SpamTitan Named Leading Secure Email Gateway Solution

SpamTitan, TitanHQ’s business email security solution, has been named leader in the Spring G2 Crowd Grid Report for Email Security Gateways.

G2 Crowd is a peer-to-peer review platform for business solutions. G2 Crowd aggregates user reviews of business software and the company’s quarterly G2 Crowd Grid Reports provide a definitive ranking of business software solutions.

The amalgamated reviews are read by more than 1.5 million site visitors each month, who use the reviews to inform software purchases. To ensure that only genuine reviews are included, each individual review is subjected to manual review.

The latest G2 Crowd Grid Report covers email security gateway solutions. Gateway solutions are comprehensive email security platforms that protect against email-based attacks such as phishing and malware. The email gateway is a weak point for many businesses and it is one that is often exploited by cybercriminals to gain access to business networks. A powerful and effective email gateway solution will prevent the vast majority of threats from reaching end users and will keep businesses protected.

To qualify for inclusion in the report, email gateway solutions needed to scan incoming mail to identify spam, malware, and viruses, securely encrypt communications, identify and block potentially malicious content, offer compliant storage through archiving capabilities, and allow whitelisting and blacklisting to control suspicious accounts.

For the report, 10 popular email security gateway solutions were assessed from Cisco, Barracuda, Barracuda Essentials, Proofpoint, Mimecast, Symantec, McAfee, Solarwinds MSP, MobileIron, and TitanHQ. Customers of all solutions were required to give the product a rating in four areas: Quality of support, ease of use, meets requirements and ease of administration.

TitanHQ the leader in business email security, today announced it has been recognized as a leader in the G2 Crowd Grid? Spring 2019 Report for Email Security.

TitanHQ’s SpamTitan was named leader based on consistently high scores for customer satisfaction and market presence. 97% of users of SpamTitan awarded the solution 4 or 5 stars out of 5 and 92% said they would recommend SpamTitan to others.

SpamTitan scored 94% for quality of support and meeting requirements. The industry average in these two areas was 84% and 88% respectively. The solution scored 92% for ease of use against an industry average of 82%, and 90% for ease of admin against an average value of 83%.

“TitanHQ are honored that our flagship email security solution SpamTitan has been named a leader in the email security gateway category,” said Ronan Kavanagh, CEO, TitanHQ. “Our customers value the uncompromised security and real-time threat detection. The overwhelmingly positive feedback from SpamTitan users on G2 Crowd is indicative of our commitment to ensuring the highest levels of customer success.”

If you want to improve email security without breaking the bank and want a solution that your IT staff will like using, SpamTitan is the ideal choice.

SpamTitan is available on a 100% free trial to allow you to try before committing to a purchase; however, if you have any questions about the solution, contact the TitanHQ team who will be happy to help and can schedule a product demonstration.

Emotet Malware Revives Old Email Conversations Threads to Increase Infection Rates

Emotet malware was first identified in 2014 and its original purpose was to obtain banking credentials and other sensitive information; however, the malware is regularly updated and new functionality is added. Emotet malware is now one of the most prevalent and dangerous malware threats faced by businesses.

The malware can detect whether it is running in a virtual environment and will generate false indicators in such cases. The malware is polymorphic, which means it changes every time it is downloaded. That makes it difficult to detect using the signature-based detection methods employed by standard anti-virus software.

The malware also has worm-like features which allows it to rapidly spread to other networked computers. Emotet is also capable of spamming and forwarding itself to email contacts. As if infection with Emotet is not bad enough, it can also download other malware variants onto infected devices.

Emotet malware is one of the most destructive malware variants currently in use and cleaning up Emotet attacks can be incredibly costly. The Department of Homeland Security has reported that some attacks on state, local, tribal, and territorial governments have cost more than $1 million to resolve.

Emotet malware is primarily distributed via spam email, either through malicious attachments or hyperlinks to websites where the malware is silently downloaded. The lures used in the messages are highly varied and include most of the commonly used phishing lures such as shipping notifications, fake invoices, payment requests, PayPal receipts.

