security awareness training should be provided regularly, and phishing simulations conducted to identify gaps in knowledge to allow them to be addressed before they can be exploited.

SafeTitan is the only behavior-driven security awareness solution that delivers security awareness training in real-time in response to specific user behaviors and includes an extensive library of training content that is delivered in easy-to-digest chunks for creating a human firewall to augment your technical cybersecurity measures.

Enforce Multifactor Authentication

Multifactor authentication should be implemented on all accounts and services to prevent compromised, stolen, or leaked credentials from being used to gain access to accounts. It is especially important to apply multifactor authentication to administrator accounts and for remote access services. Multifactor authentication requires an additional factor to be provided before access is granted, in addition to a password.

Backup Regularly

To protect against destructive malware attacks involving wipers and ransomware, it is essential to back up data regularly and to test backups to ensure that file recovery is possible. A good approach to take is the 3-2-1 method for backing up – make three copies, stored on at least two different media, and ensure that one copy is stored securely off-site. Backup files should also be encrypted.

Patch Promptly

You should ensure that updates for software and operating systems are applied promptly, with patching prioritized to address the most critical vulnerabilities first.

Change Default Credentials and Set Strong Passwords

Default credentials should be changed, as should the default configurations of off-the-shelf software and strong, unique passwords should be set to protect against brute force attacks. Threat actors can easily gain initial access to the network through brute force attempts to steal passwords, such as password spraying – using passwords compromised in previous data breaches.

How Phishing Emails Led to The Theft of $23.5 Million from the U.S. Department of Defense

Phishing is commonly used to gain access to credentials to hijack email accounts for use in business email compromise (BEC) attacks. Once credentials have been obtained, the email account can be used to send phishing emails internally, with a view to obtaining the credentials of the main target. Alternatively, by spear phishing the target account, those steps can be eliminated.

If the credentials are obtained for the CEO or CFO, emails can be crafted and sent to individuals responsible for wire transfers, requesting payments be made to an attacker-controlled account. A common alternative is to target vendors, in an attack referred to as vendor email compromise (VEC). Once access is gained to a vendor’s account, the information contained in the email accounts provides detailed information on customers that can be targeted.

When a payment is due to be made, the vendor’s email account is used to request a change to the account for the upcoming payment. When the payment is made to the attacker-controlled account, it usually takes a few days before the non-payment is identified by the vendor, by which time it may be too late to recover the fraudulently transferred funds. While BEC and VEC attacks are nowhere near as common as phishing attacks, they are the leading cause of losses to cybercrime due to the large amounts of money obtained through fraudulent wire transfers. One attack in 2018 resulted in the theft of $23.5 million dollars from the U.S. Department of Defense.

In this case, two individuals involved in the scam were identified, including a Californian man who has just pleaded guilty to six counts related to the attack. He now faces up to 107 years in jail for the scam, although these scams are commonly conducted by threat actors in overseas countries, and the perpetrators often escape justice. The scam was conducted like many others. The BEC gang targeted DoD vendors between June 2018 and September 2018 and used phishing emails to obtain credentials for email accounts. An employee at a DoD vendor that had a contract to supply Aviation JA1 Turbine fuel to troops in southeast Asia for the DoD received an email that spoofed the U.S. government and included a hyperlink to a malicious website that had been created to support the scam.

The website used for the scam had the domain dia-mil.com, which mimicked the official dla.mil website, and email accounts were set up on that domain to closely resemble official email accounts. The phishing emails directed the employee to a cloned version of the government website, login.gov, which harvested the employee’s credentials. The credentials allowed the scammer to change bank account information in the SAM (System for Award Management) database to the account credentials of the shell company set up for the scam. When the payment of $23,453,350 for the jet fuel was made, it went to the scammers rather than the vendor.

Security systems were in place to identify fraudulent changes to bank account information, but despite those measures, the payment was made. The SAM database is scanned every 24 hours and any bank account changes are flagged and checked. The scammers learned of this and made calls to the Defense Logistics Agency and provided a reason why the change was made and succeeded in getting the change manually approved, although flags were still raised as the payment was made to a company that was not an official government contractor. That allowed the transfer to be reverted. Many similar scams are not detected in time and the recovery of funds is not possible. By the time the scam is identified, the scammers’ account has been emptied or closed.

