Blog

TitanHQ Adds Several New Features and Enhancements to the WebTitan DNS Filter

WebTitan Cloud is an award-winning DNS filter that prevents access to malicious websites and allows businesses to control the web content users can access with precision. This week, TitanHQ has announced the release of a new version of WebTitan Cloud, that includes new features to improve usability, security, protection for remote workers, and provides greater insights into DNS requests. These new features now form part of an industry-leading feature set that is in a cloud-delivered solution that is easy to set up, use, and maintain.

New UI with Advanced Reporting Features

If you are a current WebTitan Cloud user, the first change you will notice is the new user interface which provides easy access to all WebTitan Cloud features. The enhancements provide intuitive, advanced, relevant, and easy-to-digest data, through new interactive reports and data visualization tools, which are embedded into the UI to improve the user experience.

The advanced security reports show malware-infected clients, malware-infected domains, malware-infected users, blocked phishing sites, blocked phishing domains, and blocked phishing sites by user, and the view can be customized by date and client IP. New reports show behavior, blocked sites, and trends to provide insights into network use and threats. These reports have been added based on the feedback received by WebTitan Cloud users.

Interactive Threat Intelligence with DNS Data Offload

The latest version of WebTitan Cloud provides users with easier access to valuable threat intelligence to aid IT decision-making, network troubleshooting, and security planning. Users can now list DNS request history on screen, download DNS request logs, view all DNS data to gain valuable insights into activity, and easily extract DNS query data for sophisticated integrations and advanced data analysis.

DNSSEC Security Enhancements

WebTitan Cloud now benefits from security enhancements to protect against DNS attacks by strengthening authentication using Domain Name System Security Extensions (DNSSEC). DNSSEC uses digital cryptographic signatures to verify the origin and integrity of data during the DNS resolution process to protect against malicious DNS poisoning attacks. Users of WebTitan Cloud can implement DNSSEC through a simple and straightforward process to improve security.

WebTitan OTG Improvements for Protecting Off Network Users

The WebTitan On-the-Go (OTG) agent allows users to extend the protection of WebTitan Cloud to off-network users, no matter where they connect to the Internet. WebTitan OTG was introduced some time ago; however, the latest release includes several enhancements. The JSON Config filters have been replaced for OTG devices, and the agent used to protect, manage, and monitor off-network users has been significantly improved. It is also much easier to add and update exceptions to OTG devices through an easy-to-use interface.

“This WebTitan release is hitting so many key pillars of success for TitanHQ. The data offload feature has been requested by many customers and creates real differentiation for our solution in the market. This coupled with our new advanced reporting were major requests from our MSP customers,” said Ronan Kavanagh, CEO of TitanHQ. “Finally, security is at the heart of what we do and are, the addition of DNSSEC just continues to add to our credentials.”

New Reverse Proxy Phishing-as-a-Service Helps Low-Skilled Hackers Bypass MFA

When multifactor authentication is set up on accounts, attempts to access those accounts using stolen credentials will be prevented, as in addition to a correct username and password, another factor must be provided to authenticate users. Phishing attacks may allow credentials to be stolen, but that does not guarantee accounts can be accessed. More companies are implementing multifactor authentication which means phishing attacks need to be more sophisticated to bypass the protection provided by multifactor authentication.

One of the ways that multifactor authentication can be bypassed is by using a reverse proxy. In a phishing attack, an email is sent to a target and a link is provided to a malicious website hosting a phishing form that spoofs the service of the credentials being targeted – Microsoft 365 for example. Instead of just collecting the login credentials and using them to try to remotely access the user’s account, a reverse proxy is used.

The reverse proxy sits between the phishing site and the genuine service that the attacker is attempting to access and displays the login form on that service. When the credentials are entered, they are relayed in real-time to the legitimate service, and requests are returned from that service, such as MFA requests. When the login process is successfully completed, a session cookie is returned which allows the threat actor to access the genuine service as the victim. The session cookie can also contain the authentication token. In these attacks, once the session cookie has been obtained, the victim is usually presented with a notification telling them the login attempt has failed or they are directed to another site and will likely be unaware that their credentials have been stolen and their account is being accessed.