Now the threat actors behind the malware have adopted a new tactic to increase infection rates. Once installed on a device, the malware accesses email conversation threads and forwards the message to individuals named in the thread.

The original email conversation is unaltered, but a hyperlink is added to the top of the message. The link directs the recipient to a webpage where a file download is triggered. Opening the document and enabling macros will see Emotet downloaded. Email attachments may also be added to previous conversation threads in place of hyperlinks.

Since the messages come from a known individual with whom an email conversation has taken place in the past, the probability of the document being opened is greater than if messages come out of the blue or are sent from an unknown individual.

Several cybersecurity firms have identified a campaign using this tactic, including phishing intelligence provider Cofense and security researcher Marcus Hutchins (MalwareTech).

The current campaign uses revived conversations from before November 2018, although more recent conversations may be revived in further campaigns. Any revived old email conversation that contains a link or an attachment could indicate a user has been targeted and that at least one member of the email exchange has been infected with Emotet.

The current campaign is not only extensive, it is also proving to be extremely successful. Spamhaus reports that there have been 47,000 new infections in the past two months alone, while Cofense reports that it has identified more than 700,000 infections in the past 12 months.

Protecting against this dangerous malware requires a powerful anti-spam solution and good security awareness training for staff. SpamTitan’s new features can help to detect malicious emails spreading Emotet malware to better protect businesses from attack.

To find out more about SpamTitan and how the solution can protect your business, give TitanHQ a call today.

Tax-Related Phishing Scams Delivering TrickBot Trojan

Monday April 15 is Tax Day in the United States – the deadline for submitting 2018 tax returns. Each year in the run up to Tax Day, cybercriminals step up their efforts to obtain users’ tax credentials. In the past few weeks, many tax-related phishing scams have been detected which attempt to install information stealing malware.

One of the main aims of these campaigns is to obtain tax credentials. These are subsequently used to file fraudulent tax returns with the IRS. Tax is refunded to accounts controlled by the attackers, checks are redirected, and a range of other methods are used to obtain the payments.

Attacks on tax professionals are commonplace. If access can be gained to a tax professional’s computer, the tax credentials of clients can be stolen, and fraudulent tax returns can be filed in their names. A single successful attack on a tax professional can see the attacker obtain many thousands of dollars in tax rebates.

There has been the usual high level of tax-related phishing scams during the 2019 tax season and businesses of all types have been targeted. It is not only tax credentials that cybercriminals are after. Many tax-themed phishing scams have been conducted which attempt to install malware and ransomware such as the TrickBot banking Trojan.

The TrickBot banking Trojan is a powerful malware variant which, once installed, can give an attacker full control of an infected computer. The malware is primarily an information stealer. A successful installation on one business computer can allow the attackers to move laterally and spread the malware across the whole network.

The primary purpose of the TrickBot trojan is to steal banking credentials which can be used to make fraudulent wire transfers: however, TrickBot is regularly updated with new features. In addition to stealing banking credentials, the malware can steal VNC. RDP, and PuTTY credentials.

The threat actors behind TrickBot are highly organized and well resourced. More than 2,400 command and control servers are used by the cybercriminal gang and that number continues to grow.

The three new TrickBot malware campaigns were detected since late January by IBM X-Force researchers. Spam email messages are carefully crafted to appear legitimate and look innocuous to business users and appear to have been sent by well-known accounting and payroll firms such as ADP and Paychex.

Spoofed email addresses are commonly used, although in these campaigns, the attackers have used domain squatting. They have registered domains that are very similar to those used by the accounting firms. The domains have transposed letters and slight misspellings to make the email appear to have been sent from a legitimate source. The domains can be highly convincing and, in some cases, are extremely difficult to identify as fake.

The emails are well written and claim to include tax billing records, which are included as attached spreadsheets. The spreadsheets contain malicious macros which, if allowed to run, will download the TrickBot Trojan.

To prevent attacks, several steps should be taken. Macros should be disabled by default on all devices. Prompt patching is required to keep all software and operating systems up to date to prevent vulnerabilities from being exploited.

