Industry News

New SpamTitan Release Improves Protection Against Advanced Phishing and Malware Threats

by G Hunt | August 27, 2024 | Industry News

TitanHQ has upgraded its award-winning SpamTitan email security solution, with the latest release including several enhancements to improve protection against malware, phishing, and other advanced threats. The latest release – version 9 – of the flagship email security solution is named SpamTitan Skellig, which includes major enhancements to the anti-spam engine at the core of the solution to improve malware detection and new phishing enhancements to protect against ever-evolving sophisticated threats.

SpamTitan is a leading cloud-based anti-spam service that has been shown in recent independent tests to provide exceptional protection against spam, phishing emails, and malware. The hosted spam filter includes a next-gen email sandbox, up-to-the-minute threat intelligence feed, AI and machine learning algorithms, twin antivirus engines, and more. In June 2024, Virus Bulletin put the new version of SpamTitan to the test and gave it VBSpam+ certification, with the solution achieving the second-highest final score in the test of 12 leading email security solutions. SpamTitan successfully blocked all malware samples, only missed one phishing email, and did not generate any false positives. SpamTitan had a malware catch rate of 100%, a phishing catch rate of 99.99%, a spam catch rate of 99.98%, and was given an overall score of 99.984%.

The update to SpamTitan Skellig will ensure that users continue to have best-in-class protection against email threats but there is more to the update than protecting against threats. SpamTitan has long been popular with end users due to the ease of use of the solution, which is why users consistently give the solution 5-star reviews. The latest release includes a brand new UI that is even more intuitive with improved navigation and better administrative functions across the board and makes it easier to onboard new users.

The upgraded version is available to all new users and current users can upgrade and get better protection at no additional cost for the upgrade and no change to the subscription price, with full assistance provided with upgrading if required. You can find out more about migrating to the new version here.

TitanHQ Expands Global Footprint into Africa with Strategic Alliance with Equinox Technologies

by G Hunt | March 26, 2024 | Industry News

TitanHQ has announced it has signed a new partnership agreement with Equinox Technologies which will see TitanHQ’s cybersecurity solutions offered throughout Africa. Equinox Technologies is a pan-African, tech-enabled, business service provider that provides a range of services to more than 40 countries in Africa from its operational hubs in Abuja, Nigeria; Cape Town, South Africa; Nairobi, Kenya; and Tunis, Tunisia. Equinox Technologies helps businesses of all sizes expand and invest seamlessly across international borders through the provision of business-critical administrative, security, and compliance support. The services provided include enterprise mobility management, software engineering, IT operations, digital services, and cybersecurity.

The strategic alliance with TitanHQ will see Equinox Technologies act as a value-added distributor, packaging TitanHQ solutions with other products and services to meet its clients’ cybersecurity and compliance needs and better protect them from the rapidly evolving landscape of cyber threats. Under the new agreement, Equinox Technologies will become the exclusive distributor of TitanHQ solutions in Africa, further expanding TitanHQ’s global footprint.

Equinox Technologies will help its clients improve email security by offering TitanHQ’s cloud-based anti-spam service (SpamTitan), phishing protection solution (PhishTitan), and email encryption solution (EncryptTitan), protection from web-based threats through TitanHQ’s DNS filtering solution (WebTitan), threats that target employees with TitanHQ’s security awareness training and phishing simulation platform (SafeTitan); and help them meet their email retention and compliance obligations through TitanHQ’s email archiving solution (ArcTitan).

“This collaboration signifies Equinox Technologies’ commitment to fortifying its cybersecurity offerings,” said TitanHQ CEO, Ronan Kavanagh. “Together, Equinox Technologies and TitanHQ will be able to shield African companies from the constantly evolving landscape of cyber threats through a comprehensive suite of security solutions.”

TitanHQ Announces New Partnership with India’s Leading Managed Service Provider

by G Hunt | September 13, 2023 | Industry News

TitanHQ has recently announced a new partnership with one of India’s leading managed service providers, Tata Tele Business Services (TTBS). TTBS is the leading provider of business connectivity and communications solutions in India and has the largest portfolio of ICT services for businesses in the country.

Like many countries, India is facing a major increase in cybercrime. 78% of Indian organizations experienced a ransomware attack in 2021, web-based attacks have jumped sharply, and a 2022 Group-IB study placed India third globally for phishing attacks in 2021 with more attacks than any other country in the Asia-Pacific region. Indian businesses need to ensure that they have the necessary defenses in place to combat increasingly sophisticated cyberattacks, especially attacks that target employees.

Businesses often turn to their managed service providers for cybersecurity and seek solutions that can protect them against malware and phishing. TTBS provides cybersecurity solutions to SMBs and its cybersecurity packages have now been improved with the addition of SpamTitan email security and the WebTitan DNS-based web filter. Both solutions are 100% cloud-based, easy for MSPs to add to their service stacks, and easy to manage.

TTBS provides advanced email security with phishing protection through the Tata Tele Email Security Plus Program, which delivers advanced threat protection for email through TitanHQ’s AI-driven SpamTitan anti-phishing solution. Protection against Internet-based threats is provided through the Tata Tele Smart Internet Program, which includes web filtering provided by WebTitan. WebTitan is fed threat intelligence from a network of 650 million endpoints, ensuring malicious websites are blocked before threats are encountered.

“We are delighted to partner TitanHQ to offer Tata Tele Email Security- an advanced email security solution that is in line with Zero Trust security agenda of enterprises,” said Vishal Rally, Sr. VP & Head – Product, Marketing and Commercial, Tata Teleservices Ltd. “As a leading technology enabler TTBS is committed to simplifying and democratizing email security for businesses of any size. This partnership will ensure the protection of enterprise sensitive data efficiently and cost effectively”.

“We are excited to partner with Tata Teleservices to offer their growing customer base our advanced threat protection layer for email and web security,” said TitanHQ CEO, Ronan Kavanagh. “Over several years Tata Teleservices has excelled in the areas of customer service and security, our partnership further cements this commitment”.

If you are an MSP that has yet to start offering cybersecurity packages to your clients, or if you are keen to improve protection through AI-driven cybersecurity solutions, give the TitanHQ channel team a call to find out more about how TitanHQ can help you better protect your clients and improve your profits.

TitanHQ Recruits 12 New High Profile Staff Members in Response to Blistering U.S. Growth

by G Hunt | March 14, 2022 | Industry News

Less than two months after hiring channel chief Jeff Benedetti, TitanHQ has announced 12 further strategic new hires who will form a new North American team to service the US and Canadian Managed Service Provider (MSP) market.

The new team members have extensive channel experience, having previously held positions at the likes of Datto, Skout Cybersecurity, Agile Blue, and Barracuda and are based in TitanHQ’s new North American base in Shelton, Connecticut, headed up by Channel Chief Benedetti.

The new team includes Eric Morano, who has been appointed Director of Channel Development. Eric has 15 years of sales leadership and GTM experience at Datto, Skout Cybersecurity (BarracudaMSP), AgileBlue XDR, CDW, and Verizon. Moreno will be responsible for optimizing TitanHQ’s partner engagement and growth.

New Channel Account Managers include Craig Somma, who has 25 years of technology sales GTM leadership that was gained at Tech Dept, Micro Warehouse, and Gov Connection, Joseph Rende who has 10+ years of channel sales experience at Gartner and Datto, Pat DeAngelis who has 10+ years of MSP technology experience at Datto, Threatlocker and Armor Cybersecurity, and Jeff Brown has 10+ years of sales experience at Datto, SKOUT Cybersecurity, Agile Blue. New Account Executives include Alex De Los Santos, who has 8 years of sales experience at Datto and ADP, Alex Nankervis, who has 8 years of sales experience at Datto and Indeed, Kyle Leyerzapf, who has 5 years of sales experience at Datto, Patrick Barry who has 6 years of sales and accounts experience with Accu-Tech Corporation and Maxim Healthcare, and Jamal Ibrahim, who has 4 years account management experience with Altium and RCG. Marc Bonnaci has also joined the Sales Development team and has 7 years of sales and professional experience most recently at Agile Blue.

The new TitanHQ North American Team

The past three months have seen significant activity at TitanHQ. In addition to bringing in Benedetti to head the channel team, TitanHQ launched its SpamTitan Plus Anti Phishing solution in December 2021 and announced the acquisition of Cyber Risk Aware in February, and launched SafeTitan Security Awareness Training.

SpamTitan Plus is a cutting-edge, AI-driven anti-phishing solution with more comprehensive “zero-day” threat protection and intelligence than all of the current market leaders, with significant uplifts in phishing link detections and much faster detection speeds. This new addition to the SpamTitan product family has been very well received.

Cyber Risk Aware is a global leader in security awareness training to mitigate human cyber risk, and the platform is used by many companies to train their workforces to improve threat awareness. The platform, which has been re-launched as SafeTitan, is an intuitive, real-time security awareness training platform that improves awareness and human resilience to ransomware, malware, BEC attacks, and phishing. Demand for the new SafeTitan security awareness training and phishing simulation platform has been exceptional, with huge interest coming from MSPs and IT departments globally.

On top of these major launches, TitanHQ recorded record-breaking growth in January and February 2022 and has generated the highest revenue and new MSP partner figures in its 20-year history. More than 2,200 MSPs now use TitanHQ’s best-in-class SaaS Cybersecurity Platform daily, with the numbers continuing to grow at an incredible rate, especially in the United States and Canada, hence the need to open a new U.S. office and bring in a wealth of new talent.

Jeff Benedetti Joins TitanHQ as New VP of Sales – North America

by G Hunt | February 8, 2022 | Industry News

TitanHQ has appointed channel veteran Jeff Benedetti as the company’s new Vice President of Sales – North America.

Jeff Benedetti – TitanHQ VP of Sales, North America

TitanHQ is the leading web filtering, email filtering, and email archiving Software-as-a-Service (SaaS) business and already has a strong presence in North America, with the North American operations run from TitanHQ’s U.S. base in Tampa, Florida. TitanHQ has been enjoying strong growth in the region and the new appointment will help to ensure the growth continues over the long term.

Jeff Benedetti has nearly two decades of experience in sales and go-to-market leadership in the technology and security markets. Benedetti joins the TitanHQ Go-to-Market leadership team from SKOUT Cybersecurity, where he led the Sales and Marketing teams. The firm was acquired by Barracuda Networks last summer. Prior to the position at SKOUT Cybersecurity, Benedetti served as the Director of US Sales at Datto where he played a key role in improving partner growth and expansion in the U.S. while Datto achieved unicorn status and an acquisition by Vista Private Equity. Benedetti has also held leadership roles at Apple Inc. and Tech Depot.

“End-user compromise is the #1 threat vector for bad actors and causes 99% of security breaches. As the cyber problem compounds, MSPs continue to be a single resource to secure their customers’ users, networks, and infrastructure,” said Benedetti. “The opportunity to enable our partners with a best-in-class security platform and partner program built for growth is massive.”

TitanHQ has been providing security solutions to business and managed service providers (MSPs) for more than 20 years and now provides email security, DNS security, email archiving, and email encryption services to more than 8,500 businesses worldwide. Among TitanHQ’s customers are more than 2,500 MSPs, which use TitanHQ solutions to protect themselves and their clients from malware, ransomware, botnets, viruses, phishing attacks, and other cyber threats.

TitanHQ has developed its solutions to meet the needs of MSPs, with MSP needs factored into the products at the development stage. The company has grown to become the leading provider of cloud-based email and web cybersecurity solutions for MSPs serving the SMB market, and the company is enjoying continued, strong growth. TitanHQ is looking to continue to build long-term growth and as the IT service provider of choice for MSPs.

“We are thrilled Jeff has joined TitanHQ to further expand our already strong growth in the U.S. market. As a well-respected International sales executive within cybersecurity, Jeff is an important addition to TitanHQ. His decades of expertise will be pivotal in driving growth and will benefit partners and customers as TitanHQ continues to innovate and grow,” said TitanHQ CEO Ronan Kavanagh.

Strong Growth Sees TitanHQ Almost Double Workforce in 6 Months

by G Hunt | April 9, 2021 | Industry News

It has been an exceptionally busy year for TitanHQ with global demand for TitanHQ solutions has skyrocketing. Enterprises, SMBs and Managed Service Providers (MSPs) have been turning to TitanHQ to provide the security they need to protect their now largely distributed workforces from email and web-based attacks during the pandemic and block malware, ransomware, phishing attacks and other growing threats.

TitanHQ’s email security solution – SpamTitan; web security solution – WebTitan; and email archiving solution – ArcTitan, have now been adopted by more than 12,000 businesses worldwide, including more than 2,500 MSPs, with customers including well-known names such as Pepsi, Virgin, T-Mobile, O2, Nokia, Datto, Viasat, and Purple.

The past year has seen tremendous organic year-on-year growth and during the pandemic the company received significant investment from the Livingbridge investor group, which has really helped turbocharge company growth with significant investment in product development.

While many businesses have been forced to contract during the pandemic, business has gone from strength to strength for TitanHQ, as can clearly be seen from the huge investment in people. TitanHQ has embarked upon a major recruitment drive that has seen the TitanHQ workforce almost double since September 2020, with many of the new members of the workforce widely distributed and working remotely.

“As a result of increased demand globally for our solutions, we have invested heavily and embarked on a recruitment campaign to double our workforce in a programme that will allow that growth to continue,” said TitanHQ CEO, Ronan Kavanagh. “We have also invested because while we believe remote working is a by-product of the current pandemic, it is very much going to be the mode of future work. The quick move to remote working last year has made us all aware of how important it is to be adaptable and have the right security solutions in place to protect users, customers, company data, and systems.”

The ambitious growth plans are sent to continue, with new roles created across many departments including sales, technical support, software development, and marketing, with the expanded workforce helping the company to achieve even greater heights and reach even more clients internationally.

