Our Internet security section covers a wide range of topics including the latest online threats such as new phishing scams, changes in exploit kit activity, and up to date information on new malware and ransomware variants and social media scams.
Here you will find articles on data breaches, together with the causes of attacks and potential mitigations to reduce the risk of similar incidents occurring at your organization. Lessons can be learned from attacks on other organizations and threat intelligence can help security teams prepare for impending cyberattacks.
This section also contains news on the latest remote code execution vulnerabilities and zero day exploits that are being used to gain access to business networks, such as the network worm attacks that were used to spread WannaCry ransomware around the globe in May 2017.
In addition to mitigations – such as news of patches and software upgrades – articles are included to help organizations improve Internet security. Employees are a weak link in security defenses and frequently download malware or engage in risky behavior that could result in a network compromise. This section includes information that can be used by organizations to reduce the risk of employees inadvertently downloading malicious software or disclosing their credentials on phishing websites, turning them from liabilities into security assets.
Spear phishing attacks are being conducted by a cyber threat group working on behalf of Iran’s Islamic Revolutionary Guard Corps. The cyber threat actors have been gaining access to the personal and business accounts of targeted individuals to obtain information to support Iran’s information operations.
According to a joint cybersecurity advisory issued by the Federal Bureau of Investigation (FBI), U.S. Cyber Command – Cyber National Mission Force (CNMF), the Department of the Treasury (Treasury), and the United Kingdom’s National Cyber Security Centre (NCSC), the campaign has been targeting individuals with a nexus to Iranian and Middle Eastern affairs, including journalists, political activists, government officials, think tank personnel, and individuals associated with US political campaign activity.
Individuals are typically contacted via email or messaging platforms. As is common in spear phishing attacks, the cyber threat actors impersonate trusted contacts, who may be colleagues, associates, acquaintances, or family members. In some of the group’s attacks, they have impersonated known email service providers, well-known journalists seeking interviews, contacts offering invitations to conferences or embassy events, or individuals offering speaking engagements. There have been instances where an individual is impersonated who is seeking foreign policy discussions and opinions.
In contrast to standard phishing attacks where the victim is sent a malicious email attachment or link to a phishing website in the initial email, more effort is put into building a rapport with the victim to make them believe they are engaging with the person the scammer is impersonating. There may be several exchanges via email or a messaging platform before the victim is sent a malicious link, which may be embedded in a shared document rather than being directly communicated via email or a messaging app.
If the link is clicked, the victim is directed to a fake email account login page where they are tricked into disclosing their credentials. If entered, the credentials are captured and used to login to the victim’s account. If the victim’s account is protected with multi-factor authentication, they may also be tricked into disclosing MFA codes. If access to the account is gained, the cyber threat actor can exfiltrate messages and attachments, set up email forwarding rules, delete or manipulate messages, and use the account to target other individuals of interest.
Spear phishing attempts are harder to identify than standard phishing attempts as greater effort is put in by the attackers, including personalizing the initial contact messages, engaging in conversations spanning several messages, and using highly plausible and carefully crafted lures. These emails may bypass standard spam filtering mechanisms since the emails are not sent in mass campaigns and the IP addresses and domains used may not have been added to blacklists.
It is important to have robust anti-phishing, anti-spam, and anti-spoofing solutions in place to increase protection and prevent these malicious emails from reaching their intended targets. An advanced spam filtering solution should be used that incorporates Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication Reporting and Conformance (DMARC) to identify spoofing and validate inbound emails. SpamTitan also incorporates machine learning and AI-based detection to help identify spear phishing attempts.
If you are a Microsoft 365 user, the anti-spam and anti-phishing mechanisms provided by Microsoft should be augmented with a third-party anti-phishing solution. PhishTitan can detect the spear phishing emails that Microsoft’s EOP and Defender often miss while adding a host of detection mechanisms and anti-phishing features including adding banners to emails from external sources.
One of the main defenses against these attacks is vigilance. An end-user security awareness training program should be implemented to improve awareness of spear phishing attacks. SafeTitan makes this as easy as possible and covers all possible attack scenarios, with training provided in short and easy-to-assimilate training modules. It is also important to conduct phishing simulations to raise and maintain awareness. These simulations can be especially effective at raising awareness about spear phishing emails and giving end users practice at identifying these threats.
Multifactor authentication should be enabled on all accounts, with phishing-resistant multi-factor authentication providing the highest degree of protection. IT teams should also consider prohibiting email forwarding rules from automatically forwarding emails to external addresses and conducting regular scans of the company email server to identify any custom rules that have been set up or changes to the configuration. Alerts should also be configured for any suspicious activity such as logins from foreign IP addresses.
A malvertising campaign is behind a surge in FakeBat malware infections, according to researchers at Google’s Mandiant. FakeBat is a malware loader that is offered to other cybercriminals under the malware-as-a-service model. Once infected with FakeBat, system information is gathered and exfiltrated to its command-and-control server, and if the victim is of interest to the threat actor’s business partners, they can use FakeBat to download their own payloads onto an infected device. FakeBat, also known as EugenLoader, has fast become a major player among cyber threats with infections increasing significantly in recent months due to the ability of the malware to evade security solutions and hide the additional payloads it delivers.
FakeBat malware is primarily distributed via malvertising and drive-by downloads. Malvertising is the name given to malicious adverts that trick Internet users into downloading malicious software. Malicious adverts are created on online advertising platforms such as Google Ads, and the adverts then appear prominently at the top of search engines for certain search terms. They often catch unwary Internet users who fail to check the URL they are directed to after clicking an advert. Google has numerous safeguards in place to thwart attempts by threat actors to upload malicious adverts to its platform, but threat actors can bypass those security controls. Malicious adverts may also appear in the third-party ad blocks that many website owners add to their sites to generate additional revenue. The domains used for these scams can be convincing, as they often closely resemble the domain name of the legitimate software provider.
Drive-by downloads of malware can occur on many different websites, including attacker-owned domains and compromised sites. Websites may be created for the sole purpose of delivering malware, with black hat search engine optimization (SEO) techniques used to get web pages to appear high in the search engine listings for certain search terms. Cybercriminals may also compromise legitimate websites by exploiting vulnerabilities and then create new web pages on those sites for malware distribution. These sites often contain JavaScript that runs when a user lands on the site and generates a fake security warning, such as an alert that malware has been detected on their device. Software is offered to remove the malware, but downloading the installer will result in malware being installed.
