Blog

TitanHQ Placed 33 in 2021 Deloitte Technology Fast 50 List

TitanHQ has been included in the 2021 Deloitte Technology Fast 50 List of the fastest-growing tech companies in Ireland. The Award program has now been running for 22 years and celebrates innovation and entrepreneurship in Ireland’s indigenous technology sector.

Deloitte compiles the list based on percentage revenue growth over the past 4 years, with TitanHQ ranking in position 33 in the list after a long period of sustained growth. That growth continued throughout the COVID-19 pandemic when many businesses have struggled. Not only has the company significantly increased its customer base over the past 4 years, the workforce has also had a major expansion. Between September 2020 and April 2021, TitanHQ’s workforce doubled in size.

As well as impressive organic growth, TitanHQ has benefitted from investment from Livingbridge Investor Group which has allowed the company to continue to recruit the best talent to support its business and invest in product development. As well as making improvements to its existing product portfolio, the company released a new product this month – SpamTitan Plus.

SpamTitan Plus builds on the protection provided by SpamTitan Gateway and SpamTitan Cloud but significantly improves detection of the malicious URLs in emails that are used for phishing and malware distribution. SpamTitan Plus has coverage of all major phishing feeds and has the fastest and best detection rates of malicious URLs than any of the market-leading anti-spam solutions.

“As a result of increased demand globally for our solutions, we have invested heavily in product development and embarked on a recruitment campaign to double our workforce in a program that will allow that growth to continue,” said TitanHQ CEO, Ronan Kavanagh. “The quick move to remote working last year has made us all aware of how important it is to be adaptable and have the right security solutions in place to protect users, customers, company data, and systems.”

TitanHQ’s customer base has now increased to more than 12,000 businesses, including over 2,500 managed service providers in 150 countries, with much of TitanHQ’s growth over the past 4 years due to the increase in overseas customers. That growth was also recognized by Deloitte, which awarded TitanHQ runner-up spot in the Scale Up Award. The Scale Up Award recognizes companies that have enjoyed significant overseas growth over the past 4 years.

“Congratulations to all of the companies that ranked this year. This is the first year we have seen the impact the pandemic has had on revenues of Irish tech companies,” said David Shanahan, Partner, Deloitte “It will come as no surprise that many of this year’s winners have achieved accelerated growth and scale as a result of the pandemic and being able to capitalize on the global move to a digital way of life.”

Hijacked Email Threads with Malicious Links to Fake PDF Files Used to Distribute the Emotet Trojan

The Emotet botnet was one of the largest ever seen and certainly one of the most dangerous. Phishing emails were used to infect devices with Emotet malware, which added the devices to the botnet. The operators of Emotet then sold access to other threat actors such as ransomware gangs. The botnet was shut down by an international law enforcement effort and the cleanup operation saw the malware removed from all infected devices. While that severely disrupted the Emotet operation for several months, the botnet is now back with a vengeance.

The TrickBot Trojan was one of the malware variants downloaded by Emotet, but it was used in the early stages of rebuilding the Emotet botnet, with the two malware operations completely reversing roles. The Emotet botnet has been rapidly rebuilt and is being used once again to infect victims’ devices with malware Qbot. Emotet is no longer relying on TrickBot to infect devices.

Emotet is once again being distributed by hijacking email threads and sending messages that appear to a reply to a previous conversation. While this method has previously seen malicious attachments added to those threads, according to Bleeping Computer a new tactic is now being used. A malicious hyperlink is inserted into the message threads that appears to be a link to a PDF file hosted on a remote server. In one example, “Please see attached and thanks” was inserted along with a hyperlink in response to a previous conversation.

If the link is clicked, the user is directed to what appears to be a shared document on Google Drive, where the user is asked to click the link to preview the PDF file. However, clicking the link attempts to open an appinstaller file hosted on Microsoft Azure. The user is required to accept the appinstaller prompt, which appears to be attempting to install an Adobe PDF component with permissions to use all system resources.

The package has a valid certificate and includes the Adobe PDF logo, but it will install a malicious appxbundle that will infect the user’s device with the Emotet Trojan. Emotet will then download other malicious payloads, which often lead to a ransomware attack. The Cryptolaemus group, which tracks and reports on Emotet activity, says the new URL-based lures are being used in addition to the standard Emotet tactics of distributing the malware using .zip and .docx email attachments.

The Emotet botnet has been rebuilt at a tremendous pace and there has been a massive increase in Emotet activity in the past few days. Malwarebytes detected a major spike in activity on November 26 and abuse.ch reported an even bigger spike on December 1, when 447% more malicious sites were being used to distribute the malware than in early November. Emotet has once again grown into a significant threat and its infrastructure has been upgraded to make it even more resilient and prevent any further takedown attempts by law enforcement. It is looking like the Emotet botnet is back and stronger than it was before the takedown.

So how can businesses protect against Emotet? End user training is important, but the tactics used by the Emotet gang are effective and fool many users into starting the infection process. The key to protection is to block the phishing emails that are the initial attack vector and that requires an advanced spam filtering solution.