If you want to join the growing team at TitanHQ and become a member of an innovative and growing workforce, positions are still available.

Cyberattacks on Managed Service Providers are Soaring: Are Your Defenses Good Enough?

by G Hunt | December 13, 2019 | Industry News

Cyberattacks on managed service providers have been increasing over the past few months and they are now a key target for hackers. If a hacker can gain access to the systems of a managed service provider, their remote administration tools can be used to launch attacks on their clients.

There have been several major cyberattacks on managed services providers in the past few weeks, with nation-state-backed hacking groups targeting MSPs serving enterprises and ransomware gangs are conducting attacks on MSPs serving small and medium-sized businesses.

Three major cyberattacks on managed service providers serving healthcare organizations in the United States have been reported in the past two months. All three have affected more than 100 healthcare clients and one impacted 400.

In late November, the Milwaukee-based managed IT service provider, Virtual Care Provider Inc., was attacked with Ryuk ransomware. The attack started on November 17, 2019, and affected all of its clients’ data. Around 110 nursing homes and acute care facilities were prevented from accessing their patients’ medical records. The consequences for its clients were dire. Assisted living facilities and nursing homes were prevented from billing for Medicaid, which meant essential funding was not provided and nursing homes were prevented from ordering essential drugs for patients. Virtual Care Provider was issued with a $14 million ransom demand, which the company could not afford to pay. The managed service provider had around 20% of its services affected and had to rebuild around 100 servers.

The ransomware was deployed as a secondary payload by the TrickBot Trojan. TrickBot had been installed on its network 14 months previously via a malicious email attachment.

A few weeks later, a Colorado-based managed service provider serving dental practices was attacked with ransomware. Complete Technology Solutions was infected with a ransomware variant called Sodinokibi. First, the MSP was attacked, and then its remote administration tools were used to deploy ransomware on the networks of more than 100 dental practices. A ransom demand of $700,000 was issued, which the MSP refused to pay. Its clients are now having to pay the attackers for the keys to decrypt their files. Only a few that had backups stored off the network were able to recover without paying the ransom.

This is the second such attack to affect a company serving the dental industry. The dental record backup service provider, PerCSoft, was also attacked with Sodinokibi ransomware. That attack affected approximately 400 dental practices. CyrusOne was also attacked with Sodinokibi ransomware and its managed services division and six of its clients were affected.

It is not only ransomware that is being used in the attacks. Nation-state threat groups such as APT10 are also targeting MSPs. Their aims are different. The attacks are being conducted to gain access to the intellectual property of their enterprise customers.

As cyberattacks on managed service providers increase, MSPs must ensure that they have adequate defenses in place to keep the hackers at bay. This is an area where TitanHQ can help. TitanHQ is the leading provider of cloud-based email and web security solutions for managed service providers that serve the SMB market.

TitanHQ offers a trio of solutions for MSPs under the TitanShield program. SpamTitan email security is a powerful cloud-based solution that keeps inboxes free of spam, phishing emails, and malware. SpamTitan incorporates SPF and DMARC to block email impersonation attacks, dual antivirus engines to detect known malware threats, and heuristics and sandboxing to identify and block zero-day threats.

WebTitan Cloud is a 100% cloud-based DNS filtering solution that works seamlessly with SpamTitan to block web-based phishing attacks and malware downloads. The solution allows you to monitor and identify malicious threats in real-time and includes AI-driven protection against active and emerging phishing URLs, including zero-minute threats.

The third solution is ArcTitan, a cloud-based email archiving solution that provides protection against data loss and helps MSPs and their clients meet their compliance obligations. ArcTitan serves as a black box flight recorder for email and stores email data securely in the cloud on Replicated Persistent Storage on AWS S3. When emails need to be searched and recovered, the searches are lightning-fast. ArcTitan can search up to 30 million emails a second.

ArcTitan has recently been moved to a brand new system, with the service delivered as a highly available, self-healing horizontally scaled Kubernetes cluster. Within that cluster are many different components working in harmony together, but independently. Should any component go down, that component can be taken offline and repaired with no impact on the others, ensuring a much more reliable service with minimal or no disruption during an outage. With ArcTitan, email is protected from cyberattacks.

These solutions are not only an ideal for improving the security posture of MSP clients, they can help to ensure that MSP systems are protected from attack. All TitanHQ solutions are quick and easy to implement, have a low management overhead, and are API-driven so they can easily be incorporated into MSP’s remote management and monitoring systems.

To find out more about the TitanShield program for managed service providers and to discover how TitanHQ’s cybersecurity solutions can improve yours and your clients’ security posture, give the TitanHQ channel team a call today.

Cost of a Ransomware Attack? $95 Million for Danish Firm Demant

by G Hunt | October 3, 2019 | Industry News

The cost of a ransomware attack can be considerable. Several attacks in the United States have seen payments of hundreds of thousands of dollars made for the keys to unlock the encryption. While those payments are certainly high, they are a fraction of the total cost of a ransomware attack which are usually several times the cost of any ransom payment.

Recovery without paying a ransom can be considerably more. The ransomware attack on the city of Baltimore saw a ransom demand of around $76,000 issued. Baltimore refused to pay. The attack is estimated to have cost the city at least $18.2 million.

The cost of that ransomware attack is high, but nowhere the cost of a suspected September 2019 ransomware attack on the Danish hearing aid manufacturer Demant. The firm experienced the attack on or around September 3, 2019. One month on and the firm still hasn’t recovered. In a recent message to its investors, the firm said the cyberattack would cost an estimated $80 million to $95 million, even though the company held a cyber insurance policy. Without that policy the bill would have been $14.6 million higher.

According to a notice on the firm’s website, it experienced “a critical incident” when its “IT infrastructure was hit by cyber-crime.” Ransomware was not mentioned by the firm although it has been reported as a ransomware attack by the Danish media.

The attack impacted its Polish production and distribution facilities, French cochlear implants production sites, Mexican production and service sites, its amplifier production site in Denmark, its entire Asia-Pacific network, and its enterprise resource planning (ERP) system.

The firm is recovering its IT infrastructure and believes it will take a further two weeks for systems to be restored and business operations to approach normality. However, the effects of the attack are expected to be long-lasting.

The inability to access its systems across all these areas has caused major disruption to the company. The firm has been unable to supply its products, receive and process orders, and clinics in its network have had difficulty servicing end users.

Due to the limited information released it is unclear whether the company refused to pay a ransom, if the attackers could not supply valid keys to unlock the encryption, of if this was a sabotage attack akin to the NotPetya wiper malware attacks of 2017.

If this was a ransomware attack, the losses far exceed those of the Norwegian aluminum and energy company Norsk Hydro, whose ransomware attack cost the firm around $70 million, although it is a fraction of the cost of the NotPetya attacks on the shipping firm Maersk and FedEx, both of which caused losses of around $300 million.

These incidents all demonstrate just how damaging cyberattacks can be and the massive costs of recovery. As is typical, the cost of recovering its IT systems accounted for a small proportion of the total cost – around $7.3 million. The bulk of the losses were due to lost sales and the inability to process orders, which the company says make up around half of the estimated losses.

In a press release, the firm said in addition to the lost sales, “the incident has prevented us from executing our ambitious growth activities in some of the most important months of the year – particularly in the US, which is our biggest market.”

Malware, ransomware and wiper malware are most commonly delivered via a small number of attack vectors. All too often they start with a phishing email, exploitation of RDP, drive-by malware download, or the exploitation of unpatched vulnerabilities.  The cost of preventative measures to block these attack vectors is pocket change by comparison to the cost of recovery from an attack.

TitanHQ cannot help businesses with securing RDP and patching promptly, but we can help businesses secure the email system and protect against drive-by malware downloads and other web-based attacks.

To find out more about how you can improve security against email- and web-based attacks, from a cost of as little as 90 cents per user per month, give our sales team a call.

The sales team will be happy to explain the ins and outs of our web and email security solutions, schedule product demonstrations, and help set you up for a free trial of our SpamTitan email security and WebTitan web security solutions and greatly improve your defenses against phishing, ransomware, malware, and wiper attacks.

Ransomware Attack Forces Healthcare Provider Out of Business

by G Hunt | September 30, 2019 | Industry News

The dangers of ransomware attacks have been made abundantly clear to more than 5,000 patients in California whose medical records have been permanently lost as a result of a ransomware attack on their healthcare provider.

Simi Valley, CA-based Wood Ranch Medical experienced the attack on August 10, 2019 which saw ransomware deployed and executed on its servers which contained the medical records of 5,835 patients. The attack caused permanent damage to computer systems, and since backup copies of patient records were also encrypted, those records have been permanently lost. It is unclear how much the attackers demanded as payment for the keys and whether those keys would have worked had the ransom been paid.

Without patient records and faced with the prospect of having to totally rebuild the medical practice from scratch, the decision was taken to permanently close the business. Patients have been forced to find alternative healthcare providers and no longer have access to their medical records.

This is the second healthcare provider in the United States that has been forced out of business due to a ransomware attack. Brookside ENT and Hearing Center in Battle Creek, Michigan also closed its practice this year as a result of a ransomware attack. In that case, the practice owners refused to pay the ransom demand and patient records were permanently encrypted. The practice owners decided it was not possible to rebuild the practice from scratch and announced their early retirement.

It is unclear exactly how the ransomware was installed in each of these incidents, so it is not possible to determine what defenses could have been improved to prevent the attacks. However, in both cases, recovery of files from backups was not possible.

The purpose of a backup is to ensure that in the event of disaster, data will be recoverable. File recovery may be time consuming and downtime due to the attack likely to be expensive, but data will not be permanently lost.

In order to ensure file recovery is possible, backups must be tested. Files may be corrupted during the backup process and data restoration may not be possible. If backups are not tested to make sure files can be recovered, it will not be possible to guarantee file recovery in the event of disaster.

These incidents also highlight another fundamental rule of backing up. NEVER store the only copy of a backup on a networked or internet-connected computer.

In the event of ransomware attack, it is highly likely that backup copies on networked devices will be encrypted along with shadow volume copies. Ransomware encrypts these files to make sure the only way of recovering data is paying the ransom.

Even paying a ransom comes with no guarantee that data will be recoverable. Files may be corrupted through the encryption/decryption process – some data loss is inevitable – and the attackers may not be able to supply valid keys to decrypt files.

A good backup approach to adopt to prevent disasters such as these is a 3-2-1 strategy. 3 backups should be created, which should be stored on 2 different media, with 1 copy stored securely off site on a device that is not networked or connected to the internet.

G2 Crowd Names SpamTitan Leading Cloud Email Security Solution for Third Consecutive Quarter

by G Hunt | September 19, 2019 | Industry News

G2 Crowd, the independent peer-to-peer business software review site, has published its G2 Crowd Grid® Summer 2019 Report for Cloud Email Security. For the third consecutive quarter, SpamTitan has been named the leading cloud email security provider having been awarded the highest score for customer satisfaction.

G2 Crowd is the largest tech marketplace for businesses. The site attracts more than 3 million visitors and contains more than 843,500 reviews from verified software users. The reviews and Grid Reports are relied upon by countless businesses to help them make better software buying decisions.

Each quarter, G2 Crowd produces Grid reports that highlight the key players in different software categories. The G2 Crowd Grids are used to rank software solutions based on market presence and user satisfaction and categorize each as wither a niche player, contender, high performer, or leader. To be named a leader, a product must have a strong market presence and high user satisfaction level.

Market presence is determined by the size of the company, its social impact, and market share. The user satisfaction score is calculated from amalgamated reviews from verified users of the software.

User reviews are important when choosing a software solution. If the software is difficult to use, fails to live up to expectations, or does not provide the required functionality, staff will avoid using it as much as possible. For a security solution that is particularly bad news.

The Summer 2019 report includes 9 email security solutions. SpamTitan achieved the highest overall customer satisfaction score – 97% – of all nine solutions by some distance. The next highest customer satisfaction scores were for Proofpoint Email Security & Protection (75%), Area 1 Security (69%), and Barracuda Email Security Gateway (61%).

In addition to the Grid reports, amalgamated scores are included for six different customer satisfaction criteria: Ease of setup, ease of use, ease of admin, ease of doing business, quality of support, and meets requirements.  Once again, SpamTitan topped the list with the highest score for ease of setup (92%) and ease of use (92%) and was one of only two solutions that achieved scores of over 90% in each of the six categories.

“The overwhelmingly positive feedback on G2 Crowd from users of SpamTitan is indicative of our commitment to ensuring the highest levels of customer success,” said Ronan Kavanagh, CEO, TitanHQ. “That’s an incredible achievement for a product that is significantly more affordable than the market leaders.”

Customers Seek Alternative Email Security Solution as Unexplained OnlyMyEmail Outage Continues

by G Hunt | July 9, 2019 | Industry News

A serious outage has affected the spam filtering service, OnlyMyEmail, leaving customers without spam protection for several days.

The spam filtering service, also known as MXDefender, suddenly stopped working on Thursday and customers have been left in the dark about what has happened. Many have taken to online forums and social media to find answers but have only found hundreds of other customers asking the same questions. Customers have not been able to submit support tickets, the website is down, and the phone lines have been jammed.

MSPs know all too well that their clients are vulnerable to attack while their spam filtering service is down. Without the filter in place, spam, phishing, and malware-laced emails can flood into inboxes. All it takes is for one employee to respond to one of those messages for a costly breach to occur.

Several MSPs on forum such as Spiceworks have expressed their frustration about the prolonged outage and have already had to move their clients to alternative service providers to ensure they are protected until the issues are resolved. Two large MSPs have already switched to SpamTitan as a result of the OnlyMyEmail outage.