These approaches are often used to target company employees, with adverts and malicious web pages offering popular software downloads. The adverts and websites are carefully crafted to make the user believe they are downloading the genuine software they seek. Oftentimes, the adverts and websites provide legitimate software; however, the installers also side-load malware. These malware infections often go unnoticed since the user gets the software they are expecting.
The malvertising campaigns that deliver FakeBat malware use signed MSIX installers that impersonate popular software products such as WinRAR, the password software KeePass, the gaming platform Steam, the video conferencing platform Zoom, and web browsers such as Brave. Malware known to be delivered by FakeBat includes information stealers (e.g. Redline Stealer, Lumma Stealer), banking trojans (e.g. IcedID), Remote access Trojans (e.g. SectopRAT), and more. The threat actor is also known to use phishing to distribute FakeBat malware.
Businesses should ensure they take steps to prevent malware infections via malvertising and drive-by downloads, as a single mistake by an employee can result in a costly malware infection and data breach and could potentially also lead to a ransomware attack and significant data loss.
TitanHQ offers cybersecurity solutions that offer multiple layers of protection against malware infections. Since these campaigns trick employees into installing malware, one of the best defenses is to provide comprehensive security awareness training. TitanHQ’s SafeTitan security awareness training platform makes it easy for businesses to improve the security awareness of their workforce by eradicating risky behaviors and teaching employees how to recognize, avoid, and report threats. The platform also includes a phishing simulator to test employees’ skills at identifying phishing attempts with training content automatically generated in response to simulation failures.
Technical defenses are also important to prevent employees from visiting malicious websites. The WebTitan DNS filter is a powerful tool for carefully controlling access to websites. WebTitan blocks access to all known malicious sites and can be configured to block certain file downloads from the Internet, such as MSIX installers. TitanHQ’s SpamTitan cloud-based spam filter and the PhishTitan anti-phishing solution provide cutting-edge protection against phishing attempts. The engine that powers these solutions has been independently tested and demonstrated to block 100% of known malware. SpamTItan also includes email sandboxing for identifying malware by its behavior, in addition to twin antivirus engines for blocking known malware, and machine learning capabilities to detect novel phishing threats.
To find out more about improving your defenses against malvertising, drive-by downloads, phishing, and other cyber threats, give the TitanHQ team a call. All TitanHQ solutions are also available on a free trial to allow you to put them to the test before making a purchase decision.
Ascension, one of the largest private healthcare systems in the United States, fell victim to a ransomware attack on May 8, 2024, that forced systems offline, including patients’ medical records which were not fully restored for a month. The attack caused massive disruption, and without access to electronic health records, staff were forced to record patient information manually.
Patient care was seriously affected, with delays in diagnosis and treatment, and the lack of access to medical records resulted in medical errors. Without technology to perform routine safety checks, patient safety was put at risk. The investigation into the attack is still ongoing, but evidence has already been found that files containing sensitive data were stolen in the attack. The scale of the data breach has yet to be determined but for a healthcare system as large as Ascension, the breach could be considerable.
The ransomware attack occurred as a result of a simple error by a single employee, who was tricked into downloading a malicious file from the internet. That file provided the attackers with a foothold in the network, from where they were able to launch a devastating ransomware attack. Ascension said it has no reason to believe that the file download was a malicious act and is satisfied that it was an honest mistake by the employee. Sadly, it is the type of mistake that frequently results in ransomware attacks and costly data breaches.
Ascension has not disclosed how the file was downloaded, whether it was from general web browsing, malvertising that directed the employee to a malicious website, or if they clicked a link in a phishing email. Regardless of how the employee arrived at the malicious site, the attack could have been prevented with the right technology in place. It is possible to protect against all of the above-mentioned methods of malware delivery with a web filter. WebTitan from TitanHQ is a DNS-based web filter for businesses to prevent employees from visiting websites hosting malware and to block the web-based component of phishing attacks.
WebTitan is fed threat intelligence to provide real-time protection against malicious websites. As soon as a malicious website is detected, it is added to the database and all WebTitan users are prevented from visiting that URL. WebTitan categorizes and blocks around 60,000 malware and spyware domains each day and if an attempt is made to visit one of those URLs, whether it is via a link in an email, malvertising, or general web browsing, the attempt is blocked and the user is directed to a locally hosted block page.
WebTitan is updated constantly with vast click stream traffic from actively visited URLs from 500 million end users, and the data is used to categorize websites. WebTitan users can then place restrictions on 53 categories of websites that employees can visit on their work devices, eliminating risks from common sources of malware such as torrent and file-sharing sites for which there is no business reason for access. Further, as an additional protection against malware, WebTitan can be configured to block downloads of certain file types from the internet, such as executable files that are commonly used to deliver malware. For the majority of employees, there is rarely a business need to download executable files.
Malware is commonly delivered via email, either via attachments containing malicious scripts and macros or via embedded hyperlinks. It is important to have an advanced email security solution in place to block this method of malware delivery. SpamTitan is a cloud-based anti-spam service that protects against known malware using twin antivirus engines that scan attachments for the signatures of malware. To protect against novel malware threats, SpamTitan incorporates a Bitdefender-powered email sandbox, where suspicious messages are sent for deep inspection. An email sandbox is key to blocking malware threats and essential due to the volume of novel malware variants now being distributed.
While technological solutions are essential, it is also important to provide security awareness training to the workforce to improve awareness of cyber threats and teach security best practices. This is another area where TitanHQ can help. SafeTitan is a comprehensive security awareness training platform and phishing simulator that is proven to reduce susceptibility to phishing attacks that helps businesses develop a human firewall and combat the many threats that target employees.
For more information on improving your defenses against malware and phishing threats, give the TitanHQ team a call. All TitanHQ cybersecurity solutions are also available on a free trial to allow you to put them to the test before making a purchase decision.
Downloading unofficial and pirated software from the Internet carries a significant risk of malware infections. Malware is often packaged with the installers or with the cracks/key generators that provide the serial keys or codes to activate the software.
Cybercriminals use a variety of methods for driving traffic to their malicious websites, including malicious Google Ads, adverts on other third-party ad networks, SEO poising to get their malicious sites appearing high in the search engine listings, and via torrent and warez sites. A warning has recently been issued about the latter by AhnLab Security Intelligence Center (ASEC).
The campaign identified by the researchers distributes Microsoft Office, Microsoft Windows, and the Hangul Word Processor. The pirated software is available through torrent sites and includes a professional-looking installer. The installer for Microsoft Office allows users to select the Office products they want to install in either the 32-bit or 64-bit version and select the language.