TitanHQ has recently launched a new product – SpamTitan Plus – with significantly improved protection against malicious links which, coupled with dual antivirus protection and sandboxing, can protect against phishing and malware threats delivered by email.

To find out more about how TitanHQ solutions can protect your business against malware, phishing, and ransomware attacks, give the TitanHQ team a call.

UK Omicron Phishing Campaign Takes Advantage of New WHO Variant of Concern

A new Omicron phishing scam has been detected in the UK that spoofs the NHS and attempts to steal personal and financial information using a free COVID Omicron PCR test as a lure. The campaign is likely to be one of many taking advantage of fears about the latest SARS-CoV-2 variant of concern.

COVID-19 phishing scams have been a regular feature of the pandemic, so it is no surprise that the latest turn of events has triggered a wave of new phishing emails. The emergence of Omicron, a variant of concern that has the potential to escape the protections provided by COVID-19 vaccines, has naturally alarmed scientists and the general public alike and has created an opportunity for phishers.

Phishers use fear and urgency in their phishing scams to convince people to take an action that they would otherwise not do. The emergence of the Omicron variant has already generated fear, and the phishers are providing a solution. The Omicron phishing campaign was detected in the United Kingdom and impersonates the National Health Service (NHS). The emails offer a newly developed COVID-19 PCR test that is able to detect infection with the Omicron variant. The campaign is being conducted via email and text message, but this approach could easily be conducted by telephone.

One of the intercepted phishing emails tells the recipient that “NHS scientists have warned that the new Covid variant omicron spreads rapidly, can be transmitted between fully vaccinated people, and makes jabs less effective,” echoing the current fears of scientists. The email goes on to say, “However, as the new covid variant (Omicron) has quickly become apparent, we have had to make new test kits as the new variant appears dormant in the original tests.”

In order to receive the new test, the victim must click on a hyperlink in the email and will be directed to a webpage that spoofs the NHS patient portal. They are asked to enter their personal information, including their name, address, date of birth, contact telephone numbers, and email address. The NHS is a free healthcare service; however, the scammers request payment to cover postage costs. In order to pay the £1.24 delivery charge, the phishing page asks for bank account/credit card information and mother’s maiden name.

As is common in phishing campaigns, emails also include a threat. In a section titled, “What happens if you decline a COVID-19 Omicron test?”, victims are told that they will be required to isolate. While the emails contain red flags, such as multiple spelling and grammatical errors, the NHS branding and email address used to send the messages – contact-nhs[@]nhscontact.com – may be enough to convince people that the request is legitimate.

The success of this Omicron phishing scam depends on people taking action without carefully considering what they are being asked to do. While Omicron is a genuine cause of concern, always stop and think about any request for sensitive information via email, text message, social media messages, or phone calls. Official messages from the NHS will be free of spelling mistakes and the NHS will never ask for payment for sending COVID-19 tests.

While this Omicron phishing scam targets individuals, many COVID-19 phishing campaigns have targeted businesses and attempt to either obtain credentials or deliver malware. Businesses need to ensure they implement an anti-phishing solution that is capable of identifying and blocking phishing emails.

TitanHQ has developed a suite of cybersecurity solutions to protect businesses from cyberattacks such as phishing, with the latest solution – SpamTitan Plus – providing even greater protection against phishing attacks. SpamTitan Plus includes additional measures to improve malicious URL detection along with time-of-click protection to prevent employees from visiting the malicious websites linked in phishing emails.

If you want to improve protection against phishing attacks and the full range of email threats, contact TitanHQ today for more information on the best phishing solution to meet the needs of your business.

SpamTitan Plus Launched by TitanHQ to Combat Zero-Day Phishing Attacks

Phishing is the number one cybersecurity threat faced by businesses and attacks are becoming highly sophisticated. Phishing is used to obtain sensitive information such as login credentials and for distributing malware and ransomware. 91% of all cyberattacks start with phishing emails.

Many businesses now provide security awareness training for the workforce to raise awareness of the threat from phishing and to teach employees the skills that will allow them to identify and avoid phishing emails, but the click rates in phishing emails remain high. According to Security Affairs, 97% of users fail to identify phishing emails. The reason is phishing emails are now being created that are virtually indistinguishable from genuine communications from trusted sources and phishers are experts at social engineering.

The best defense against phishing is a spam filter – A technical solution that scans all inbound (and outbound) emails and performs a wide range of checks and analyses, all of which must be passed in order for an email to be sent to an inbox. Spam filters scan the message headers and message body for signs of spam and phishing, and attachments are scanned using anti-virus engines that identify known malware variants. Hyperlinks in messages are also checked; however, phishers are constantly developing new techniques for hiding malicious URLs from email security solutions.

TitanHQ’s spam and phishing protection solution – SpamTitan – already provides excellent protection from spam and phishing emails; however, a new product – SpamTitan Plus – has now been launched that significantly improves detection rates. SpamTitan Plus provides advanced phishing protection with better coverage, better phishing link detections, faster detection speed, and also has the lowest false positive rate of any product.