TitanHQ has received many enquiries about SpamTitan since the OnlyMyEmail service went down, as customers seek an alternative solution to protect their inboxes from email threats and spam. Many have given up waiting for an answer from OnlyMyEmail.

If you are a managed service provider or business that has been affected by the outage, it is important to implement a replacement spam filtering solution as soon as possible. The failure to do so will leave you extremely vulnerable to attack.

TitanHQ has developed an award-winning anti-spam and anti-phishing solution that has been shown to block more than 99.9% of spam in independent tests.

The 2019 G2 Crowd Report on Email Security Gateways named SpamTitan the leader for customer satisfaction. 97% of users awarded the product 4 or 5 stars and 92% of users would recommend the product to others.

TitanHQ ranked top for quality of support with an overall score of 94% – 10% more than the average score for support. SpamTitan clearly outperformed products from likes of Cisco, Barracuda, Mimecast, and SolarWinds.

SpamTitan is available as a cloud-based solution or gateway solution running on a virtual machine on your own hardware. MSPs have a range of hosting options and the solution can be easily integrated into existing MSP systems using TitanHQ’s APIs.

If you want an easy to implement anti-spam solution that provides enterprise-class protection at an affordable SMB price, SpamTitan is the ideal choice.

Sign up for the free trial and you can be protected in minutes.

Invaluable Advice for MSPs at DattoCon19 in San Diego from Event Sponsor TitanHQ

by G Hunt | June 14, 2019 | Industry News

The largest managed service provider conference of 2019 will be taking place in San Diego on 17-19 June.

DattoCon is the premier conference for MSPs, bringing together a plethora of vendors and industry experts to help MSPs learn business building secrets, gain invaluable product insights, and learn technical best practices. The networking and learning opportunities at DattoCon are second to none. DattoCon19 is certainly an event not to be missed.

TitanHQ is a Datto Select Vendor and a proud sponsor of DattoCon19. TitanHQ has developed cybersecurity solutions to exactly meet the needs of MSPs. All solutions area easy to implement and maintain and can be integrated into MSP’s existing systems via a suite of APIs. TitanHQ provides the web security layer to Datto DNA and D200 boxes and is the only third-party security company trusted to work with Datto.

The TitanHQ team will be on hand at the conference to discuss your email and web security needs and will offer practical advice to help you better serve the needs of your customers and get the very most out of TitanHQ solutions.

Visitors to the TitanHQ stand (booth 23) will have the opportunity to learn about TitanHQ’s exclusive TitanShield Program for MSPs. Through the TitanShield program, members have access to SpamTitan email security and phishing protection; the WebTitan DNS filter; and the ArcTitan email archiving solution. Around 2,000 MSPs have already signed up to the program and are using TitanHQ solutions to protect their clients.

If you currently use Cisco Umbrella to provide web and malware protection, you may be paying far more for security than is necessary and could well be struggling with product support. Be sure to speak to the team about the savings from switching and the support provided by TitanHQ. A visit will also be useful for MSPs that are currently supporting Office 365, as the team will explain how spam, phishing and malware protection can be enhanced.

TitanHQ Executive Vice President-Strategic Alliances, Rocco Donnino, will be on the panel for the new, Datto Select Avendors event on Monday. The event runs from 3PM to 4PM and brings together experts from several select companies who will help solve some of the epic problems faced by MSPs today.

Additional Benefits at DattoCon19

• New TitanHQ customers benefit from special show pricing.
• A daily raffle for a free bottle of vintage Irish whiskey.
• Two DattoCon19 parties: TitanHQ and BVOIP are sponsoring a GasLamp District Takeover on Monday 6/17 and Wed, 6/19.

DattoCon Details

DattoCon19 will be taking place in San Diego, California on June 17-19, 2019
If you are not yet registered for the event you can do so here.
TitanHQ will be at booth 23

Contact the TitanHQ team in advance:

• Rocco Donnino, Executive Vice President-Strategic Alliances, LinkedIn
• Eddie Monaghan, MSP Alliance Manager, LinkedIn
• Marc Ludden, MSP Alliance Manager, LinkedIn

SpamTitan Named Leading Secure Email Gateway Solution

by G Hunt | April 15, 2019 | Industry News

SpamTitan, TitanHQ’s business email security solution, has been named leader in the Spring G2 Crowd Grid Report for Email Security Gateways.

G2 Crowd is a peer-to-peer review platform for business solutions. G2 Crowd aggregates user reviews of business software and the company’s quarterly G2 Crowd Grid Reports provide a definitive ranking of business software solutions.

The amalgamated reviews are read by more than 1.5 million site visitors each month, who use the reviews to inform software purchases. To ensure that only genuine reviews are included, each individual review is subjected to manual review.

The latest G2 Crowd Grid Report covers email security gateway solutions. Gateway solutions are comprehensive email security platforms that protect against email-based attacks such as phishing and malware. The email gateway is a weak point for many businesses and it is one that is often exploited by cybercriminals to gain access to business networks. A powerful and effective email gateway solution will prevent the vast majority of threats from reaching end users and will keep businesses protected.

To qualify for inclusion in the report, email gateway solutions needed to scan incoming mail to identify spam, malware, and viruses, securely encrypt communications, identify and block potentially malicious content, offer compliant storage through archiving capabilities, and allow whitelisting and blacklisting to control suspicious accounts.

For the report, 10 popular email security gateway solutions were assessed from Cisco, Barracuda, Barracuda Essentials, Proofpoint, Mimecast, Symantec, McAfee, Solarwinds MSP, MobileIron, and TitanHQ. Customers of all solutions were required to give the product a rating in four areas: Quality of support, ease of use, meets requirements and ease of administration.

TitanHQ the leader in business email security, today announced it has been recognized as a leader in the G2 Crowd Grid? Spring 2019 Report for Email Security.

TitanHQ’s SpamTitan was named leader based on consistently high scores for customer satisfaction and market presence. 97% of users of SpamTitan awarded the solution 4 or 5 stars out of 5 and 92% said they would recommend SpamTitan to others.

SpamTitan scored 94% for quality of support and meeting requirements. The industry average in these two areas was 84% and 88% respectively. The solution scored 92% for ease of use against an industry average of 82%, and 90% for ease of admin against an average value of 83%.

“TitanHQ are honored that our flagship email security solution SpamTitan has been named a leader in the email security gateway category,” said Ronan Kavanagh, CEO, TitanHQ. “Our customers value the uncompromised security and real-time threat detection. The overwhelmingly positive feedback from SpamTitan users on G2 Crowd is indicative of our commitment to ensuring the highest levels of customer success.”

If you want to improve email security without breaking the bank and want a solution that your IT staff will like using, SpamTitan is the ideal choice.

SpamTitan is available on a 100% free trial to allow you to try before committing to a purchase; however, if you have any questions about the solution, contact the TitanHQ team who will be happy to help and can schedule a product demonstration.

Sandboxing and DMARC Authentication Added to SpamTitan Email Security Solution

by G Hunt | March 13, 2019 | Industry News

This week, TitanHQ has rolled out two new features for its award-winning email security solution SpamTitan: Sandboxing and DMARC email authentication.

TitanHQ developed the technology behind its email security solution more than 20 years ago and over the past two decades SpamTitan has received many updates to improve features for end users and increase detection rates.

SpamTitan already blocks more than 99.9% of spam and malicious emails to prevent threats from reaching end users’ inboxes. The level of protection SpamTitan provides against email attacks has made it the gold standard in email security for the SMB market and managed service providers serving SMBs.

In order to provide even greater protection against increasingly sophisticated email threats, TitanHQ added a new sandboxing feature. The next-generation sandboxing feature, powered by Bitdefender, provides SpamTitan customers with a safe environment to run in-depth analyses of suspicious programs and files that have been delivered via email.

New SpamTitan Sandboxing Service

The sandbox is a powerful virtual environment totally separate from other systems. When programs are run in the sandbox, they behave as they would on an ordinary endpoint and can be assessed for suspicious behavior and malicious actions without causing harm.

Prior to being sent to the sandbox, files are first analyzed using SpamTitan’s anti-malware technologies. Only files that require further analysis make it to the sandbox where they are safely detonated. Tactics used by malware to evade detection and avoid analysis are logged and flagged. Purpose-built, advanced machine learning algorithms they assess the files and check their actions against an extensive array of known threats from a range on online repositories in a matter of minutes.

If the file is confirmed as benign, it can be released. If the file is determined to be malicious, the sandboxing service automatically sends a report to the Bitdefender’s Global Protective Network and all further instances of the threat will then be blocked globally to ensure the file does not need to be analysed again.

Email sandboxing provides advanced protection against zero-day exploits, polymorphic threats, APTs, malicious URLs, new malware samples that have yet to be identified as malicious, and new threats that have been developed for undetectable targeted attacks.

Incorporation of this feature into SpamTitan gives customers advanced emulation-based malware analysis capabilities without having to purchase a separate sandboxing solution and ensures customers are protected against rapidly evolving advanced threats.

DMARC Email Authentication Added to SpamTitan

Email spoofing is the term given to the use of a forged sender address. Email spoofing is used to increase the likelihood of an email being delivered and opened by an end user. The email address of a known contact, well known company, or government organization is usually spoofed to abuse trust in that individual, brand, or organization.

DMARC authentication is now essential for all businesses and is a powerful control to prevent spoofing attacks. DMARC is used to check email headers to provide further information about the true sender of an email. Through DMARC, the message is authenticated as having been sent from the organization that owns the domain. If authentication fails, the message is rejected.

While SPF provides a certain degree of protection against email spoofing, DMARC is far more dependable. SpamTitan now incorporates DMARC authentication to provide even greater protection against email spoofing attacks.

Both of these new features have been added in the latest update to SpamTitan and are available to users at no extra cost.

“We have listened to requests from customers to have new features added to SpamTitan, and by far the most requested improvements are anti-spoofing technology and sandboxing,” said Ronan Kavanagh, CEO, TitanHQ. “I’m delighted to say that both of these new features have now been added to provide enhanced security for customers at no extra cost.”

Ransomware is Still the Main Malware Threat Warns Europol

by G Hunt | September 27, 2018 | Industry News

Cybercriminals have turned to cryptocurrency mining malware as an easy, low-risk way of making money although ransomware is still the main malware threat according to Europol.

While it was common for large-scale spam email campaigns to be sent to random recipients to spread ransomware, tactics used to infect devices with the file-encrypting malware are changing.

There has been a decline in the use of ‘spray and pray’ spam campaigns involving millions of messages toward targeted attacks on businesses. Organized cybercriminal gangs are researching victims and are conducting highly targeted attacks that first involve compromising a network before manually deploying ransomware.

The cybercriminal group behind SamSam ransomware has been particularly prolific. Companies that have failed to address software vulnerabilities are attacked and access is gained to their networks. The SamSam group also conducts brute force attacks on RDP to gain access to business networks. Once access is gained, ransomware is manually installed on as many computers as possible, before the encryption routine is started across all infected devices. With a large number of devices encrypted, the ransom demand can be much higher – Typically around $50,000 per company. The group has collected at least $6 million in ransom payments to date.

Europol warns that ransomware attacks will continue to be a major threat over the following years, although a new threat is emerging – cryptojacking malware. This form of malware is used to hijack computer processors to mine cryptocurrency. Europol warns that if the rise in the use of cryptojacking malware continues it may overtake ransomware and become the biggest malware threat.

Not only does cryptojacking offer considerable rewards, in many cases use of the malware is not classed as illegal, such as when it is installed on websites. This not only means that cybercriminals can generate considerable profits, but the risk involved in these types of attacks is far lower than using ransomware.

Cybercriminals are still extensively using social engineering techniques to fool consumers and employees into disclosing sensitive personal information and login credentials. Social engineering is also extensively used to trick employees into making fraudulent bank transfers. Phishing is the most common form of social engineering, although vishing – voice phishing – and smishing – SMS phishing are also used. Europol notes that social engineering is still the engine of many cybercrimes.

While exploit kits have been extensively used to silently download malware, Europol notes that the use of exploit kits continues to decline. The main attack vectors are spam email and RDP brute-forcing.

As-a-service cyberattacks continue to be a major problem. DDoS-as-a-service and ransomware-as-a-service allow low-level and relatively unskilled individuals to conduct cyberattacks. Europol recommends law enforcement should concentrate on locating and shutting down these criminal operations to make it much harder for low-level criminals to conduct cyberattacks that would otherwise be beyond their skill level.

With spam email still a major attack vector, it is essential for businesses to implement cybersecurity solutions to prevent malicious emails from being delivered to inboxes and ensure cybersecurity best practices are adopted to make them less susceptible to attack. With phishing the main form of social engineering, anti-phishing training for employees is vital.

RDP attacks are now commonplace, so steps must be taken by businesses to block this attack vector, such as disabling RDP if it is not required, using extremely strong passwords for RDP, limiting users who can login, configuring account lockouts after a set number of failed login attempts, and using RDP gateways.

Cybercrime Losses in Germany Estimated to be €43 Billion

by G Hunt | September 19, 2018 | Industry News

With the largest economy, the United States is naturally a major target for cybercriminals. Various studies have been conducted on the cost of cybercrime in the United States, but little data is available on cybercrime losses in Germany – Europe’s largest economy.

The International Monetary Fund produces a list of countries with the largest economies. In 2017, Germany was ranked fourth behind the United States, China, and Japan. Its GDP of $3,68 trillion represents 4.61% of global GDP.

A recent study conducted by Germany’s federal association for Information Technology – BitKom – has placed a figure on the toll that cybercrime is taking on the German economy.

The study was conducted on security chiefs and managers at Germany’s top 503 companies in the manufacturing sector. Based on the findings of that survey, BitKom estimated cybercrime losses in Germany to be €43 billion ($50.2 billion). That represents 1.36% of the country’s GDP.

