Internet Security

Our Internet security section covers a wide range of topics including the latest online threats such as new phishing scams, changes in exploit kit activity, and up to date information on new malware and ransomware variants and social media scams.

Here you will find articles on data breaches, together with the causes of attacks and potential mitigations to reduce the risk of similar incidents occurring at your organization. Lessons can be learned from attacks on other organizations and threat intelligence can help security teams prepare for impending cyberattacks.

This section also contains news on the latest remote code execution vulnerabilities and zero day exploits that are being used to gain access to business networks, such as the network worm attacks that were used to spread WannaCry ransomware around the globe in May 2017.

In addition to mitigations – such as news of patches and software upgrades – articles are included to help organizations improve Internet security. Employees are a weak link in security defenses and frequently download malware or engage in risky behavior that could result in a network compromise. This section includes information that can be used by organizations to reduce the risk of employees inadvertently downloading malicious software or disclosing their credentials on phishing websites, turning them from liabilities into security assets.

Ransomware and BEC Attacks Often Start with a Phishing Email: Are Your Phishing Defenses Good Enough?

Ransomware attacks can be incredibly expensive and business email compromise (BEC) scams can result in transfers of millions of dollars to attackers, but these breaches often start with an email.

Phishing emails are sent to employees that ask them to click on a link, which directs them to a webpage where they are asked to provide their login credentials, for Microsoft 365 for example. Once credentials are entered, they are captured and used to access that individual’s account. The employee is often unaware that anything untoward has happened.

The stolen credentials give an attacker the foothold in the network that is needed to launch a major cyberattack on the business. The phisher may use the email account to send further phishing emails to other employees in the company, with the aim being to gain access to the credentials of an individual with administrative privileges or the credentials of an executive.

An executive’s account can be used to send emails to an individual in the company responsible for making wire transfers. A request is sent for a wire transfer to be made and the transfer request is often not recognized as fraudulent until the funds have been transferred and withdrawn from the attacker’s account. These BEC scams often result in tens of thousands of dollars – or even millions – being transferred.

An alternative attack involves compromising the email accounts of employees and sending requests to payroll to have direct deposit information changed. Salaries are then transferred into attacker-controlled accounts.

Phishers may act as affiliates for ransomware-as-a-service (RaaS) gangs and use the access they gain through phishing to compromise other parts of the network, steal data, and then deploy ransomware, or they may simply sell the network access to ransomware gangs.

When email accounts are compromised, they can be used to attack vendors, customers, and other contacts. From a single compromised email account, the damage caused is considerable and often far reaching. Data breaches often cost millions of dollars to mitigate. All this from a single response to a phishing email.

Phishing campaigns require very little skill to conduct and require next to no capital investment. The ease at which phishing attacks can be conducted and the potential profits that can be gained from attacks make this attack method very attractive for cybercriminals. Phishing can be used to attack small businesses with poor cybersecurity defenses, but it is often just as effective when attacking large enterprises with sophisticated perimeter defenses. This is why phishing has long been one of the most common ways that cybercriminals attack businesses.

How to Deal with the Phishing Threat

Phishing attacks may lead to the costliest data breaches, but they are one of the easiest types of cyberattacks to prevent; however, some investment in cybersecurity and training is required. The most important first step is to purchase an advanced spam filter. This technical control is essential for preventing phishing emails from reaching end users’ inboxes. If the phishing emails do not arrive in an inbox, they cannot be clicked by an employee.

Not all spam filtering solutions are created equal. Basic spam filters are effective at blocking most threats, but some phishing emails will still be delivered to inboxes. Bear in mind that phishers are constantly changing tactics and are trying to get one step ahead of cybersecurity firms. Most spam filtering solutions will block messages from malicious IP addresses and IP addresses with poor reputations, along with any messages identified in previous phishing campaigns and messages containing known variants of malware.

Advanced spam filtering solutions use AI and machine learning techniques to identify messages that deviate from the normal emails a business typically receives, are able to detect previously unseen phishing emails, and incorporate Sender Policy Framework and DMARC to identify email impersonation attacks. Sandboxing is also included which is used to identify previously unseen malware threats. Greylisting is a feature of advanced spam filters that involves initially rejecting a message and requesting it be resent. The delay in a response, if one is received at all, indicates the mail server is most likely being used for spamming. Spam servers are usually too busy on huge spam runs to resend messages that have initially been rejected.

Advanced spam filters also feature outbound email scanning, which can identify compromised email accounts and can block phishing messages from being sent internally or externally from a hacked mailbox.

SpamTitan incorporates all of these advanced controls, which is why it is capable of blocking more threats than basic spam filters. Independent tests have shown SpamTitan blocks in excess of 99.97% of malicious messages.

Don’t Neglect End User Training

No spam filter will be 100% effective at blocking phishing threats, at least not without also blocking an unacceptable number of genuine emails. It is therefore important to provide regular security awareness training to the workforce, with a strong emphasis on phishing. Employees need to be taught how to identify a phishing email and conditioned how to respond when a threat is received (alert their security team).

Since phishing tactics are constantly changing, regular training is required. When training is reinforced, it is easier to develop a security culture and regular training sessions will raise awareness of the latest phishing threats. It is also recommended to conduct phishing simulation exercises to test the effectiveness of the training program and to identify individuals who require further training.

Web Filtering is an Important Anti-Phishing Control

The key to blocking phishing attacks is to adopt a defense-in-depth approach. That means implementing multiple overlapping layers of security. One important additional layer is a web filtering solution. Spam filters target the phishing emails, whereas web filters work by blocking access to the webpages hosting the phishing kits that harvest credentials. With a spam filter and web filter implemented, you are tackling phishing from different angles and will improve your defenses.

A web filter will block access to known malicious websites, providing time-of-click protection against malicious hyperlinks in phishing emails. A web filter will also prevent employees from being redirected to phishing web pages from malicious website adverts when browsing the Internet. Web filters also analyze the content of web pages and will block access to malicious web content that has not previously been identified as malicious. Web filters will also block malware and ransomware downloads.

WebTitan is a highly effective DNS-based web filtering solution that protects against phishing, malware, and ransomware attacks. The solution can protect office workers but also employees who are working remotely.

Speak to TitanHQ Today About Improving your Phishing Defenses

TitanHQ has been developing anti-phishing and anti-malware solutions for more than two decades. TitanHQ’s email and web security solutions are cost effective, flexible, easy to implement, and easy to maintain. They are consistently given top marks on software review sites and are a big hit with IT security professionals and managed service providers (MSPs). TitanHQ is the leading provider of email and web security solutions to MSPs serving the SMB market.

If you want to improve your phishing defenses and block more threats, contact the TitanHQ team today for further information on SpamTitan and WebTitan. Both solutions are available on a 100% free trial of the full product complete with product support. Product demonstrations can also be booked on request.

Phishing Attacks Surge and Businesses are Struggling to Deal with the Threat

Ransomware attacks have increased significantly since the start of 2020 and that increase has continued in 2021. While these attacks are occurring more frequently than ever, the threat from phishing has not gone away and attacks are still rife. Phishing attacks may not make headline news like ransomware attacks on hospitals that threaten patient safety, but they can still be incredibly damaging.

The aim of many phishing attacks is to obtain credentials. Email credentials are often targeted as email accounts contain a treasure trove of data. That data can be extremely valuable to cybercriminals. In healthcare for example, email accounts contain valuable healthcare data, health insurance information, and Social Security numbers, which can be used to commit identity theft, obtain medical treatment, and for tax fraud. Entire email accounts are often exfiltrated in the attacks and the accounts used to send tailored phishing emails to other individuals in the company.

Many data breaches start with a phishing email, with phishing often used by an attacker to gain a foothold in a network that can be used in a much more extensive attack on an organization. Phishing emails are often the first step in a malware or ransomware attack.

Multiple surveys have recently been conducted on IT leaders and employees that show phishing is a very real and present danger. Two recent surveys conducted in the United States and United Kingdom indicate almost three quarters of businesses have experienced a data breach as a result of a phishing attack in the past 12 months. One study indicated over 50% of IT leaders had seen an increase in phishing attacks in the past 12 months, while the other put the figure at 80%.

During the pandemic, many businesses were faced with the option of switching to a remote workforce or shutting down. The increase in remote working was a godsend for phishers, who increase their attacks on employees. Many IT departments lacked visibility with a remote workforce and found it harder to block phishing attacks than when employees are in the office. Staff shortages in IT have certainly not helped.

Staff training is important to raise awareness of the threat from phishing, but remote working has made that harder. Training needs to be provided regularly as it can easily be forgotten and bad habits can slip in. Phishing tactics are also constantly changing, so regular training is needed to keep employees aware of the latest threats and phishing techniques, so they know what to look for. It does not help that phishing attacks are increasingly targeted and more sophisticated and can be difficult for employees to spot even if they have received regular training.

So how can businesses combat the threat from phishing and avoid being one of the three quarters of companies that experience a phishing data breach each year? Training is important, but the right technology is required.

Two of the most important technical solutions that should be implemented to block phishing attacks are spam filters and web filters. Both are effective at combatting phishing, albeit from different angles. When both are used together, protection is better than the sum of both parts.

A spam filter must have certain features to block sophisticated phishing threats. Blacklists are great for identifying emails from known malicious IP addresses, but IP addresses frequently change. Machine learning approaches are needed to identify previously unseen phishing tactics and threats from IP addresses not known to be malicious. Multiple AV engines can help to block more malware threats, while sandboxing can be used identify new malware variants. DMARC is also vital to block email impersonation attacks, while outbound scanning is important to rapidly detect compromised mailboxes. All of these features are employed by SpamTitan, which is why the solution has such a high block rate (over 99.97%) and low false positive rate.

Web filters are primarily used to restrict access to malicious and undesirable websites, whether they are sites with pornographic content or malicious sites used for phishing and malware distribution. Web filters, especially DNS-based filters, greatly improve protection against threats and will block access to known malicious websites. They will also block malware downloads and restrict access to questionable websites that serve no work purpose but increase risk. WebTitan will do this and more, and can easily be configured to protect remote workers, no matter where they choose to access the Internet.

With phishing attacks increasing it is important that businesses deploy solutions to counter the threat to stay one step ahead of the phishers. For further information on SpamTitan and WebTitan, and how they can protect your business, give the TitanHQ team a call. Both solutions are available on a free trial to allow you to see for yourself the difference they make. You can sign up for a free trial of SpamTitan here, and WebTitan on this link.

Fake Windows 11 Installers Being Used to Deliver Malware

On June 24, 2021, Microsoft announced Windows 11 will soon be released. Windows 11 is a major upgrade of the Windows NT operating system, which will be the successor to Windows 10. Such a major release doesn’t happen that often – Windows 10 was released in 2015 – so there has been a lot of interest in the new operating system. The new Windows version is due for public release at the end of 2021, but there is an opportunity to get an early copy for free.

On June 28, Microsoft revealed the first Insider Preview of Windows 11. Upgrading to the new Windows version is straightforward. For a lucky few (or unlucky few if Windows 11 turns out to be exceptionally buggy), an upgrade just requires a user to enroll in the Dev channel of the Windows Insider Program.  That said, many people have been trying to get an upgrade from unofficial sources.

Unsurprisingly, unofficial ISOs that claim to provide Windows 11 do not. Instead, they deliver malware. Threat actors have been distributing these fake Windows 11 installers and using them to deliver a wide range of malicious payloads. At best, these fake Windows 11 installers will deliver adware or unwanted programs. More likely, malware will be installed with various degrees of maliciousness, such as Remote Access Trojans and backdoors that give the attackers full access to the victims’ devices, information stealers such as keyloggers that steal passwords and other sensitive data, cryptocurrency miners, and ransomware.

Researchers at Kaspersky Lab have identified several fake Windows 11 installers doing the rounds, including one seemingly legitimate installer named 86307_windows 11 build 21996.1 x64 + activator.exe. Despite the name and 1.76GB file size, it was not what it seemed. If the user executed the file and agreed to the terms and conditions, the file would proceed to download a different executable that delivers a range of malicious software onto the user’s device.

As the hype builds ahead of the official release date, we can expect there to be many other fake installers released. Hackers do love a major software release, as its easy to get users to double click on executable files. Malicious adverts, websites, and emails offering free copies of Windows 11 will increase, so beware.

Ensure you have an advanced and effective spam filtering solution such as SpamTitan in place to protect against malicious emails, and a web filter such as WebTitan installed to block malicious file downloads. You should also make sure that you only install software or applications from official sources and take care to ensure that you really are on the official website of the software developer before downloading any files. A double click on a malicious executable file could cause a great deal of pain and expense for you and your employer.

Webinar June 30, 2021: How to Reduce the Risk of Phishing and Ransomware Attacks

The two main cybersecurity threats that businesses now have to deal with are phishing and ransomware attacks and those threats have become even more common over the past 12 months. Cybercriminals stepped up their attacks during the pandemic with many phishing campaigns launched using the novel coronavirus as a lure. These campaigns sought to distribute malware and steal credentials.

Ransomware attacks also increased in 2020. Several new ransomware-as-a-service (RaaS) operations were launched in 2020 and the number of attacks on businesses soared. In addition to encrypting files, data theft was also highly prevalent n 2020, with most ransomware operators stealing data prior to encrypting files. This double extortion tactic proved to be very effective. Many businesses were forced to pay the ransom even though they had backups and could have recovered their files. Payments were made to ensure data stolen in the attack was deleted and not misused, published, or sold.

Phishing and ransomware attacks often go hand in hand and are often used together in the same attack. Phishing emails are used to install malware, which in turn is used to provide access for ransomware gangs. The Emotet and TrickBot Trojans are notable examples. Operators of both of those Trojans teamed up with ransomware gangs and sold access once they had achieved their own objectives. The credentials stolen in phishing attacks are also sold onto RaaS affiliates and provide the foothold they need to conduct their devastating attacks.

Phishing campaigns are easy to conduct, low cost, and they can be very effective. Largescale campaigns involve millions of messages, and while most of those emails will be blocked by email security solutions or will be identified by employees as a threat, all it takes is for one employee to respond to a phishing email for an attacker to gain the access they need.

TitanHQ recently partnered with Osterman Research to explore how these and other cyber threats have affected businesses over the past 12 months. This new and original study involved an in-depth survey of security professionals to find out how those threats have affected their organization and how effective their defenses are at repelling attackers.

The survey showed the most common security incidents suffered by businesses were business email compromise (BEC) attacks, where employees are tricked into taking an action suggested in a scam email from the CEO, CFO or another high-level executive. These attacks often involve the genuine email account of an executive being compromised in a phishing scam and the attacker using that account to target employees in the same organization.

The next biggest threat was phishing emails that resulted in a malware infection, followed by phishing messages that stole credentials and resulted in an account compromise. The survey showed that these attacks are extremely common. 85% of interviewed security professionals said they had experienced one or more of 17 different types of security breaches in the past 12 months. While attacks were common, only 37% of respondents said their defenses against phishing and ransomware attacks were highly effective.

There are several steps that can be taken to improve defenses against phishing and ransomware attacks. End user training is important to teach employees what to look for and how to identify these types of threats. However, there is always potential for human error, so training alone is not the answer. Email security is the best defense. By blocking these threats at source, they will not land in inboxes and employees will not be tested. Email security should be combined with a web security solution to block the web-based component of phishing attacks and stop malware and ransomware downloads from the Internet.

The findings of the Osterman and TitanHQ survey will be explained in detail at an upcoming webinar on June 30, 2021. Attendees will also learn how they can significantly reduce the risk of ransomware and phishing attacks.

The webinar will be conducted by Michael Sampson, Senior Analyst at Osterman Research and Sean Morris, Chief Technology Officer at TitanHQ.  You can Register Your Place Here

How Can MSPs Make Office 365 More Profitable?

Reselling Office 365 doesn’t offer much in the way of profit for MSPs, although there are benefits for MSPs that come from offering Office 365 and it is possible to make Office 365 more profitable.

Before explaining where the margin is for MSPs in Office 365, let’s first take a look at the benefits for MSPs from offering Office 365.

Benefits for MSPs from Offering Office 365 to Clients

SMBs are increasingly moving from on-premises solutions to the cloud and Office 365 is one of the most popular cloud services. Office 365 now has more than 135 million commercial monthly users and that number is growing rapidly.

MSPs may not be able to make much from Office 365 alone, but by providing Office 365 MSPs can win more business and gain a competitive advantage. There is no outlay involved with offering Office 365 to clients, the product is great and meets clients’ needs, and money can be made from handling Office 365 migrations.

MSPs can also benefit from migrating existing clients from Exchange or SBS Exchange to Office 365. Office 365 is far easier to manage so they stand to save a great deal of time on troubleshooting and maintenance, which can be a major headache with Exchange.

By offering Office 365 you can win more business, reduce operational costs, and stay competitive. However, the best way to make money from Office 365 is through add-on services.

How MSPs Can Make Office 365 More Profitable

The margins for MSPs on Office 365 are rather thin to say the least. Many MSPs find that offering Office 365 on its own doesn’t provide any profit at all. Charging extra per license to improve profitability is an option, but clients could just go direct to avoid the extra cost.

The margins may be small, but managing Office 365 does not require a great deal of effort. You may only make around 50c or $1 per user but sign up enough clients and you could get a reasonable return. There is an opportunity for profit at scale; however, to make a decent return you need to sell services around Office 365.

One of the best ways to make Office 365 more profitable is by offering additional security services. Security is an area where Office 365 can be significantly improved, especially spam filtering. Microsoft has incorporated a spam filter and anti-phishing protections into Office 365, but they fall short of the protection offered by a dedicated third-party spam filter.

Phishing is the number one security threat faced by businesses and Office 365 anti-phishing protections leave a lot to be desired. By offering enhanced spam and phishing protection through a third-party spam filter, not only can MSPs make a decent margin on the add-on solution, by blocking phishing attacks and malware at source, a considerable amount of time can be saved on support. Offering spam filtering can help to generate additional recurring revenue, with SpamTitan provided as a high margin, subscription based SaaS solution.

There are plenty of other opportunities for selling third-party solutions to make up for the lack of options in Office 365. Email archiving is an easy sell and a quick win for MSPs. An email archive is important for compliance and security, saves on storage space, and improves efficiency, and gives clients access to emails from any location. Email archiving is available with office 365, but the solution has some severe drawbacks, and may not meet compliance requirements. Offering a feature-rich email archiving solution that is fully compliant, easy to use, with lightning fast search and retrieval should be an easy sell to Office 365 users.

Spam filtering, email archiving, web filtering, and encryption can be bundled together as an enhanced security package, with each element providing a decent return for MSPs. Given the cost of mitigating a data breach, by preventing breaches, an enhanced security offering will pay for itself and should not be too difficult to sell to Office 365 users.

Office 365 MSP Add-ons from TitanHQ

For more than 20 years TitanHQ has been developing innovative security solutions for businesses. Today, more than 7,500 businesses are protected by TitanHQ security solutions and more than 2,000 MSPs have signed up to the TitanHQ Alliance Program.