“The overwhelming feedback from our users and customer base has been that phishing attacks are becoming more advanced, proficient, and dangerous. Phishing is the number one problem to solve in the email security community,” said TitanHQ CEO Ronan Kavanagh. “With that in mind, we allocated resources and investment to develop a solution with new, cutting-edge, robust, fast phishing threat intelligence driven by a team of security specialists. We’re very happy with the result – SpamTitan Plus”.

SpamTitan Plus includes leading-edge, AI-driven anti-phishing prevention and incorporates the newest “zero-day” threat intelligence, providing better protection than current market-leading email security solution providers at neutralizing malicious links in emails.

All URLs in emails are inspected to determine if they are malicious and are rewritten, and a time-of-click analysis is performed. This is important as the URLs in phishing emails may not be malicious at the time of delivery and may be weaponized with malware after they have passed email security checks. The time-of-click protection involves several dynamic checks, including a page evaluation to identify spoofed websites and login pages and the following of any redirects. If a user clicks on a malicious URL, instead of being directed to the website they will be sent to a local block page that provides further information.

Independent tests of SpamTitan Plus show:

  • 100% coverage of phishing threats from the current market-leading anti-phishing feeds
  • 5X increase in unique phishing URL threat detection than the current market leaders
  • 6X faster and more rapid phishing detection than the current market leaders

10 million new, previously undiscovered phishing URLs are detected every single day and there is only a 5-minute delay from the initial detection of a malicious URL to protect an end user’s mailbox.

SpamTitan is relied upon by 12,000 customers and 3,000 Managed Service Providers for protecting against spam and phishing emails. They can now choose to significantly improve protection with SpamTitan Plus. For more information about SpamTitan Plus, Give the TitanHQ team a call today.

Warning Issued About Brand Phishing Attacks and the Widespread Availability of Scampage Tools

The Federal Bureau of Investigation (FBI) has issued a warning about an increase in spear phishing campaigns impersonating big name brands. Brand phishing is incredibly common and is an effective way of getting individuals to disclose sensitive information such as login credentials or install malware.

Brand phishing abuses trust in a brand. When individuals receive an email from a brand they know and trust, they are more likely to take the action requested in the email. Brand phishing emails usually include the logo of the targeted brand, and the emails use the same message formats as genuine communications from those brands. Links are usually included to malicious web pages that are often hidden in buttons to hide the true destination URL.

If a user clicks the link, they are directed to an attacker-controlled domain that similarly uses branding to fool the victim and make them think they are on the genuine website of the spoofed brand. These webpages include forms that harvest sensitive data. Alternatively, malicious files may be downloaded, with social engineering techniques used to trick victims into opening the files and installing malware.

Cyber threat actors are offering scampage tools on underground marketplaces to help other cybercriminals conduct more effective phishing campaigns. These scampage tools are offered under the product-as-a-service model and allow individuals to conduct convincing phishing campaigns, even people who do not possess the skills to conduct phishing campaigns. With phishing opened up to would-be cybercriminals, the threat to individuals and businesses increases.

The FBI says the scampage tools now being offered can recognize when individuals use their email address as their login ID for a website. Websites require a unique username to be provided when creating an account, and many use an individual’s email address as their username by default.

The scampage tools can identify when a user has set their email address as their username, and when that is detected, they will be directed to a scampage for the same email domain. The user is required to enter their password to log in, which will allow the threat actor to obtain the password and access the victim’s email. With access to the email account, attackers can intercept 2-factor authentication codes, thus bypassing this important control mechanism. With 2FA codes, the attacker will be able to gain access to accounts and make changes, including updating passwords to lock users out of their accounts or change security rules before the owner of the account can be notified.

“Much like the threat with ransomware-as-a-service, this type of product-as-a-service distribution of scampage and credential harvesting tools presents an increased nationwide risk to private sector businesses and their consumers,” said the FBI in its public service announcement. “Brand-phishing email campaigns and scampage tools that help bypass 2FA security measures represent another aspect to this emerging cyber threat.”

To counter the threat, businesses should implement an advanced spam filtering solution to block phishing emails and prevent them from being delivered to employee inboxes. Password policies should be created that require strong passwords to be set, and checks performed to ensure commonly used or weak passwords cannot be set on accounts. Employees should be told to never reuse passwords on multiple accounts and to ensure that all business accounts have unique passwords. Security awareness training should be provided to the workforce to teach email security best practices and train employees on how to identify phishing emails and other scams.

Given the increase in the use of scampage tools, if there is the option, users should set a unique username for an account that is not associated with their primary email address. 2-factor authentication should be configured, and where possible, a software-based authenticator program should be used or a USB security key as the second factor. Alternatively, provide a mobile number for a 2FA code and avoid using a primary email address to receive 2FA codes. If an email address is required, it is best to use an alternative email account.