These attacks allow the victim’s account to be accessed for as long as the session cookie remains valid. If it expires or is revoked, the attacker will lose access to the account. To get around this and gain persistent access, account details may be changed or other authentication methods will be set up.

These types of phishing attacks are much more sophisticated than standard phishing attacks, but the extra effort is worth the investment of time, money, and resources. Many advanced persistent threat actors use reverse proxies in their phishing campaigns and have developed their own custom reverse proxies and tools.  There are, however, publicly available kits that can be used in phishing campaigns such as Modlishka, Necrobrowser, and Evilginx2. These kits can be used at a cost and allow MFA to be bypassed, although they can be complicated to set up and use.

Now a new phishing-as-a-Service (PaaS) platform has been identified – EvilProxy – that is being pushed on hacking forums. EvilProxy allows authentication tokens to be stolen from a range of vendors including Microsoft, Apple, Twitter, Facebook, Google, and more, according to Resecurity which recently reported on the phishing kit.

EvilProxy lowers the bar considerably and makes conducting reverse proxy phishing attacks far simpler. The service includes instructional videos, provides a user-friendly graphical interface, and even supplies templates of cloned phishing pages for stealing credentials and auth tokens. Through the graphical interface, threat actors can set up and manage their phishing campaigns with ease. EvilProxy comes at a cost, starting at $150 for 10 days up to $400 for a month. While the service is not cheap, the potential rewards can be considerable. EvilProxy allows low-skill threat actors to gain access to valuable accounts, which could be used or sold on to other threat actors such as ransomware gangs.

Multifactor authentication is strongly recommended as it will block the majority of attacks on accounts; however, it can be bypassed by using reverse proxies. Protecting against reverse proxy phishing attacks requires a defense-in-depth approach. An email security solution – SpamTitan for example – should be implemented to block the initial phishing email. A web filter – WebTitan – should be used to block attempts to visit the malicious websites used in these man-in-the-middle attacks. Security awareness training is important for training employees on how to recognize and avoid phishing threats, and employers should conduct phishing simulation tests as part of the training process. TitanHQ’s SafeTitan platform allows businesses to conduct regular training and phishing simulations with ease.

Vote for SpamTitan in the PeerSpot 2022 User Choice Awards!

For more than 10 years, PeerSpot (formerly IT Central Station) has been helping tech pros make intelligent decisions on the best information technology solutions to implement to ensure they get the solutions that perfectly address the needs of their businesses. The PeerSpot Buying Intelligence Platform is powered by the world’s largest community of enterprise tech buyers and bridges the gap between vendors and buyers. Vendors are helped through the voice of their customers, and enterprise tech buyers receive relevant and practical advice to help them make better purchasing decisions. The platform provides in-depth reviews of products, online forums, and tech buyers have access to direct Q&A support.

This year sees PeerSpot launch its first Annual User’s Choice Award program to recognize the products that are helping businesses to achieve their goals. Customers of enterprise technology vendors are invited to vote for their favorite B2B Enterprise Technology products across 11 product categories.

In 2022, those product categories are:

  • Endpoint Protection for Business
  • Firewalls
  • Backup and Recovery Software
  • Network Monitoring Software
  • HCI
  • All-Flash Storage Arrays
  • Email Security
  • Ethernet Switches
  • Application Security Tools
  • Functional Testing Tools
  • Rapid Application Development Software

In order for a solution to be included in the relevant category, it must be amongst the highest-rated products on the PeerSpot Buying Intelligence Platform. That requires a product to have generated significant user engagement on the platform and to have been rated highly by verified users of the solutions.

The winners in each category will be decided by popular vote.

TitanHQ is proud to have had its SpamTitan solution included as one of the top spam filtering, anti-phishing, and anti-malware solutions in the email security category. SpamTitan provides layered protection for enterprises, SMBs, and managed service providers and blocks email-based threats such as phishing, malware, spam, viruses, and botnets. The solution incorporates signature- and behavior-based detection to block malware threats and predictive technologies to anticipate zero-minute threats.  SpamTitan is much loved by users not just for its performance, but also ease of set up, use, maintenance, price, and the industry-leading customer support provided by TitanHQ. SpamTitan has an overall star rating of 4.6/5 on the platform.