All TitanHQ solutions have been developed from the ground to meet the needs of the SMB marketplace and MSPs. TitanHQ’s spam filtering solution – SpamTitan, email archiving solution – ArcTitan, and web filtering solution – WebTitan, save MSPs support and engineering time, have great margins, and can be easily integrated into MSPs security stacks to make Office 365 more profitable. All TitanHQ solutions are quick and easy to deploy, and can be implemented into your existing Service Stack through API’s and RMM integrations. The MSP-client hierarchy enables you to keep clients separated and choose whether to manage client settings in bulk or on an individual basis. MSPs benefit from competitive pricing strategies, including monthly billing as we understand your clients are billed monthly.

There are multiple hosting options, including hosting the solution within your own data center, and all TitanHQ products can be supplied as a white label, ready to take your own branding. We have made our solutions as easy as possible to use, with intuitive controls and everything placed at your fingertips. However, should you ever have a problem, you will benefit from the best customer service in the industry, as well as scalable pre-sales and technical support and sales & technical training.

Why SpamTitan is Perfect for MSP’s?

  • The best spam and virus protection for MSPs with dual AV engines and Bitdefender-powered sandboxing
  • Low management overhead – A set and forget solution
  • Use our private cloud or your own data center
  • Extensive suite of APIs for integration into your central management system
  • Multi-tenant solution with multiple management roles
  • Scalable to thousands of users
  • In and outbound email scanning with IP domain protection
  • Extensive drill down reporting
  • Flexible pricing models to suit your needs, including monthly billing
  • Generous margins for MSPs
  • Fully customizable branding

TitanSHIELD Program for MSPs

To make it as easy as possible for MSPs to incorporate our world class network security solutions into their service stacks, TitanHQ developed the TitanSHIELD program. The TitanShield MSP Program allows MSPs to take advantage of TitanHQ’s proven technology so that they can sell, implement and deliver our advanced network security solutions directly to their client base. Under the TitanSHIELD program you get the following benefits:

TitanSHIELD Benefits

Sales Enablement

Marketing

Partner Support Private or Public Cloud deployment Access to the Partner Portal
Dedicated Account Manager White Label or Co-branding Co-Branded Evaluation Site
Assigned Sales Engineer Support API integration Social Network participation
Access to Global Partner Program Hotline Free 30-day evaluations Joint PR
Access to Partner Knowledge Base Product Discounts Joint White Papers
Technical Support Competitive upgrades Partner Events and Conferences
24/7 Priority Technical Support Tiered Deal Registration TitanHQ Newsletter
5 a.m. to 5 p.m. (PST) Technical Support Renewal Protection Better Together Webinars
Online Technical Training and FAQs Advanced Product Information Partner Certificate – Sales and technical
Access to Partner Technical Knowledge Base Competitive Information and Research Sales Campaigns in a box
Not-for-Resale (NFR) Key Public Relations Program and Customer Testimonials
Product Brochures and Sales Tools TitanHQ Corporate Style Guide and Logo Usage
Partner Advisory Council Eligibility TitanHQ Partner Welcome Kit
QTRLY Business Planning and Review Access to TitanHQ’s MVP Rewards Program
Access to Partner Support

To find out more about TitanHQ’s MSP offerings, for details of pricing and MSP margins, contact the TitanHQ Alliance Program team today and take the first step toward making Office 365 more profitable.

TitanHQ Launches WebTitan OTG (on-the-go) for Chromebooks with Latest WebTitan Cloud Release

TitanHQ has announced the release of a new version of WebTitan Cloud that includes new security features, easier administration, and the introduction of WebTitan OTG (on-the-go) for Chromebooks for the education sector.

One of the main changes introduced with WebTitan Cloud version 4.16 is the addition of DNS Proxy 2.06, which supports filtering of users in Azure Active Directory. This is in addition to on-premise AD and directory integration for Active Directory. The support for Azure Active Directory will make it easier for customers to enjoy the benefits of WebTitan Cloud, while making management easier and less time-consuming. Support for further directory services will be added with future releases to meet the needs of customers.

Current WebTitan customers do not need to do anything to upgrade to the latest version of WebTitan, as updates to WebTitan Cloud are handled by TitanHQ and users will be upgraded to the latest version automatically to ensure they benefit from improved security, the latest fixes, and new functionality.

The latest WebTitan Cloud release has allowed TitanHQ to introduce a new solution specifically to meet the needs of clients in the education sector – WebTitan OTG (on-the-go) for Chromebooks.

The use of Chromebooks has grown significantly over the past year, which corresponds with an increase in student online activity. WebTitan OTG for Chromebooks allows IT professionals in the education sector to ensure compliance with federal and state laws, including the Children’s Internet Protection Act (CIPA), and ensure students can use their Chromebooks safely and securely.

WebTitan OTG for Chromebooks is a DNS-based web filtering solution that requires no proxies, VPNs or any additional hardware and since the solution is DNS-based, there is no impact on Internet speed. Once implemented, filtering controls can be set for all Chromebook users, no matter where they connect to the Internet. The controls will be in place in the classroom and at home and all locations in between.

Administrators can easily apply filtering controls for all students, different groups of students, and staff members, including enforcing Safe Search. The solution will block access to age-inappropriate content, phishing web pages, malicious websites used for distributing malware, and any category of website administrators wish to block. Chromebooks can also easily be locked down to prevent anyone bypassing the filtering controls set by the administrator.

WebTitan OTG for Chromebooks delivers fast and effective user- and device-level web filtering and empowers students to discover the Internet in a safe and secure fashion. Reports can be generated on demand or scheduled which provide information on Chromebook user locations, the content that has been accessed, and any attempts to bypass filtering, with real-time views of Internet access also possible.

“This new release comes after an expansive first quarter. The launch of WebTitan Cloud 4.16 brings phenomenal new security features to our customers,” Said TitanHQ CEO, Ronan Kavanagh. “After experiencing significant growth in 2020, TitanHQ expects these product enhancements and new features to make 2021 another record-breaking year.”

Further information on the Azure AD app is available here.

Further Information on WebTitan OTG for Chromebooks is available here.

UK Universities Schools Increasingly Targeted by Ransomware Gangs

Ransomware attacks on the education sector in the United Kingdom have increased sharply since February, and the sector was already extensively targeted by threat groups long before then. The education sector is an attractive target for cybercriminals as sizeable amounts of sensitive data are stored within computer systems that can be easily monetized if stolen.

Students’ personally identifiable information is of more value than that of adults, and it can often be used for years before any fraud is detected. Higher education institutions often have intellectual property and research data that is incredibly valuable and can easily be sold on for a huge profit. Ransomware attacks prevent access to essential data, and with the pandemic forcing the education sector to largely switch to online learning, when communication channels and websites are taken out of action learning can grind to a halt.

In the United Kingdom, the reopening of schools and universities has only been possible with COVID-19 testing and contact tracing, which is also disrupted by ransomware attacks. Files are encrypted which prevents access to essential testing and monitoring data, further hampering the ability of schools, colleges, and universities to operate.

As is the case with healthcare, which has also seen a major increase in cyberattacks during the pandemic, services are majorly disrupted without access to computer systems, and there is considerable pressure on both industries to pay the ransom demands to recover from the attacks more quickly. Ransoms are more likely to be paid than in other industry sectors.

What makes the education sector an even more attractive prospect for cybercriminals is poorer security defenses than other industries. The lack of security controls makes attacks much more likely to succeed. On top of that, students often use their own devices to connect to networks so security can be very difficult to police, and many departments make their own IT decisions, which can easily result in vulnerabilities being introduced and remaining unaddressed.

The ease and profitability of attacks has made education a top target for ransomware gangs. Emsisoft reports education was the sector most targeted by ransomware gangs in 2020.

The increase in ransomware attacks on educational institutions in the United Kingdom prompted the UK’s National Cyber Security Center to issue a warning in March to all entities in the education sector about the risk of cyberattacks. NCSC noted in its alert that there was a significant increase in attacks in August and September 2020, and a further rise in attacks since February 2021.

University of Hertfordshire Suffers Major Cyberattack

One of the most damaging university cyberattacks in recent months occurred at the University of Hertfordshire. Late on April 14, cybercriminals struck, with the attack impacting all of the university’s systems. No cloud systems were available, nor MS Teams, Canvas, or Zoom. The attack forced the university to cancel all of its online classes for the following day, although in person teaching was able to continue provided computer access was not necessary.

It has been more than a week since the attack, and while some systems are now back online, disruption is still being experienced with student records, university business services, learning resource centre services, data storage, student services, staff services, and the postgraduate application portal, with the email system also considered to be at risk.

The university has not confirmed the nature of the attack, but it has the hallmarks of a ransomware attack, although the university has issued a statement stating that the attack did not involve data theft.

The University of Hertfordshire is certainly not alone. In March, South and City College of Birmingham was hit with a ransomware attack that took all of its computer systems out of action, with the college forced to switch to online learning for its 13,000 students.

UK Schools also Under Attack

The cyberattacks in the United Kingdom have not been limited to universities. School systems have also suffered more than their fair share of attacks. In March, the Harris Federation, which runs 50 schools in the UK, suffered a ransomware attack that took out communications systems and majorly affecting online learning for 37,000 students.

Also in March, the Nova Education Trust suffered a ransomware attack that took its systems out of action and affected 15 schools, all of which lost access to their communication channels including the phone system, email, and websites. The Castle School Education Trust also suffered a ransomware attack in March that disrupted the online functions of 23 schools.

What Can Be Done to Stop Cyberattacks in Education?

Cybersecurity must become a major focus for schools, colleges, and universities. The attacks are being conducted because they are easy and profitable and, until that changes, the attacks are not likely to slow and, in all likelihood, will continue to increase.

To protect against attacks, the education sector needs to implement multi-layered security defenses and find and address vulnerabilities before they are discovered by ransomware gangs and other cybercriminal operations.

The best place to start is by improving security for the two main attack vectors: email and the Internet. That is an area where TitanHQ can help. To find out more, get in touch with the TitanHQ team today and take the first step towards improving your security posture and better protecting your networks and endpoints from extremely damaging cyberattacks.

IcedID Malware Distribution Increases Using Phishing Emails and Hijacked Web Forms

Threat actors are constantly changing their tactics, techniques, and procedures (TTP) to increase the chances of getting their malicious payloads delivered. Spam and phishing emails are still the most common methods used for delivering malware, with the malicious payloads often downloaded via the web via hyperlinks embedded in emails.

A new tactic that has been adopted by the threat group behind the IcedID banking Trojan cum malware downloader involves hijacking contact forms on company websites. Contact forms are used on most websites to allow individuals to register interest. These contact forms typically have CAPTCHA protections which limit their potential for use in malicious campaigns, as they block bots and require each contact request to be performed manually.

However, the threat actors behind the IcedID banking Trojan have found a way of bypassing CATCHA protections and have been using contact forms to deliver malicious emails. The emails generated by contact forms will usually be delivered to inboxes, as the contact forms are trusted and are often whitelisted, which means email security gateways will not block any malicious messages.

In this campaign, the contact forms are used to send messages threatening legal action over a copyright violation. The messages submitted claim the company has used images on its website that have been added without the image owner’s permission. The message threatens legal action if the images are not immediately removed from the website, and a hyperlink is provided in the message to Google Sites that contains details of the copyrighted images and proof they are the intellectual property of the sender of the message.

Clicking the hyperlink to review the supplied evidence will result in the download of zip file containing an obfuscated .js downloader that will deliver the IcedID payload. Once IcedID is installed, it will deliver secondary payloads such as TrickBot, Qakbot, and Ryuk ransomware.

IcedID distribution has increased in recent weeks, not only via this method but also via phishing emails. A large-scale phishing campaign is underway that uses a variety of business-themed lures in phishing emails with Excel attachments that have Excel 4 macros that deliver the banking Trojan.

The increase in IcedID malware distribution is likely part of a campaign to infect large numbers of devices to create a botnet that can be rented out to other threat groups under the malware-as-a-service model. Now that the Emotet botnet has been taken down, which was used to deliver different malware and ransomware variants, there is a gap in the market and IcedID could be the threat that takes over from Emotet. In many ways the IcedID Trojan is very similar to Emotet and could become the leading malware-as-a-service offering for delivering malware payloads.

To find out how you can protect your business against malware and phishing threats at a reasonable price, give the TitanHQ team a call today and discover for yourself why TitanHQ email and web security solutions consistently get 5-star ratings from users for protection, price, ease of use, and customer service and support.

TitanHQ Wins 3 Experts Insights’ 2021 Best-Of Awards

TitanHQ has been recognized for its email security, web security, and email archiving solutions, collecting not one, not two, but three prestigious awards from Expert Insights.

Expert Insights was launched in 2018 to help businesses find cybersecurity solutions to protect their networks and devices from an ever-increasing number of cyber threats. Researching cybersecurity solutions can be a time-consuming process, and the insights and information provided by Expert Insights considerably shortens that process. Unlike many resources highlighting the best software solutions, Expert Insights includes ratings from verified users of the products to give users of the resource valuable insights about how easy products are to use and how effective they are at blocking threats. Expert Insights has helped more than 100,000 businesses choose cybersecurity solutions and the website is visited by more than 40,000 individuals a month.

Each year, Expert Insights recognizes the best and most innovative cybersecurity solutions on the market in its “Best-Of” Awards. The editorial team at Expert Insights assesses vendors and their products on a range of criteria, including technical features, ease-of-use, market presence, and reviews by verified users of the solutions. Each product is assessed by technology experts to determine the winners in a broad range of categories, including cloud, email, endpoint, web, identity, and backup security.

“2020 was an unprecedented year of cybersecurity challenges, with a rapid rise in remote working causing a massive acceleration in cybercrime,” said Craig MacAlpine, CEO and Founder, Expert Insights. “Expert Insights’ Best-Of awards are designed to recognize innovative cybersecurity providers like TitanHQ that have developed powerful solutions to keep businesses safe against increasingly sophisticated cybercrime.”

Three TitanHQ cybersecurity solutions were selected and named winners in the Expert Insights’ 2021 “Best-Of” Awards in the Email Security Gateway, Web Security, and Email Archiving categories. SpamTitan was named winner in the Email Security Gateway category, WebTitan won in the Web Security category, and ArcTitan was named a winner in the Email Archiving category. SpamTitan and WebTitan were praised for the level of protection provided, while being among the easiest to use and most cost-effective solutions in their respective categories.

All three products are consistently praised for the level of protection provided and are a bit hit with enterprises, SMBs, and MSPs.  The solutions attract many 5-star reviews from real users on the Expert Insights site and many other review sites, including Capterra, GetApp, Software Advice, Google Reviews, and G2 Crowd.  The cybersecurity solutions are now used by more than 8,500 businesses and over 2,500 MSPs.

“The recent pandemic and the growth of remote working initiatives have further highlighted the need for multiple layers of cybersecurity and our award-winning solutions form key pillars in this security strategy,” said Ronan Kavanagh, CEO, TitanHQ. “We will continue to innovate and provide solutions that MSPs can use to deliver a consistent, secure and reliable experience to their customers.”

Easy to Implement Anti-Phishing Solutions for MSPs

To protect their clients from phishing attacks, Managed Service Providers (MSPs) need to provide a comprehensive range of cybersecurity solutions. This post explores the risks from phishing and suggests some easy to implement anti-phishing solutions for MSPs to add to their security offerings.

Phishing is the Number One Cyber Threat Faced by SMBs

Phishing is the number one cyber threat faced by businesses and one of the hardest to defend against. All it takes is for an employee to respond to a single phishing email for a costly data breach to occur. The consequences for the company can be severe.

Email accounts contain a wide range of sensitive information. A phishing attack on a UnityPoint Health hospital in Des Moines, IA, in 2018 saw the protected health information of 1.4 million patients compromised.  Also in 2018, a phishing attack on the Boys Town National Research Hospital saw one account compromised that contained the information of more than 105,300 patients. Phishing emails are also used to introduce malware and ransomware. These attacks can be even more damaging and costly to mitigate.

The healthcare industry is extensively targeted by phishers due to the high value of healthcare data, although all industry sectors are at risk. In response to the high number of cyberattacks and the current threat levels, the Trump administration recently launched the “Know the Risk, Raise your Shield” campaign. The campaign aims to raise awareness of the threat from phishing and other attack methods and encourage private businesses to do more to improve their defenses.

Phishing will continue to be a major threat to businesses for the foreseeable future. Attacks will continue because they require relatively little skill to conduct, phishing is highly effective, and attacks can be extremely lucrative.

Easy to Implement Anti-Phishing Solutions for MSPs

There is no single solution that will provide total protection against phishing attacks. Businesses need layered defenses, which provides an opportunity for MSPs. SMBs can struggle to implement effective defenses against phishing on their own and look to MSPs for assistance.

MSPs that can provide a comprehensive anti-phishing package will be able to protect their clients, prevent costly phishing attacks, and generate more business. Effective anti-phishing controls are also an easy sell. Given the cost of mitigating attacks, the package is likely to pay for itself. But what solutions should be included in MSPs anti-phishing offerings?

Listed below are three easy-to-implement anti-phishing solutions for MSPs to offer to their clients, either individually or part of an anti-phishing security package.

Advanced Spam Filtering

Advanced spam filtering solutions are essential. They block phishing emails on the server before they can be delivered to inboxes or employees’ spam folders. An advanced spam filter will block in excess of 99.9% of spam and malicious emails and by itself, is the single most important solution to implement.

SpamTitan is an ideal anti-phishing solution for MSPs. This cloud-based solution supports an unlimited number of domains, all of which can be protected through an easy to use interface. The solution supports per domain administrators, with each able to implement elements of their own email such as searches and the release of messages from the quarantine folder. Reports can be generated per domain and those reports can be scheduled and automatically sent to clients. The solution can be fully rebranded to take an MSP logo and color scheme, and the solution can be hosted in TitanHQ’s private cloud or within your own data center.

Security Awareness Training and Testing

While the majority of malicious emails will be blocked at source, a very small percentage may slip through the net. It is therefore essential for employees to be aware of the risks from phishing and to have the skills to identify potential phishing emails. MSPs can help their clients by providing a staff training program. Many security awareness training companies offer MSP programs to help manage training for clients and a platform to conduct phishing simulation exercises to test security awareness.

DNS-Based Web Filtering

Even with training, some employees may be fooled by phishing emails. This is to be expected, since many phishing campaigns use messages which are highly realistic and virtually indistinguishable from genuine emails. Spam filters will block malicious attachments, but a web filter offers protection from malicious hyperlinks that direct users to phishing websites.

A DNS-based web filter blocks attempts by employees to access phishing websites at the DNS-level, before any content is downloaded. When an employee clicks on a phishing email, they will be directed to a block screen rather than the phishing website. Being DNS-based, web filters are easy to implement and no appliances are required.