If the installer is run, the user will get the software they are looking for; however, in the background, a malware cocktail will be installed. The threat actor behind this campaign is distributing several different malware payloads, including coinminers, remote access trojans (RATs), downloaders, and anti-AV malware.
When the installer is run, an obfuscated .NET downloader is executed which connects to the attacker’s Telegram/Mastadon channels and obtains a Google Drive or GitHub URL from where Base64 encrypted strings are obtained. Those strings are decrypted on the device and are PowerShell commands. Task Scheduler is used to execute the PowerShell commands, which install the malware. The scheduled tasks also allow the threat actor to consistently install other malware variants on the infected device.
By using Task Scheduler, the threat actor can reinstall malware if it is detected and removed, and since an updater is installed, the PowerShell commands can change. Even if the initial URLs are blocked, others will be added to ensure malware can still be delivered.
Initially, the threat actor was installing the updater together with either the Orcus RAT or the XMRig cryptocurrency miner. Orcus RAT provides the threat actor with remote control of an infected device, and has keylogging capabilities, can take screenshots, access the webcam, and exfiltrate data. XMRig is configured to only run when it is unlikely to be detected and will quit when system resource usage is high.
In the latest campaign, the threat actor also installs 3Proxy, which allows abuse of the infected device as a proxy, PureCrypter for downloading and executing additional malware payloads, and AntiAV malware, which disables antivirus and other security software by modifying the configuration files.
While this campaign appears to be targeting users in South Korea, it clearly shows the risks of downloading pirated software. Due to the inclusion of the updater and the installation of PureCrypter, remediation is difficult. Further, new malware variants are being distributed every week to evade detection.
Employees often download software to make it easier for them to do their jobs, and Torrent sites are a common source of unauthorized software. Businesses should therefore implement policies that prohibit employees from downloading software that has not been authorized by the IT department and should also implement controls to prevent Torrent and other software distribution sites from being accessed.
With TitanHQ’s WebTitan DNS filter, blocking access to malicious and risky websites could not be simpler. Simply install the cloud-based web filter and configure the solution by using the checkboxes in the user interface to block access to these categories of websites. WebTitan is constantly updated with the latest threat intelligence to block access to known malicious websites, and it is also possible to block downloads of executable files from the Internet.
For more information on improving Internet security with a DNS-based web filter, give the TitanHQ team a call. WebTitan, like all other TitanHQ products, is available on a free trial, with product support provided to ensure you get the most out of the solution during the trial.
There has been a marked increase in malware distribution campaigns in recent months using fake adverts that direct users to malicious websites where sensitive information such as login credentials or credit card numbers is collected, or malware is distributed. This tactic is called malvertising.
One of the most common types of malvertising is the creation of malicious adverts for software solutions, which are displayed when users search for software in search engines. The reason why software-related malvertising is effective is users are searching for a software solution, which means they will be expecting to download an installer. Software installers are executable files, and malware can be packed into the installers. When the installer is executed, the user will get the software they are expecting but malware will also installed in the background.
There are a variety of defenses against malvertising. Installing an ad blocker will prevent the adverts from being displayed, security awareness training should teach employees to always be wary of adverts and to hover their mouse arrow over the advert to show the destination URL and ensure that the URL matches the software being offered. Another important defense is a web filter, which will block access to the malicious sites that the adverts direct users to. Web filters such as WebTitan can also protect against Internet-based malware distribution that doesn’t use malvertising to drive traffic to malicious websites, and can also block downloads of executable files from the Internet for individuals or user groups.
For example, a campaign has recently been detected that uses booby-trapped websites that generate a fake web browser update warning. The websites have embedded JavaScript code which redirects users to an update page where they can apply important browser security updates. The user proceeds to download what appears to be a zip file that contains the updater; however, the updater is a JavaScript file that will launch PowerShell scripts that will download and execute a malware payload from the threat actor’s remote server. In this campaign, at least two malware payloads are delivered – the BitRAT remote access trojan and the Lumma Stealer information stealer.
Another browser update scam has been identified that involves tricking the user into copying, pasting, and executing a PowerShell command to protect their browser; however, the PowerShell command will deliver and execute malware.
While an ad blocker will block the malicious adverts in these campaigns, it will not block drive-by malware downloads and attacks that use email, SMS, and instant messaging services to distribute malicious links. WebTitan is a more comprehensive web security solution that has multiple curated threat intelligence feeds that block access to a malicious website for all WebTitan users within about 5 minutes of a malicious site being detected anywhere in the world. The solution will also block downloads of executable files and has an easy-to-implement and configure category-based filter, that allows businesses to block access to risky and/or non-work-related websites.
WebTitan adds an extra layer to your security defenses to protect against malware distribution and the web-based component of phishing attacks. Further, being a DNS-based filter there is no latency, and the solution can be used to protect devices on and off the network, with the latter possible by installing a roaming agent on mobile devices.
For further information on malvertising protection, web filtering, and DNS and URL filtering, give the TitanHQ team a call.
Phishing and spam emails are commonly used for malware distribution; however, it has become much harder for malware and malicious scripts to evade email filtering solutions, especially advanced email security solutions with sandboxing and AI and machine learning capabilities. Some threat actors have had greater success using Google Ads to drive traffic to sites hosting trojanized installers for popular software.
Google Ads allows advertisers to bid to place adverts at the top of the search engine listings for key search terms, giving the adverts the most prominent position on the page. While Google has controls in place to prevent malicious ads from appearing, a small number of threat actors successfully circumvent those controls. Some of the most effective uses of malicious Google Ads are for software solutions. If threat actors can direct users to a malicious site that resembles a legitimate software provider, the user is likely to download and run the installer and inadvertently infect their device with malware.
One such campaign was recently uncovered by security researchers at Malwarebytes. While they were unable to identify the final malicious payload, they believe the goal was to deliver an information stealer. An information stealer is a type of malware that runs in the background and gathers information about the system. Information stealers often target login information such as usernames and passwords and can capture keystrokes, take screenshots, search histories, cookies, steal from cryptocurrency wallets, and more.
In this campaign, the threat actors targeted search terms related to the Arc browser for Windows, a freeware web browser that was launched in July 2023 for MacOS. The web browser has many features that set it aside from other web browsers and it has received five-star reviews from reviewers and users since its launch in 2023. The highly anticipated Windows version was released on April 30, 2024, and the malvertising campaign was prepared ahead of the launch.