End users should receive security awareness training and should be taught cybersecurity best practices and how to identify phishing emails. An advanced spam and anti-phishing solution should also be implemented to ensure phishing emails are identified and prevented from reaching end users inboxes. Further, all IoCs and IPs known to be associated with the threat actors should be blocked through spam filtering solutions, firewalls, and web gateways.

The latter is made easy with SpamTitan and WebTitan – TitanHQ’s anti-phishing and web filtering solutions for SMBs.

Webinar: Discover the Exciting New Features of SpamTitan

Current users of the SpamTitan email security solution and SMBs and MSPs that are considering implementing SpamTitan or offering it to their clients are invited to join a webinar in which TitanHQ will explains the exciting new features that have recently been incorporated into the anti-phishing and anti-spam solution.

SpamTitan has recently received a major update that has seen the incorporation of DMARC email authentication to better protect users from email impersonation attacks and the addition of a new Bitdefender-powered sandbox. The sandbox allows users to safely assess email attachments for malicious actions, to better protect them against zero-day malware and other malicious software delivered via email.

The webinar will explain these and other features of SpamTitan in detail and the benefits they offer to customers, including how they better protect SMBs and SMEs from phishing, spear phishing, spoofing, ransomware, malware, and zero-day attacks.

The webinar will also explain why SpamTitan is the leading email security solution for managed service providers serving the SMB and SME market and how the solution can help to enhance security for their clients and can easily be slotted into their service stacks.

The webinar will be taking place on Thursday April 4, 2019 at 12pm, EST and will last approximately 30 minutes.

Advance registration is necessary. You can sign up for the webinar on this link.

Cybercriminals Launch Malware and Phishing Campaigns Using Boeing Crash and Christchurch Massacre as Lures

The past few weeks have seen two major disasters in which hundreds of people lost their lives. 157 people lost their lives in the Ethiopian Airlines Boeing 737 Max crash and the Christchurch mosque massacre saw 50 people killed.

Both events were terrible tragedies that shocked people the world over. Victims and their families have been receiving messages of support on social media and many people have shown their support by making financial donations. More than US$5 million has so far been raised to help the victims of the New Zealand attack.

Unfortunately, cybercriminals are taking advantage. In the past few days, phishing campaigns have been detected that are using the tragedies to infect computers with malware and steal charitable donations.

According to New Zealand’s cybersecurity agency, CERT NZ, multiple campaigns have been detected that are using the Christchurch attack as a lure. Malware has been embedded in video footage of the tragedy which is currently being shared online, including on social media websites.

Phishing attacks are also being conducted which contain links to faked online banking forms that attempt to obtain users banking credentials. One campaign spoofed the Westpac New Zealand bank and emails appeared to have been sent from its domain. Other email campaigns contain pleas for financial assistance and supply bank account details for donations, but the details are for criminal-controlled accounts.

Another campaign has been detected that is using the Ethiopian Airlines Boeing 737 Max crash to spread a remote access Trojan and information stealer. The emails claim to offer information to air travelers about airlines that are likely to also suffer crashes. The emails offer information that has been found on the darkweb by a security analyst. The emails include a JAR file which, it is claimed, has important information for all air travelers on airlines to avoid due to the risk of plane crashes.

Whenever there is a tragedy that is extensively covered in the media cybercriminals try to take advantage. By adopting cybersecurity best practices such as never opening email attachments from unknown senders nor clicking links in emails, these scams can be avoided.

Unfortunately, email spoofing makes it difficult to detect phishing threats. Scam emails often appear genuine and seem to have been sent from a trusted source. To combat the threat to businesses, TitanHQ has recently updated its spam filtering solution, SpamTitan, to provide greater protection from these threats.

SpamTitan now incorporates DMARC to authenticate senders of emails and protect against email impersonation attacks. To provide even greater protection from malware, in addition to dual anti-virus engines, SpamTitan now incorporates a Bitdefender-powered sandbox, where suspicious files can be safely analyzed to determine whether they are malicious.

These additional controls will help to protect businesses and end users from new malware threats and advanced phishing and email impersonation scams.