WebTitan is an ideal web filtering solution for MSPs. WebTitan can be configured in just a couple of minutes and can protect all clients from web-based phishing attacks, with the solution managed and controlled through a single easy-to-use interface. Reports can be automatically scheduled and sent to clients, and the solution is available in full white-label form ready for MSPs branding. A choice of hosting solutions is also offered, and the solution can connect with deployment, billing and management tools through APIs.

Key Product Features of SpamTitan and WebTitan for MSPs

  • Easy to manage: There is a low management overhead. SpamTitan and WebTitan are set and forget solution. We handle all the updates and are constantly protecting against new threats globally, in real-time.
  • Scalability: Regardless of your size you can deploy the solution within minutes. SpamTitan and WebTitan are scalable to thousands of users.
  • Extensive API: MSPs provided with API integration to provision customers through their own centralized management system; a growth-enabling licensing program, with usage-based pricing and monthly billing.
  • Hosting Options: SpamTitan and WebTitan can be deployed as a cloud based service hosted in the TitanHQ cloud, as a dedicated private cloud, or in the service provider’s own data center.
  • Extensive drill down reporting: Integration with Active Directory allows detailed end user reporting. Comprehensive reports can be created on demand or via the scheduled reporting options.
  • Support: World class support – we are renowned for our focus on supporting customers.
  • Tried & Tested: TitanHQ solutions are used by over 1500 Managed Service Providers worldwide.
  • Rebrandable: Rebrand the platform with your corporate logo and corporate colors to reinforce your brand or to resell it as a hosted service.

TitanSHIELD Program for MSPs

To make it as easy as possible for MSPs to incorporate our world class network security solutions into their service stacks, TitanHQ developed the TitanSHIELD program. The TitanShield MSP Program allows MSPs to take advantage of TitanHQ’s proven technology so that they can sell, implement and deliver our advanced network security solutions directly to their client base. Under the TitanSHIELD program you get the following benefits:

TitanSHIELD Benefits

Sales Enablement

 

Marketing

Partner Support Private or Public Cloud deployment Access to the Partner Portal
Dedicated Account Manager White Label or Co-branding Co-Branded Evaluation Site
Assigned Sales Engineer Support API integration Social Network participation
Access to Global Partner Program Hotline Free 30-day evaluations Joint PR
Access to Partner Knowledge Base Product Discounts Joint White Papers
Technical Support Competitive upgrades Partner Events and Conferences
24/7 Priority Technical Support Tiered Deal Registration TitanHQ Newsletter
5 a.m. to 5 p.m. (PST) Technical Support Renewal Protection Better Together Webinars
Online Technical Training and FAQs Advanced Product Information Partner Certificate – Sales and technical
Access to Partner Technical Knowledge Base Competitive Information and Research Sales Campaigns in a box
  Not-for-Resale (NFR) Key Public Relations Program and Customer Testimonials
  Product Brochures and Sales Tools TitanHQ Corporate Style Guide and Logo Usage
  Partner Advisory Council Eligibility TitanHQ Partner Welcome Kit
  QTRLY Business Planning and Review Access to TitanHQ’s MVP Rewards Program
  Access to Partner Support  

For further information on TitanHQ’s anti-phishing solutions for MSPs, contact the TitanHQ team today and enquire about joining the TitanSHIELD program.

 

Many Healthcare Organizations Lack the Right Solutions to Block Phishing Attacks

The threat of phishing is ever present, especially for the healthcare industry which is often targeted by phishers due to the high value of healthcare data and compromised email accounts. Phishing attacks are having a major impact on healthcare providers in the United States, which are reporting record numbers of successful phishing attacks. The industry is also plagued by ransomware attacks, with many of the attacks having their roots in a successful phishing attack. One that delivers a ransomware downloader such as the Emotet and TrickBot Trojans, for example.

A recent survey conducted by HIMSS on U.S. healthcare cybersecurity professionals has confirmed the extent to which phishing attacks are succeeding. The survey, which was conducted between March and September 2020, revealed phishing to be the leading cause of cybersecurity incidents at healthcare organizations in the past year, being cited as the cause of 57% of incidents.

One interesting fact to emerge from the survey is the lack of appropriate protections against phishing and other email attacks. While it is reassuring that 91% of surveyed organizations have implemented antivirus and antimalware solutions, it is extremely concerning that 9% appear to have not. Only 89% said they had implemented firewalls to prevent cybersecurity incidents.

Then there is multi-factor authentication. Multifactor authentication will do nothing to stop phishing emails from being delivered, but it is highly effective at preventing stolen credentials from being used to remotely access email accounts.  Microsoft suggested in a Summer 2020 blog post that multifactor authentication will stop 99.9% of attempts to use stolen credential to access accounts, yet multifactor authentication had only been implemented by 64% of healthcare organizations.

That does represent a considerable improvement from 2015 when the survey was last conducted, when just 37% had implemented MFA, but it shows there is still considerable for improvement, especially in an industry that suffers more than its fair share of phishing attacks.

In the data breach reports that are required for compliance with the Health Insurance Portability and Accountability Act (HIPAA) Rules, which healthcare organizations in the U.S are required to comply with, it is common for breached organizations to state they are implementing MFA after experiencing a breach, when MFA could have prevented that costly breach from occurring in the first place. The HIMSS survey revealed 75% of organizations augment security after suffering a cyberattack.

These cyberattacks not only take up valuable resources and disrupt busines operations, but they can also have a negative impact on patient care. 28% of respondents said cyberattacks disrupted IT operations, 27% said they disrupted business operations, and 20% said they resulted in monetary losses. 61% of respondents said the attacks had an impact on non-emergency clinical care and 28% said the attacks had disrupted emergency care, with 17% saying they had resulted in patient harm. The latter figure could be underestimated, as many organizations do not have the mechanisms in place to determine whether patient safety has been affected.

The volume of phishing attacks that are succeeding cannot be attributed to a single factor, but what is clear is there needs to be greater investment in cybersecurity to prevent these attacks from succeeding. An effective email security solution should be top of the list – One that can block phishing emails and malware attacks. Training on cybersecurity must be provided to employees for HIPAA compliance, but training should be provided regularly, not just once a year to meet compliance requirements. Implementation of multifactor authentication is also an essential anti-phishing measure.

One area of phishing protection that is often overlooked is a web filter. A web filter blocks the web-based component of phishing attacks, preventing employees from accessing webpages hosting phishing forms. With the sophisticated nature of today’s phishing attacks, and the realistic fake login pages used to capture credentials, this anti-phishing measure is also important.

Many hospitals and physician practices have limited budgets for cybersecurity, so it is important to not only implement effective anti-phishing and anti-malware solutions, but to get effective solutions at a reasonable price. That is an area where TitanHQ excels.

TitanHQ can provide cost-effective cloud-based anti-phishing and anti-malware solutions to protect against the email- and web-based components of cyberattacks and both of these solutions are provided at a very reasonable cost, with flexible payment options.

Further, these solutions have been designed to be easy to use and require no technical skill to set up and maintain. The ease of use, effectiveness, and low price are part of the reason why the solutions are ranked so highly by users, achieving the best rankings on Capterra, GetApp and Software Advice.

If you want to improve your defenses against phishing, prevent costly cyberattacks and data breaches, and the potential regulatory fines that can follow, give the TitanHQ team today and inquire about SpamTitan Email Security and WebTitan Web Security.

COVID-19 Has Created the Perfect Environment for Black Friday Scams

Black Friday and Cyber Monday are fast approaching and this year even more shoppers will be heading online to secure their Christmas bargains due to the COVID-19 pandemic. In many countries, such as the UK, lockdowns are in place that have forced retailers to close the doors of their physical shops, meaning Black Friday deals will only be available online. 2020 is likely to see previous records smashed with even more shoppers opting to purchase online due to many shops being closed and to reduce the risk of infection.

Surge in Phishing Attacks in the Run Up to Black Friday

The fact that many consumers have been forced to shop online due to COVID-19 has not been missed by cybercriminals, who have started their holiday season scams early this year. Every year sees a sharp rise in phishing emails and online scams that take advantage of the increase in sales in the run up to Christmas, but this year the data show cybercriminals have stepped up their efforts to spread malware, steal sensitive data, and fool the unwary into making fraudulent purchases.

Recent figures released by Check Point show there has been a 13-fold increase in phishing emails in the past 6 weeks with one in every 826 emails now a phishing attempt. To put that figure into perspective, 1 in 11,000 emails in October 2020 were phishing emails. Check Point reports 80% of the phishing emails were related to online sales, discounts, and special offers, and as Black Friday and Cyber Monday draws ever closer, the emails are likely to increase further.

Local lockdowns have piled pressure on smaller retailers, who are at risk of losing even more busines to the large retailers such as Amazon. In order to get their much-needed share of sales in the run up to Christmas, many have started conducting marketing campaigns via email to showcase their special offers and discounts. Those messages are likely to make it easier for cybercriminals to operate and harder for individuals to distinguish the genuine special offers from the fraudulent messages.

Cybercriminals have also started using a range of different techniques to make it harder for individuals to identify phishing and scam messages. Some campaigns involved the use of CAPTCHAs to fool both security solutions and end users, and the use of legitimate cloud services such as Google Drive and Dropbox for phishing and malware distribution is also rife.

With the scams even harder to spot and the volume of phishing and other scam emails up considerably, it is even more important for businesses to ensure their security measures are up to scratch and scam websites and phishing emails are identified and blocked.

How to Improve your Defenses Against Black Friday Phishing Scams and Other Threats

This is an area where TitanHQ can help. TitanHQ has developed two security solutions that work seamlessly together to provide protection from phishing and malware attacks via email and the Internet, not just protecting against previously seen threats, but also zero-day malware and phishing threats.

The SpamTitan email security and WebTitan web security solutions use a layered approach to threat detection, each incorporating multiple layers of protection to ensure that threats are identified and blocked. Both solutions leverage threat intelligence using a crowd sourced approach, to provide protection against emerging and even zero-minute threats.

SpamTitan uses smart email filtering and scanning, incorporating machine learning and behavioral analysis techniques to detect and isolate suspicious emails, dual antivirus engines, sandboxing to trick cybercriminals into thinking they have reached their target, and SPF, DKIM, and DMARC to detect and block email impersonation attacks.

WebTitan is an AI-powered cloud-based DNS web filtering solution that provides protection from online threats such as malware and ransomware and the web-based component of phishing attacks. The solution uses automation and advanced analytics to search through billions of URLs/IPs and phishing sites that could lead to a malware or ransomware infection or the compromising of employee credentials. The solution is an effective cybersecurity measure for protecting against web-based threats for office-based employees and remote workers alike.

If you want to protect your business this holiday season and beyond and improve your defenses against email and web-based threats, give the TitanHQ team a call. Product demonstrations can be arranged, advice offered on the best deployments, and if the solutions are not suitable for your business, we will tell you so. You can also trial both solutions free of charge to evaluate their performance in your own environment before making a decision on a purchase.

Ryuk Ransomware Attacks on Hospitals Spike with Many Fearing the Worst is Yet to Come

The cybercriminal organization behind Ryuk ransomware – believed to be an eastern European hacking group known as Wizard Spider – has stepped up attacks on hospitals and health systems in the United States. This week has seen a wave of attacks on hospitals from the Californian coast to the eastern seaboard, with 6 Ryuk ransomware attacks on hospitals reported in a single day.

Ryuk ransomware causes widespread file encryption across entire networks, crippling systems and preventing clinicians from accessing patient data. Even when the attacks are detected quickly, systems must be shut down to prevent the spread of the ransomware. While hospitals have disaster protocols for exactly this kind of scenario and patient data can be recorded using pen and paper, the disruption caused is considerable. Non-essential surgeries and appointments often need to be cancelled and, in some cases, hospitals have been forced to divert patients to alternative medical facilities.

It is unclear if any ransomware attacks on U.S. hospitals have resulted in fatalities, but there was recently a fatality in an attack in Germany, where a patient was rerouted to a different hospital and died before lifesaving treatment could be provided. Had the ransomware attack not occurred, treatment could have been provided in time to save the patient’s life. The attacks in the United States also have the potential to result in loss of life, especially in such as large-scale, coordinated campaign.

Earlier in the week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Department of Health and Human Services (HHS) issued an advisory after credible evidence emerged indicating Ryuk ransomware attacks on U.S. hospitals and healthcare providers were about to increase.

It is unclear why the attacks have increased now and the exact motives behind the current campaign, but recently Microsoft and U.S. Cyber Command, in conjunction with several cybersecurity firms, disrupted the TrickBot botnet – A network of devices infected with the TrickBot Trojan. The TrickBot Trojan is operated by a different cybercriminal group to Ryuk, but it was extensively used to deliver Ryuk ransomware. The botnet is back up and running, with the threat actors switching to alternative infrastructure, but there have been suggestions that this could be a response to the takedown.

The Ryuk ransomware attacks on hospitals come at a time when healthcare providers are battling the coronavirus pandemic. In the United States the number of new cases is higher than at any time since the start of the pandemic. Hospitals cannot afford to have systems taken out of action and patient care disrupted. The timing of the attacks is such that hospitals may feel there is little alternative other than paying the ransom to ensure that disruption is kept to a minimum. Ransomware gangs are known to time their attacks to cause maximum disruption.

Ryuk ransomware attacks on hospitals have been steadily increasing in the United States prior to the latest spike. Figures released by Check Point Research in the past few days show ransomware attacks on hospitals increased 71% from September, with healthcare the most targeted industry sector, not only in October, but also Q3, 2020. Ryuk ransomware attacks account for 75% of all ransomware attacks on hospitals in the United States.

There is concern that the latest attacks will be just the tip of the iceberg. Some security experts suggest the gang is looking to target hundreds of hospitals and health systems in the United States in this campaign. Each attack on a health system could see several hospitals affected. The attack this week on the University of Vermont Health Network impacted 7 hospitals.

Defending against ransomware attacks can be a challenge, as multiple methods are used to gain access to healthcare networks. Ryuk ransomware is commonly delivered by the TrickBot Trojan, which is delivered as a secondary payload by the Emotet Trojan. The Buer loader and BazarLoader are also being used to deliver Ryuk ransomware. These malware downloaders are delivered via phishing emails so a good spam filter is therefore important.

Employees should be made aware of the increased threat of attack and advised to exercise extra caution with emails. Software updates need to be applied promptly and all systems kept fully patched and up to date. Default passwords should be changed, and complex passwords used, with multi-factor authentication implemented where possible. If it is not necessary for systems to be connected to the Internet, they should be disconnected, and RDP should be disabled where possible.

It is also essential for regular backups of critical data to be made and for those backups to be stored securely on non-networked devices to ensure that in the event of an attack hospitals have the option to recover their data without having to pay the ransom.

Further information on indicators of compromise and other mitigations are available in the CISA Ryuk ransomware advisory.

Phishing Protection Measures Every Business Should Have in Place

Phishing is a cybersecurity threat that businesses of all sizes are likely to face and one that requires multiple phishing protection measures to prevent. Phishing is the term given to fraudulent attempts to obtain sensitive information such as login credentials to email accounts or employee/customer information. Phishing can take place over the telephone (vishing), via text message (SMiShing), or through social media networks and websites, but the most common phishing attacks take place over email.

When phishing occurs over email, an attack usually consists of two elements. A lure – a reason given in the email that encourages the user to take a particular action – and a web-based component, where sensitive information is collected.

For instance, an email is sent telling the recipient that there has been a security breach that requires immediate action. A link is supplied in the email that directs the recipient to a website where they are required to login and verify their identity.  The website is spoofed to make it look like the site it is impersonating and when information is entered it is captured by the attacker.

Phishing protection measures should be deployed to block both of these components. First, you need a solution that stops the phishing attack at source and prevents phishing emails from being delivered to inboxes. You should also have security measures in place to prevent information from being handed over to the attackers at the web stage of the attack. As an additional protection, in case both of those measures fail, you need to prevent stolen credentials from being used to gain access to the account.

Four Essential Phishing Protection Measures

Phishing protection measures should consist of four elements: a spam filter, a web filter, end user training, and multi-factor authentication – often referred to as layered phishing defenses. If one layer should fail, others are in place to make sure the attack does not succeed.

Spam filtering

A spam filter is your first line of defense and one that will block the vast majority of email threats. An advanced spam filter will block in excess of 99.9% of spam, phishing, and malware-laced emails. Spam filters incorporate several layers of protection. They use blacklists of known spammers – domains, email accounts, and IP addresses that have previously been used for spamming, phishing, and other nefarious activities. Checks are performed on the message headers and the message body is subjected to multiple checks to identify malicious URLs and keywords commonly used in spam and phishing emails. Each message is given a score, and if that score is higher than a pre-defined threshold, the message will be either deleted or quarantined. Spam filters also incorporate antivirus engines that check messages for malicious attachments.

Web filtering

Cybercriminals are constantly changing tactics and developing new methods to obfuscate their phishing attempts to bypass spam filters. Spam filters are updated to block these new attacks, but there will be a lag and some messages will slip through the net on occasion. This is where a web filter kicks into action. A web filter will check a website against several blacklists and will assess the content of the website in real-time. If the website is deemed to be malicious, the user will not be permitted to connect, instead they will be directed to a local block page.  Web filters also have AV software to prevent malware being downloaded and can be used to control the types of content users can access – blocking pornography for instance, or social media networks, gaming sites and other productivity drains.

End user training

Technical anti-phishing measures are important, but they will not block all attacks. It is therefore essential to provide end user training to help employees identify phishing and other malicious emails. A once-a-year formal training session should be conducted, with ongoing, regular shorter training sessions throughout the year to raise awareness of new threats and to reinforce the annual training. Phishing simulations should also be conducted to test whether training has been effective and to ensure that any knowledge gaps are identified and addressed.

Multi-factor authentication

If credentials are stolen in a phishing attack, or are otherwise obtained by a cybercriminal, multi-factor authentication can prevent those credentials from being used. In addition to a password, a second factor must be provided before account access is granted. This could be a token, code, or one-time password, with the latter usually sent to a mobile phone. While multi-factor authentication will block the majority of attempts by unauthorized individuals to access accounts, it is not infallible and should not be considered as a replacement for the other protections. Multi-factor authentication will also not stop malware infections.

Phishing Protection Solutions from TitanHQ

TitanHQ has developed two powerful cybersecurity solutions to help you protect against phishing and malware attacks: SpamTitan email security and the WebTitan web filter. Both of these solutions have multiple deployment options and are easy to implement, configure, and use. The solutions are consistently rated highly by end users for the level of protection provided, ease of deployment, ease of use, and for the excellent customer support if you ever have any problems or questions.

On top of that, pricing is totally transparent with no hidden extras, and the solutions are very competitively priced. Both are available on a free trial to allow you to test them in your own environment before committing to a purchase.

Security Awareness for Remote Workers During COVID-19 Crisis

Security awareness for remote workers has never been more important. It is fair to say that there have never been more people working from home as there are now during the COVID-19 pandemic, and home workers are now being actively targeted by cybercriminals who see them as providing an easy way to gain access to their corporate networks to steal sensitive information, and install malware and ransomware.