One potential problem with a campaign such as this is malvertisers need to direct traffic to their own website where the malicious installer is hosted. If you are looking to download Adobe Reader, for example, and the advert displays anything other than the Adobe.com domain, you would know not to click. With Google Ads, malvertisers can display the legitimate domain in the Ad and then redirect the user to their own domain when they click the ad.
In this campaign, like many other malvertising campaigns, the threat actor uses lookalike domains that closely resemble the legitimate domain – Arc[.]net, and the page looks exactly like the legitimate site that it spoofs. If the user clicks to download the installer and executes the file, it will install the Arc browser as well as a malicious script that downloads and executes the malware payload. The malware will then run silently in the background and the user will likely be unaware that anything untoward has happened.
Employees often look for software to allow them to work more efficiently and download software from the web. For businesses, malicious Google Ads are a serious threat and can easily lead to a costly malware infection and data breach. To protect against malware infections via the web, many businesses rely on antivirus software that scans for malware when it has been downloaded. The problem is these solutions are often signature-based and can only detect malware variants if they have the signatures in their malware definition lists. New variants are constantly being released that differ sufficiently to evade signature-based detection mechanisms.
In addition to antivirus software, businesses should consider implementing a web filter such as WebTitan. WebTitan is a DNS-based web filter with no latency, so there is no impact on page load and download speeds. The filter is fed threat intelligence from a network of 500 million end users and is constantly updated with the latest intelligence and will block attempts to visit known malicious sites. If a user attempts to visit a known malicious URL, the attempt will be blocked before a connection is made. WebTitan can also be configured to block certain file downloads from the web, such as executable files. This will stop malware from being installed and will also help to curb shadow IT. WebTitan can also be configured to block third-party adverts on websites to combat malvertising.
In addition to these software solutions, businesses should provide security awareness training to the workforce to explain the risks of malware, teach security best practices, and eradicate risky behaviors. This is another area where TitanHQ can help. TitanHQ has a comprehensive security awareness training platform – SafeTitan – which is the only behavior-driven security awareness solution that delivers security training in real-time in response to security errors by employees. SafeTitan is an effective way of modifying user behavior and building a human firewall of users.
To find out more about web filtering with WebTitan and security awareness training with SafeTitan, give the TitanHQ team a call. Both solutions are also available on a free trial to allow you to test them out before making a purchase decision.
TitanHQ has made several enhancements to its suite of cybersecurity solutions this month, including an update to the SafeTitan security awareness training and phishing simulation platform to better meet the needs of Managed Service Providers (MSPs) and the release of a new version of the WebTitan DNS-based web filtering solution – Version 5.03, which is now being rolled out for all customers. SpamTitan spam-filter users are also due to get an upgrade, with version 9.01 of the platform due to be released.
The SafeTitan update added a new Auto Campaigns feature for MSPs to better meet the needs of their SMB clients and protect them against increasingly sophisticated phishing threats. While it is vital to have an email security solution such as SpamTitan in place to block email-based threats, workforces also need to be provided with security awareness training to ensure they have the skills to recognize and avoid the full range of cyber threats.
The SafeTitan platform can be used by SMBs for training their workforces and giving them practice at identifying threats and also by MSPs to meet the training needs of their clients. The new Auto Campaigns feature is an automation tool that allows MSPs to reduce the time spent planning and managing security awareness and phishing simulation campaigns for their SMB clients. The AI-driven feature helps MSPs streamline the security training process and improve efficiency while saving time and resources. The Auto Campaigns feature allows MSPs to create an annual set of phishing simulation campaigns for all clients within minutes.
WebTitan is an award-winning web filtering solution that is used by thousands of SMBs, enterprises, and MSPs for controlling access to the Internet and blocking web-based cyber threats. The latest version of the platform includes several new features and bug fixes.
Users now benefit from a new summary report page, the custom block page has a new layout, and several new features have been added. These include support for the customization of the global default policy on the MSP level, which allows the application of a custom default policy on the creation of a customer account. Support has been added for the customization of the default policy on the customer level, it is now possible to inherit the allowed & blocked domains from the customer default policy, and support has been added for allowing/blocking a top-level domain (TLD) on a customer policy and global domains.
SpamTitan is due for an imminent upgrade which will include several new, advanced MSP features. Version 9.01 will have a new history/quarantine feature for MSPs, that will allow them to quickly act on customer emails at the MSP level. Link Lock inheritance has been added at the MSP level to avoid having to drill down to individual domains to make changes, and a new pattern filtering feature has been added which simplifies SpamTitan administration for MSPs and allows them to secure all customers from one place. There is also a simplified mail view, which improves the user experience and makes email analysis simpler.
MSPs also have an Other Products option, which allows them to easily offer other products in the TitanSecure bundle to customers – ArcTitan email archiving, WebTitan web filtering, and SafeTitan security awareness training – and provide a comprehensive, multi-layered security defense system to customers.
A new information stealing malware variant called Mystic Stealer is proving extremely popular with hackers. The malware is currently being promoted on hacking forums and darknet marketplaces under the malware-as-a-service model, where hackers can rent access to the malware by paying a subscription fee, which ranges from $150 for a month to $390 for three months.
Adverts for the malware first started appearing on hacking sites in April 2023 and the combination of low pricing, advanced capabilities, and regular updates to the malware to incorporate requested features has seen it grow in popularity and become a firm favorite with cybercriminals. The team selling access to the malware operates a Telegram channel and seeks feedback from users on new features they would like to be added, shares development news, and discusses various related topics.
Mystic Stealer has many capabilities with more expected to be added. The first update to the malware occurred just a month after the initial release, demonstrating it is under active development and indicating the developers are trying to make Mystic Stealer the malware of choice for a wide range of malicious actors. Mystic Stealer targets 40 different web browsers, 70 browser extensions, 21 cryptocurrency applications, 9 MFA and password management applications (including LastPass Free, Dashlane, Roboform, and NortPass), and 55 cryptocurrency browser extensions. The malware can also inject ads into browser sessions, redirect searches to malicious websites, and steal Steam and Telegram credentials and other sensitive data. The most recent version is also able to download additional payloads from its command-and-control server. The malware targets all Windows versions, does not need any dependencies, and operates in the memory, allowing it to evade antivirus solutions. The malware is believed to be of Russian origin since it cannot be used in the Commonwealth of Independent States.