The key to preventing BEC and VEC attacks is to deal with the issue at its source to prevent phishing emails from reaching inboxes and teach employees how to identify and avoid phishing scams. TitanHQ can help in both areas through SpamTitan Email Security and the SafeTitan security awareness training and phishing simulation platform. Businesses should also implement multifactor authentication to stop stolen credentials from being used to access accounts.

Tips for Effective Security Awareness Training

Providing security awareness training to the workforce is necessary for compliance and is often a requirement for getting cybersecurity insurance, but the real purpose of security awareness training is to reduce risk and avoid costly cyberattacks and data breaches.

To get the full benefits you need an effective security awareness training program, where susceptibility to phishing attacks is reduced and your resilience to cyberattacks targeting employees is significantly improved. To help you, we offer some top tips for creating an effective security awareness training program.

Security Awareness Training Must be a Continuous Process

Security awareness training should not be seen as a checkbox item for compliance. To be effective, training needs to be an ongoing process, where the training is reinforced over time. That if unlikely to happen with a once-a-year training session. Another reason for providing ongoing training is cyber threat actors are constantly changing their tactics and regularly come up with new scams. It would be unreasonable to expect employees to be able to recognize these new threats if they have not been covered in training sessions. Through regular training, provided in bite-sized chunks, you can make your employees are made aware of the latest threats which will help them to recognize them when they are encountered.

Make Sure Your Training Content is Interesting

Different employees will respond to different training methods. A classroom-based training session may be good for some employees, but others will respond better to computer-based training, infographics, videos, and quizzes. Keep your training varied to make sure it appeals to a wide audience and try to make the training interesting and engaging to improve knowledge retention, such as using storytelling to trigger emotions and the imagination, and don’t be afraid to use humor. Cybersecurity can be a pretty dry topic for many people and if they can enjoy it, they are more likely to retain the information and apply the training on a day-to-day basis.

Get Buy-in from the C-Suite

If you want to create a security culture in your organization, you will need to get buy in from the C-suite.  Any change in culture in an organization needs to start at the top. The C-Suite must be made aware of the importance of security awareness training and cybersecurity, and using data is usually the best approach. Using a security awareness training company that can provide data on the effectiveness of training at reducing risk will help. You will be able to prove the return on investment you are likely to achieve.

Conduct Phishing Simulations After Providing Training

Providing security awareness training is only one step toward developing a security culture and reducing risk. You also need to conduct tests to determine whether your training is being applied on a day-to-day basis, and the best way to test that is with phishing simulations. Conduct realistic simulations to determine whether the training has been effective. If employees fail simulations, provide extra training.

Do Not Punish Employees for Failing Phishing Simulations

Many companies operate a three strikes and you’re out policy for failing phishing simulations or penalize employees in other ways for falling for phishing emails. Around 40% of organizations take disciplinary action against employees for cybersecurity errors such as phishing simulation failures. Punishing employees for failing to identify phishing simulations often does not have the desired effect.

If you want to encourage employees to be more security-aware and create a security culture, creating a culture of fear is unlikely to help. This approach is likely to cause stress and anxiety, which can lead to the creation of a hostile working environment, and that does not help employees become more security aware. Further, when mistakes are made, employees will be much less likely to report their mistakes to the security team out of fear of negative consequences.

Conduct Real-Time Security Awareness Training

Training is likely to be most effective immediately after employees have made a mistake. By using a security awareness training solution such as SafeTitan, the only behavior-driven security training solution that delivers contextual training in real-time, you can deliver relevant training immediately and explain how a mistake was made and how similar errors can be avoided in the future. For instance, if an employee is discovered to be downloading free software from the Internet, an immediate alert can be delivered explaining why it is not allowed and the risks of installing software without approval from the IT department. If a phishing simulation is failed, employees can be alerted immediately, and it can be turned into a relevant training session.

Benchmark to Learn the Effectiveness of Security Awareness Training

Businesses conduct security awareness training to reduce susceptibility to phishing attacks and other cyber threats, but to gauge the effectiveness of the training there must be a benchmark to measure against. Conducting phishing simulations prior to providing training will allow you to measure how effective the training has been. You can use pre-training simulations to determine how many employees are falling for scams and the percentage of simulated phishing emails that are being reported. You can then reassess after providing training and can determine exactly how effective the training has been.