Businesses may have already given their employees security awareness training to make sure they are made aware of the risks that they are likely to encounter and to teach them how to recognize threats and respond. However, working from home introduces many more risks and those risks may not have been covered in security awareness training sessions geared toward protecting office workers. It is also important to provide security training for employees, and this is especially important for remote workers, as risk increases when employees are working remotely.

In this post we will highlight some of the key areas that must be addressed in work from home (WFH) security awareness training for the workforce.

Increased Security Awareness for Remote Workers Required as COVID-19 Crisis Deepens

Naturally, as an email security solution provider, we strongly advocate the use of a powerful email security solution and layered technical defenses to protect against phishing, but technical controls, while effective, will not stop all threats from reaching inboxes. It is all too easy to place too much reliance on technical security solutions for securing email environments and work computers. The truth is that even with the best possible email security defenses in place, some threats will end up reaching inboxes.

The importance of providing security awareness training to the workforce and the benefits of doing so have been highlighted by several studies. One benchmarking study, conducted by the security awareness training provider KnowBe4, revealed 37.9% of employees fail phishing tests if they are not provided with security awareness and social engineering training. That figure has increased by 8.3% from the previous year. With security awareness training and phishing email simulations, the figure dropped to 14.1% after 90 days.

During the COVID-19 pandemic, the volume of phishing emails being sent has increased significantly and campaigns are being conducted targeting remote workers. The aim of the phishing campaigns is to obtain login credentials to email accounts, VPNs, and SaaS platforms and to spread malware and ransomware.

With so many employees now working from home, and the speed at which companies have had to transition from a largely office based workforce to having virtually everyone working from home may have seen security awareness training for remote workers put on the back burner. However, with the lockdown likely to be extended for several months and attacks on the rise, it is important to make sure that training is provided, and as soon as possible.

Increase in COVID-19 Domain Registrations and Rise in Web-Based Attacks

Security awareness training for remote workers also needs to cover internet security as not all threats will arrive in inboxes. Most phishing attacks have a web-based component, and malicious websites are being set up for drive-by malware downloads. Currently, the vast majority of threats are using COVID-19 and the Novel Coronavirus as a lure to get remote workers to download malware, ransomware, or part with their login credentials.

Unsurprisingly, cybercriminals have increased web-based attacks, which are being conducted using a plethora of COVID-19 and Novel-Coronavirus themed domains. By the end of March, approximately 42,000 domains related to COVID-19 and coronavirus had been registered. An analysis by Check Point Research revealed those domains were 50% more likely to be malicious than other domains registered over the same period.

It is important to raise awareness of the risks of using corporate laptops for personal use such as browsing the Internet. Steps should also be taken to limit the websites that can be accessed by employees and, at the very least, a solution should be implemented and configured to block access to known malicious websites that are used for phishing, fraud, and malware distribution.

Shadow IT is a Major Security Risk

When employees are office based and connected to the network, identifying shadow IT – unauthorized software and hardware used by employees – is more straightforward. The problem not only becomes harder to identify when employees work from home, the risk of unauthorized software being loaded onto corporate-issued devices increases.

Software downloaded onto work computers carries a risk of a malware infection and potentially offers an easy way to attack the user’s device and the corporate network. IT teams will have little visibility into the unauthorized software on users’ devices and whether it is running the latest version and has been patched against known vulnerabilities. It is important to cover shadow IT in security awareness training for remote workers and to make it clear that no software should be installed on work devices and that personal USB devices should not be connected to corporate devices without the go-ahead being given from the IT department.

The COVID-19 pandemic has seen many workers turn to teleconferencing platforms to communicate with the office, friends, and family. One of the most popular teleconferencing platforms is Zoom. Malicious installers have been identified that install the genuine Zoom client but have been bundled with malware. Installers have been identified that also install adware, Remote Access Trojans, and cryptocurrency miners.

How TitanHQ Can Help Improve Email Security

Several security awareness training firms have made resources available to businesses free of charge during the COVID-19 crisis to help them train the workforce, such as the SANS Institute. Take advantage of these resources and push them out to your workforce. If you are a small SMB, you may also be able to get access to free phishing simulation emails to test the workforce and reinforce training.

TitanHQ can’t help you with your remote worker cybersecurity awareness training, but we can help by ensuring employees have to deal with fewer threats by protecting against email and web-based attacks.

SpamTitan is an advanced and powerful cloud-based email security solution that will protect remote workers from phishing, spear phishing, malware, virus, and ransomware attacks by blocking attacks at source and preventing the threats from reaching inboxes. SpamTitan features dual anti-virus engines to protect against known malware threats and sandboxing to block unknown (zero-day) malware threats. SpamTitan incorporate several real-time threat intelligence feeds to block current and emerging phishing attacks and machine learning technology detects and blocks previously unseen phishing threats. SpamTitan has been developed to work seamlessly with Office 365 to allow businesses to create layered defenses, augmenting Microsoft’s protections and adding advanced threat detection and blocking capabilities.

WebTitan is a DNS filtering solution that will protect all workers from web-based attacks, no matter where they access the internet. WebTitan incorporates zero-minute threat intelligence and blocks malicious domains and webpages as soon as they are identified. The solution can also be used to carefully control the types of websites that remote workers can access on their corporate-owned devices, via keyword and category-based controls. WebTitan can also be configured to block the downloading of malicious files and software installers to control shadow IT.

For more information on protecting your business during the COVID-19 crisis, to arrange a product demonstration of SpamTitan and/or WebTitan, and to register for a free trial of either solution to allow you to start instantly protecting against email and web-based threats, contact TitanHQ today!

Cybersecurity Best Practices for Home Workers

When it comes to cybersecurity and home working, CIOs and IT teams have a challenge – How to ensure the same level of protection is provided for remote workers as they get when they are in the office. To help we have compiled a set of cybersecurity best practices for home workers to help IT teams prepare for a massive increase in telecommuting

The cybersecurity protections at home will not be nearly as good for home workers as protections in the office, which are much easier to implement and maintain. IT departments will therefore need to teach telecommuting workers cybersecurity best practices for home working and their devices will need to be configured to access applications and work resources securely. With so many workers having to telecommute, this will be a major challenge.

The coronavirus pandemic has forced businesses to rapidly expand the number of telecommuting workers and having to increase capacity in such a short space of time increases the potential for mistakes. Further, testing may not be nearly as stringent as necessary given the time pressure IT workers are under. Their teams too are likely to be depleted due to self-isolating workers.

One area where standards are likely to slip is staff training on IT. Many employees will be working from home for the first time and will have to use new methods and applications they will not be familiar with. The lack of familiarity can easily lead to mistakes being made. It is important that even though resources are limited you still teach cybersecurity best practices for home workers. Do not assume that telecommuting workers will be aware of the steps they must take to work securely away from the office.

Steps for IT Teams to Take to Improve Cybersecurity for Home Workers

Listed below are some of the key steps that IT teams need to take to improve security for employees that must now work from home.

Ensure VPNs are Provided and Updated

Telecommuting workers should not be able to access their work environment unless they use a VPN. A VPN will ensure that all traffic is encrypted, and data cannot be intercepted in transit. Enterprise-grade VPNs should be used as they are more robust and provide greater security. Ensure there are sufficient licenses for all workers, and you have sufficient bandwidth available. You must also make sure that the VPN is running the latest software version and patches are applied, even if this means some downtime to perform the updates. VPN vulnerabilities are under active attack.

Set up Firewalls for Remote Workers

You will have a firewall in place at the office and remote workers must have similar protections in place. Software firewalls should be implemented to protect remote workers’ devices. Home routers may have inbuilt firewalls. Talk employees through activating hardware firewalls if they have them on their home routers and ensure that passwords are set to prevent unauthorized individuals from connecting to their home Wi-Fi network.

Apply the Rule of Least Privilege

Remote workers introduce new risks, and with large sections of the workforce telecommuting, that risk is considerable. Remote workers are being targeted by cybercriminals and through web- and email-based attacks. In the event of a malware infection or credential theft, damage can be limited by ensuring workers only have access to resources absolutely necessary for them to perform their work duties. If possible, restrict access to sensitive systems and data.

Ensure Strong Passwords are Being Set

To protect against brute force attacks, ensure good password practices are being followed. Consider using a password manager to help employees remember their passwords. The use of complex passwords should be enforced.

Implement Multifactor Authentication

Multifactor authentication should be implemented on all applications that are accessed by remote workers. This measure will ensure that if credentials are compromised, system access is not granted unless a second factor is provided.

Ensure Remote Workers’ Devices Have Antivirus Software installed

Antivirus software must be installed on all devices that are allowed to connect to work networks and the solutions must be set to update automatically.

Set Windows Updates to Automatic

Working remotely makes it harder to monitor user devices and perform updates. Ensure that Windows updates are set to occur automatically outside of office hours. Instruct workers to leave their devices on to allow updates to take place.

Use Cloud-Based Backup Solutions

To prevent accidental data loss and to protect against ransomware attacks, all data must be backed up. By using cloud-based backups, in the event of data loss, data can be restored from the cloud-backup service.

Teach Cybersecurity Best Practices for Home Workers

All telecommuting workers must be shown how they need to access their work environment securely when working away from the office. Reinforce IT best practices with home workers, provide training on the use of VPNs, provide training on cybersecurity dos and don’ts when working remotely, and explain procedures for reporting problems.

Define Procedures for Dealing with a Security Incident

Members of the IT team are also likely to be working remotely so it is essential that everyone is aware of their role and responsibilities. In the event of a security incident, workers should have clear procedures to follow to ensure the incident is resolved quickly and efficiently.

Implement a Web Filter

A web filter will help to protect against web-based malware attacks by blocking access to malicious websites and will help to prevent malware downloads and the installation of shadow IT. Also consider applying content controls to limit employee activities on corporate-owned devices. Drive-by malware attacks have increased and the number of malicious domains registered in the past few weeks has skyrocketed.

Use Encrypted Communication Channels

When you need to communicate with telecommuting workers, ensure you have secure communications channels to use where sensitive information cannot be intercepted. Use encryption for email and secure text message communications, such as Telegram or WhatsApp.

Ensure Your Email Security Controls are Sufficient

One of the most important cybersecurity best practices for home workers is to take extra care when opening emails. Phishing and email-based malware attacks have increased significantly during the coronavirus pandemic. Ensure training is provided to help employees identify phishing emails and other email threats.

Consider augmenting email security to ensure more threats are blocked. If you use Office 365, a third-party email security solution layered on top will provide much better protection. Exchange Online Protection (EOP) is unlikely to provide the level of protection you need against phishing and zero-day malware threats. Consider an email security solutions with data loss protection functions to protect against insider threats.

Monitor for Unauthorized Access

More devices connecting to work environments makes it much easier for threat actors to hide malicious activity. Make sure monitoring is stepped up. An intrusion detection system that can identify anomalous user behavior would be a wide investment.

For further information on enhancing email security and web filtering to protect remote workers during the coronavirus pandemic, contact TitanHQ today.

The First California Consumer Privacy Act Lawsuit Has Been Filed

The first California Consumer Privacy Act lawsuit has been filed over an alleged failure to adequately protect consumer data. The lawsuit has been filed against Hanna Andersson, a children’s clothing company, and its ecommerce platform provider, Salesforce.com.

The California Consumer Privacy Act took effect on January 1, 2020. Under Civil Code 1798.100 – 1798.199, consumers could start exercising their new rights under CCPA from the compliance date. One of those rights is being able to take legal action against companies for privacy violations, such as the theft of personal data in a data breach.

The California Consumer Privacy Act lawsuit was filed in the U.S. District Court for the Northern District of California on behalf of a victim of a 2019 data breach. The lawsuit alleges negligence and a failure to implement reasonable safeguards to protect consumer data, and that the data breach occurred as a direct result of the alleged negligence. A claim for damages has not been stated, although the right has been reserved to seek damages and relief at a later date.

The breach in question was announced by Hanna Andersson on January 15, 2020. Hackers had gained access to its systems and downloaded malware, which allowed the attackers to steal information such as names, personal information, and payment card data. That information was subsequently listed for sale on the dark web.

The California Consumer Privacy Act allows Californians to file for damages of up to $750 per data breach, so a class action California Consumer Privacy Act lawsuit arising from a sizeable data breach could prove extremely costly for a company. In this case, the data breach affected approximately 10,000 California residents, so damages up to $7,500,000 could potentially be claimed.

Enforcement of CCPA

Enforcement of compliance by the California Attorney General has been delayed and will start 6 months after the publication of the final regulations or July 1, 2020, whichever comes sooner. Since the final regulations have yet to be published, the enforcement date will be July 1, 2020. California Attorney General Xavier Bercerra has already stated that he will make an example of businesses that fail to comply with CCPA.

It should be noted that there is nothing in CCPA that prevents the state attorney general from issuing notices of noncompliance before that date and consumers can already file lawsuits to claim damages. It is therefore essential for all entities covered by CCPA to ensure that they are honoring the new consumer rights and have implemented safeguards to protect consumer data.

How TitanHQ Can Help with CCPA Compliance

TitanHQ offers two powerful security solutions that can help covered entities ensure the data of consumers is protected and data breaches are prevented. These two cybersecurity solutions protect against the two most common attack vectors – Email and the internet.

SpamTitan is a powerful anti-spam, anti-malware, and anti-phishing solution that protects email systems from phishing and spear phishing attacks, known and zero-day malware threats, and email-based ransomware attacks.

WebTitan is a companion solution that blocks the web-based element of phishing attacks, exploit kits, and drive-by malware downloads over the internet, while also controlling the content that employees can access on wired and wireless networks.

TitanHQ can also help covered entities comply with the right to know and right to delete consumer rights afforded by CCPA through ArcTitan. ArcTitan is an email archiving solution that allows organizations to meet state and federal email data retention requirements and quickly find emails containing consumer data. If a California resident exercises their right to know what data is held on them by a company, or requests all of their personal data is deleted, that information can quickly be found in the archive. ArcTitan will also allow you to quickly find email data for eDiscovery in the event of any legal disputes.

For further information on these solutions, to schedule a product demonstration, or to arrange a free trial of the full solutions (with full customer support), give the TitanHQ team a call today.

TitanHQ Announces New Partnership with Pax8

TitanHQ has announced a new partnership with Pax8. The partnership means Pax8 partners now have access to TitanHQ’s cloud-based email security solution – SpamTitan – and its DNS filtering solution, WebTitan.

Pax8 is the leader in cloud distribution. The company simplifies the cloud buying process and empowers businesses to achieve more with the cloud. The company has been named Best in Show for two consecutive years at the Next Gen and XChange conferences and is positioned at number 60 in the 2019 Inc. 5000 list of the fastest growing companies.

Pax8 carefully selects the vendors it works with and only offers market-leading channel friendly solutions to its partners. When searching for further cybersecurity solutions for its partners, TitanHQ was determined to be the perfect fit. TitanHQ is the leading provider of cloud-based email and web security solutions for managed service providers (MSPs) serving the SMB marketplace and its cybersecurity solutions are much loved by users. This was clearly shown in the 2019 G2 Crowd Report on Email Security Gateways where SpamTitan was named leader, having achieved 4- or 5-star ratings by 97% of its users, with 92% saying they would recommend the solution to other businesses.

Phishing, malware, and ransomware attacks have all increased in the past year and the cost of mitigating those attacks continues to rise. By implementing SpamTitan and WebTitan, SMBs and MSPs can secure their email environments and block web-based threats and keep their networks secure.

SpamTitan provides excellent protection for Office 365 environments. The solution detects and blocks phishing and email impersonation attacks and prevents known and zero-day malware and ransomware threats from reaching inboxes. The WebTitan Cloud DNS filtering solution blocks the web-based component of cyberattacks by preventing end users from visiting malicious websites, such as those harboring malware and phishing kits.

Both solutions are quick and easy to implement, can be seamlessly integrated into MSPs service stacks and cloud-management platforms, and Pax8 partners benefit from highly competitive and transparent pricing, centralized billing, and leading customer support.

“I am delighted to partner with the Pax8 team,” said Ronan Kavanagh, CEO, TitanHQ. “Their focus and dedication to the MSP community are completely aligned with ours at TitanHQ, and we look forward to delivering our integrated solutions to their partners and customers.”

Employee Susceptibility to Phishing Emails Highlights Need for Strong Email Security

IT professionals have long known that employees are a weak link in the security chain. Recent studies have confirmed this to be the case. Employees are poor at identifying phishing emails and other email-based threats and, to be fair on employees, many have received no training and phishing scams are becoming much more targeted and sophisticated.

The number of successful phishing attacks on businesses is difficult to determine, as many attacks go unreported, even when they result in the exposure of consumer data. In regulated industries, such as the healthcare industry in the United States, the picture is much clearer.

The Health Insurance Portability and Accountability Act – or HIPAA as it is better known – requires healthcare organizations to report breaches of patient information. Summaries of data breaches of 500 or more records are also made public and can be seen on the Department of Health and Human Services’ Office for Civil Rights data breach portal.

In 2019 alone, there have been at least 147 incidents of hacking of email accounts. The cost of those breaches is staggering. In those 147 incidents, the hacked email accounts contained the records of 2,762,691 individuals. According to the Ponemon Institute/IBM Security 2019 Cost of a Healthcare Data Breach report, the cost per exposed healthcare record is $423. Those breaches are therefore likely to have cost $1,168,618,293.

A recent study conducted by GetApp confirmed how often employees are fooled by phishing attacks in other industries. For the study, 714 individuals were surveyed from a range of businesses in the United States. Almost a quarter of those businesses have experienced at least one successful phishing attack and 43% of employees said that someone in their organization had clicked on a phishing email.

The aim of the study was to explore whether businesses were providing security awareness training to their employees to help them identify phishing emails. Only 27% of organizations did. It is therefore no surprise that employees often fall for phishing scams.

The provision of security awareness training, with a particular focus on phishing and social engineering, is vital. Even with layered defenses, some phishing emails will arrive in inboxes, so employees need to be taught the skills they need to help them identify email threats. Employees should then be tested by conducting phishing email simulations. That allows businesses to find out if the training has been taken on board. Without training and testing, employees will remain a liability. Over time their phishing identification shills will improve.

It is worth noting that security awareness training for employees is a requirement of HIPAA, yet many employees are still fooled. Training and phishing simulations can help reduce an organization’s susceptibility to phishing attacks, but employees, being human, will still make mistakes.

The solution is layered defenses. No one cybersecurity solution will block all phishing attempts, and certainly not without also blocking many legitimate email communications. Multiple solutions are therefore required.

It is essential for advanced email security defenses to be implemented to block phishing emails and make sure phishing and malspam (spam emails containing malware) never reach inboxes. That means an advanced spam filtering solution is a must.

SpamTitan for has been independently tested and shown to block in excess of 99.9% of spam emails and 100% of emails containing known malware. SpamTitan also blocks zero-day threats using a combination of advanced detection techniques. This is achieved through heuristic analyses, blacklists, trust scores, greylisting, sandboxing, DMARC, and SPF to name just a few.