Mystic Stealer has recently been analyzed by researchers at InQuest, ZScaler, and Cyfirma, who report that the malware communicates with its C2 server via a custom binary protocol over TCP, and currently has at least 50 C2 servers. When the malware identifies data of interest, it compresses it, encrypts it, then transmits it to its C2 server, where users can access the data through their control panel.
The main methods of distribution have yet to be determined, but as more threat actors start using the malware, distribution methods are likely to become more diverse. The best protection is to follow cybersecurity best practices and adopt a defense-in-depth approach, with multiple overlapping layers of security to protect against all of the main attack vectors: email delivery (phishing), web delivery (pirated software, drive-by downloads, malvertising), and the exploitation of vulnerabilities.
Email security solutions should be used that have signature and behavioral-based detection capabilities and machine learning techniques for detecting phishing emails (SpamTitan). Antivirus software should be used, ideally, a solution that can scan the memory, along with advanced intrusion detection systems. To protect against web-based attacks, a web filter (WebTitan) should be used to block malicious file downloads and prevent access to the websites where malware is often downloaded (known malicious sites/warez/torrent). IT teams should ensure that software updates and patches are applied promptly, prioritizing critical vulnerabilities and known exploited vulnerabilities. In the event of infection, damage can be severely limited by having a tested incident response plan in place.
Finally, it is important to train the workforce on the most common threats and how to avoid them. Employees should be trained on how to identify phishing attempts, be told never to download unauthorized software from the Internet, and be taught security best practices. The SafeTitan security awareness training and phishing simulation platform provides comprehensive training and testing to improve human defenses against malware infections and other cyber threats.
The cybersecurity company Cyren has collapsed, leaving its customers at risk. If you use Cyren for email and web security, you should change provider immediately!
It is sad news when any company is forced to significantly reduce its workforce, which for Cyren recently involved laying off 121 employees “in response to current market conditions and associated challenges with raising additional capital.” Cyren issued a press release saying that such extensive layoffs represent a significant reduction in all of the company’s workforce, and that “in the absence of additional sources of liquidity, management anticipates that the Company’s existing cash and projected cash flows from operations will not be sufficient to meet the Company’s working capital needs in the near term.”
So what does that mean for close to 1 billion users that rely on the company’s cybersecurity solutions? TitanHQ contacted the company’s CISO in relation to the news and received a response. “The SDK will work for as long as the systems in the cloud will continue running. Unfortunately, we have no personnel left to watch after the systems, so it is hard to predict how long they will run for.”
As a provider of email and web security solutions, TitanHQ can confirm that without constant updates to anti-spam signatures, the ability of a solution to block new phishing attacks will rapidly diminish, which means that customers will be exposed to threats. While it is possible that Cyren will be able to attract further investment, in the short term customers should be very concerned. Unfortunately, a mass exodus of customers is the last thing Cyren needs, but those customers need to ensure that they continue to be protected against email and web-based threats, which means switching to another solution provider.
TitanHQ has already received many calls from Cyren customers following the company’s February 1, 2023, press release announcing the financial difficulties the company is facing and has offered those customers a special deal that can provide short-term protection while they decide on the best next step, and that is to extend the free trial of SpamTitan Email Security and the WebTitan DNS Filter to 30 days.
Both solutions can be implemented in a matter of minutes and will ensure Cyren customers remain protected against email and web-based threats. The TitanHQ team has been busy helping Cyren customers get up and running with the two solutions over the past 2 weeks since the announcement was made.
Naturally, TitanHQ would love to continue to provide these solutions to Cyren customers past the 30-day free trial and hopes they continue to use the solutions, but this is a no-obligation free use of the platform aimed at helping Cyren customers stay protected. If after the end of the 30 days they decide to go elsewhere, that is no problem at all. This is a totally free offer with no obligation to continue and with no strings attached.
The TitanHQ team will be monitoring capacity – which is already hugely overprovisioned – to ensure that there is no impact on current users, and response times to queries are constantly monitored to ensure that customers are not impacted. TitanHQ’s infrastructure can also be rapidly scaled up to meet demand should the need arise.
Cyren customers wishing to take advantage of the offer should contact TitanHQ to speak to the migration team, and assistance will be provided to get you up and running quickly.
A new variant of the Android banking Trojan, Godfather, has been detected with the latest version of the malware being used to target more than 400 financial institutions worldwide, including 215 international banks, 110 cryptocurrency exchanges, and 94 cryptocurrency wallets in at least 16 countries including the United States, Canada, United Kingdom, Spain, France, and Germany.
Godfather malware is thought to have evolved from the Anubis banking Trojan, and while it was first detected 18 months ago, it has been rarely used until recently. The malware was only distributed in low volume during its first year, then it disappeared entirely in June 2022, suggesting the developers were working on a new version. That new version was released in September 2022.
While banking Trojans can have quite extensive functionality, their primary purpose is to steal the login credentials for financial institutions, which they usually obtain by generating fake login pages for the institutions that they target. What makes Godfather malware stand out is the number of financial institutions that are targeted. When installed on a device, Godfather malware will generate a fake login page when a user attempts to use the app of a targeted bank or cryptocurrency exchange. These fake login pages are overlays, that are displayed on top of the legitimate targeted app. The fake login page created by the malware will capture the user’s credentials when they are entered.
Most financial institutions have additional authentication requirements and no longer rely on a username and password for granting access. Banking Trojans therefore need to have the capability to bypass these additional authentication measures if they are to be successful. Godfather malware achieves this by masquerading as Google Play Protect and attempts to get the user to grant it accessibility rights, which allows the app to log keystrokes and also read SMS messages and perform screen captures. Those rights will allow the malware to capture the necessary information to bypass multi-factor authentication and other security features. Once credentials and other login information are harvested, accounts are accessed and emptied.
The new version of the malware was detected and analyzed by security researchers at Group-IB, who believe the malware was developed by Russian speakers, as the malware has a kill switch that will deactivate it if it detects any of the languages in former Soviet states, apart from Ukraine. The researchers believe that Godfather malware has been created for use under the malware-as-a-service model, where the developers offer the malware to a range of threat actors for a fee, allowing them to steal login credentials for financial accounts without having to develop their own malware.
Since multiple threat actors will likely be using the malware, the vectors used to distribute the banking Trojan will likely be diverse. As was the case with Anubis, one of the distribution methods is via decoy applications in the Google Play store. Godfather malware is more advanced than its predecessor and it is thought that it will grow into a major threat and will likely be modified further to target even more financial institutions.