Extrapolate those cybercrime losses in Germany and it places the global cost of cybercrime at $1 trillion, substantially higher than the $600 billion figure estimate from cybersecurity firm McAfee and the Center for Strategic and International Studies (CSIS) in February 2018. That study placed the global percentage of GDP lost to cybercrime at between 0.59% and 0.80%, with GDP losses to cybercrime across Europe estimated to be between 0.79 to 0.89% of GDP.

Small to Medium Sized Businesses Most at Risk

While cyberattacks on large enterprises have potential to be highly profitable for cybercriminals, those firms tend to have the resources available to invest heavily in cybersecurity. Attacks on large enterprises are therefore much more difficult and time consuming. It is far easier to target smaller companies with less robust cybersecurity defenses.

Small to medium sized businesses (SMBs) often lack the resources to invest heavily in cybersecurity, and consequently are far easier to attack. The BitKom study confirmed that these companies, which form the backbone of the economy in Germany, are particularly vulnerable to cyberattacks and have been extensively targeted by cybercriminals.

It is not only organized cybercriminal groups that are conducting these attacks. Security officials in Germany have long been concerned about attacks by well-resourced foreign spy agencies. Those agencies are using cyberattacks to gain access to the advanced manufacturing techniques developed by German firms that give them a competitive advantage. Germany is one of the world’s leading manufacturing nations, so it stands to reason that the German firms are an attractive target.

Cybercriminals are extorting money from German firms and selling stolen data on the black market and nation-state sponsored hackers are stealing proprietary data and technology to advance manufacturing in their own countries. According to the survey, one third of companies have had mobile phones stolen and sensitive digital data has been lost by a quarter of German firms. 11% of German firms report that their communications systems have been tapped.

Attacks are also being conducted to sabotage German firms. According to the study, almost one in five German firms (19%) have had their IT and production systems sabotaged through cyberattacks.

Businesses Must Improve Their Defenses Against Cyberattacks

“With its worldwide market leaders, German industry is particularly interesting for criminals,” said Achim Berg, head of BitKom. Companies, SMBs in particular, therefore need to take cybersecurity much more seriously and invest commensurately in cybersecurity solutions to prevent cybercriminals from gaining access to their systems and data.

According to Thomas Haldenweg, deputy president of the BfV domestic intelligence agency, “Illegal knowledge and technology transfer … is a mass phenomenon.”

Preventing cyberattacks is not straightforward. There is no single solution that can protect against all attacks. Only defense-in-depth will ensure that cybercriminals and nation-state sponsored hacking groups are prevented from gaining access to sensitive information.

Companies need to conduct regular, comprehensive organization-wide risk analyses to identify all threats to the confidentiality, integrity, and availability of their data and systems. All identified risks must then be addressed through a robust risk management process and layered defenses implemented to thwart attackers.

One of the main vectors for attack is email. Figures from Cofense suggest that 91% of all cyberattacks start with a malicious email. It stands to reason that improving email security should be a key priority for German firms. This is an area where TitanHQ can help.

TitanHQ is a provider of world-class cybersecurity solutions for SMBs and enterprises that block the most commonly used attack vectors. To find out more about how TitanHQ’s cybersecurity solutions can help to improve the security posture of your company and block email and web-based attacks, contact the TitanHQ sales team today.

Data Breach Costs Have Increased by 36% for SMBs in the Past Year

by G Hunt | May 25, 2018 | Industry News

Data breach costs have risen considerably in the past year, according to a recent study of corporate IT security risks by Kaspersky Lab. Compared to 2016, the cost of a data breach for enterprises increased by 24% in 2017, and by even more for SMBs, who saw data breach costs rise by 36% in 2017.

The average cost of data breach recovery for an average-sized enterprise is now $1.23 million per data breach, while the cost for SMBs is now $120,000 per incident.

For the study, Kaspersky Lab surveyed 6,614 business decision makers. Respondents were asked about the main threats they have to deal with, cybersecurity incidents they have experienced in the past year, how much they spent resolving those incidents, and how that money was spent.

When a data breach is experienced, the costs can quickly mount. Enterprises and SMBs must contain the attack, scan systems for malware and backdoors, and pay for improvements to security and infrastructure to prevent similar attacks from occurring in the future. Staff need to receive additional training, new staff often need to be brought in, and third-parties hired to assist with recovery and security assessments.

Data breach recovery can take time and considerable effort. Additional wages have to be paid to staff assisting in the recovery process, there can be losses due to system downtime, repairing damage to a brand prove costly, credit monitoring and identity theft recovery services may have to be provided to breach victims, insurance premiums rise, credit ratings drop, and there may also be regulatory fines to cover.

The largest component of data breach costs is making emergency improvements to security and infrastructure to prevent further attacks, which is around $193,000 per breach for enterprises, the second biggest cost for enterprises is repairing reputation damage, which causes major increases in insurance costs and can severely damage credit ratings. On average, this costs enterprises $180,000. Providing after-the-event security awareness training to the workforce was the third biggest cost for enterprises at $137,000.

It is a similar story for SMBs who typically pay around $15,000 for each of the above three cost categories. A lack of inhouse expertise means SMBs often have to call in cybersecurity experts to assist with making improvements to security and for forensic analyses to determine how access to data was gained.

Data breaches affecting third-party hosted infrastructure are the costliest for SMBs, followed by attacks on non-computing connected devices, third party cloud services, and targeted attacks. For enterprises, the costliest data breaches are targeted attacks followed by attacks on third-party infrastructure, attacks on non-computing connected devices, third party cloud services, and leaks from internal systems.

The high cost of recovering from a data breach means a successful cyberattack on an SMB could be catastrophic, forcing the company to permanently shut its doors. It is therefore no surprise that businesses are allocating more of their IT budgets to improving their security defenses. Enterprises are now spending an average of $8.9 million on cybersecurity each year, while SMBs spend an average of $246,000. Even though the cost of additional cybersecurity defenses is high, it is still far lower than the cost of recovering from data breaches.

While data breach prevention is a key driver for greater investment in cybersecurity, that is far from the only reason for devoting a higher percentage of IT budgets to security. The main drivers for increasing security spending are the increasing complexity of IT infrastructure (34%), improving the level of security expertise (34%), and management wanting to improve security defenses (29%).

The Cost of the Equifax Data Breach? $242 Million and Rising

by G Hunt | April 27, 2018 | Industry News

The cost of the Equifax data breach has risen to more than $242 million, and that figure will continue to rise and could even double.

According to the Equifax financial report for the first quarter of 2018, the total spent on mitigation and preventative measures to avoid a further security breach is now $242.7 million.

The breach, which was made public in September 2017, affected 147.9 million customers, making it one of the largest data breaches ever discovered and certainly one of the most serious considering the types of data involved. Yahoo may have experienced much larger breaches, but the data exposed in those incidents was far less sensitive.

Fortunately for Equifax, it holds a sizable insurance policy against cybersecurity incidents. The policy will cover up to $125 million of the cost, minus a $7.5 million deductible. That insurance policy has already paid out $60 million, with $10 million in payments received in the first quarter of 2018.

The breakdown of cost of the Equifax data breach so far for Q1, 2018 is:

• $45.7 million on IT security
• $28.9 million on legal fees and investigation of the breach
• $4.1 million on product liability
• $10 million has been recovered from an insurance payout.

The net expenses from the breach in the first quarter of 2018 was $68.7 million. That is on top of the $114 million spent in the final quarter of 2017, which is broken down as $64.6 million on product costs and customer support, $99.4 million on professional fees, minus $50 million that was paid by its insurance carrier. The net spend so far for Q4, 2017 and Q1, 2018 is $140.5 million, although Equifax reports that the total costs related to the cybersecurity incident and incremental IT and data security costs has been $242.7 million.

Equifax has also reported that throughout 2018 and 2019 the firm will be investing heavily in IT and is committed to building an industry-leading data security system, although the firm has not disclosed how much it is expecting to spend, as the company does not have visibility into costs past 2018.

Equifax has predicted that there will be at least a further $275 million in expenses related to the cyberattack which must still be covered, although a further $57.5 million should be covered by its insurance policy.

While considerable costs have been incurred so far, the firm has done little to repair the reputational damage suffered as a result of the breach and has yet to hire many of the new staff it plans to bring in to help with the breach recovery, including a new CTO. The firm has said that it is taking a very aggressive approach in attracting the top talent in both IT and data security.

The high cost of the Equifax data breach to date, and the ongoing costs, is likely to make this the most expensive data breach of all time.

Healthcare Industry Warned About Ongoing SamSam Ransomware Attacks

by G Hunt | April 13, 2018 | Industry News

The SamSam ransomware attacks are continuing and the threat actors behind the campaign are showing no sign of stopping. So far in 2018 there have been at least 10 attacks in the United States, although many more may have gone unreported. Most of the known attacks have hit government agencies, municipalities, and healthcare organizations – all of whom are required to disclose attacks.

The attacks have caused massive disruption, taking computers, servers, and information systems out of action for several days to several weeks. Faced with the prospect of continued disruption to essential business processes, some organizations have chosen to pay the ransom – a risky strategy since there is no guarantee that the keys to unlock the encryption will work or even be supplied.

Others have refused to be extorted, often at great cost. One U.S. healthcare provider, Erie County Medical Center, took six weeks to fully recover from the attack. Mitigating the attack has cost several million dollars.

Multiple SamSam ransomware attacks are possible as the Colorado Department of Transportation discovered. After recovering from an attack in February, a second attack occurred in March.

It is not only financial harm that is caused by the attacks. Another hospital was attacked, and its outpatient clinic and three physician hospitals were unable to view histories or schedule appointments. The ransomware attack on the electronic medical record provider AllScripts saw its EMR systems taken out of action for several days. During that time, around 1,500 medical centers were unable to access patient health records resulting in many cancellations of non-critical medical appointments.

The March SamSam ransomware attack on the City of Atlanta brought many government services to a grinding halt. The extensive attack forced the shutdown of many systems, many of which remained inaccessible for six days. Bills and parking tickets couldn’t be paid and court proceedings had to be cancelled. The huge backlog of work continued to cause delays when systems were restored.

While the SamSam ransomware attacks have been concentrated on just a few industry sectors, the attacks are not necessarily targeted. What the victims have in common is they have been found to have easily exploitable vulnerabilities on public facing servers. They were attacked because mistakes had been made, vulnerabilities had not been patched promptly, and weak passwords had been set.

The threat actors behind the latest SamSam ransomware attacks have not been confirmed, although researchers at Secureworks believe the attacks are being conducted by the Gold LOWELL threat group. It is not known whether they are a defined group or a network of closely affiliated threat actors. What is known, whether it is GOLD LOWELL or other group, is they are largely staying under the radar.

What is more certain is the SamSam ransomware attacks will continue. In the first four weeks of January, the Bitcoin wallet used by the attackers showed $325,000 of ransom payments had been paid. The total in April is likely to be substantially higher. Hancock Health, one of two Indiana hospitals attacked this year, has confirmed that it paid a ransom demand of approximately $55,000 for the keys to unlock the encryption. As long as the attacks remain profitable and the threat actors can stay under the radar, there is no incentive to stop.

In contrast to many threat actors that use phishing emails and spam messages to deliver ransomware downloaders, this group exploits vulnerabilities on public-facing servers. Access is gained to the network, the attackers spend time navigating the network and moving laterally, before the ransomware payload is finally deployed. Detecting network intrusions quickly may prevent file encryption, or at least limit the damage caused.

The ongoing campaign has now prompted the U.S. Department of Health and Human Services’ Healthcare Cybersecurity Integration and Communications Center (HCCIC) to issue a warning to healthcare organizations about the continued threat of attacks. Healthcare organizations should heed the advice of the HCCIC and not only implement defences to block attacks but also to prepare for the worst. If contingency plans are made and incident response procedures are developed in advance, disruption and cost will be kept to a minimum.

That advice from the HCCIC to prevent SamSam ransomware attacks is:

• Conduct vulnerability scans and risk assessments to identify potential vulnerabilities
• Ensure those vulnerabilities are remediated
• Ensure patches are applied promptly
• Use strong usernames and passwords and two-factor authentication
• Limit the number of users who can login to remote desktop solutions
• Restrict access to RDP behind firewalls and use a VPN or RDP gateway
• Use rate limiting to stop brute force attacks
• Ensure backups are made for all data to allow recovery without paying the ransom and make sure those backups are secured
• Develop a contingency plan to ensure that the business can continue to function while the attack is mitigated
• Develop procedures that can easily be followed in the event of a ransomware attack
• Implement defenses capable of detecting attacks quickly when they occur
• Conduct annual penetration tests to identify vulnerabilities and ensure those vulnerabilities are rapidly addressed

Cybersecurity Threat Level at All Time High

by G Hunt | March 20, 2018 | Industry News

The cybersecurity threat level is at an all time high, according to a recently published threat report from McAfee. The AV solution provider has compiled a report from data collected over the final quarter of 2017 which shows the last three months of 2017 saw record numbers of new malware samples detected – 63.4 million samples. A level never before seen.

The soaring value of Bitcoin and other cryptocurrencies in the final quarter of 2017 fueled a massive rise in cryptocurrency hijacking and the use of cryptocurrency miners over other forms of malware that were favored in previous quarters. With Bitcoin valued at $19,000 in December and cryptocurrency mining hardware costing several thousand dollars, it is no surprise that so many threat actors chose to hijack other computers and steal money from cryptocurrency wallets.

Cryptocurrency miners were being used in spam email campaigns, disguised as mobile apps, and there was a massive rise in the hijacking of websites and loading cryptocurrency mining code.

While mining cryptocurrencies has proven to be highly profitable for cybercriminals, they did not abandon the use of other malware variants. The use of ransomware continues to increase, with spam email the primary method of delivery.