SpamTitan has also been developed to compliment Office 365 security and provide a greater level of protection against phishing and other malicious email threats. It should be noted that Microsoft’s Exchange Online Protection was recently shown to allow 25% of phishing emails through.

Should phishing emails arrive in inboxes and be opened by end users, other controls are required to prevent clicks from resulting in malware infections or the theft of credentials. Here a web filtering solution such as WebTitan is important. When a link in an email is clicked, before the webpage is displayed, the URL and the content of the webpage is checked and the user is prevented from visiting the webpage if it, or its domain, is associated with phishing or malware distribution. Malware downloads can also be blocked from websites, even those with a high trust score. Together these solutions form the backbone of your phishing defenses. Further, these two solutions are quick and easy to implement, simple to use and maintain, and they are inexpensive.

Add antivirus protection, multi-factor authentication, and end user training, and you will be well protected from phishing and email and web-based malware attacks.

For further information on improving your defenses against phishing, spear phishing, and malware, give the TitanHQ team a call today.

If you are a managed service provider, contact the TitanHQ channel team and discover why TitanHQ is the leading provider of cloud-based email and web security solutions for MSPs serving the SMB market.

Cyberattacks on Managed Service Providers are Soaring: Are Your Defenses Good Enough?

Cyberattacks on managed service providers have been increasing over the past few months and they are now a key target for hackers. If a hacker can gain access to the systems of a managed service provider, their remote administration tools can be used to launch attacks on their clients.

There have been several major cyberattacks on managed services providers in the past few weeks, with nation state-backed hacking groups targeting MSPs serving enterprises and ransomware gangs are conducting attacks on MSPs serving small and medium sized businesses.

Three major cyberattacks on managed service providers serving healthcare organizations in the United States have been reported in the past two months. All three have affected more than 100 healthcare clients and one impacted 400.

In late November, the Milwaukee-based managed IT service provider, Virtual Care Provider Inc., was attacked with Ryuk ransomware. The attack started on November 17, 2019 and affected all of its clients’ data. Around 110 nursing homes and acute care facilities were prevented them from accessing their patients’ medical records. The consequences for its clients were dire. Assisted living facilities and nursing homes were prevented from billing for Medicaid, which meant essential funding was not provided and nursing homes were prevented from ordering essential drugs for patients. Virtual Care Provider was issued with a $14 million ransom demand, which the company could not afford to pay. The managed service provider had around 20% of its services affected and had to rebuild around 100 servers.

The ransomware was deployed as a secondary payload by the TrickBot Trojan. TrickBot had been installed on its network 14 months previously via a malicious email attachment.

A few weeks later, a Colorado-based managed service provider serving dental practices was attacked with ransomware. Complete Technology Solutions was infected with a ransomware variant called Sodinokibi. First the MSP was attacked, then its remote administration tools were used deploy ransomware on the networks of more than 100 dental practices. A ransom demand of $700,000 was issued, which the MSP refused to pay. Its clients are now having to pay the attackers for the keys to decrypt their files. Only a few that had backups stored off the network were able to recover without paying the ransom.

This is the second such attack to affect a company serving the dental industry. The dental record backup service provider, PerCSoft, was also attacked with Sodinokibi ransomware. That attack affected approximately 400 dental practices. CyrusOne was also attacked with Sodinokibi ransomware and its managed services division and six of its clients were affected.

It is not only ransomware that is being used in the attacks. Nation-state threat groups such as APT10 are also targeting MSPs. Their aims are different. The attacks are being conducted to gain access to the intellectual property of their enterprise customers.

As cyberattacks on managed service providers increase, MSPs must ensure that they have adequate defenses in place to keep the hackers at bay. This is an area where TitanHQ can help. TitanHQ is the leading provider of cloud-based email and web security solutions for managed service providers that serve the SMB market.

TitanHQ offers a trio of solutions for MSPs under the TitanShield program. SpamTitan email security is a powerful cloud-based solution that keeps inboxes free of spam, phishing emails, and malware. SpamTitan incorporates SPF and DMARC to block email impersonation attacks, uses dual antivirus engines to detect known malware threats, and heuristics and sandboxing to identify and block zero-day threats.

WebTitan Cloud is a 100% cloud-based DNS filtering solution that works seamlessly with SpamTitan to block web-based phishing attacks and malware downloads. The solution allows you to monitor and identify malicious threats in real time, and includes AI-driven protection against active and emerging phishing URLs, including zero-minute threats.

The third solution is ArcTitan, a cloud-based email archiving solution that provides protection against data loss and helps MSPs and their clients meet their compliance obligations. ArcTitan serves as a black box flight recorder for email and stores email data securely in the cloud on Replicated Persistent Storage on AWS S3. When emails need to be searched and recovered, the searches are lightning fast. ArcTitan can search up to 30 million emails a second.

ArcTitan has recently been moved to a brand new system, with the service delivered as a highly available, self-healing horizontally scaled Kubernetes cluster. Within that cluster are many different components working in harmony together, but independently. Should any component go down, that component can be taken offline and repaired with no impact on the others, ensuring a much more reliable service with minimal or no disruption during an outage. With ArcTitan, email is protected from cyberattacks.

These solutions are not only an ideal for improving the security posture of MSP clients, they can help to ensure that MSP systems are protected from attack. All TitanHQ solutions are quick and easy to implement, have a low management overhead, and are API-driven so they can easily be incorporated into MSP’s remote management and monitoring systems.

To find out more about the TitanShield program for managed service providers and to discover how TitanHQ’s cybersecurity solutions can improve yours and your clients’ security posture, give the TitanHQ channel team a call today.

Employees Frequently Respond to Phishing Emails and Business Phishing Protections are Coming Up Short

Recent research has highlighted just how important it is for businesses to implement a range of defenses to ensure phishing emails are not delivered to inboxes and how business phishing protections are failing.

The studies were conducted to determine how likely employees are to click on phishing emails that arrive in their inboxes. Alarmingly, one study indicated almost three quarters of employees were fooled by a phishing test and provided their credentials to the attacker. In this case, the attacker was the consultancy firm Coalfire.

71% of the 525 businesses that were tested had at least one employee disclose login credentials in the phishing test, compared to 63% last year. At 20% of businesses, more than half of the employees who were tested fell for the phishing scam, compared to 10% last year.

A second study conducted by GetApp revealed a quarter of 714 surveyed businesses said they had at least one employee who responded to a phishing attack and disclosed their login credentials and 43% of businesses had employees that had clicked on phishing emails. The study also revealed only 27% of businesses provide security awareness training to employees, only 30% conduct phishing simulations, and 36% do not have multi-factor authentication in place on email.

The Importance of Layered Phishing Defenses

To mount an effective defense against phishing and other cyberattacks, a defense in depth approach to security is required.

With layered defenses, businesses are not replying on a single solution to block phishing attacks. Multiple defenses are put in place with the layers overlapping. If one measure proves to be ineffective at blocking a phishing email, others are in place to provide protection.

One area where many businesses fail is relying on Office 365 anti-phishing controls. A study by Avanan showed Office 365 phishing defenses to be effective at blocking most spam emails, but 25% of phishing emails were delivered to inboxes.

What is required is an advanced anti-spam and anti-phishing platform that can be layered on top of Office 365 to ensure that these phishing emails are blocked. SpamTitan can be seamlessly implemented in Office 365 environments and provides superior protection against phishing and malware attacks. SpamTitan blocks more than 99.9% of spam and phishing emails, 100% of known malware, and incorporates a host of features to identify zero-day threats.

As good as SpamTitan is at blocking email threats, other layers should be implemented to block phishing attacks. If a phishing email arrives in an inbox, a web filter will provide protection by blocking attempts by employees to visit phishing websites and sites hosting malware. WebTitan is a powerful DNS filtering solution that protects against the web-based element of phishing attacks. WebTitan adds an extra layer to phishing defenses and will block attempts by employees to visit malicious sites.

If an attacker succeeds in obtaining the credentials of an employee, it is important that those credentials cannot be used to gain access to the account. That protection is provided by multi-factor authentication. Multi-factor authentication is not infallible, but it will prevent stolen credentials from being used to access accounts in the majority of cases.

Security awareness training is also vital. Employees are the last line of defense and that defensive line will be tested. If employees are not trained how to identify phishing emails and other email security threats, they cannot be expected to recognize threats when they land in inboxes. An annual training session is no longer enough, considering how many phishing attacks are conducted on businesses and how sophisticated the attacks are becoming.

Security awareness training should consist of an annual training session with regular refresher training sessions throughout the year. Employees should be kept up to date on the latest tactics being used by cybercriminals to help them identify new scam emails that may bypass email security defenses. Phishing simulation exercises are also important. If these simulations are not conducted, businesses will have no idea how effective their training sessions have been, and which employees have not taken the training on board.

Top 10 Cybersecurity Threats SMBs Must Address

Cybercriminals are inventive and their attacks are becoming increasingly sophisticated. To help ensure you are prepared and can defend your business against these attacks, we have listed the top 10 cybersecurity threats your business is likely to face, along with some tips to help you prevent a costly data breach.

Cybercriminals are not just trying to attack large enterprises. Sure, a cyberattack on a large healthcare system or blue-chip company can be incredibly rewarding, but the defenses they have in place make attacks very difficult. SMBs on the other hand have far fewer resources to devote to cybersecurity and as a result they are easier to attack. The potential rewards may not be as great, but attacks are more likely to succeed which means a better return on effort. That is why so many SMBs are now being attacked.

There is a myriad of ways that a company can be attacked, and the tactics, techniques and procedures used by cybercriminals are constantly changing. The top 10 cybersecurity threats listed below include the main attack vectors that need to be blocked and will serve as a good starting point on which you can build a robust cybersecurity program.

Top 10 Cybersecurity Threats Faced by SMBs

We have listed the top 10 cybersecurity threats that SMBs need to defend against. All the threats listed below need to be addressed as any one of them could easily result in a costly data breach, data loss, or could cripple your business. Some of the threats listed below will be harder to address than others, and it will take time for your cybersecurity defenses to mature. The important thing is to start the ball rolling and address as many of these areas as soon as possible.

Human Error and Insider Threats

We have listed human error first, as it doesn’t matter what hardware and software solutions you implement, human error can easily undo much of your good work. Mistakes will be made by employees on occasion. What you need to do is reduce the potential for errors and limit the harm that can be caused.

Developing robust policies and procedures and providing training will help to ensure that your employees know how to act and more importantly, how not to.

Mistakes are not the only thing you need to take steps to try to prevent. There may also be individuals on your payroll who will take advantage of poor security for personal gain. You will also need to tackle the problem of insider threats and make it harder for rogue employees to cause harm and steal data. The measures listed below will help address threats from within and reduce risk.

  • Passwords
    • Enforce the use of strong passwords but make it easier for your employees to remember them so they don’t try to circumvent your password policy or, heaven forbid, write their passwords down. Implement a password manager to store their passwords so they only have one password or pass phrase to remember.
  • Rule of Least Privilege
    • It is obvious, but often overlooked. Don’t give employees access to resources they do not need for their day-to-day work duties. If their credentials are compromised, this will limit the harm caused. It will also limit the harm that can be caused by rogue employees.
  • Block the Use of USB Devices
    • USB devices make it easy for rogue employees to steal data and for malware to be accidentally or deliberately be introduced. Implement technical controls to prevent USB devices from being connected, and if they are required for work purposes only give permission to certain individuals to use them. Ideally, use more secure methods of transferring or storing data.
  • Monitor Employee Activity
    • If rogue employees are stealing data, you are only likely to find out if you are monitoring their computer activity. Similarly, if credentials are compromised, system logs will highlight any suspicious activity. Make sure logs are created and monitored. Consider using a security information and event management (SIEM) solution to automate this as much as possible.
  • Terminate Access at Point of Termination
    • Terminating an employee? Terminate their access to your systems at the point of termination. It is surprising how often employee access rights are not terminated for days, weeks, or even months after an employee has left the company.

We will cover some more important safeguards to implement to protect against user error in the following 9 SMB cybersecurity threats.

Phishing and Social Engineering Attacks

Phishing is arguably the biggest cybersecurity threat faced by SMBs. Phishing is the use of social engineering techniques to persuade people to divulge sensitive information or take an action such as installing malware or ransomware. This is most commonly achieved via email, but can also occur via text messages, social media websites, or over the telephone.

Do not assume that your employees have common sense and know not to open email attachments from unknown individuals or respond to enticing offers from legal representatives of Nigerian princes. You must train your employees and teach cybersecurity best practices and show them how to identify phishing emails. Refresher training should be provided at regular intervals and you should conduct phishing simulation exercises (which can largely be automated) to find out who has taken the training on board and who is a liability that needs further training.

Employees are the last line of defense. You need a layer of security above your employees to make sure their security awareness training is never required. That means an advanced anti-spam/anti-phishing solution needs to be in place to block threats before they reach inboxes. If you use Office 365, you should still implement an antispam solution. A recent study by Avanan revealed 25% of phishing emails bypass Office 365 antispam defenses.

Another layer of protection should also be implemented to protect against phishing: Multi-factor authentication. This is the use of an additional authentication factor that will kick into action if an attempt is made to use credentials from an untrusted device or location. If credentials are compromised in a phishing attack, multi-factor authentication should stop them from being used to gain access to email accounts, computers, or network resources.

Malware and Ransomware

Malware, viruses, ransomware, spyware, Trojans, worms, botnets, and cryptocurrency miners are all serious threats that you must take steps to block. It goes without saying, but we will say it none the less, you need to have antivirus software installed on all endpoints and your servers.

Malware can be installed in many ways. As previously mentioned, blocking USB devices is important and spam filtering software with sandboxing will protect you from email-based attacks. Most malware infections now occur via the internet, so a web filtering solution is also important. This will also add an extra layer to your phishing defenses. A web filter will block drive-by malware downloads, prevent employees from visiting malicious sites (including phishing websites) and also allows you to enforce your internet usage policies. A DNS filtering solution is the best choice. All filtering takes place in the cloud before any content is downloaded and it will not add to your patching burden.

Shadow IT

Shadow IT – The term given for any hardware or software in use that has not been authorized by your IT department. This could be a portable storage device such as a zip drive, a VPN client to bypass your web filter, an application to help with work tasks, or all manner of other software. It is surprising to find exactly how many of these programs are installed on users’ devices when IT support staff are called upon to sort out a problem!

So, what is the problem? Anything installed without authorization is a potential security and compliance risk. Your security team has no control over patching, and vulnerabilities in those applications could easily go addressed for months and give hackers an easy entry point into your network. Fake applications could be downloaded that are really malware, software packages often include a host of potentially unwanted programs and spyware, and any data stored in these applications could be transmitted to unsecure locations. Those applications and data contained therein are also unlikely to be backed up by the IT department. If anything happens, data can easily be lost.

Unpatched Software

The importance of prompt patching cannot be understated. Vulnerabilities exist in all software solutions. Sooner or later those vulnerabilities will be found, and exploits will be developed to take advantage. Security researchers are constantly looking for flaws that could potentially be exploited by threat actors to gain access to sensitive information, install malware, or remotely execute code. When these flaws are identified and patches are released, they need to be applied promptly. Oftentimes, vulnerabilities are being actively exploited by the time a patch is released. It is essential for these vulnerabilities to be addressed as soon as possible and for all software to be kept up to date.

When software or operating systems are approaching end of life, you must upgrade. When patches stop being issued and software is unsupported, any vulnerabilities will remain unaddressed and can easily be exploited.

Out of Date Hardware

Not all vulnerabilities come from out of date software. The hardware you use can also introduce risks. You must keep an inventory of all your hardware, so nothing slips through the cracks. Firmware updates should be applied as soon as it is made available and you should monitor for any devices that are approaching end of life. If your devices do not support the latest operating systems, then it is time to replace your hardware. This will naturally come at a cost, but so do cyberattacks and data breaches.

Unsecured IoT Devices

The Internet-of-Things offers convenience but IoT devices are a potential liability. IoT devices can send, store or transmit data so they must be be secured.

Unfortunately, in the hurry to connect everything to the internet device manufacturers often overlook security as do users of these devices. Take security cameras for instance. You may be able to access your cameras remotely, but you may not be the only person who can. If your security cameras are hacked, thieves could see what you have, where it is located, and where and when security is lax. There have been cases of security cameras being hacked due to the failure to change default credentials for remote management.

Ensure you change the default credentials on the devices and use strong passwords. Keep the devices up to date, and if the devices need to connect the network, make sure they are isolated from other resources. Cybercriminals can also take advantage of flaws in the applications to which these IoT devices connect. They must also be kept up to date.

Man-in-the-Middle Attacks and Public Wi-Fi

A man-in-the-middle (MITM) attack is an attack scenario where communications between two individuals (or one individual and a website or network) are intercepted and potentially altered. An employee may believe they are communicating securely, when everything they are saying or doing is being seen or recorded. An attacker could even control the conversation between two people and be communicating with each separately while both individuals believe they are communicating with each other. This method of attack most commonly occurs through unsecured Wi-Fi hotspots or evil twin hotspots – Fake Wi-Fi hotspots set up in coffee shops, airports, and any other location where free Wi-Fi is offered.

If you have remote workers, you need to take steps to ensure that all communications are kept private. This can be achieved in two main ways. By making sure employees use a secure VPN that encrypts their communications over public or unsecured Wi-Fi networks and also by implementing a DNS filtering solution. The DNS filtering solution provides the same protection for remote workers as it does for on-premises workers and will prevent malware downloads and employees from accessing malicious websites.

Mobile Security Threats

There is no denying the convenience of mobile devices (laptops, tablets, smartphones). They allow workers to be instantly contacted and lets them work from any location. Mobile devices improve employee mobility, can lead to greater employee satisfaction, and will help you to boost productivity. However, the devices also introduce new risks. Whether you supply these devices or operate a BYOD policy, you need to implement a range of security controls to ensure those risks are managed.

You need to make sure you know of every device that you allow to connect to the network. A mobile device security solution can help you gain visibility into mobile device use and allow you to control your applications and data.

You should ensure the devices have security controls applied, can only access your network via secure channels (VPN), ensure the devices are covered by a DNS filtering solution, and any work data stored on the devices needs to be encrypted.

Remote Desktop Protocol

Remote desktop protocol (RDP) allows employees remotely connect to your computers and servers when they are not in the office and lets your managed service provider quickly sort out your problems and maintain your systems without having to pay a visit. RDP also gives hackers an easy way to gain access your computers, servers, and steal data or install malware. Do you need RDP enabled? If not, disable it. Does it need to be used internally only? Make sure that RDP is not exposed to the internet.

If you do need RDP, then you need to exercise extreme caution. Make sure that users can only connect via a VPN or set firewall rules. Limit the individuals who have permissions to use RDP, ensure strong passwords are set, and that rate limiting is implemented to protect against brute force attacks. Also use multi-factor authentication.