Phishing is one of the most effective ways of gaining initial access to business networks, either by stealing credentials or installing malware. Phishing exploits human weaknesses and involves tricking individuals using social engineering into taking a certain action, such as visiting a website where they are asked for sensitive information or opening a file that contains malicious code.
One of the best defenses against phishing attacks is an anti spam service. A spam filter will scan all incoming (and often outbound) emails looking for the signatures of spam and phishing. Suspect messages are quarantined pending a manual review and rules can be set for confirmed phishing emails, which is often to delete the messages or quarantine them for further investigation. Spam filters will prevent the majority of malicious emails from reaching inboxes, but crucially, not all. Some malicious messages will bypass the spam filter and will land in inboxes, no matter what spam filtering solution you use.
Advanced spam filters such as SpamTitan provide several layers of protection against spam, phishing, and malware but even advanced spam filters are not sufficient on their own to combat phishing. Cybercriminals are now conducting highly sophisticated attacks, so further layers need to be added to your defenses. A web filter is recommended for blocking access to the URLs linked in phishing emails. Spam filters may check links in emails, but these may be made malicious after emails are delivered. A web filter provides time-of-click protection against malicious links. Web filters can also be configured to block certain file downloads from the Internet.
To protect against credential theft, businesses should consider providing a password manager to their employees. Phishing attacks that seek credentials usually direct users to a spoofed website, such as a site with a fake Microsoft login prompt for stealing Microsoft 365 credentials. Employees are often fooled by these scams as the phishing sites look exactly the same as the brands they spoof. Password managers provide some protection. When a password is added to the password vault, it is associated with a specific URL or domain. If the user lands on that URL or domain, the password manager will autofill the password. If the user lands on an unrelated domain, the password will not be filled as the URL or domain is not associated with that password. That serves as a warning that the URL has not been visited before.
Sometimes, employees will be fooled and will disclose their login credentials. This is where multi-factor authentication helps. With multi-factor authentication enabled, compromised passwords will not grant access to accounts unless an additional factor is provided. Since phishing kits are in use that are capable of intercepting MFA codes, the choice of MFA is important. For the best protection use phishing-resistant MFA, which is based on FIDO authentication.
By implementing all of the above technical measures, businesses will be well protected against phishing attacks, but that does not mean it is not necessary to provide security awareness training to the workforce. Security awareness training forms the final layer of protection and prepares employees for the threats they are likely to encounter. Security awareness training teaches employees about phishing, malware, business email compromise, and other cyber threats, and explains best practices and why they are essential for security. The goal of security awareness training is to create a security culture where all employees are aware that they play a role in the security of their organization and to develop a reporting culture where the IT department is made aware of any threats that bypass defenses. That allows the IT department to tweak security solutions to make sure similar threats are blocked in the future.
Security awareness training should be accompanied by phishing simulations. These simulated phishing attacks identify weaknesses that can be addressed. That may be a gap in the training content or an individual who has not understood the training. Simulations allow gaps to be proactively addressed before they are exploited in real cyberattacks. Simulations also help to keep training fresh in the mind and give employees practice at identifying cyber threats.
TitanHQ can help your business to improve defenses against phishing and cyberattacks through layered defenses provided by SpamTitan email security, WebTitan web filtering, and SafeTitan security awareness training. For more information on improving your phishing defenses, give the TitanHQ team a call.
TitanHQ has collected 5 awards for its cybersecurity solutions in the Expert Insights Fall 2022 ‘Best-Of’ Awards across 5 product categories.
Expert Insights is an online platform for businesses that provides independent advice on business software solutions to help businesses make informed purchasing decisions about software solutions. The advice provided on the website is honest and objective, and the site features helpful guides to help businesses purchase with confidence. The site is used by more than 85,000 businesses each month, with the website helping more than 1 million readers each year.
Twice yearly, Best-of awards are given to the top ten solutions in each of the 41 product categories. The awards showcase the best quality solutions that are helping businesses to achieve their goals and defend against the barrage of increasingly sophisticated cyberattacks. The awards are based on several factors, such as the features of products, market presence, ease of use, and customer satisfaction scores, with the award winners chosen by the in-house team of editors. The editorial team conducts research into each solution to assess its performance, functionality, and usability, and assesses the reviews from genuine business users of the solutions.
TitanHQ collected five awards for its products in the Spring 2022 Best-of awards, and this has been followed up with another 5 Fall 2022 Best-of awards. TitanHQ was given a Best-of award for SafeTitan in the Phishing Simulation and Security Awareness Training categories, SpamTitan Cloud received an award in the Email Security category, WebTitan Cloud got an award in the Web Security category, and ArcTitan won in the Email Archiving category. Further, ArcTitan Email Archiving was rated the top solution in the Email Archiving category and SpamTitan was rated the top solution in the Email Security category.
There were several big winners at the Fall 2022 Expert Insights Best-of awards, with TitanHQ joining companies such as ESET, CrowdStrike, and Connectwise in winning big.
“We are honored that TitanHQ was named as a Fall 2022 winner of Expert Insights Best-Of award for phishing simulation, email security, security awareness training, web security and email archiving” said TitanHQ CEO, Ronan Kavanagh. “Our cloud-based platform allows partners and MSPs to take advantage of TitanHQ’s proven technology so they can sell, implement and deliver our advanced network security solutions directly to their client base”.
When multifactor authentication is set up on accounts, attempts to access those accounts using stolen credentials will be prevented, as in addition to a correct username and password, another factor must be provided to authenticate users. Phishing attacks may allow credentials to be stolen, but that does not guarantee accounts can be accessed. More companies are implementing multifactor authentication which means phishing attacks need to be more sophisticated to bypass the protection provided by multifactor authentication.
One of the ways that multifactor authentication can be bypassed is by using a reverse proxy. In a phishing attack, an email is sent to a target and a link is provided to a malicious website hosting a phishing form that spoofs the service of the credentials being targeted – Microsoft 365 for example. Instead of just collecting the login credentials and using them to try to remotely access the user’s account, a reverse proxy is used.
The reverse proxy sits between the phishing site and the genuine service that the attacker is attempting to access and displays the login form on that service. When the credentials are entered, they are relayed in real-time to the legitimate service, and requests are returned from that service, such as MFA requests. When the login process is successfully completed, a session cookie is returned which allows the threat actor to access the genuine service as the victim. The session cookie can also contain the authentication token. In these attacks, once the session cookie has been obtained, the victim is usually presented with a notification telling them the login attempt has failed or they are directed to another site and will likely be unaware that their credentials have been stolen and their account is being accessed.