If you love using SpamTitan and it has helped your business block more threats, cut down on the resources you have had to devote to email security, or saved you money, TitanHQ encourages you to vote for SpamTitan. Voting will take around a minute of your time. Votes are being accepted until September 16th, 2022, and the winners in each category will be announced by PeerSpot on October 25, 2022.

Vote for SpamTitan Email Security Here

Common Security Awareness Training Mistakes to Avoid

Technology is vital for defending against cyberattacks, but it is important not to neglect employee training. Training the workforce on how to recognize and avoid threats should be a key part of your security strategy, but if you want to get the best return on your investment it is important to avoid these common security awareness training mistakes.

Why Security Awareness Training is Essential

Data from the ransomware remediation firm, Coveware, shows phishing is the main way that ransomware gangs gain initial access to business networks, and IBM reports that phishing is the main way that data breaches occur. In 2021, 40% of all data breaches started with a phishing email. Businesses should implement technologies to block these attacks, such as a spam filter, antivirus software, and a web filter; however, even with these defenses in place, threats will arrive in inboxes, they can be encountered over the Internet, or via instant messaging services, SMS, or over the phone. Unless you totally isolate your business from the outside world, employees will encounter threats.

It is therefore important to provide security awareness training to teach employees how to recognize and avoid threats and to educate them on cybersecurity best practices that they should always follow. Security awareness training is concerned with equipping employees with the skills they need to play their part in the overall security of the organization, to give them practice at detecting threats, and build confidence. Through training, you can create a human firewall to add an extra layer to your cybersecurity defenses.

Security Awareness Training Mistakes to Avoid

It is important to avoid these common security awareness training mistakes, as they can seriously reduce the effectiveness of your training.

Infrequent training

Creating a training course that covers all security best practices and threats to educate the workforce is important, but if you want to change employee behavior and get the best return on your investment, it is important to ensure that your training is effective. If you provide a once-a-year training session, after a few weeks the training may be forgotten. One of the most common mistakes with security awareness training is not providing training often enough. Training should be an ongoing process, provided regularly. You should therefore be providing training regularly in small chunks. A 10-minute training session once a month is much more likely to change behavior than a once-a-year training session.

Not making training fun and engaging

Cybersecurity is a serious subject, but that does not mean that training cannot be enjoyable. If your training course is dull and boring, your employees are likely to switch off, and if they are not paying attention, they will not take the training on board. Use a third-party security awareness training course that includes interactive, gamified, and fun content that will engage employees, and use a variety of training materials, as not everyone learns in the same way.

Using the same training course for all employees

Don’t develop a training course and give the same course to everyone. Use a modular training course that teaches the important aspects of security, but tailor it to user groups, departments, and roles. Training should be relevant. There is no point in training everyone how to recognize specific threats that they will never encounter.

Not conducting phishing simulations

Training and then testing is important to make sure that the training content has been understood, but that is unlikely to change employee behavior sufficiently. The best way to reinforce training and change employee behavior is by conducting phishing simulations. These simulations should be relevant, reflect real-world threats, and should be conducted regularly. Phishing simulations will show you how employees respond to threats when they are completing their work duties and are not in a training setting. If a phishing simulation is failed, it is a training opportunity. Provide targeted training to employees who fail, specific to the mistake they made.

Not providing training in real-time

Intervention training is the most effective. When an employee makes a security mistake, training should be automatically triggered, such as when an employee fails a phishing simulation or takes a security shortcut. If the employee is immediately notified of the error and is told where they went wrong, that will be much more effective at changing behavior than waiting until the next scheduled training session.

Speak with TitanHQ About Security Awareness Training

TitanHQ offers a security awareness training and phishing simulation platform for businesses – SafeTitan – that makes workforce training simple. The platform includes an extensive library of gamified, fun, and engaging content on all aspects of security to allow businesses to create customized training for all members of the workforce and automate phishing simulations.

The platform is easy to set up, use, and customize, and the platform is the only security awareness training solution that provides intervention training in real-time in response to employees’ security errors. For more information contact TitanHQ and take the first step toward creating a human firewall.