Stolen RDP credentials are often used by hackers to gain access to systems, brute force attempts are often conducted, and vulnerabilities in RDP that have not been patched are frequently exploited. This is one of the main ways that ransomware is installed.

These are just the top 10 cybersecurity threats faced by SMBs. There are many more risks that need to be identified and mitigated to ensure you are protected. However, by addressing the above issues you will have already made it much harder for hackers and cybercriminals to do your business harm.

TitanHQ is Here to Help!

TitanHQ can assist by providing you with advanced cybersecurity solutions to protect against several of the above listed top 10 cybersecurity threats and will the two most commonly used attack vectors – email and the web-based attacks. These solutions – SpamTitan and WebTitan – are 100% cloud based, easy to implement and maintain, and will provide superior protection against malware, ransomware, viruses, botnets, and phishing attacks.

Further, these powerful solutions are affordable for SMBs. You are likely to be surprised to find out how little these enterprise-grade security solutions will cost. If you are a managed service provider that services the SMB market, you should also get in touch. SpamTitan and WebTitan have been developed by MSPs for MSPs. There is a host of reasons why TitanHQ is the leading provider of cloud-based email and web security solutions to MSPs that service the SMB market!

Contact our friendly (and non-pushy) sales team today to find out more, book a product demo, and register for a free trial.

TitanHQ Launches New ‘Margin Maker for MSPs’ Initiative Following Record-Breaking MSP Growth

Q3, 2019 has seen TitanHQ register record-breaking growth in the MSP market with its busiest ever quarter for MSP sales. TitanHQ now has more than 2,200 MSP partners and its cloud-based email security, web security, and email archiving platforms are now used by more than 8,200 businesses around the world.

Many great success stories start from humble beginnings, and TitanHQ is no exception. The company started life as Copperfasten Technologies in 1999 and sold anti-spam appliances to local businesses from its Galway, Ireland base. The company then developed its own cybersecurity solutions, starting with the anti-spam and anti-phishing solution, SpamTitan.

The product portfolio grew to include WebTitan web filtering, a powerful DNS-based web security solution to protect businesses from the full range of internet threats. That was followed by the launch of ArcTitan, a cloud-based email archiving solution for businesses that eases their email storage and compliance burden.

That trio of core TitanHQ products has proven to be a massive hit with managed service providers, although not by accident. Many companies have developed innovative solutions for SMBs but have only realized the importance of the MSP market later on. Additional features are then added to appeal to MSPs. TitanHQ took a different approach. Its solutions were developed by MSPs for MSPs and MSPs were considered at every stage of product development. The result is a suite of security solutions tailor-made for MSPs.

This approach, along with cutting-edge technology and industry-leading customer support, has seen the company go from strength to strength and become the gold standard in email and web security and the leading global provider of cloud-based security solutions for MSPs servicing the SMB market.

Phishing attacks on businesses are soaring, new malware variants are being released at record levels, and the current ransomware epidemic is threatening to derail businesses. Many SMBs lack the internal resources to block these threats and turn to MSPs to provide the security they need.

To cope with the increased demand, MSPs need solutions with 100% cloud-based architecture that seamlessly integrate into their existing centralized management systems and are easy to implement, use, and maintain. Ideally, those solutions need to be flexible, have a range of hosting options, be available in white-label form to take MSP branding, and also include generous margins. That is a big ask, and many solutions only tick a few of those boxes. However, TitanHQ’s suite of solutions include all those features and more.

TitanHQ also offers extensive sales enablement and marketing support, world-class customer service, and each MSP has a dedicated account manager, engineers, and a support team to help them maximize their sales opportunities and really grow their businesses.

As part of the celebration of the Q3, 2019 MSP growth, TitanHQ has launched a new initiative to ensure Q4 will be an even bigger success.

On October 22, TitanHQ announced a new disruptive price package for a SpamTitan Email Security and WebTitan DNS filtering bundle at an exclusive once-in-a-lifetime price. The initiative has been called Margin Maker for MSPs and is intended to ensure MSPs build profitability instantly in Q4, 2019.

The two solutions are provided in two private clouds, customized to meet MSPs email and web security needs, and secure the most common attack vectors – email and the web. The package includes advanced protection for email, including Office 365 environments, complimented by WebTitan DNS filtering to block web-based threats and implement content control for on-premises and remote workers. These solutions are naturally provided with extensive sales enablement and marketing support.

The aim is to make TitanHQ’s email and web security platforms even more appealing to MSPs and to encourage MSPs to offer both SpamTitan email security and WebTitan web filtering to their clients and maximize revenues.

One MSP that is already boosting its profits and achieving increased, reliable recurring monthly revenues is UK-based OpalIT. The MSP has bases in Newcastle and Edinburgh and a 6,000+ customer base. Prior to joining the TitanShield program, OpalIT was offering its clients firewall filtering and email filtering with Barracuda and Vade. The company has now switched to TitanHQ’s cybersecurity bundle and is pushing SpamTitan Email Security, WebTitan DNS filtering, and ArcTitan email archiving to its clients and is reaping the rewards.

“Opal IT moved to TitanHQ because of our MSP focused solutions, ease of deployments, extensive APIs functionality and the increased margin they’re now making.  Our cybersecurity bundle solutions allow MSPs to provide their downstream customers with a layered defense approach” said Rocco Donnino, EVP Strategic Alliances, TitanHQ.

If you are a managed service provider, now is the perfect time to sign up with TitanHQ. Come and meet the TitanHQ channel team at the following MSP events to find out more about the TitanShield program for MSPs, OEMs, and service providers, and take advantage of the amazing new MSP package.

 

If you are unable to attend any of these events, be sure to give the TitanHQ team a call to find out more and take advantage of this exciting new and exclusive offer.

Meet the TitanHQ Team at IT Nation Connect 2019, Orlando

IT Nation Connect 2019, the ConnectWise conference for the IT professional community, will be taking place on October 30, 31, and November 1 at the Hyatt Regency in Orlando, Florida.

The event is the leading conference for companies that sell, support, and service technology and is focused on helping attendees build a strong business and achieve long-term success. Attendees will gain practical advice from experts in the IT Nation community and will have the opportunity to build meaningful business connections and learn how to work on their businesses.

This year’s topics for the session tracks are mergers & acquisitions, growth & scalability, talent development & leadership, service delivery & customer success, sales & marketing, and security.

Security is a key focus of IT Nation Connect 2019. The event will provide opportunities to discover how security frameworks and IT solutions can help you bulletproof your business and protect your clients’ networks from cyberattacks. Attendees will also gain deep insights into the current state of security in the MSP space.

Leading security experts will be discussing the steps that the government is taking to combat cyber threats, the lessons the government and private firms have learned, and how security experts see the threat landscape evolving over the coming year.

Founders and CEOs of the most successful MSPs and IT firms will explain what it is like to be a trailblazer, how they achieved their successes, the mistakes they made on the way, and what the future holds for the IT Nation community.

More than 80 thought leaders, ConnectWise partners, and ConnectWise colleagues will taking over 130 educational, networking and panel sessions and will be sharing success stories, best practices, and the lessons they have learned to help attendees succeed and grow their businesses.

The conference offers an exceptional opportunity for learning, networking, and discovering technology solutions that can save you time, money, and boost the profitability of your business. Such an important event for the IT community is not to be missed.

TitanHQ will be attending the event to explain why TitanHQ is the global leader in cloud-based email and web security solutions for MSPs servicing the SMB market, the advantages of doing business with TitanHQ, and how TitanHQ solutions can help you better protect your environment and those of your clients from increasingly sophisticated cyber threats.

TitanHQ Marketing Director Dryden Geary, Sales Director Conor Madden, and Inside Sales Executive Peter Cooke will explain the benefits of the TitanShield program for MSPs, OEMs, technology partners, and Wi-Fi providers and show you just how easy it is to incorporate SpamTitan email security, WebTitan DNS filtering, and ArcTitan email archiving into your security stacks.

If you are attending the event, be sure to make time to meet with TitanHQ and feel free to reach out in advance of the event if you have any questions.

Meet TitanHQ at the 2019 Canalys Cybersecurity Forum

The 2019 Canalys Cybersecurity Forum will be taking place in Barcelona on October 16-17, 2019. The event is the only independent conference dedicated to the cybersecurity channel and is one of the most important events of the year for managed service providers (MSPs).

The event provides an incredible opportunity for MSPs looking to enhance their security stacks, provide greater value, and better protect their clients from increasingly sophisticated security threats. Attendees will have the opportunity to have 1:1 meetings with more than 700 established and new partners and discover best practices to adopt to get the most out of their cybersecurity solutions.

The event is also a must for MSPs who have yet to start offering managed security services as it will allow them to form new partnerships with Europe’s best cybersecurity solution partners who will help them grow their businesses significantly over the coming year.

Leading cybersecurity vendors will be taking thought-crunching sessions and sharing their knowledge to help partners succeed. Attendees will be able to engage in intense debates and interact with some of the brightest minds in the field of cybersecurity. Questions can be posed in multi-vendor theatre panels to get the answers from the leading cybersecurity solution providers in the EMEA region.

Highlights of this year’s event include panels, theatre and keynotes exploring the re-imaging of the idea of solutions, generalist vs. specialist in the cybersecurity channel, the next catalyst that will drive security sales, and how the role of the CSO is evolving in the hybrid IT world.

Canalys analysts will also be providing keynote speeches and sharing their insights into the current threat landscape and some of the burning issues of the moment. The event will also see Canalys name the new Threat Fighter and MSSP winners in the Canalys Channel Partner Awards.

TitanHQ Sales Director, Conor Madden

The event provides an amazing opportunity for networking with more than 200 channel partner delegates in attendance. New alliances can be formed and along with the knowledge gained, attendees will be able to make important decisions that will have a major positive impact on growth for the coming year.

TitanHQ is a proud sponsor of the 2019 Canalys Cybersecurity Forum and the team will be on hand to answer questions and explain why TitanHQ is the global leader in cloud-based email and web security solutions for the MSP that services the SMB market.

TitanHQ Strategic Alliance Manager, Marc Ludden

At the event you will be able to discover the considerable benefits of using SpamTItan email security, WebTitan DNS filtering, and ArcTitan email archiving to solve your clients security issues, better protect them from cybersecurity threats, and help them achieve their compliance objectives… and how easy TitanHQ makes this for MSPs.

TitanHQ Sales Director Conor Madden will be a panelist at the event and will be answering questions from attendees on email security, web security, email archiving and how to get the most out of TitanHQ’s cybersecurity solutions for MSPS and SMBs.

Marc Ludden, TitanHQ’s Strategic Alliance Manager, will also be attending and meeting with enterprise-level clients and major MSPs and ISPs to help them push TitanHQ products downstream to their customers, grow their businesses, and improve their bottom lines.

You can find out more about this one in a year opportunity here – Canalys Cybersecurity Forum 2019 – and feel free to reach out to TitanHQ in advance of the event.

If you are unable to attend this year’s Canalys event, TitanHQ will be on the road throughout October and November. Be sure to connect at one of the other fall 2019 events below:

WebTitan Cloud: A Low Cost, Powerful Cisco Umbrella Alternative

If you are looking for a Cisco Umbrella alternative you are certainly not alone. TitanHQ has helped hundreds of businesses change from Cisco Umbrella to WebTitan Cloud. In most cases, the main reason why businesses seek a Cisco Umbrella alternative is to save money. Cisco Umbrella pricing reflects the comprehensive nature of the product, but the Cisco Umbrella cost is seen as too expensive by many small- to medium-sized businesses who are only looking for malware and phishing protection and to control the websites their employees can access.

The cost of Cisco Umbrella is hard to justify for many SMBs and managed service providers (MSPs). The cost per user is considerably higher than many other solutions on the market. In fact, you may be surprised at just how much money can be saved by changing your web filter provider.

Cisco Umbrella Pricing

Cisco Umbrella pricing is not particularly transparent. For a start, you cannot easily find out how much Cisco Umbrella is likely to cost and there is no Cisco Umbrella cost calculator on the website nor any price list. If you search for information on Cisco Umbrella pricing online, you are likely to find prices from various resellers, but the prices are usually out of date. You can tell as they refer to the old packages of Cisco Umbrella Professional, Cisco Umbrella Insights, and Cisco Umbrella Platform.

Cisco Umbrella pricing depends on several factors, including the level of protection you want, the number of users you need to protect, and the contract term. You must also factor in any add-ons you may need. For instance, basic email-only support is provided but advanced support comes at an additional cost. Because there are many different options, you must contact Cisco for an individual quote for your business.

How Much Does Cisco Umbrella Cost?

For a business with 100 users, the cost of Cisco Umbrella in 2021 is $2.70 per user, per month. That is certainly a reasonable price given the level of protection provided by Cisco Umbrella, but there are Cisco Umbrella alternatives that are available for a fraction of the Cisco Umbrella cost that provide an equivalent level of protection against web-based threats and allow careful control of the types of content that can be accessed by end users.

If you have 100 users, you will be spending $270 a month on Cisco Umbrella, which is $3,240 per year. The Cisco Umbrella price is reasonable if you compare it to the cost of a malware infection, ransomware attack, data breach, or phishing attack, but it is possible to have a similar level of protection at a third of Cisco Umbrella Cost if you change from Cisco Umbrella to WebTitan Cloud.

How much can be saved by switching from Cisco Umbrella to WebTitan Cloud? The cost of WebTitan Cloud is $0.90 per user, per month. That adds up to a monthly cost of $90, which is $1,080 per year. Just making this simple change will save your business $2,160 per year!

Cisco Umbrella Licensing

Cisco Umbrella licensing is based on three packages of Cisco Umbrella. The most basic package is DNS Security Essentials, which used to be known as Cisco Umbrella Professional. The next tier of the product is DNS Security Advantage, formerly Cisco Umbrella Insights. The most comprehensive solution in the Cisco Umbrella family is DNS Secure Internet Gateway, formerly Cisco Umbrella Platform.

Cisco Umbrella licensing is based on the number of users that need to be protected, with the Cisco Umbrella price per user decreasing slightly the more users need to be protected. Cisco Umbrella licensing has a minimum contract term of 1-year, although longer contracts can be purchased with an associated discount. There is no option for paying monthly to spread the cost.

Can the Cisco Umbrella Price be Justified?

The Cisco Umbrella price has been set based on the comprehensive nature of the product, which does not only provide DNS filtering, but includes a host of other security features. Some businesses, especially large enterprises that have a huge workforce, are frequently targeted by threat actors and need an extensive suite of cybersecurity solutions to block attacks and conduct extensive investigations. For those organizations, the features included in the most comprehensive Cisco Umbrella package are likely to be attractive, and for those businesses the Cisco Umbrella price can easily be justified in terms of the protection provided.

For example, the DNS Security Advantage includes Umbrella Investigate, which provides deep context for investigations and uses an API to send Umbrella data to other security solutions. The DNS Secure Internet Gateway package includes a cloud-delivered firewall and a cloud access security broker to discover and block shadow IT. These features are not available in many other DNS filtering solutions and would need to be purchased separately if required. Small- to medium-sized businesses may find the additional features of the second and third tiers of the solutions to be surplus to requirements.

Since the features of the first tier of the Cisco Umbrella solution – DNS Security Essentials – are included in many other DNS filtering solutions that are sold at a fraction of the Cisco Umbrella price, it is understandable why many choose to purchase a different DNS filtering solution, especially since there are several features lacking in the most basic Cisco Umbrella package which many would feel are essential, as we explain below.

Cisco Umbrella Review

There are three versions of Cisco Umbrella for businesses use, as previously mentioned. Let’s consider the top product package, Secure Internet Gateway (SIG) Essentials. SIG Essentials is the most comprehensive DNS security solution offered by Cisco. In terms of DNS security, the solution uses the same web filtering and content filtering mechanisms of the two cheaper packages. However, additional capabilities are included, such as the ability to decrypt and inspect all HTTPS traffic. In the DNS Security Advantage package, you can only decrypt and inspect SSL traffic for “risky” domains, and you do not have that feature at all in the most basic package.

Since threat actors often use encryption to hide malicious activity, SSL inspection really is important, yet for full inspection capabilities you need to pay for the top-level product. That top-level solution comes with other additional features, such as a cloud security broker for discovering and blocking shadow IT and a cloud-delivered firewall. Many businesses will already have a firewall that provides those capabilities.

The level of protection provided by the basic package will be insufficient for many SMBs, the middle package lacks important features available in many lower cost Cisco Umbrella alternatives, and the top level product includes feature that many SMBs are unlikely to use.

Given the high cost of the top level package and the availability of many Cisco Umbrella alternatives at a fraction of the cost, unless you really need all the features of SIG essentials, the alternatives from other providers should be fully explored as the cost savings are considerable.

An Ideal Cisco Umbrella Alternative

Cost is not the only consideration when looking for a Cisco Umbrella alternative. If you are changing solution provider you will need to make sure that the new product has all the features you need. Since WebTitan Cloud and Cisco Umbrella are built around the same core principles, in many respects the solutions are equivalent, but there are several features of WebTitan Cloud that are not available with Cisco Umbrella and there are some important benefits that come with WebTitan Cloud for SMBs and MSPs.

TitanHQ has a perfectly transparent pricing policy. You pay one price and you get all the features of the solution. There are no optional extras that bump up the cost and no premium packages to give you extra protection. Every user receives the same high level of protection. TitanHQ is also happy to negotiate with businesses and MSPs and enters into commercial arrangements that suit all parties.

One of the features of WebTitan Cloud that is particularly attractive to MSPs is the ability to host the solution locally within their own environment. Most businesses will choose to host WebTitan Cloud with TitanHQ, but the option is available if this suits you better. MSPs can also be supplied with WebTitan Cloud in white label form. TitanHQ branding can be removed from the solution to allow you to add your own branding if you so wish.

There may be times when you need to bypass filtering controls. To make this as easy as possible, we developed cloud keys. These can be used to bypass some or all of your filtering controls rather than having to change policies for a user and change back again when a particular task has been performed. Cloud keys can be set to expire after a certain number of uses or after a certain period of time.

We have developed WebTitan Cloud to be easy to configure, use, and maintain, but there will naturally be times when things don’t go according to plan. In the event of a problem, all users benefit from world class support. Our skilled engineers and customer service staff are on hand to get you back on track quickly and painlessly. That applies to all users, even those on the free product trial. Support is not an optional extra that will cost you more money.

WebTitan Cloud Benefits for MSPs

As previously covered, there are key benefits of WebTitan Cloud over Cisco Umbrella for MSPs.

  • Flexible pricing including monthly billing
  • Multiple hosing options, including within your own data center
  • Product can be supplied in white label form ready to take your branding
  • There are no monthly minimums, yearly commitments, and the product can scale to meet your needs (and will shrink too if needed)
  • Fully transparent pricing
  • Extensive reporting
  • Easy integration into existing security and customer management systems through a suite of APIs
  • World-class customer support included in the cost
  • Easy implementation, use, and a low management overhead
  • Generous margins for MSPs
  • Access to an extensive library of support materials

How do Users Rate WebTitan vs Cisco Umbrella

Not all web filtering solutions provide the same level of protection and many fail to live up to expectations one they are installed. In the case of WebTitan Cloud, not only can you save a considerable amount of money, our DNS filtering solution is easy to set up, use and maintain. Plus, if you ever experience any problems or need help, you benefit from industry-leading customer service.