These attacks allow the victim’s account to be accessed for as long as the session cookie remains valid. If it expires or is revoked, the attacker will lose access to the account. To get around this and gain persistent access, account details may be changed or other authentication methods will be set up.
These types of phishing attacks are much more sophisticated than standard phishing attacks, but the extra effort is worth the investment of time, money, and resources. Many advanced persistent threat actors use reverse proxies in their phishing campaigns and have developed their own custom reverse proxies and tools. There are, however, publicly available kits that can be used in phishing campaigns such as Modlishka, Necrobrowser, and Evilginx2. These kits can be used at a cost and allow MFA to be bypassed, although they can be complicated to set up and use.
Now a new phishing-as-a-Service (PaaS) platform has been identified – EvilProxy – that is being pushed on hacking forums. EvilProxy allows authentication tokens to be stolen from a range of vendors including Microsoft, Apple, Twitter, Facebook, Google, and more, according to Resecurity which recently reported on the phishing kit.
EvilProxy lowers the bar considerably and makes conducting reverse proxy phishing attacks far simpler. The service includes instructional videos, provides a user-friendly graphical interface, and even supplies templates of cloned phishing pages for stealing credentials and auth tokens. Through the graphical interface, threat actors can set up and manage their phishing campaigns with ease. EvilProxy comes at a cost, starting at $150 for 10 days up to $400 for a month. While the service is not cheap, the potential rewards can be considerable. EvilProxy allows low-skill threat actors to gain access to valuable accounts, which could be used or sold on to other threat actors such as ransomware gangs.
Multifactor authentication is strongly recommended as it will block the majority of attacks on accounts; however, it can be bypassed by using reverse proxies. Protecting against reverse proxy phishing attacks requires a defense-in-depth approach. An email security solution – SpamTitan for example – should be implemented to block the initial phishing email. A web filter – WebTitan – should be used to block attempts to visit the malicious websites used in these man-in-the-middle attacks. Security awareness training is important for training employees on how to recognize and avoid phishing threats, and employers should conduct phishing simulation tests as part of the training process. TitanHQ’s SafeTitan platform allows businesses to conduct regular training and phishing simulations with ease.
The Lapsus ransomware gang has arrived on the scene and has already claimed several high-profile targets, with victims including Impresa – the largest media conglomerate in Portugal, Brazil’s Ministry of Health (MoH), the Brazilian telecommunications operator Claro, and most recently, the Santa Clara, CA-based GPU vendor NVIDIA.
The Lapsus ransomware gang – also referred to as Lapsus$ – is a relatively new threat actor and is making a reputation for itself in an already crowded ransomware market. Most ransomware gangs now practice double extortion, where prior to encrypting files they exfiltrate sensitive data and threaten to publish the data if the ransom is not paid. Triple extortion tactics are now becoming common, where threats are also issued to notify shareholders, partners, and customers about attacks. The Lapsus gang has taken things a step further still and is boasting about its attacks and causing major embarrassment for victims.
In January, the Lapsus ransomware gang attacked the Brazilian car rental firm Localiza, which is one of the largest car rental firms in South America. In addition to stealing data and encrypting files, the gang redirected the company’s website to an adult website and publicly announced that the company is now a porn site. The redirection was only in place for a few hours, but it was enough to damage the company’s reputation.
Also in January, Impresa was targeted. Impresa is the owner of SIC and Expresso, the largest TV channel and weekly newspaper in Portugal. The attack targeted Impresa’s online IT servers resulting in company websites being taken offline and the temporary loss of Internet streaming services. The gang defaced the company’s websites by adding their ransom note and claimed they had taken control of Impresa’s Amazon Web Services account. The gang then used the hijacked Expresso Twitter account and sent a tweet stating, “Lapsus$ is officially the new president of Portugal.” The gang also gained access to its newsletter and sent phishing emails to subscribers informing them in the emails that the President of Portugal had been murdered.
On February 25, NVIDIA experienced a cyberattack that saw parts of its IT infrastructure taken offline for a couple of days. NVIDIA announced that it was investigating a security incident, and then the Lapsus gang said it was behind the attack and issued a threat to leak around 1TB of data. The gang published screenshots indicating they had leaked password hashes for NVIDIA employees, source code, and highly sensitive proprietary company information.
There was some good news – the Lapsus gang then experienced its own ‘ransomware’ attack. There have been reports in the media that NVIDIA hacked back and gained access to the attackers’ virtual machine and encrypted its data, although security research Marcus Hutchins offered an alternative view, suggesting this could have been due to the gang installing Nvidia’s corporate agent on their virtual machine and then triggering a data loss prevention policy.
In addition to demanding a ransom, the Lapsus ransomware gang also demanded NVIDIA remove its lite hast rate (LHR) limitations on its GeForce 30 series firmware – which halve the hash rate when it detects the GPUs are being used for mining Ethereum – and also requested NVIDIA commits to completely open source their GPU drivers forever. If the demands are not met, the gang said it will release the complete silicon, graphics, and computer chipset files for its most recent GPUs.
While many ransomware gangs are focused purely on extortion, the Lapsus gang appears to like the limelight and brags about their attacks, which makes attacks by the gang even more serious for victims due to the brand and reputation damage they cause.
The extent of the attack vectors used by the gang is not known, but they appear to have used phishing emails to gain access to some victims’ networks, including the attack on Impresa. Phishing is a popular attack vector in ransomware attacks. Around half of all ransomware attacks start with a phishing email, according to a recent Statista survey. Employees respond to phishing emails and disclose their credentials, which give the attackers the foothold in the network they need for a deeper compromise.
Businesses could be lulled into a false sense of security with the disbanding of major ransomware operations and arrests of key gang members. The REvil ransomware gang may be no more, and DarkSide has been shut down, but other ransomware gangs are more than happy to plug the gap. Lapsus only announced its presence on the scene at the start of the year but is already growing into a major threat.
The best defense against Lapsus ransomware attacks and other cyberattacks is to adopt a defense-in-depth strategy. That should include an advanced spam filtering solution to block email phishing attacks, content filtering to prevent employees from visiting malicious websites, multi-factor authentication on all email accounts and local/cloud apps, ensuring patches and software updates are applied promptly, and providing ongoing security awareness training to the workforce to help employees identify and avoid phishing and social engineering attempts.
TitanHQ can help organizations improve their defenses against the full range of cyberattacks by providing advanced cybersecurity solutions for SMBs, enterprises, and Managed Service Providers, including spam filtering, DNS filtering, email encryption, email archiving, and security awareness training.