McAfee reports that there was 35% ransomware growth in Q4, and 59% growth in 2017. For the fourth consecutive quarter there has been an increase in new ransomware variants, with much of the increase due to the widespread use of Ransom:Win32/Genasom. There is unlikely to be a fall in use of ransomware any time soon.

The use of spam email to deliver malware and ransomware continues to grow, with two botnets – Necurs and Gamut – responsible for delivering 97% of all spam email in Q4, with the former now the most prevalent spamming botnet.

Botnets are also being developed to exploit IoT devices, which typically lack security and often have poor passwords. Infecting the devices allows massive botnets to be easily assembled for use in DDoS and DoS attacks.

Q4 was the fourth consecutive quarter where new malware samples have continued to increase, with total malware samples now just short of 700,000,000. New Mac malware also increased for the third consecutive quarter and there are now approximately 750,000 Mac malware variants, although there was a fall in new mobile malware samples from the 2-year high in Q3.

There was a rise in new Faceliker and macro malware, although the biggest increase was PowerShell malware. Q4 saw a massive jump in new PowerShell downloaders.

While the cybersecurity threat level continues to increase, and all industries are at risk, healthcare was the most targeted industry in 2017 by some distance. Healthcare may have been the third most targeted industry sector in 2016-2017, but the first three quarters of 2017 saw more than twice as many attacks on healthcare organizations than any other industry sector.

McAfee reports that there has been a 210% increase in cybersecurity incidents reported by healthcare organizations in 2017 compared to 2016, although there was some respite in Q4, which saw a 78% quarter over quarter decline in security incidents.

McAfee suggests it is poor security practices that have contributed to the rise in healthcare data breaches and cyberattacks. Many of the reported incidents could have been prevented if cybersecurity best practices had been followed.

Cyberattacks on Restaurants Continue with 160 Applebee’s Locations Affected by POS Malware Attack

by G Hunt | March 12, 2018 | Industry News

There have been several major cyberattacks on restaurants in recent months. Organized cybercriminals gangs are using specially crafted malware to silently steal credit card data from POS systems. Not only do the initial intrusions go undetected, the presence of the malware is often not detected for several months, during which time tens of thousands of credit card details are stolen.

Last month saw another large restaurant chain suffer a major breach of payment card data. The cyberattack on Applebee’s affects more than 160 of its RMH Franchise Holdings owned and operated restaurants across 15 states.

Customers who visited one of the RMH restaurants in Alabama, Arizona, Texas, Florida, Illinois, Indiana, Kansas, Kentucky, Ohio, Mississippi, Missouri, Nebraska, Oklohoma, Pennsylvania or Wyoming between November 2017 and January 2018 and paid for their meal on a credit or debit card have potentially had their card details stolen. Customers who paid using the self-pay tabletop devices were not affected, and neither were customers who paid online. The data breach was confined to RMH-operated restaurants. Other restaurants in the Applebee’s network were unaffected.

The data theft occurred as a result of malware on its POS system. The malware had been developed to capture data such as card numbers, expiry dates, CVV codes, and cardholder names. After recording the data, the information was exfiltrated to the attacker’s command and control server.

RMH reports that it has security systems in place to prevent cyberattacks and was able to contain the incident prior to discovery of malware on February 13, 2018. One a breach was discovered, RMH conducted a thorough investigation to identify the full extent of the breach and the individuals potentially impacted. A leading computer forensics firm was contracted to assist with the investigation and help mitigate of the attack. RHM has not disclosed how the malware was installed and nether the type of malware used in the attack.

The Applebee’s cyberattack is the latest in a string of cyberattacks on restaurants and retailers. In 2017 there were similar cyberattacks on restaurants throughout the United States. Arby’s fast food restaurants experienced a POS-malware related breach that affected many of its 1,000+ corporate stores. Chipotle Mexican Grill discovered malware had been installed on its POS system, with most of its stored affected over a 1-month period last spring.

Retailers are also major targets. Earlier this year, the retailer Forever21 discovered malware has been installed on its POS system. It took the retailer 7 months to identify the breach, during which time the credit and debit card details of many thousands of its customers were stolen.

Last year, many of the 750 Kmart stores were infected with POS malware – the second major credit card breach experienced by the chain in the past three years. Buckle Inc., was also attacked, with an undisclosed number of its stores affected. The malware infection remained on its system undetected for more than 5 months.

The breaches highlight the importance of implementing layered defenses to protect the entire attack surface, from spam email defenses to web filters, next generation firewalls, and advanced intrusion detection systems. It is also essential for retailers and restaurateurs to conduct regular vulnerability scans of the entire network to identify and address security flaws, with technical solutions implemented to constantly monitor POS systems for signs of compromise.

Microsoft Patches 17-Year Old MS Office Remote Code Execution Vulnerability

by G Hunt | November 17, 2017 | Industry News

A serious MS Office remote code execution vulnerability has been patched by Microsoft – One that would allow malware to be installed remotely with no user interaction required. The flaw has been present in MS Office for the past 17 years.

The flaw, which was discovered by researchers at Embedi, is being tracked as CVE-2017-11882. The vulnerability is in the Microsoft Equation Editor, a part of MS Office that is used for inserting and editing equations – OLE objects – in documents: Specifically, the vulnerability is in the executable file EQNEDT32.exe.

The memory corruption vulnerability allows remote code execution on a targeted computer, and would allow an attacker to take full control of the system, if used with Windows Kernel privilege exploits. The flaw can be exploited on all Windows operating systems, including unpatched systems with the Windows 10 Creators Update.

Microsoft addressed the vulnerability in its November round of security updates. Any unpatched system is vulnerable to attack, so it is strongly advisable to apply the patch promptly. While the vulnerability could potentially have been exploited at any point in the past 17 years, attacks exploiting this MS Office remote code execution vulnerability are much more likely now that a patch has been released.

The flaw does not require the use of macros, only for the victim to open a specially crafted malicious Office document. Malicious documents designed to exploit the vulnerability would likely arrive via spam email, highlighting the importance of implementing a spam filtering solution such as SpamTitan to block the threat.

End users who are fooled into opening a malicious document can prevent infection by closing the document without enabling macros. In this case, malware would be installed simply by opening the document.

Microsoft has rated the vulnerability as important, rather than critical, although researchers at Embedi say this flaw is “extremely dangerous.” Embedi has developed a proof of concept attack that allowed them to successfully exploit the vulnerability. The researchers said, “By inserting several OLEs that exploited the described vulnerability, it was possible to execute an arbitrary sequence of commands (e.g. to download an arbitrary file from the Internet and execute it),”

EQNEDT32.exe is run outside of the Microsoft Office environment, so it is therefore not subject to Office and many Windows 10 protections. In addition to applying the patch, security researchers at Embedi recommend disabling EQNEDT32.EXE in the registry, as even with the patch applied, the executable still has a number of other vulnerabilities. Disabling the executable will not impact users since this is a feature of Office that is never needed by most users.

Global Data Breach Study Shows 1.9 Billion Records Were Exposed in the First Half of 1017

by G Hunt | October 26, 2017 | Industry News

A global data breach study by Gemalto provides valuable insights into data breaches reported over the first six months of 2017, showing there has been a significant increase in data breaches and the number of records exposed.

Barely a day has gone by without a report of a data breach in the media, so it will probably not come as a surprise to hear that data breaches have risen again in 2017. What is surprising is the scale of the increase. Compared to the first six months of 2016 – which saw huge numbers of data breaches reported – 2017 saw a 13% increase in incidents. However, it is the scale of those breaches that is shocking. 2017 saw 164% more records exposed than in 2016.

During the first six months of 2017, a staggering 918 data breaches were confirmed, resulting in 1.9 billion records and email credentials being exposed or stolen. Further, that figure is a conservative. According to Gemalto’s global data breach study, it is unknown how many records were compromised in 59.3% of data breaches between January and June 2017.

What is clear is the data breaches are increasing in size. Between January and the end of June, there were 22 breaches reported that each impacted more than 1 million individuals.

To put the global data breach study figures into perspective, more than 10.5 million records were exposed each day in the first half of 2017 – or 122 records per second.

What is the Biggest Cause of Data Breaches in the First Half of 2017?

While malicious insiders pose a significant threat, and caused 8% of breaches, accidental loss of devices or records accounted for 18% of incidents. But the biggest cause of data breaches was malicious outsiders, who caused 74% of all tracked data breaches.

However, in terms of the severity of breaches, it is accidental loss that tops the list. There many have only been 166/918 breaches due to accidental loss according to the global data breach study, but those incidents accounted for 86% of all records – That’s 1.6 billion.

Malicious outsiders may have caused the most breaches – 679/918 – but those breaches involved just 13% of the total number of records – 254 million. In the first half of 2016, malicious outsiders were the leading breach cause and data breaches and accounted for 76% of breached records.

It is worth noting that while malicious insiders were responsible for just 8% of incidents, those incidents saw 20 million records exposed. Compared to 2016, that’s a 4114% increase.

Which Regions Had the Most Data Breaches in the First Half of 2017?

While North America was the hardest hit, accounting for 88% of all reported breaches, that does not necessarily mean that most breaches are occurring in the United States. In the U.S. there are far stricter reporting requirements, and companies are forced to disclose data breaches.

In Europe, many companies choose not to announce data breaches. It will therefore be interesting to see how the figures change next year. From May 2018, there will be far stricter reporting requirements due to the introduction of the General Data Protection Regulation (GDPR). For this report, there were 49 reported breaches in Europe – 5% of the total. 40% of those breaches were in the United Kingdom. There were 47 breaches in the Asia Pacific region – 5% of the total – with 15 in India and the same percentage in Australia.

Which Industries Suffer the Most Data Breaches?

The worst affected industry was healthcare, accounting for 25% of all breaches. However, bear in mind that HIPAA requires healthcare organizations to report all breaches in the United States. The financial services industry was in second place with 14% of the total, followed by education with 13% of breaches. The retail industry recorded 12% of breaches, followed by the government on 10% and technology on 7%.

In terms of the number of records breached, it is ‘other industries’ that were the worst hit. Even though that group accounted for just 6% of breaches they resulted in the exposure of 71% of records. Government breaches accounted for 21% of the total, followed by technology (3%), education (2%), healthcare (2%) and social media firms (1%).

How Can These Breaches be Stopped?

In the most part, these data breaches occurred due to poor cybersecurity protections, basic security failures, poor internal security practices, and the failure to use data encryption. Previous research by PhishMe has shown that 91% of data breaches start with a phishing email. Anti-spam defenses are therefore critical in preventing data breaches. If phishing emails are prevented from being delivered, a large percentage of external attacks can be stopped.

Organizations that have yet to use two factor authentication should ensure that this basic security control is employed. Employees should receive cybersecurity awareness training, and training programs should be ongoing. In particular, employees should be trained how to identify phishing emails and the actions they should take when a suspicious email is encountered.

Accidental loss of data from lost and stolen devices can be prevented with the use of encryption, although most accidental losses were due to poorly configured databases. Organizations should pay particular attention to their databases and cloud instances, to make sure they are appropriately secured and cannot be accessed by unauthorized individuals.

Bad Rabbit Ransomware Hits Russia, Ukraine and Europe

by G Hunt | October 25, 2017 | Industry News

Bad Rabbit ransomware attacks have been reported throughout Russia, Ukraine, and Eastern Europe. While new ransomware variants are constantly being developed, Bad Rabbit ransomware stands out due to the speed at which attacks are occurring, the ransomware’s ability to spread within a network, and its similarity to the NotPetya attacks in June 2017.

Bad Rabbit Ransomware Spreads via Fake Flash Player Updates

While Bad Rabbit ransomware has been likened to NotPetya, the method of attack differs. Rather than exploit the Windows Server Message Block vulnerability, the latest attacks involve drive-by downloads that are triggered when users respond to a warning about an urgent Flash Player update. The Flash Player update warnings have been displayed on prominent news and media websites.

The malicious payload packed in an executable file called install_flash_player.exe. That executable drops and executes the file C:Windowsinfpub.dat, which starts the encryption process. The ransomware uses the open source encryption software DiskCryptor to encrypt files with AES, with the keys then encrypted with a RSA-2048 public key. There is no change to the file extension of encrypted files, but every encrypted file has the .encrypted extension tacked on.

Once installed, it spreads laterally via SMB. Researchers at ESET do not believe bad rabbit is using the ETERNALBLUE exploit that was incorporated into WannaCry and NotPetya. Instead, the ransomware uses a hardcoded list of commonly used login credentials for network shares, in addition to extracting credentials from a compromised device using the Mimikatz tool.

Similar to NotPetya, Bad Rabbit replaces the Master Boot Record (MBR). Once the MBR has been replaced, a reboot is triggered, and the ransom note is then displayed.

Victims are asked to pay a ransom payment of 0.5 Bitcoin ($280) via the TOR network. The failure to pay the ransom demand within 40 hours of infection will see the ransom payment increase. It is currently unclear whether payment of the ransom will result in a valid key being provided.

So far confirmed victims include the Russian news agencies Interfax and Fontanka, the Ministry of Infrastructure of Ukraine, the Odessa International Airport, and the Kiev Metro. In total there are believed to have been more than 200 attacks so far in Russia, Ukraine, Turkey, Bulgaria, Japan, and Germany.

How to Block Bad Rabbit Ransomware

To prevent infection, Kaspersky Lab has advised companies to restrict the execution of files with the paths C:windowsinfpub.dat and C:Windowscscc.dat.

Alternatively, those files can be created with read, write, and execute permissions removed for all users.

Major Rise in Cyberattacks on Websites Reported

by G Hunt | October 11, 2017 | Industry News

Email may be the primary vector used to conduct cyberattacks on businesses, but there has been a massive rise in cyberattacks on websites in recent months. The second quarter of 2017 saw a 186% increase in cyberattacks on websites, rising from an average of 22 attacks per day in Q1 to 63 attacks per day in Q2, according to a recent report from SiteLock. These sites were typically run by small to mid-sized companies.