Security Awareness Training and Phishing Simulations are Not Enough

Providing regular security awareness training and conducting phishing simulations are important for improving resilience to cyber threats and will allow you to prove training has been provided for compliance or insurance purposes, but you also need to make sure that training has been absorbed by employees. Don’t just provide training – use quizzes to assess whether the training has been absorbed. You should also analyze the results of phishing simulations to identify any knowledge gaps that need to be addressed with future training courses. If employees are still falling for a certain type of scam, it could be your training that is the issue.

For more information about security awareness training, conducting phishing simulations, and to discover the benefits of real-time security awareness training, contact TitanHQ today for more information about SafeTitan. You can also take advantage of a free trial of the solution before deciding on a purchase.

Have You Created a Human Firewall?

It is important for security to implement an advanced spam filtering solution to block email threats such as phishing and malware, but security awareness training for the workforce is still necessary. The reason why phishing attacks are successful is that they target a weak point: employees. Humans make mistakes and are one of the biggest vulnerabilities as far as security is concerned. All it takes is for one phishing email to sneak through your defenses and land in an inbox and for the recipient to click a link in the email or open a malicious attachment for a threat actor to get the foothold they need in your network.

The easiest way to target employees is with phishing emails. The majority of phishing emails will be blocked by your spam filter, but some emails will be delivered. It doesn’t matter how advanced and effective your spam filter is, it will not block every single phishing email without also blocking an unacceptable number of genuine emails.

Phishing emails are used to achieve one of three aims: To trick individuals into disclosing credentials, to trick them into emailing sensitive data, or to trick them into installing malware. There are many tactics, techniques, and procedures (TTPs) employed in phishing attacks to make the emails realistic, convincing, and to get employees to act quickly. The emails may closely match standard business emails related to deliveries, job applications, invoices, or requests for collaboration. Spoofing is used to make the messages appear to have come from a trusted sender. Emails can spoof brands and often include the correct corporate logos, formats, and color schemes. While phishing emails include red flags that indicate all is not what it seems, busy employees may not notice those flags. Further, sophisticated, targeted phishing attacks contain very few red flags and are very difficult to identify. Even system administrators can be fooled by these attacks.

Businesses cannot expect every employee to be an expert at identifying phishing emails and other email threats, nor should they assume that employees have a good understanding of security practices that need to be employed. The only way to ensure employees know about security practices and how to recognize a phishing email is to provide security awareness training.

Security Awareness Training Improves Resilience to Phishing Attacks

The purpose of security awareness training is to make the workforce aware of the threats they are likely to encounter and to provide them with the tools they need to recognize and avoid those threats. Security awareness training is not a checkbox item that needs to be completed for compliance, it is one of the most important steps to take to improve your organization’s security posture and it needs to be an ongoing process. You could provide a classroom-based training session or computer-based training session once a year, but the TTPs of cyber threat actors are constantly changing, so that is not going to be sufficient. More frequent training, coupled with security reminders, newsletters, and updates on the latest threats to be wary of will ensure that security is always fresh in the mind, and it will help you to develop a security culture in your organization.

One of the most effective strategies is to augment training with phishing simulations. Phishing simulations involve sending fake but realistic phishing emails to employees to see how they respond. If you do not conduct these tests, you will not know if your training has been effective. The simulations will identify employees that require further training and the simulations will give employees practice at recognizing malicious emails. Reports from these simulations allow security teams to assess how resilient they are to phishing attacks and other email threats and will allow them to take action and focus their efforts to make immediate improvements.

SafeTitan Security Awareness Training & Phishing Simulations

TitanHQ can now help businesses create a human firewall through SafeTitan Security Awareness Training. SafeTitan is the only behavior-driven security awareness platform that delivers training in real-time and will greatly improve resilience to social engineering and advanced phishing attacks.

If you want to improve your resilience to cyberattacks, prevent more data breaches, and avoid the costs and reputation damage caused by those incidents, you need to be training your workforce and running phishing simulations. Get in touch with TitanHQ today for more information and get started creating your human firewall.