What is Callback Phishing?

Phishing attacks are mostly conducted via email but there has been a major increase in hybrid phishing attacks over the past 12 months, especially callback phishing. Here we explain what callback phishing is, why it poses such a threat to businesses, and why threat actors are favoring this new approach.

What is Callback Phishing?

Email phishing is used for credential theft and malware distribution, but one of the problems with this type of phishing is most businesses have email security solutions that scan inbound emails for malicious content. Phishing emails and malicious files distributed via email are often identified as such and are rejected or quarantined. Some threat actors conduct voice phishing, where an individual is contacted by telephone, and attempts are made to trick them into taking an action that benefits the scammer using a variety of social engineering tactics.

Callback phishing is a type of hybrid phishing where these two methods of phishing are combined. Initially, an email is sent to a targeted individual or company that alerts the recipient to a potential problem. This could be an outstanding invoice, an upcoming payment or charge, a fictitious malware infection or security issue, or any of a long list of phishing lures. Instead of further information being provided in an attachment or on a website linked in the email, a telephone number is provided. The recipient must call the number for more information and to address the issue detailed in the email.

The phone number is manned by the threat actor who uses social engineering techniques to trick the caller into taking an action. That action is usually to disclose credentials, download a malicious file, or open a remote desktop session. In the case of the latter, the remote desktop session is used to deliver malware that serves as a backdoor into the victim’s computer and network.

This hybrid approach to phishing allows threat actors to get around email security solutions. The only malicious element in the initial email is a phone number, which is difficult for email security solutions to identify as malicious and block. That means the emails are likely to reach their targets.

Major Increase in Callback Phishing Attacks

Callback phishing was adopted by the Ryuk ransomware threat group in 2019 to trick people into installing BazarBackdoor malware, in a campaign that was dubbed BazarCall/BazaCall. Typically, the lure used in these attacks was to advise the user about an upcoming payment for a subscription or the end of a free trial, with a payment due to be automatically taken unless the trial/subscription is canceled by phone.

The Ryuk ransomware operation is no more. The threat actors rebranded as Conti, and the Conti ransomware operation has also now shut down; however, three threat groups have been formed by members of the Conti ransomware operation – Silent Ransom, Quantum, and Zeon – and all have adopted callback phishing as one of the main methods for gaining initial access to victims’ networks for conducting ransomware attacks. These three groups impersonate a variety of companies in their initial emails and trick people into believing they are communicating with a genuine company. The aim is to get the user to establish a remote desktop session. While the user is distracted by the call, a second member of the team uses that connection to install a backdoor or probe for ways to attack the company, without the user being aware what is happening.

Callback phishing is also used by other threat groups for credentials theft and malware distribution, often by impersonating a cybersecurity firm and alerting the user to a security threat that needs to be resolved quickly. These attacks see the user tricked into installing malware or disclosing their credentials. According to cybersecurity firm Agari, phishing attacks increased by 6% from Q1, 2022 to Q2, 2022, and over that same time frame hybrid phishing attacks increased by an incredible 625%.

How to Protect Against Callback Phishing Attacks

As is the case with other forms of phishing, the key to defending against attacks is to implement layered defenses. Email security solutions should be implemented that perform a range of checks of inbound emails to identify malicious IP addresses. Email security solutions such as SpamTitan incorporate machine learning mechanisms that can detect emails that deviate from those normally received by an organization. Multi-factor authentication should be implemented on accounts to block attempts to use stolen credentials.

The best defense against callback phishing is to provide security awareness training to the workforce. Employees should be told about the social engineering tactics used in these attacks, the checks everyone should perform before responding to any email, and the signs of callback phishing to look out for. Callback phishing simulations should also be conducted to gauge how susceptible the workforce is to callback phishing. A failed simulation can be turned into a training opportunity to proactively address the lack of understanding.

TitanHQ offers a comprehensive security awareness training platform for businesses – SafeTitan – that covers all forms of phishing and the platform included a phishing simulator for conducting phishing tests on employees. For more information, give the TitanHQ team a call today.