WordPress websites were the most commonly attacked – The average number of attacks per day was twice as high for WordPress sites as other content management platforms. That said, security on WordPress sites is typically better than other content management platforms.

Joomla websites were found to contain twice the number of vulnerabilities as WordPress sites, on average. Many users of Joomla were discovered to be running versions of the CMS that are no longer supported. One in five Joomla sites had a CMS that had not been updated in the past 5 years. Typically, users of Joomla do not sign up for automatic updates.

WordPress sites are updated more frequently, either manually or automatically, although that is not the case for plugins used on those sites. While the CMS may be updated to address vulnerabilities, the updates will not prevent attacks that leverage vulnerabilities in third party plugins.

The study revealed 44% of 6 million websites assessed for the study had plugins that were out of date by a year or more. Even when websites were running the latest version of the CMS, they are still being compromised by cybercriminals who exploited out of date plugins. Seven out of 10 compromised WordPress sites were running the latest version of the WordPress.

There is a common misconception than website security is the responsibility of the hosting provider, when that is not the case. 40% of the 20,000 website owners who were surveyed believed it was their hosting company that was responsible for securing their websites.

Most cyberattacks on websites are automated. Bots are used to conduct 85% of cyberattacks on websites. The types of attacks were highly varied, including SQL injection, cross-site scripting attacks, local and remote file inclusion, and cross-site request forgery.

SiteLock noted that in 77% of cases where sites had been compromised with malware, this was not picked up by the search engines and warnings were not being displayed by browsers. Only 23% of sites that were compromised with malware triggered a browser warning or were marked as potentially malicious websites by search engines.

Due to major increase in attacks, it is strongly recommended that SMBs conduct regular scans of their sites for malware, ensure their CMS is updated automatically, and updates are performed on all plugins on the site.  Taking proactive steps to secure websites will help SMBs prevent website-related breaches and stop their sites being used to spread malware or be used for phishing.

It’s National Cyber Security Month: Time to Start Developing a Security Culture

by G Hunt | October 2, 2017 | Industry News

Today is the start of the 14^th National Cyber Security Month – A time when U.S. citizens are reminded of the importance of practicing good cyber hygiene, and awareness is raised about the threat from malware, phishing, and social engineering attacks.

The cybersecurity initiative was launched in 2004 by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS) with the aim of creating resources for all Americans to help them stay safe online.

While protecting consumers has been the main focus of National Cyber Security Month since its creation, during the past 14 years the initiative has been expanded considerably. Now small and medium-sized businesses, corporations, and healthcare and educational institutions are assisted over the 31 days of October, with advice given to help develop policies, procedures, and implement technology to keep networks and data secure.

National Cyber Security Month Themes

2017 National Cyber Security Month focuses on a new theme each week, with resources provided to improve understanding of the main cybersecurity threats and explain the actions that can be taken to mitigate risk.

Week 1: Oct 2-6 – Simple Steps to Online Safety

It’s been 7 years since the STOP. THINK. CONNECT campaign was launched by the NCSA and the Anti-Phishing Workshop. As the name suggests, the campaign encourages users learn good cybersecurity habits – To assume that every email and website may be a scam, and to be cautions online and when opening emails. Week one will see more resources provided to help consumers learn cybersecurity best practices.

Week 2: Oct 9-13 – Cybersecurity in the Workplace

With awareness of cyber threats raised with consumers, the DHS and NCSA turn their attention to businesses. Employees may be the weakest link in the security chain, but that need not be the case. Education programs can be highly effective at improving resilience to cyberattacks. Week 2 will see businesses given help with their cyber education programs to develop a cybersecurity culture and address vulnerabilities. DHS/NCSA will also be promoting the NIST Cybersecurity Framework and explaining how its adoption can greatly improve organizations’ security posture.

Week 3: Oct 16-20 –Predictions for Tomorrow’s Internet

The proliferation of IoT devices has introduced many new risks. The aim of week three is to raise awareness of those risks – both for consumers and businesses – and to provide practical advice on taking advantage of the benefits of smart devices, while ensuring they are deployed in a secure and safe way.

Week 4: Oct 23-27 –Careers in Cybersecurity

There is a crisis looming – A severe lack of cybersecurity professionals and not enough students taking up cybersecurity as a profession. The aim of week 4 is to encourage students to consider taking up cybersecurity as a career, by providing resources for students and guidance for key influencers to help engage the younger generation and encourage them to pursue a career in cybersecurity.

Week 5: Oct 30-31 – Protecting Critical Infrastructure

As we have seen already this year, nation-state sponsored groups have been sabotaging critical infrastructure and cybercriminals have been targeting critical infrastructure to extort money. The last two days of October will see awareness raised of the need for cybersecurity to protect critical infrastructure, which will serve as an introduction to Critical Infrastructure Security and Resilience Month in November.

European Cyber Security Month

While National Cyber Security Month takes place in the United States, across the Atlantic, European Cyber Security Month is running in tandem. In Europe, similar themes will be covered with the aim of raising awareness of cyber threats and explaining the actions EU citizens and businesses can take to stay secure.

This year is the 5th anniversary of European Cyber Security Month – a collaboration between The European Union Agency for Network and Information Security (ENISA), the European Commission DG CONNECT and public and private sector partners.

As in the United States, each week of October has a different theme with new resources and reports released, and events and activities being conducted to educate the public and businesses on cybersecurity.

European Cyber Security Month Themes

This year, the program for European Cyber Security Month is as follows:

Week 1: Oct 2-6 – Cybersecurity in the Workplace

A week dedicated to helping businesses train their employees to be security assets and raise awareness of the risks from phishing, ransomware, and malware. Resources will be provided to help businesses teach their employees about good cyber hygiene.

Week 2: Oct 9-13 – Governance, Privacy & Data Protection

With the GDPR compliance date just around the corner, businesses will receive guidance on compliance with GDPR and the NIS Directive to help businesses get ready for May 2018.

Week 3: Oct 16-20 – Cybersecurity in the Home

As more IoT devices are being used in the home, the risk of cyberattacks has grown. The aim of week 3 is to raise awareness of the threats from IoT devices and to explain how to keep home networks secure. Awareness will also be raised about online fraud and scams targeting consumers.

Week 4: Oct 23-27 – Skills in Cyber Security

The aim in week 4 is to encourage the younger generation to gain the cyber skills they will need to embark upon a career in cybersecurity. Educational resources will be made available to help train the next generation of cybersecurity professionals.

Use October to Improve Your Cybersecurity Defenses and Train Your Workforce to Be Security Titans

This Cyber Security Month, why not take advantage of the additional resources available and use October to improve your cybersecurity awareness and train your employees to be more security conscious.

When the month is over, don’t shelve cybersecurity for another 12 months. The key to remaining secure and creating a security culture in the workplace is to continue training, assessments, and phishing tests throughout the year. October should be taken as a month to develop and implement training programs and to work toward creating a secure work environment and build a cybersecurity culture in your place of work.

Poor Patch Management Policies to Blame for Equifax Data Breach

by G Hunt | September 15, 2017 | Industry News

It has been confirmed that poor patch management policies opened the door for hackers and allowed them to gain access to the consumer data stored by the credit monitoring bureau Equifax.  The massive Equifax data breach announced earlier this month saw the personal information – including Social Security numbers – of almost half the population of the United States exposed/stolen by hackers.

Poor Patch Management Policies to Blame for Yet Another Major Cyberattack

The vulnerability may have been different to that exploited in the WannaCry ransomware attacks in May, but it was a similar scenario. In the case of WannaCry, a Microsoft Server Message Block vulnerability was exploited, allowing hackers to install WannaCry ransomware.

The vulnerability, tracked as CVE-2017-010, was corrected in March 2017 and a patch was issued to prevent the flaw from being exploited. Two months later, the WannaCry ransomware attacks affected organizations around the world that had not yet applied the patch.

Few details about the Equifax data breach were initially released, with the firm only announcing that access to consumer data was gained via a website application vulnerability. Equifax has now confirmed that access to data was gained by exploiting a vulnerability in Apache Struts, specifically, the Apache Struts vulnerability tracked as CVE-2017-5638.

As with WannaCry, a patch had been released two months before the attack took place. Hackers took advantage of poor patch management policies and exploited the vulnerability to gain access to consumer information.

The Exploited Apache Struts Vulnerability

Apache Struts is used by many Fortune 100 firms and is popular with banks, airlines, governments, and e-commerce stores. Apache Struts is an open-source, MVC framework that allows organizations to create front and back-end Java web applications, such as applications on the public website of Equifax.

The CVE-2017-5638 Apache Struts vulnerability is well known. Details of the vulnerability were published in March 2017 and a patch was issued to correct the flaw. The flaw is relatively easy to exploit, and within three days of the patch being issued, hackers started to exploit the vulnerability and attack web applications that had not been patched.

The remote code execution vulnerability allows an attacker to execute arbitrary code in the context of the affected application. While many organizations acted quickly, for some, applying the patch was not straightforward. The process of upgrading and fixing the flaw can be a difficult and labor-intensive task. Some websites have hundreds of apps that all need to be updated and tested. While it is currently unclear if Equifax was in the process of upgrading the software, two months after the patch had been released, Equifax had still not updated its software. In mid-May, the flaw was exploited by hackers and access was gained to consumer data.

Poor Patch Management Policies Will Lead to Data Breaches

All software contains vulnerabilities that can be exploited. It is just a case of those vulnerabilities being found. Already this year, there have been several vulnerabilities discovered in Apache Struts of varying severity. As soon as new vulnerabilities are discovered, patches are developed to correct the flaws. It is up to organizations to ensure patches are applied promptly to keep their systems and data secure. Had the patch been applied promptly, the breach could have been prevented.

Even though a widely exploited vulnerability was known to exist, Equifax was not only slow to correct the flaw but also failed to detect that a breach had occurred for several weeks. In this case, it would appear that the attackers were throttling down on data exfiltration to avoid detection, although questions will certainly be asked about why it took so long for the Equifax cyberattack to be discovered.

Since zero-day vulnerabilities are often exploited before software developers become aware of flaws and develop patches, organizations – especially those of the size of Equifax – should be using intrusion detection solutions to monitor for abnormal application activity. This will help to ensure any zero-day exploits are rapidly identified and action is taken to limit the severity of any breach.

What Will the Cost of the Equifax Data Breach Be?

The cost of the Equifax data breach will be considerable. State attorneys general are lining up to take action against the credit monitoring bureau for failing prevent the breach. 40 attorneys general have already launched and Massachusetts attorney general Maura Healey has announced the state will be suing Equifax for breaching state laws.

Healey said, the Equifax data breach was “the most egregious data breach we have ever seen. It is as bad as it gets.” New York Attorney General Eric Schneiderman has also spoken out about the breach promising an in-depth investigation to determine whether state laws have been violated. If they have, action will certainly be taken.

U.S. consumers are also extremely angry that their highly sensitive information has been breached, especially since they did not provide their data to Equifax directly. Class-action lawsuits are certain to be launched to recover damages.

As if the breach itself is not bad enough, questions have been raised about the possibility of insider trading. Three Equifax executives allegedly sold $2 million in stock just days after the breach was discovered and before it had been made public.

The final cost of the Equifax data breach will not be known for years to come, although already the firm has lost 35% of its stock value – wiping out around $6 billion. Multiple lawsuits will be filed, there are likely to be heavy fines. The cost of the Equifax breach is therefore certain to be of the order of hundreds of millions. Some experts have suggested a figure of at least 300 million is likely, and possibly considerably more.

Cyberattacks in Q2 2017 Jumped by Almost a Quarter

by G Hunt | August 9, 2017 | Industry News

Cyberattacks are continuing to rise, according to the latest threat report from NTT Security. Cyberattacks in Q2 2017 jumped considerably, while phishing emails are now being extensively used to spread malware. The majority of cyberattacks in Q2 2017 affected the manufacturing, finance and healthcare industries, which accounted for 72% of all detected attacks.

Cyberattacks in Q2 2017 Increased by Almost a Quarter

Cyberattacks in Q2 2017 were 24% higher than the previous quarter and the manufacturing industry is in hackers’ crosshairs. Manufacturing accounted for 34% of all malicious attacks last quarter, followed by finance with 25% of attacks and healthcare on 13%.

Cyberattacks on manufacturing firms are not limited geographically. Manufacturing was the most attacked industry in five out of the six geographical regions tracked by NTT Security. The attacks have involved ransomware, industrial espionage, sabotage and data theft. Even though cyberattacks on manufacturing firms have increased sharply, 37% of firms in the sector have yet to develop an incident response plan.

Flash Continues to Cause Security Headaches for Businesses

Unpatched vulnerabilities continue to cause headaches for businesses, with Adobe Flash the main culprit. Adobe will finally retire Flash in 2020, but until then, it remains something of a liability. 98% of vulnerabilities corrected by Adobe were in Flash, and in Q2, an Adobe Flash vulnerability was the most commonly exploited. The Adobe Flash remote code execution vulnerability CVE-2016-4116 was exploited in 57% of vulnerability exploitation attacks.

The message to businesses is clear. If Adobe Flash is not essential it should be disabled or uninstalled. If it is necessary, it is essential that patches are applied as soon as humanly possible. NTT Security notes that attacks increase exponentially once proof-of-concept code is published.

Increase in Use of Phishing Emails for Malware Delivery

The NTT Security report shows 67% of malware attacks on organizations were the result of phishing emails. The NTT Security report ties in with the findings of a recent threat report issued by Symantec, which showed that malware emails were at now at the highest levels seen this year.