Naturally we will sing the praises of WebTitan Cloud as we are trying to sell our product, but most users of WebTitan agree with us and love using the product. This can be seen on review sites such as G2 Crowd.

G2 Crowd is an independent business software review site that is trusted by business leaders to provide information on the best software solutions on the market. The site has more than 650,000 user reviews from verified users and gives you insights into products to let you know if they perform as well as vendors say they do.

Web filtering solutions are rated on whether they meet requirements, ease of use, ease of setup, ease of admin, quality of support, and ease of doing business with the company. WebTitan Cloud consistently ranks higher than Cisco Umbrella in all 6 categories.

If you have any questions about WebTitan Cloud, would like information on how you can switch from Cisco Umbrella, would like a product demonstration or to sign up for the free trial, give us a call today and we will be happy to help. The sooner you get in touch, the sooner you can start saving money on web filtering!

Cost of a Ransomware Attack? $95 Million for Danish Firm Demant

The cost of a ransomware attack can be considerable. Several attacks in the United States have seen payments of hundreds of thousands of dollars made for the keys to unlock the encryption. While those payments are certainly high, they are a fraction of the total cost of a ransomware attack which are usually several times the cost of any ransom payment.

Recovery without paying a ransom can be considerably more. The ransomware attack on the city of Baltimore saw a ransom demand of around $76,000 issued. Baltimore refused to pay. The attack is estimated to have cost the city at least $18.2 million.

The cost of that ransomware attack is high, but nowhere the cost of a suspected September 2019 ransomware attack on the Danish hearing aid manufacturer Demant. The firm experienced the attack on or around September 3, 2019. One month on and the firm still hasn’t recovered. In a recent message to its investors, the firm said the cyberattack would cost an estimated $80 million to $95 million, even though the company held a cyber insurance policy. Without that policy the bill would have been $14.6 million higher.

According to a notice on the firm’s website, it experienced “a critical incident” when its “IT infrastructure was hit by cyber-crime.” Ransomware was not mentioned by the firm although it has been reported as a ransomware attack by the Danish media.

The attack impacted its Polish production and distribution facilities, French cochlear implants production sites, Mexican production and service sites, its amplifier production site in Denmark, its entire Asia-Pacific network, and its enterprise resource planning (ERP) system.

The firm is recovering its IT infrastructure and believes it will take a further two weeks for systems to be restored and business operations to approach normality. However, the effects of the attack are expected to be long-lasting.

The inability to access its systems across all these areas has caused major disruption to the company. The firm has been unable to supply its products, receive and process orders, and clinics in its network have had difficulty servicing end users.

Due to the limited information released it is unclear whether the company refused to pay a ransom, if the attackers could not supply valid keys to unlock the encryption, of if this was a sabotage attack akin to the NotPetya wiper malware attacks of 2017.

If this was a ransomware attack, the losses far exceed those of the Norwegian aluminum and energy company Norsk Hydro, whose ransomware attack cost the firm around $70 million, although it is a fraction of the cost of the NotPetya attacks on the shipping firm Maersk and FedEx, both of which caused losses of around $300 million.

These incidents all demonstrate just how damaging cyberattacks can be and the massive costs of recovery. As is typical, the cost of recovering its IT systems accounted for a small proportion of the total cost – around $7.3 million. The bulk of the losses were due to lost sales and the inability to process orders, which the company says make up around half of the estimated losses.

In a press release, the firm said in addition to the lost sales, “the incident has prevented us from executing our ambitious growth activities in some of the most important months of the year – particularly in the US, which is our biggest market.”

Malware, ransomware and wiper malware are most commonly delivered via a small number of attack vectors. All too often they start with a phishing email, exploitation of RDP, drive-by malware download, or the exploitation of unpatched vulnerabilities.  The cost of preventative measures to block these attack vectors is pocket change by comparison to the cost of recovery from an attack.

TitanHQ cannot help businesses with securing RDP and patching promptly, but we can help businesses secure the email system and protect against drive-by malware downloads and other web-based attacks.

To find out more about how you can improve security against email- and web-based attacks, from a cost of as little as 90 cents per user per month, give our sales team a call.

The sales team will be happy to explain the ins and outs of our web and email security solutions, schedule product demonstrations, and help set you up for a free trial of our SpamTitan email security and WebTitan web security solutions and greatly improve your defenses against phishing, ransomware, malware, and wiper attacks.

Ransomware Attack Forces Healthcare Provider Out of Business

The dangers of ransomware attacks have been made abundantly clear to more than 5,000 patients in California whose medical records have been permanently lost as a result of a ransomware attack on their healthcare provider.

Simi Valley, CA-based Wood Ranch Medical experienced the attack on August 10, 2019 which saw ransomware deployed and executed on its servers which contained the medical records of 5,835 patients. The attack caused permanent damage to computer systems, and since backup copies of patient records were also encrypted, those records have been permanently lost. It is unclear how much the attackers demanded as payment for the keys and whether those keys would have worked had the ransom been paid.

Without patient records and faced with the prospect of having to totally rebuild the medical practice from scratch, the decision was taken to permanently close the business. Patients have been forced to find alternative healthcare providers and no longer have access to their medical records.

This is the second healthcare provider in the United States that has been forced out of business due to a ransomware attack. Brookside ENT and Hearing Center in Battle Creek, Michigan also closed its practice this year as a result of a ransomware attack. In that case, the practice owners refused to pay the ransom demand and patient records were permanently encrypted. The practice owners decided it was not possible to rebuild the practice from scratch and announced their early retirement.

It is unclear exactly how the ransomware was installed in each of these incidents, so it is not possible to determine what defenses could have been improved to prevent the attacks. However, in both cases, recovery of files from backups was not possible.

The purpose of a backup is to ensure that in the event of disaster, data will be recoverable. File recovery may be time consuming and downtime due to the attack likely to be expensive, but data will not be permanently lost.

In order to ensure file recovery is possible, backups must be tested. Files may be corrupted during the backup process and data restoration may not be possible. If backups are not tested to make sure files can be recovered, it will not be possible to guarantee file recovery in the event of disaster.

These incidents also highlight another fundamental rule of backing up. NEVER store the only copy of a backup on a networked or internet-connected computer.

In the event of ransomware attack, it is highly likely that backup copies on networked devices will be encrypted along with shadow volume copies. Ransomware encrypts these files to make sure the only way of recovering data is paying the ransom.

Even paying a ransom comes with no guarantee that data will be recoverable. Files may be corrupted through the encryption/decryption process – some data loss is inevitable – and the attackers may not be able to supply valid keys to decrypt files.

A good backup approach to adopt to prevent disasters such as these is a 3-2-1 strategy. 3 backups should be created, which should be stored on 2 different media, with 1 copy stored securely off site on a device that is not networked or connected to the internet.

TitanHQ is on the Road Again: Fall 2019 MSP Trade Show Schedule

This fall, TitanHQ will be attending several Managed Service Provider (MSP) events and trade shows throughout Europe and the United States.

TitanHQ has been developing innovative cybersecurity solutions for MSPs for more than two decades and all solutions have been created with MSPs firmly in mind. By involving MSPs in the design process, TitanHQ has been able to ensure that its products incorporate features to make life easier for MSPs, such as easy integration into MSPs management systems through the use of APIs to features rarely found in cybersecurity products – such as full white label versions ready for MSP branding and the ability to host the solutions within MSPs own environments.

Trade shows give the TitanHQ team the opportunity to meet face to face with prospective clients to discuss their email and web security needs and get face to face feedback from current customers that have already integrated TitanHQ products into their technology stacks.

The TitanHQ team kicked off the fall schedule of trade shows on September 12 at the Taylor Business Group BIG 2019 Conference at the Westin Hotel in Chicago, where members got to meet the TitanHQ team to discuss the new TitanShield program and discover how TitanHQ products can improve security for their clients while saving MSPs time and money.

At the same time, TitanHQ was at the CloudSec Europe 2019 Conference in London demonstrating WebTitan Cloud, SpamTitan Cloud, and ArcTitan to MSPs and cloud service providers.

If you were unable to attend either of these two events or did not get the chance to meet with the team, all is not lost. The fall schedule has only just commenced and there are still plenty of opportunities to meet the team to discuss your requirements and find out how TitanHQ products can meet and exceed your expectations.

Trade Events Attended by TitanHQ – Autumn, 2019

Date Event Location
September 17, 2019 Datto Dublin Dublin, Ireland
September 18, 2019 MSH Summit London, UK
October 6-10, 2019 Gitex Dubai, UAE
October 7-8, 2019 CompTIA EMEA Show London, UK
October 16-17, 2019 Canalys Cybersecurity Forum Barcelona, Spain
October 21-23, 2019 DattoCon Paris Paris, France
October 30, 2019 MSH Summit North Manchester, UK
October 30, 2019 IT Nation Evolve (HTG 4) Florida, USA
October 30, 2019 IT Nation Connect Florida, USA
November 5-7, 2019 Kaseya Connect Amsterdam, Netherlands

If you plan on attending any of the above events this fall, be sure to come and visit the TitanHQ team and feel free to reach out ahead of the events for further information.

Rocco Donnino, Executive Vice President-Strategic Alliances, LinkedIn
Eddie Monaghan, MSP Alliance Manager, LinkedIn
Marc Ludden, MSP Alliance Manager, LinkedIn
Dryden Geary, Marketing Director

OneStopIT Choses TitanHQ to Protect Its Customers from Email and Web-Based Threats

TitanHQ has announced it has entered not a new partnership with one of the United Kingdom’s leading Managed Service Providers (MSPs), OneStopIT.

For more than 16 years, OneStopIT has been helping small to medium sized businesses (SMBs) implement enterprise-class technology solutions. The Edinburgh-based MSP is focused on providing process-driven IT solutions to growing organizations at an affordable price.

Through the company’s dealing with UK businesses it has become clear that one of the biggest problem areas is phishing. Phishing attacks on UK businesses are now occurring at record pace and those attacks are costing businesses dearly.

UK businesses need advanced, enterprise-level cybersecurity solutions, but at an affordable SMB-friendly price. To improve protection against phishing and malware attacks, OneStopIT turned to TitanHQ.

TitanHQ has developed powerful cloud-based solutions for the SMB marketplace that incorporate enterprise-grade security features, but at a price that is affordable for even the smallest business. These solutions have been developed to be delivered by MSPs and can be easily incorporated into MSP auto-provisioning, billing, and management systems.

Under the new partnership, OneStopIT will be offering its customers SpamTItan-powered advanced email security and anti-phishing protection, WebTitan-powered DNS-based web filtering, and an ArcTitan-powered email archiving service.

All three solutions have been seamlessly integrated into OneStopIT’s security stack and are now being used to better protect its customers from today’s advanced and sophisticated cyber threats.

“ The proliferation of phishing threats across Office 365 is a real problem for SME’s in the UK and we’re partnering with a key vendor in this space to protect our customers and also give them the OneStopIT premium service they are used to,” said Ally Hollins-Kirk, CEO of OneStopIT.

New Office 365 Phishing Scams Detected

Two new Office 365 phishing scams have been detected in the past few days. One scam uses a fake Office 365 site to deliver the Trickbot Trojan and the other is a spear phishing campaign targeting Office 365 administrators to capture their credentials.

The Trickbot campaign uses a realistic domain – get.office365.live – that has all the typical elements of a genuine Microsoft website, including links to Microsoft resources. The website, identified by MalwareHunterTeam, detects the visitor’s browser and displays a popup within a few seconds of landing on the website.

A different warning is displayed for Firefox and Chrome users, with the associated logos. The warning comes from either the Chrome or Firefox Update Center. The message states that the user has an older version of the browser, which may cause incorrect site mapping, loss of all stored and personal data, and browser errors. An update button is supplied to download the browser update.

If the update button is clicked, it triggers the download of an executable file called upd365_58v01.exe. If that executable is run, the Trickbot Trojan will be downloaded and inserted into a svchost.exe process. That makes it harder for the user to detect the information stealer through Task Manager.

The Trickbot Trojan has several capabilities. It is a banking Trojan that can intercept banking credentials using webinjects. It also contains a password grabbing module which steals saved login credentials, autofill information, browsing history, and Bitcoin wallets. The malware also serves as a downloader for other malware variants and a module also been developed for propagation which includes the EternalBlue exploit.

Once installed, the malware stays in continuous contact with its C2. Due to the obfuscation methods used, the infection is unlikely to be detected by an end user, but the network admin may notice unusual traffic or attempts to connect to blacklisted domains.

This is a professional Office 365 phishing campaign that is likely to fool many end users. It is currently unclear whether traffic is being directed to the site through malvertising redirects or phishing emails.

Office 365 Admins Targeted

A phishing campaign has been detected which is targeting Office 365 administrators. Fake browser warnings are used to trick admins into disclosing their login credentials.

Emails have been constructed using the Microsoft and Office 365 logos which contain a warning about an aspect of Office 365 which requires the admin’s immediate attention. One message warns the admin about a mail redirect on an Office 365 inbox which indicates there has been an account compromise. Another advises the admin that the company’s Office 365 licenses have expired.

The emails contain a link for the admin to use to login to their Office 365 account to address the problem. The user will be directed to a webpage on the windows.net domain which has a valid certificate from Microsoft. The Microsoft login box is identical to that used on the Microsoft site.

Most admins will be vigilant and wary of warnings such as these. Even if the links are clicked, admins are likely to check the domain to make sure it is genuine. However, these scams are conducted because they do work. Some admins will be fooled and will disclose their credentials.

Admin credentials are highly valuable as they allow an attacker to create new office 365 accounts, access other user’s mailboxes, and send phishing emails from other accounts on the domain. These targeted attacks on admins are becoming more common due to the high value of the accounts and the range of attacks they allow a hacker to perform.

There is no single cybersecurity solution that will provide total protection from phishing attacks. What is needed is a defense in depth approach. End users should be provided with ongoing security awareness training to ensure they are aware of the most common threats and know how to identify potential scams. Phishing simulations are useful for gauging how effective training has been.

However, the priority must be to block these attacks and prevent end users from being tested. An advanced spam filter such as SpamTitan blocks more than 99.97% of spam and phishing emails. SpamTitan scans all incoming messages for malware and uses dual anti-virus engines for greater accuracy. A sandboxing feature has also now been added to allow the safe execution and analysis of suspicious email attachments.

WebTitan serves as an additional security layer that prevents end users from visiting malicious websites. The DNS filter can be used to exercise control over the types of websites that can be visited by employees and blocks all attempts to visit blacklisted websites, such as those that have been used for malware distribution, scams, or phishing.

Contact TitanHQ today to find out more about how SpamTitan and WebTitan can block Office 365 phishing attacks, the different deployment options, pricing information, and to book a product demonstration.

New Office 365 Phishing Scams FAQs

Will a spam filter block all spam and phishing emails?

No spam filter will be 100% effective, 100% of the time, which is why it is important to implement layered defenses. Many spam filters block around 99% of spam. SpamTitan is an advanced spam filter that has been independently verified as blocking 99.97% of spam email with a low false positive rate of just 0.03%.

How does email content filtering work?

Once initial checks have been performed to identify malware and emails from known spam sources, message content filtering takes place. Email content is analyzed, and each email is assigned a spam score based on phrases, keywords, images, and hyperlinks. A threshold is set and if that score is reached, the message will be rejected or quarantined.

What is greylisting and why is it important?

Greylisting is an important spam filtering mechanism for detecting new sources of spam. Greylisting initially rejects an email and requests the message is resent. Since email servers being used for spamming are busy sending huge volumes of messages, they do not respond to these requests or there is a significant delay. The delay is a good indicator that the message is spam.

Why should I scan outbound emails?

Outbound scanning is important for several reasons. By scanning outbound emails, email account compromises can be detected quickly to block business email compromise attacks. Attempts to use internal email accounts for sending malware and spam will be blocked, and tags can be applied to certain data types to identify attempted data theft by malicious insiders.

Phishing-as-a-Service Opens Flood Gates: Waves of Phishing Emails Expected

You may have heard of ransomware-as-a-service – where ransomware is rented for a cut of the profits generated – but now there are a growing number of hackers offering phishing-as-a-service.

Ransomware-as-a-service proved popular as it allowed people without the skill set to create their own ransomware to conduct attacks and take a share of the profits. Conducting phishing attacks is easier. It requires no knowledge of malware or ransomware. All that is required is a hosted web page that mimics a brand you want to target, a phishing kit, and an email account to send phishing emails far and wide.

There is still entry barrier to cross before it is possible to conduct phishing attacks.  Phishing requires some knowledge and skill as a spoofed phishing web page must be created and emails crafted that will attract a click. The web page will also need to be hosted somewhere so a compromised domain will therefore be required.

Phishing-as-a-service provides all of that. To get started, you purchase one of several phishing templates based on what you are targeting – Office 365, SharePoint, OneDrive, Google, or DocuSign credentials for example. The phishing pages are sold complete with phishing kits loaded and one month’s hosting.

One group offering phishing-as-a-service guarantees the phishing page will be hosted for one month and includes a three-link backup. If one URL fails or is reported as a phishing website, a further two links can be provided on request followed by a further three after that.

Phishing-as-a-service takes all the time-consuming work out of starting a phishing campaign and allows phishing campaigns to be conducted by individuals with next to no specific skills. Once payment is made for the web page, all that is required is the ability to conduct a spam campaign. The service also comes with the option of purchasing lists of email addresses for the country of choice. All that is required to conduct a phishing campaign is payment ($30+) for phishing-as-a-service and a convincing phishing email.

With the entry barrier being substantially lowered, phishing attacks are likely to become much more frequent. It is therefore essential for businesses of all sizes to take steps to improve protections and reduce susceptibility to phishing attacks.

If you are defending against any attack it pays to know your enemy. It is therefore essential for all employees with an email account to be provided with security awareness training and be taught how to recognize a phishing attack.

It is also important to implement cybersecurity solutions that help to ensure your last line of defense will not be tested. You should have an advanced anti-spam solution in place to block the vast majority of phishing threats. If you use Office 365 for your business email, a third-party anti-spam solution will provide a greater level of protection.

An additional protection against phishing attacks that is often overlooked is a DNS filter or web filter. A web filter gives organizations control over what their employees can do online and which websites they can visit. Any website that has been reported as malicious is automatically blocked using blacklists and webpages are scanned in real-time and blocked if malicious. If a phishing email reaches an inbox and attracts a click, the attempt to access the phishing website can be blocked.

If you want to improve your email and web security posture or you are looking for better value cybersecurity solutions, TitanHQ can help. Contact TitanHQ today to discuss your email and web security requirements and you will be advised on the best solutions to meet your needs.