The use of phishing emails to deliver malware is understandable. The emails target employees – a weak link in most organizations’ defenses. Phishing emails take just a few minutes to craft and can be sent in large volumes quickly and easily. The phishing scams are also highly effective, taking advantages of flaws in human nature.

Many organizations are still only providing annual security awareness training, rather than regular refresher training sessions, ongoing CBT courses and monthly bulletins detailing the new threats. Ineffective spam filtering also results in more messages reaching end users’ inboxes, increasing the chance of one of those emails being opened and malware being downloaded.

Improving defenses against phishing is now critical, yet many organizations are failing to appreciate how serious the threat from phishing really is. The volume of malware infections now occurring via phishing emails should be a wakeup call for organizations.

Technical solutions such as advanced spam filters, link blocking technology such as web filters and employee security awareness training should all now feature in organizations’ cybersecurity defenses.

Ransomware Attacks on Small Businesses Cause Devastating Losses

by G Hunt | August 7, 2017 | Industry News

Ransomware attacks on small businesses can be devastating. Many small businesses have little spare capital and certainly not enough to be handing out cash to cybercriminals, let alone enough to cover the cost of loss of business while systems are taken out of action. Many small businesses are one ransomware attack away from total disaster. One attack and they may have to permanently shut their doors.

A recent research study commissioned by Malwarebytes – conducted by Osterman Research – has highlighted the devastating effect of ransomware attacks on small businesses.

1,054 businesses with fewer than 1,000 employees were surveyed and asked about the number of ransomware attacks they had experienced, the cost of mitigating those attacks and the impact of the ransomware attacks on their business.

Anyone following the news should be aware of the increase in ransomware attacks. Barely a week goes by without a major attack being announced. The latest study has confirmed the frequency of attacks has increased. More than one third of companies that took part in the survey revealed they had experienced at least one ransomware attack in the past 12 months.

22% of Small Businesses Shut Down Operations Immediately Following a Ransomware Attack

The survey also showed the devastating impact of ransomware attacks on small businesses. More than one fifth of small businesses were forced to cease operations immediately after an attack. 22% of businesses were forced to close their businesses.

Those companies able to weather the storm incurred significant costs. 15% of companies lost revenue as a result of having their systems and data locked by ransomware and one in six companies experienced downtime in excess of 25 hours. Some businesses said their systems were taken out of action for more than 100 hours.

Paying a ransom is no guarantee that systems can be brought back online quickly. Each computer affected requires its own security key. Those keys must be used carefully. A mistake could see data locked forever. A ransomware attack involving multiple devices could take several days to resolve. Forensic investigations must also be conducted to ensure all traces of the ransomware have been removed and no backdoors have been installed. That can be a long-winded, painstaking process.

Multiple-device attacks are becoming more common. WannaCry-style ransomware attacks that incorporate a worm component see infections spread rapidly across a network. However, many ransomware variants can scan neworks and self-replicate. One third of companies that experienced attack, said it spread to other devices and 2% said all devices had been encrypted.

Can Ransomware Attacks on Small Businesses be Prevented?

Can ransomware attacks on small businesses be prevented? Confidence appears to be low. Almost half of respondents were only moderately confident they could prevent a ransomware attack on their business. Even though a third of businesses had ‘anti-ransomware’ defenses in place, one third still experienced attacks.

Unfortunately, there is no single solution that can prevent ransomware attacks on small businesses. What organizations must do is employ multi-layered defenses, although that can be a major challenge, especially with limited resources.

A risk assessment is a good place to start. Organizations need to look at their defenses critically and assess their infrastructure for potential vulnerabilities that could be exploited.

Improving Defenses Against Ransomware

Ransomware attacks on small businesses usually occur via email with employees targeted using phishing emails. Organizations should consider implementing a spam filtering solution to reduce the number of malicious emails that reach inboxes.

Some emails will inevitably slip past these defenses, so it is important for staff to be security aware. Security awareness training should be ongoing and should involve phishing simulations to find out how effective training has been and to single out employees that need further training.

While ransomware can arrive as an attachment, it is usually downloaded via scripts of when users visit malicious websites. By blocking links and preventing end users from visiting malicious sites, ransomware downloads can be blocked. A web filtering solution can be used to block malicious links and sites.

Anti-virus solutions should be kept up to date, although traditional signature-based detection technology is not as effective as it once was. Alone, anti-virus software will not offer sufficient levels of protection.

As was clearly shown by the WannaCry and NotPetya attacks, malware can be installed without any user interaction if systems are not configured correctly and patches and software updates are not applied promptly. Sign up to alerts and regularly check for updated software and don’t delay patching computers.

A ransomware attack need not be devastating. If organizations back up their data to the cloud, on a portable (unplugged) local storage device and have a copy of data off site, in the event of an attack, data will not be lost.

58% of Companies Not Deprovisioning Former Employees Promptly

by G Hunt | July 19, 2017 | Industry News

You’ve secured the network perimeter, installed a spam filter, trained your employees to recognize phishing emails and have an intrusion detection system in place, but are you deprovisioning former employees to prevent data theft? According to a new report from OneLogin, 58% of companies are lax when it comes to blocking network access when employees leave the company.

For the study, 600 IT professionals with responsibility or partial responsibility for security decisions about hardware, software or cloud services were interviewed. When asked about the time delay between employees leaving the company and their accounts being deactivated, 58% said that it takes more than a day for that to happen and a quarter said it takes more than a week. 28% of respondents said deprovisioning former employees takes a month or longer.

48% of respondents said they were aware that former employees still had access to applications after they had left the company and 44% said they were not confident that deprovisioning former employees had actually occurred.

Even though there is a significant time delay involved in blocking access for former employees, only four out of ten organizations are using a security information and event management solution (SIEM). A SIEM would allow them to monitor app usage by former employees and would alert them if systems were still being accessed, yet only 45% of respondents said they used such a solution.

Organizations are taking a big risk by not ensuring accounts are deactivated before employees walk through the door for the final time. The study revealed that the risk is considerable. When asked if they had suffered data breaches due to former employees, 24% said they had.

Deprovisioning employees is time consuming, especially when they have been employed for a long time and have access to many business applications and networks. 92% of respondents said it takes up to an hour to deprovision employees and many must complete the process manually. Time may be pressed, but failing to block access promptly is a data breach waiting to happen.

Trump Hotels Confirms 14 Locations Affected by Sabre Hospitality Solutions Data Breach

by G Hunt | July 3, 2017 | Industry News

Trump Hotels has announced that guests at some of its hotels have been impacted by the Sabre Hospitality Solutions data breach and have had their credit/debit card details stolen. Sabre Hospitality Solutions provides the hotel reservation system used at certain Trump Hotels, and it was this system that was compromised not the systems used at Trump Hotels. Sabre’s system is used by more than 32,000 hotels and lodging establishments around the world.

Attackers gained access to the Sabre SynXis Central Reservations system (CRS) which is used by hotels and travel agencies to make hotel bookings. Sabre discovered the breach on June 5, 2017, with the attacker understood to have obtained account credentials that enabled access to the CRS and the payment card data processed through the system.

The data breach affected 13 Trump Hotels (Central Park, Chicago, Doonbeg, Doral, Las Vegas, Panama, Soho, Toronto, Turnberry, Vancouver, Waikiki, DC, Rio de Janeiro) and the Albemarle Estate. Each hotel was affected at a different time and for a different duration, with the first instance occurring on August 10, 2016. The last data access was on March 9, 2017. The hotel reservation system was compromised at most of the affected hotels for a few days up to three weeks in November 2016, with the exception of Trump Las Vegas, Trump Panama, and Trump DC, which saw systems compromised for around four months.

When the Sabre Hospitality Solutions data breach was detected, the company contracted cybersecurity firm Mandiant to conduct a forensic analysis to determine how the breach occurred, which hotels were affected and to ensure that access to its systems was blocked. Sabre reports that after March 9, 2017, no further unauthorized access to its system has occurred.

During the time that access to data was possible, the attackers were able to obtain the names of card holders, card numbers, expiration dates and in some cases, CVV codes. Other information potentially accessed includes guests’ names, addresses, phone numbers and potentially other information, although not Social Security numbers or driver’s licenses.

The Sabre Hospitality Solutions data breach affected many organizations, with Google recently announcing that some of its employees have had information exposed. In the case of Google, it was a travel agency – Carlson Wagonlit Travel (CWT) – that was affected. CWT was one of the companies used by Google to book hotels for its staff.

The hospitality industry has been hit with numerous POS system breaches over the past few years. The industry is an attractive target for cybercriminals. Most hotel bookings are made with credit and debit cards, cybersecurity protections are often poor and once access is gained to the systems it can be months before a data breach is detected.

A variety of attack vectors are used, although login credentials are commonly stolen in phishing attacks. Phishing emails are sent to company employees and social engineering tricks are used to convince those employees to disclose their login credentials or open malicious email attachments that install malware.

Email security solutions that prevent spam emails from being delivered to end users’ inboxes offer protection against phishing attacks. As an additional precaution, security awareness training should be provided to all hotel employees who have access to corporate email accounts.

With SpamTitan installed, hotel chains are well protected from phishing attacks. SpamTitan blocks more than 99.9% of spam emails, adding an important layer of protection for hotels to prevent data breaches.

New Microsoft Windows XP Updates Released in Wake of WannaCry Attacks

by G Hunt | June 14, 2017 | Industry News

Microsoft took the decision to issue emergency Windows XP updates to prevent exploitation of the Windows Server Message Block (SMB) vulnerability used to infect worldwide computers with ransomware on May 12, 2017.

The move came as a surprise since the operating system is no longer supported. Extended support came to an end on April 8, 2014. Yesterday, saw further Microsoft Windows XP updates released. The patches prevent further flaws in the operating system from being exploited by cybercriminals in WannaCry ransomware-style attacks.

Microsoft’s Cyber Defense Operations Center head, Adrienne Hall, said “Due to the elevated risk for destructive cyber-attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt.”

In total, nearly 100 vulnerabilities were patched this Patch Tuesday, including 18 critical flaws that can be remotely exploited by cybercriminals to take full control of vulnerable systems. In some cases, as was the case with the WannaCry ransomware attacks, no user interaction is required for the flaws to be exploited.

One of the flaws – tracked as CVE-2017-8543 – similarly affects the Windows Server Message Block service. Microsoft says CVE-2017-8543 is being actively exploited in the wild, with Windows Server 2008, 2012, and 2016 all affected as well as more recent versions of Windows – v7, 8.1 and Windows 10. It is this flaw that has been patched for Windows Server 2003 and Windows XP. As was the case on May 12, once the attackers infect one device, they can search for other vulnerable devices. Infection can spread incredibly quickly to many other networked devices.

Some security experts have criticized Microsoft for issuing yet more Windows XP updates, arguing that this sends a message to users of outdated operating systems that it is OK not to upgrade the OS. Windows XP has many unpatched flaws, but the recent Windows XP updates suggest that if a particularly serious vulnerability is discovered that is being actively exploited, patches will be issued.

While Microsoft Windows XP updates have been released, this should not be taken as signaling a change in Microsoft’s standard servicing policies. Further patches may not be released for unsupported Windows versions, so organizations should not delay upgrading their OS. Microsoft’s general manager of its Security Response Center, Eric Doerr, said “The best protection is to be on a modern, up-to-date system that incorporates the latest defense-in-depth innovations. Older systems, even if fully up-to-date, lack the latest security features and advancements.”

In total, there were 95 updates issued this patch Tuesday. Like CVE-2017-8543, a LNK remote code execution vulnerability (CVE-2017-8464) is also being exploited in the wild.

The latest round of updates also includes a patch for a serious flaw in Microsoft Outlook (CVE-2017-8507). Typically, in order to exploit vulnerabilities an end user would be required to open a specially crafted email attachment. However, if an attacker were to send a specially crafted message to an Outlook user, simply viewing the message would allow the attacker to take full control of the machine.

Adobe has also issued a slew of updates to address 21 vulnerabilities spread across four products (Flash, Shockwave Player, Captivate and Adobe Digital editions). 15 of those vulnerabilities have been marked as critical and would allow remote code execution.

As the WannaCry ransomware attacks clearly showed, the failure to apply patches promptly leaves the door wide open to cybercriminals. These updates should therefore not be delayed, especially since two of the flaws are being actively exploited.

TitanHQ Partners with Purple to Provide Secure Content Filtering for WiFi Networks

by G Hunt | May 25, 2017 | Industry News

TitanHQ announced a new partnership with Purple, the intelligent spaces company, which is now using the WebTitan WiFi filtering solution to control the content that can be accessed through its WiFi networks.

Businesses are now realizing they can attract more customers by providing free WiFi access, with Purple allowing businesses to get something back from providing free WiFi access to customers.

Purple provides WiFi analytics and marketing solutions allowing businesses to get more out of their WiFi networks. Those services have proven incredibly popular, with Purple rapidly expanding its business to serve clients in more than 70 countries.

Businesses are facing increasing pressure not only to provide Internet access to customers, but also to ensure that the Internet can be accessed safely and securely. The recent WannaCry ransomware attacks have highlighted just how important Internet security has now become. An Internet content filtering solution is therefore necessary to ensure inappropriate website content can be filtered out and malicious websites are blocked.

TitanHQ’s website content filtering solution – WebTitan – is the global leading content filtering solution for WiFi networks. Each day, WebTitan detects and blocks more than 60,000 different types of malware and ransomware, preventing users from infecting their devices. The solution is managed from a web-based control panel and can instantly be applied to any number of global WiFi access points.

The solution can be easily configured, has no latency, and allows precise control over the types of content that can be accessed through WiFi networks.

Following the rollout of WebTitan, which took just a few days, Purple customers have started benefitting from the industry-leading WiFi filtering solution.