TitanHQ offers a free trial on all products and is happy to arrange product demonstrations on request.

Invaluable Advice for MSPs at DattoCon19 in San Diego from Event Sponsor TitanHQ

The largest managed service provider conference of 2019 will be taking place in San Diego on 17-19 June.

DattoCon is the premier conference for MSPs, bringing together a plethora of vendors and industry experts to help MSPs learn business building secrets, gain invaluable product insights, and learn technical best practices. The networking and learning opportunities at DattoCon are second to none. DattoCon19 is certainly an event not to be missed.

TitanHQ is a Datto Select Vendor and a proud sponsor of DattoCon19. TitanHQ has developed cybersecurity solutions to exactly meet the needs of MSPs. All solutions area easy to implement and maintain and can be integrated into MSP’s existing systems via a suite of APIs. TitanHQ provides the web security layer to Datto DNA and D200 boxes and is the only third-party security company trusted to work with Datto.

The TitanHQ team will be on hand at the conference to discuss your email and web security needs and will offer practical advice to help you better serve the needs of your customers and get the very most out of TitanHQ solutions.

Visitors to the TitanHQ stand (booth 23) will have the opportunity to learn about TitanHQ’s exclusive TitanShield Program for MSPs. Through the TitanShield program, members have access to SpamTitan email security and phishing protection; the WebTitan DNS filter; and the ArcTitan email archiving solution. Around 2,000 MSPs have already signed up to the program and are using TitanHQ solutions to protect their clients.

If you currently use Cisco Umbrella to provide web and malware protection, you may be paying far more for security than is necessary and could well be struggling with product support. Be sure to speak to the team about the savings from switching and the support provided by TitanHQ. A visit will also be useful for MSPs that are currently supporting Office 365, as the team will explain how spam, phishing and malware protection can be enhanced.

TitanHQ Executive Vice President-Strategic Alliances, Rocco Donnino, will be on the panel for the new, Datto Select Avendors event on Monday. The event runs from 3PM to 4PM and brings together experts from several select companies who will help solve some of the epic problems faced by MSPs today.

Additional Benefits at DattoCon19

  • New TitanHQ customers benefit from special show pricing.
  • A daily raffle for a free bottle of vintage Irish whiskey.
  • Two DattoCon19 parties: TitanHQ and BVOIP are sponsoring a GasLamp District Takeover on Monday 6/17 and Wed, 6/19.

DattoCon Details

DattoCon19 will be taking place in San Diego, California on June 17-19, 2019
If you are not yet registered for the event you can do so here.
TitanHQ will be at booth 23

Contact the TitanHQ team in advance:

  • Rocco Donnino, Executive Vice President-Strategic Alliances, LinkedIn
  • Eddie Monaghan, MSP Alliance Manager, LinkedIn
  • Marc Ludden, MSP Alliance Manager, LinkedIn

G2 Names TitanHQ One of Best Software Companies in EMEA in 2019

The global user review website, G2, is the go-to place to find reviews of business software and services. Unlike many other review websites, G2 gives users of the software and services the opportunity to provide their feedback on how the products perform. Millions of businesses use the website to make smarter buying decisions and select the best products and services to meet their needs.

This year, for the first time, G2 has launched a new Best Software Companies in EMEA list. To produce the list, G2 used the reviews of more than 66,000 users of the products of more than 900 companies. To be selected as one of the best companies is only possible if users of products and services have given their endorsement.

“G2’s ever-expanding breadth and depth of product, review, and traffic coverage provide over 5 million data points to help buyers navigate the complex world of digital transformation”, said G2 CEO Godard Abel. “In our Best Software Companies in EMEA list, we leverage this data to identify the companies our users tell us are best helping them reach their potential”.

TitanHQ has developed a suite of advanced cybersecurity solutions to keep businesses protected from email and web-based threats and help MSPs serving that market effortlessly provide managed cybersecurity services to their clients.

“TitanHQ earned its place on the list thanks to the value our customers place on the uncompromised security and real-time threat detection we provide,” said Ronan Kavanagh, CEO, TitanHQ. “The overwhelmingly positive feedback from on G2 Crowd is indicative of our commitment to ensuring the highest levels of customer success.”

Ransomware Attacks on the Rise Once More and Cities are in Attackers’ Crosshairs

The use of ransomware to attack businesses continued to decline throughout 2018 after extensive use of the file-encrypting malware by cybercriminals in 2016 and 2017. In 2018, ransomware fell out of favor with cybercriminals, who turned to other forms of cybercrime to make money.

However, ransomware is seeing something of a resurgence in 2019. The latest Breach Insights Report from Beazley Breach Response Services shows ransomware attacks are increasing once again. In the first quarter of 2019, ransomware attack notifications from its clients increased by 105% from Q1, 2018. Ransom demands are also increasing.

The rise in attacks has continued in Q2. Attacks using MegaCortex ransomware surged in late April. The ransomware variant was first identified in January and was only used in a handful of attacks in the following three months, but in the last week in April, 47 confirmed attacks were reported.

Dharma ransomware attacks have similarly increased. According to Malwarebytes, the past two months have seen a 148% increase in attacks. The threat actors behind Dharma ransomware are now using a variety of methods to distribute their ransomware payload.

The most common method of distribution is phishing emails. Emails contain embedded hyperlinks that direct users to a malicious website where the ransomware payload is downloaded. Email attachments containing malicious scripts are also used to download the ransomware payload.

Attacks are also taking place via remote desktop protocol over TCP port 3389. Brute force attacks are conducted to gain access to a device then ransomware is deployed. Dharma ransomware has also been identified in fake antivirus software programs which are pushed via a variety of websites. Users are tricked into downloading fake AV software after receiving a fake alert about a malware infection that has been detected on the user’s device.

Ransomware has also been used in conjunction with other malware such as Emotet. Emotet was once a banking Trojan but has since morphed into a botnet, capable of stealing login credentials, propagating itself via email on an infected device, and is capable of downloading other malware payloads. Emotet has been used to distribute Ryuk ransomware.

There have been upticks in attacks using other ransomware variants and the popularity of ransomware continues to grow, with some industries targeted more than others. Healthcare organizations are an attractive target as access to patient data is critical for providing medical services. There is a higher probability of ransom demands being paid due to reliance on patient data.

A recent report from Recorded Future has confirmed that attacks on towns, cities, and local government systems are soaring. Its study confirmed that there were 169 attacks on county, city, or state government systems and police and sheriffs’ offices since 2013. There were 38 ransomware attacks in 2017, 53 in 2018, and 22 attacks have already occurred in 2019 and the year is not yet halfway through.

Akron, OH; Albany, NY; Jackson County and Cartersville, GA; and Lynn, MA, have all been attacked this year and the city of Baltimore, MA, has been struggling to recover from its attack for the past two weeks with many city services still disrupted.

The rise in attacks is understandable. The potential rewards from a successful attack are high, many victims have no alternative but to pay, and thanks to ransomware-as-a-service, attacks are easy to pull off and require little in the way of skill.

As long as the attacks continue to be profitable, they will continue. What businesses need to do is to make it much harder for the attacks to succeed and to ensure that if disaster does strike, recovery is possible without having to pay a ransom.

Recovery depends on viable backups of all critical files being available. That means regular backups must be made, those backups need to be tested to make sure files can be restored, and copies need to be stored securely where they cannot also be encrypted.

Remote Desktop Protocol is a weak point that is commonly exploited. If RDP is not required, it should be disabled. If disabling RDP is not an option, strong, complex passwords should be used and access should only be possible using a VPN.

To block web-based attacks, consider implementing a web filtering solution such as WebTitan which prevents users from visiting known malicious websites and downloading executable files types.

One of the primary methods of delivering ransomware is spam and phishing emails. An advanced spam filtering solution should be implemented to block malicious emails and ensure they are not delivered to end users’ inboxes. SpamTitan now incorporates a sandbox, which allows suspicious files to be executed in a secure environment where activities of the files can be safely analyzed for malicious actions. SpamTitan also scans outgoing mail for signs of infection with Emotet.

While these technical controls are important, you should not forget end users. By providing security awareness training and teaching end users how to recognize potential threats, they can be turned into a strong last line of defense.

Fortunately, with layered defenses you can make it much harder for ransomware attacks to succeed and can avoid becoming yet another ransomware statistic.

New TitanShield Partner Program Launched by TitanHQ

New TitanShield Partner Program Launched by TitanHQ

TitanHQ, the leading provider of spam filtering, web filtering, and email archiving solutions to SMBs and managed service providers (MSPs) has announced a new partner program has been launched: TitanShield.

The aim of the TitanShield Partner Program is to provide MSPs, cloud distributors, OEM partners, Wi-Fi providers, and Technology Alliance partners with all the tools and support they need to start offering TitanHQ solutions to their clients and to provide continued support.

The launch of the new program coincides with TitanHQ’s 20-year anniversary. For the past two decades, TitanHQ has been developing innovative cybersecurity solutions for SMBs and MSPs that serve the SMB market. The company started by developing anti-spam technologies for businesses in Ireland and has since grown into an award-winning global provider of cybersecurity solutions.

Over the course of the past year, TitanHQ has been working closely with partners to make it as easy as possible for them to sell, onboard, deliver, and managed advanced network security solutions directly to their client base. In fact, in the past 9 months, as a result of those efforts, TitanHQ has increased its partner base by 40%.

In addition to providing cutting edge cybersecurity solutions to protect against email and web-based attacks and meet compliance requirements, TitanHQ offers partners flexible pricing models, competitive margins, and a wealth of sales and technical resources to drive revenue growth.

Under the new partner program, all qualified partners will be assigned a dedicated account manager, a support team, and engineers. Partners also benefit from a full range of APIs that will enable them to incorporate TitanHQ products into their backend provisioning and management systems and will be provided with extensive sales enablement and marketing support, including lead generation resources.

“Our new TitanShield partner program allows us to separate partners into their specific areas so that we can make sure they are receiving best practices, simple pricing models and focused information for the markets and customers they serve,” explained TitanHQ Executive VP of Strategic Alliances, Rocco Donnino “Our program takes a unique and strategic approach for our partners and can be customized to fit all business models.”

MSPs and cloud providers who have not yet started offering TitanHQ solutions to their clients can find out more about the TitanShield program by emailing the team at partners@titanhq.com

Webinar: Discover the Exciting New Features of SpamTitan

Current users of the SpamTitan email security solution and SMBs and MSPs that are considering implementing SpamTitan or offering it to their clients are invited to join a webinar in which TitanHQ will explains the exciting new features that have recently been incorporated into the anti-phishing and anti-spam solution.

SpamTitan has recently received a major update that has seen the incorporation of DMARC email authentication to better protect users from email impersonation attacks and the addition of a new Bitdefender-powered sandbox. The sandbox allows users to safely assess email attachments for malicious actions, to better protect them against zero-day malware and other malicious software delivered via email.

The webinar will explain these and other features of SpamTitan in detail and the benefits they offer to customers, including how they better protect SMBs and SMEs from phishing, spear phishing, spoofing, ransomware, malware, and zero-day attacks.

The webinar will also explain why SpamTitan is the leading email security solution for managed service providers serving the SMB and SME market and how the solution can help to enhance security for their clients and can easily be slotted into their service stacks.

The webinar will be taking place on Thursday April 4, 2019 at 12pm, EST and will last approximately 30 minutes.

Advance registration is necessary. You can sign up for the webinar on this link.

Survey Highlights Healthcare Email Security Weaknesses

The 2019 Cybersecurity Survey conducted by the Healthcare Information and Management Systems Society (HIMSS) has highlighted healthcare email security weaknesses and the seriousness of the threat of phishing attacks.

HIMSS conducts the survey each year to identify attack trends, security weaknesses, and areas where healthcare organizations need to improve their cybersecurity defenses. This year’s survey confirmed that phishing remains the number one threat faced by healthcare organizations and the extent that email is involved in healthcare data breaches.

This year’s study was conducted on 166 healthcare IT leaders between November and December 2018. Respondents were asked questions about data breaches and security incidents they had experienced in the past 12 months, the causes of those breaches, and other cybersecurity matters.

Phishing attacks are pervasive in healthcare and a universal problem for healthcare providers and health plans of all sizes. 69% of significant security incidents at hospitals in the past 12 months used email as the initial point of compromise. Overall, across all healthcare organizations, email was involved in 59% of significant security incidents.

The email incidents include phishing attacks, spear phishing, whaling, business email compromise, and other email impersonation attacks. Those attacks resulted in network breaches, data theft, email account compromises, malware infections, and fraudulent wire transfers.

When asked about the categories of threat actors behind the attacks, 28% named ‘online scam artists’ and 20% negligence by insiders. Online scam artists include phishers who send hyperlinks to malicious websites via email. It was a similar story the previous year when the survey was last conducted.

Given the number of email-related breaches it is clear that anti-phishing defenses in healthcare need to be improved. HIPAA requires all healthcare employees to receive security awareness training, part of which should include training on how to identify phishing attacks. While this is a requirement for compliance, a significant percentage (18%) of healthcare organizations do not take this further and are not conducting phishing simulations, even though they have been shown to improve resilience against phishing attacks by reinforcing training and identifying weaknesses in training programs.

The continued use of out of date and unsupported software was also a major concern. Software such as Windows Server and Windows XP are still extensively used in healthcare, despite the number of vulnerabilities they contain. 69% of respondents admitted still using legacy software on at least some machines. When end users visit websites containing exploit kits, vulnerabilities on those devices can easily be exploited to download malware.

It may take some time to phase out those legacy systems, but improving healthcare email security is a quick and easy win. HIMSS recommends improving training for all employees on the threat from phishing with the aim of decreasing click rates on phishing emails. That is best achieved through training, phishing simulations, and better monitoring of responses to phishing emails to identify repeat offenders.

At TitanHQ, we can offer two further solutions to improve healthcare email security. The first is an advanced spam filtering solution that blocks phishing emails and prevents them from being delivered to inboxes. The second is a solution that prevents employees from visiting phishing and other malicious websites such as online scams.

SpamTitan is an advanced anti-phishing solution that scans all incoming emails using a wide range of methods to identify malicious messages. The solution has a catch rate in excess of 99.9% with a false positive rate of just 0.03%. The solution also scans outbound messages for spam signatures to help identify compromised email accounts.

WebTitan Cloud is a cloud-based web filtering solution that blocks attempts by employees to visit malicious websites, either through web surfing or responses to phishing emails. Should an employee click on a link to a known malicious site, the action will be blocked before any harm is caused. WebTitan also scans websites for malicious content to identify and block previously known phishing websites and other online scams. Alongside robust security awareness training programs, these two solutions can help to significantly improve healthcare email security.

For further information on TitanHQ’s healthcare email security and anti-phishing solutions, contact TitanHQ today.

LockerGoga Ransomware Suspected in Altran Cyberattack

The French engineering firm Altran Technologies has been grappling with a malware infection that hit the firm on January 24, 2019.

Immediately following the malware attack, Altran shut down its network and applications to prevent the spread of the infection and to protect its clients. Technical and computer forensics experts are now assisting with the investigation. The Altran cyberattack has affected operations in some European countries and the firm is currently working through its recovery plan.

A public announcement has been made about the attack although the malware involved has not been officially confirmed. Some cybersecurity experts believe the attack involved a new ransomware variant named LockerGoga which emerged in the past few days.

LockerGoga ransomware was first identified on January 24 in Romania and subsequently in the Netherlands. It was named by MalwareHunterTeam, based on the path used for compiling the source code into an executable.

LockerGoga ransomware does not appear to be a particularly sophisticated malware variant. Security researcher Valthek, who analyzed the malware, claimed the code was ‘sloppy’, the encryption process was slow, and little effort appears to have been made to evade detection. The ransomware appends encrypted files with the .locked file extension.

The ransomware note suggests that companies are being targeted although it is currently unclear how the ransomware is being distributed.

LockerGoga ransomware encrypts a wide range of file types and, depending on the command line argument, may target all files. Since the encryption process is slow, fast detection and remediation will limit the damage caused. Failure to detect the ransomware and take prompt action to mitigate the attack could prove costly. The ransomware can spread laterally through network connections and network shares, resulting in widespread file encryption.

The ransomware had a valid certificate that was issued to a UK firm by Comodo Certificate Authority. The certificate has since been revoked.

LockerGoga ransomware is currently being detected as malicious by 46/69 AV engines on VirusTotal, including Bitdefender, the primary AV engine used by SpamTitan.

Allscripts EHR Breach Highlights Need for Improved Ransomware Protections for Healthcare Organizations

The massive Allscripts EHR breach in January 2018 resulted in massive disruption for the company and its clients. Clients were locked out of their electronic health records for several days while the company battled to recover from the attack. Around 1,500 of the company’s clients were affected.

The cost of mitigating the ransomware attack was considerable, and in addition to those costs, the Allscripts EHR breach prompted many clients to take legal action. The costs continue to mount.

The Allscripts EHR breach involved SamSam ransomware, which has plagued the healthcare industry over the past couple of years. The threat actors behind the attacks typically gain access to healthcare networks through RDP vulnerabilities and deploy the ransomware manually after scouting the network. This way, maximum damage can be inflicted, which increases the probability of the ransom being paid.

The Allscripts EHR breach certain stands out as one of the most damaging ransomware attacks of 2018, although it was just one of many healthcare ransomware attacks in 2018 involving many ransomware variants.

According to Beazley Breach Response Services, ransomware attacks more than doubled in September. Many cybercriminals have switched to cryptocurrency mining malware, but the ransomware attacks on healthcare organizations are continuing and show no sign of slowing.

In recent months, there has been a growing trend of combining malware variants to maximize the profitability of attacks. Ransomware is a quick and easy way for cybercriminals to earn money but combining ransomware with other malware variants is much more profitable. Further, if files are recovered from backups and no ransom is paid, cybercriminals can still profit from the attacks.

Several campaigns have been detected recently that combine Trojans such as AZORult, Emotet and Trickbot with ransomware. Attacks with these Trojans have increased by 132% since 2017 according to Malwarebytes. The Trojans steal sensitive information through keylogging, are capable lateral movement within a network, and also serve as downloaders for other malware such as Ryuk and GandCrab ransomware. Once information has been stolen, the ransomware payload is deployed.

The Allscripts EHR breach was somewhat atypical. It is far more common for ransomware to be delivered via email than brute force attacks on RDP. The campaigns combining Emotet, Trickbot, and AZORult with ransomware are primarily delivered by email.

In addition to ransomware attacks, phishing attacks are rife in healthcare. Email was the most common location of exposed protected health information in 2018. Email security is a weak point in healthcare defenses.

The number of successful ransomware and phishing attacks in healthcare make it clear that email security needs to improve. An advanced spam filter to block malicious emails, improved end user training is required to teach employees how to recognize email threats, intrusion detection systems need to be deployed, along with powerful anti-virus solutions. Only by implementing layered defenses to block email attacks and other attack vectors will healthcare organizations be able to reduce the risk of ransomware attacks.