James Wood, Head of Integration at Purple, communicated Purple’s unique requirements to TitanHQ which was able to provide a solution that exactly matched the company’s needs. Wood said, “From day one it was evident that they were capable of not only providing what we needed but were very responsive and technically adept.”

The solution was ideal for Purple. Woods explained that “Along with superior protection, WebTitan also allows us to extend the control to our customers via their API. Our customers can now manage their own filtering settings directly from the Purple Portal.”

More and more companies are realizing that it is no longer sufficient to just offer free WiFi access to customers. Customers now want to be reassured that they can access the Internet securely. TitanHQ CEO Ronan Kavanagh said “Content filtering for Wi-Fi will be a given in service terms over the next few years. Purple again is leading the way with their focus on this area.”

Why WebTitan Cloud for WiFi is Such a Popular Choice for Service Providers

Managed Service Providers, ISPs , and Resellers can join the TitanShield program and gain important benefits that are lacking in many other WiFi filtering solutions. These include:

• Accurately filter web content through 53 pre-set categories and up to 10 custom categories.
• Filter by keyword and keyword score.
• Filter content in 200 languages.
• Multiple hosting options, including within your own data center
• No limit on access points or users
• manage multiple access points through a single web-based administration portal
• Easy integration into existing billing, auto provisioning and monitoring systems through a suite of APIs
• WebTitan Cloud for WiFi can be provided as a white label ready to take your own branding
• World class customer service with dedicated account managers
• Highly competitive pricing and a fully transparent pricing policy
• Flexible pricing to meet the needs of MSPs as seats fluctuate
• Easy delegation of access point management
• Extensive reporting suite including report scheduling, real-time views of Internet activity, and drill down reporting

Who Conducted the WannaCry Ransomware Attacks? Link Found to North Korea

by G Hunt | May 16, 2017 | Industry News

Who Conducted the WannaCry Ransomware Attacks?

The WannaCry ransomware attacks that started on Friday May 12 rapidly spread to more than 150 countries. While the attacks have been halted, IT security professionals are still scrambling to secure their systems and the search is now on for the perpetrators.

Malware researchers are analyzing the ransomware code and attack method to try to find clues that will reveal who conducted the WannaCry ransomware attacks.

At this stage in the investigation, no concrete evidence has been uncovered that links the attacks to any individual or hacking group, although a Google security researcher, Neel Mehta, has found a possible link to the Lazarus Group; a hacking organization believed to be based in China with links to North Korea.

The Lazarus Group is thought to be behind the attack on Sony Pictures in 2014 and the major heist on the Bangladesh central bank in February this year. While the link between the Lazarus Group and North Korea has not been comprehensively proven, the U.S. government is sure the group has been backed by North Korea in the past.

WannaCry Ransomware Code has been Reused

Mehta discovered parts of the ransomware code from the latest attacks were the same as code in a 2015 backdoor used by the Lazarus Group, suggesting the WannaCry ransomware attacks were conducted either by the Lazarus Group or by someone who has access to the same code.

Mehta also compared the code from the latest WannaCry ransomware variant and the backdoor to an earlier version of WannaCry ransomware from February and found code had been shared between all three. Symantec’s researchers have confirmed the code similarities.

Whether the Lazarus Group conducted the attacks is far from proven, and there is no evidence to suggest that were that to be the case, that the group had any backing from North Korea. The group could have been acting independently.

While some have called this link ‘strong evidence’, it should be explained that comparing code between malware samples does not confirm origin. Code is often reused and it is possible that the actors behind this campaign may have put in a false flag to divert attention from themselves onto the Lazarus Group and North Korea.

While the false flag idea is possible and plausible, Kaspersky Lab believes it is improbable and that the similarities in the source code point the finger of blame at the Lazarus Group.

Many Questions Remain Unanswered

The link with the Lazarus Group/North Korea is now being investigated further, but there are currently many questions unanswered.

The ransomware included a self-replicating function making it act like a worm, allowing it to rapidly spread to all vulnerable computers on a network. The sophistication of the attack suggests it was the work of a highly capable organization rather than an individual. However, the kill switch in the ransomware that was discovered by UK researcher ‘Malware Tech,’ allowed the infections to be halted. Such an ‘easily found’ kill switch would be atypical of such a sophisticated hacking group.

Previous attacks linked with the Lazarus Group have also been highly targeted. The WannaCry ransomware attacks over the weekend were purposely conducted in multiple countries, including China and Russia. The widespread nature of the attacks would be a departure from the typical attack methods used by Lazarus.

There are doubts as to whether North Korea would back an attack on its neighbours and allies, and while financially motivated attacks cannot be ruled out, past state-sponsored attacks have had a political purpose.

At this stage, it is not possible to tell who conducted the WannaCry ransomware attacks, but the latest discovery is an important clue as to who may be responsible.

Cyberattacks on Educational Institutions Increase Sharply

by G Hunt | April 28, 2017 | Industry News

Cyberattacks on educational institutions are occurring at an alarming rate. While the education sector has not been as heavily targeted as the financial services and healthcare in recent years, that is no longer the case. Cybercriminals and state-actors now have the education sector in their crosshairs.

Cybercriminals have realized that cyberattacks on educational institutions can be highly profitable, with this year seeing a sharp rise in attacks.

Schools, colleges and higher education institutions hold vast quantities of data that can be used for fraud and identity theft. As we have already seen this year, cyberattacks on educational institutions are now much more common. The first quarter of the year saw a rise in W-2 phishing attacks, with criminals managing to obtain the tax information of many thousands of staff members. Those data were used to file fraudulent tax returns. Student records can be used for identity theft and can be sold for big bucks on darknet marketplaces. Attacks aimed at obtaining the personal data of students have similarly increased.

Educational institutions also conduct extensive research. The past year has seen a sharp rise in espionage related cyberattacks on educational institutions. Criminals are also conducting attacks to gain access to bank accounts. This year, two major cyberattacks on educational organizations have resulted in bank transfers being made to criminals’ accounts. At the start of the year, a phishing attack on the Cleveland Metropolitan School District resulted in more than $100,000 being obtained by the attackers. Denver Public Schools was also attacked, with the attackers redirecting $40,000 in payroll funds to their own accounts.

The recently published Data Breach Investigation Report from Verizon clearly shows the new attack trend. Over the past year, there have been 455 incidents reported by educational institutions, 73 of which have resulted in the theft of data.

While many industries see cyberattacks conducted for financial reasons, in education, financial gain was only the motive behind 45% of cyberattacks. 43% of attacks involved espionage and 9% of attacks were conducted for fun. Out of all reported data breaches, 26% involved espionage. Last year the percentage was just 5%.

Attacks are coming from all angles – Internal attacks by students; attacks by cybercriminals looking to steal data, and state-sponsored actors looking to steal research. The latter accounted for more than half of data breaches in the past year.

The Verizon report indicates hacking is the biggest threat. 43% of breaches were due to hacks, although social attacks and malware were also common. Verizon reports that almost 44% of breaches involved social and around a third involved malware. Social attacks and malware have increased considerably over the course of the past year. The most common social attack was phishing via email.

As long cyberattacks on educational institutions remain beneficial or profitable, cyberattacks will continue.  Educational institutions therefore need to take steps to improve their security posture. Since social attacks such as phishing are commonplace, and malware infections commonly occur via email, educational institutions need review their email defenses.

Password policies should be introduced to ensure strong passwords are set on email accounts and policies introduced to ensure passwords are regularly changed. Spam filtering solutions should be implemented and all staff and students should receive training on security awareness. Verizon suggests staff and students should be encouraged or rewarded for reporting phishing and pretexting attacks.

Best Antivirus Software Solution for 2015 Awards Announced

by G Hunt | January 22, 2016 | Industry News

What was the best antivirus software solution for 2015 for the enterprise?

Protecting against the ever increasing number of cyberthreats is a full time job. The attack surface is now broader than ever before and hackers are developing increasingly sophisticated methods of obtaining data. The measures that must now be implemented to keep cyberattackers at bay have also increased in diversity and complexity.

Once of the core protections required by all organizations and individuals is an anti-virus software solution, and there is certainly no shortage of choice. But what was the best antivirus software solution for 2015?

The best AV software engines rated by AV-Comparatives

What AV engine detects and removes the most malware? What product offers the best real world protection? Which boasts the best file detection rates? These are all important considerations if you want to keep your organization protected. These and other factors were assessed over the course of the year by AV-comparatives.

AV-Comparatives is an independent testing lab based in Innsbruck, Austria. Each year the company publishes a report detailing the results of the AV tests the company conducted over the course of the year. The report is an excellent indicator of performance.

The company tested 21 of the top AV products on the market, subjecting each to a wide range of rigorous tests to determine the potential of each to protect users against malicious attacks.

The test results clearly show that not all antivirus products are the same. While all AV engines under test offered an acceptable level of performance, “acceptable” may not be good enough for enterprise installations.

The best antivirus software solution of 2015

AC-Comparatives rated performance and issued a number of awards to companies that excelled in specific areas of antivirus and antimalware protection. Gold, Silver and Bronze awards were awarded along with an overall best antivirus software solution for 2015 award.

Antivirus award categories:

• Real-world detection
• File detection
• False positives
• Overall performance
• Proactive protection
• Malware removal

Contenders for the ‘Best Antivirus Software Solution for 2015 Awards’

The Antivirus protects tested and considered for the awards were:

• Avast Free Antivirus
• AVG Internet Security
• Avira Antivirus Pro
• Baidu Antivirus
• Bitdefender Internet Security
• BullGuard Internet Security
• Emsisoft Anti-Malware
• eScan Internet Security Suite
• ESET Smart Security
• F-Secure Internet Security
• Fortinet FortiClient (with FortiGate)
• Kaspersky Internet Security
• Lavasoft Ad-Aware Free Antivirus+
• McAfee Internet Security
• Microsoft Windows Defender for Windows 10
• Panda Free Antivirus
• Quick Heal Total Security
• Sophos Endpoint Security and Control
• Tencent PC Manager
• ThreatTrack VIPRE Internet Security
• Trend Micro Internet Security

The Best Antivirus Software Solution for 2015 Award

After assessing all categories of anti-virus protection there were two AV products that excelled in all categories and received an Advanced+ rating: Bitdefender and Kaspersky Lab, with Kaspersky Lab bestowed the best antivirus software solution for 2015. Kaspersky Lab is one of the two AV engines at the core of SpamTitan anti-spam solutions.

The Russian antivirus company also received a Gold Award for “Real-World” protection, file detection, and malware removal, as well as a Silver Award for proactive (Heuristic/Behavioral) protection, and a Bronze Award for overall low system impact performance.

Cet article est disponible en anglais.

McAfee SaaS Email Protection Products Dropped by Intel Security

by G Hunt | December 16, 2015 | Industry News

Following the recent news that Intel Security will be discontinuing McAfee SaaS Email Protection products, SpamTitan is preparing for 2016 when business customers start looking for a new email security vendor to ensure continued protection.

McAfee SaaS Email Protection to Come to an End

Intel Security, the new company name for McAfee, has taken the decision to exit the email security business. The company will be dropping McAfee SaaS Email Protection products and will be concentrating on other areas of business.

From January 11, 2016, McAfee SaaS Email Protection and Archiving and McAfee SaaS Endpoint will stop being sold by Intel Security. The news is not expected to trigger a mass exodus in early 2016, as Intel Security has announced that it will continue to provide support for the products for a further 3 years. Support for both McAfee SaaS Email Protection and Archiving and SaaS Endpoint will stop after January 11, 2019. However, many customers are expected to make the switch to a new email security provider in the new year.

SpamTitan Technologies Anti-Spam Solutions

SpamTitan Technologies offers a range of cost effective business email security appliances which keep networks protected from malware, malicious software, and email spam. Users benefit from dual AV engines from Bitdefender and Clam Anti-Virus, offering excellent protection from email spam, phishing emails, and inbox-swamping bulk mail.

SpamTitan is a highly effective anti-spam solution that was first launched as an image solution. Following an agreement with VMware, SpamTitan was developed into a virtual appliance. The range of anti-spam products has since been developed to include SpamTitan OnDemand in 2011 and SpamTitan Cloud in 2013. In August 2015, SpamTitan blocked 2,341 billion emails and has helped keep business networks free from malware and viruses.

SpamTitan was the first Anti-Spam Appliance to be awarded with two Virus Bulletin VBSPAM+ awards and has also received 22 consecutive VBSpam Virus Bulletin certifications. Additionally, SpamTitan was awarded the Best Anti-Spam Solution prize at the Computing Security Awards in 2012.

Companies in over 100 countries around the world have chosen SpamTitan as their anti-email spam partner. The email security appliance stops 99.98% of email spam from being delivered.

WebTitan Web Filtering Solutions from SpamTitan Technologies

WebTitan Gateway offers small to medium businesses a cost effective method of blocking malware and malicious websites, with highly granular controls allowing individual, group, and organization-wide privileges to be set. Delivered as a software appliance that can be seamlessly integrated into existing networks, it is an essential tool to protect all business users and allow the Internet to be viewed securely.

WebTitan Cloud is a cloud-based web filtering solution requiring no software installations. Create your own web usership policies and block malware-infected websites, objectionable websites, and restrict Internet access to work-related content with ease. Benefit from a comprehensive set of reporting tools which allow the browsing activity of every end user in the organization to be easily monitored.

WebTitan Wi-Fi has been developed for Wi-Fi providers and MSPs to allow easy control of Internet access. WebTitan Wi-Fi allows users to easily block objectionable content and malicious websites, with controls able to be applied by location. The cloud solution requires no software installations. All that is required to start protecting your business is a simple DNS redirect to WebTitan cloud servers.

WebTitan web filtering solutions blocked 7,414 malware-infected webpages in August 2015, and have helped keep businesses better protected from malicious website content, phishing campaigns, and drive-by malware downloads.