Managed Service Providers have a great opportunity on January 21, 2022, to discover some of the key products they can incorporate into their service stacks to help grow their business and provide even better value to their clients.
The Channel Pitch Livestream Event is totally free of charge for MSPs, MSSPs, ISPs, VARs, IT solution providers, and consultants and will introduce attendees to products from 7 innovative technology vendors that have been specifically curated for the Chanel Pitch event. The technology vendors have had their solutions adopted by some of the most successful MSPs and are being used to better protect their clients, improve efficiency, and significantly improve their bottom lines.
The event is being hosted by Serial Tech Entrepreneur Kevin Lancaster and Channel Evangelist Matt Solomon, both of whom are highly esteemed MSP industry professionals. They will be introducing 7 emerging technology vendors, each of which will give a 7-minute presentation on a key product for MSPs and other service providers.
TitanHQ is happy to announce that Conor Madden, Director of Sales, will be hosting one of the 7-minute presentations to introduce MSPs to TitanHQ’s award-winning cybersecurity solutions that have been proven to help MSPs significantly improve their profits while also ensuring downstream businesses are well protected from cyber threats.
The LiveStream Event will take place on January 21, 2022, at 4.00 p.m. GMT, 11 a.m. EST, 8 a.m. PST and attendees will be able to see presentations from the following vendors:
TitanHQ – Email and Web Security
Hook Security – Security Awareness Training
Nerdio – Azure
Nuvolex – XaaS Management
Speartip – SOC
Threatlocker – Application Whitelisting
Zomentum – Sales Automation
Attendees will be able to engage directly with vendors or provide 100% anonymous feedback.
TitanHQ has been included in the 2021 Deloitte Technology Fast 50 List of the fastest-growing tech companies in Ireland. The Award program has now been running for 22 years and celebrates innovation and entrepreneurship in Ireland’s indigenous technology sector.
Deloitte compiles the list based on percentage revenue growth over the past 4 years, with TitanHQ ranking in position 33 in the list after a long period of sustained growth. That growth continued throughout the COVID-19 pandemic when many businesses have struggled. Not only has the company significantly increased its customer base over the past 4 years, the workforce has also had a major expansion. Between September 2020 and April 2021, TitanHQ’s workforce doubled in size.
As well as impressive organic growth, TitanHQ has benefitted from investment from Livingbridge Investor Group which has allowed the company to continue to recruit the best talent to support its business and invest in product development. As well as making improvements to its existing product portfolio, the company released a new product this month – SpamTitan Plus.
SpamTitan Plus builds on the protection provided by SpamTitan Gateway and SpamTitan Cloud but significantly improves detection of the malicious URLs in emails that are used for phishing and malware distribution. SpamTitan Plus has coverage of all major phishing feeds and has the fastest and best detection rates of malicious URLs than any of the market-leading anti-spam solutions.
“As a result of increased demand globally for our solutions, we have invested heavily in product development and embarked on a recruitment campaign to double our workforce in a program that will allow that growth to continue,” said TitanHQ CEO, Ronan Kavanagh. “The quick move to remote working last year has made us all aware of how important it is to be adaptable and have the right security solutions in place to protect users, customers, company data, and systems.”
TitanHQ’s customer base has now increased to more than 12,000 businesses, including over 2,500 managed service providers in 150 countries, with much of TitanHQ’s growth over the past 4 years due to the increase in overseas customers. That growth was also recognized by Deloitte, which awarded TitanHQ runner-up spot in the Scale Up Award. The Scale Up Award recognizes companies that have enjoyed significant overseas growth over the past 4 years.
“Congratulations to all of the companies that ranked this year. This is the first year we have seen the impact the pandemic has had on revenues of Irish tech companies,” said David Shanahan, Partner, Deloitte “It will come as no surprise that many of this year’s winners have achieved accelerated growth and scale as a result of the pandemic and being able to capitalize on the global move to a digital way of life.”
There has been an alarming surge in ransomware attacks in 2021. Attacks have been conducted on businesses of all sizes, from large international enterprises with multi-million-dollar cybersecurity budgets to small businesses with just a handful of employees. The attacks have shown that no business is to large or small to be targeted.
Ransomware is a form of malware that is used to encrypt files to prevent them from being accessed. The attacker holds the keys to allow data to be decrypted, and those keys will only be provided if a ransom is paid. Ransom demands can range from a few thousand dollars for individual devices up to tens of millions of dollars for large companies.
900% Increase in Ransomware Attacks in 2021
This year has seen ransomware attacks conducted at an alarming level. CybSafe‘s data has revealed a 900% increase in ransomware attacks in the first 6 months of 2021 compared to the corresponding period last year. In addition to the increase in number, the cost of mitigating the attacks has increased and the ransom demands have been growing. This week, for example, Europe’s largest consumer electronics retailer – MediaMarkt – confirmed it was the victim of a Hive ransomware attack. The attackers reportedly demanded a payment of $240 million for the keys to decrypt files.
2021 has shown no company is off limits with multiple attacks conducted on critical infrastructure firms. One attack on Colonial Pipeline in the United States resulted in the shutdown of a fuel pipeline serving the Eastern Seaboard of the United States for a week. A ransom payment of $4.4 million was paid to the attackers to recover data.
The U.S. software company Kaseya, which provides a range of software solutions to businesses and managed service providers, suffered a major ransomware attack involving REvil ransomware. The REvil gang demanded a payment of $70 million for the keys to decrypt files. The attack affected around 40 managed service providers and an estimated 1,500 downstream businesses.
Attacks have also been conducted on many healthcare providers, with those attacks disrupting healthcare services and putting patient safety at risk. In May 2021, Ireland’s Health Service Executive (HSE) suffered a ransomware attack which is believed to have started with a phishing email. The response gave the Conti ransomware gang the access needed to encrypt files. A $20 million ransom demand was issued, although the attackers provided the keys free of charge in the end. Even so, the HSE took months to recover from the attack at considerable cost.
Ransomware Gangs Targeted by Law Enforcement
The above attacks represent just a tiny percentage of the ransomware attacks that have been publicly disclosed this year and it is clear that the threat of attack is unlikely to wane any time soon.
There has been some good news, however. The attacks on critical infrastructure firms have forced the U.S. government to step up its efforts to target ransomware-related crime. Following the attacks, ransomware attacks were elevated to a level akin to terrorist attacks, and with that comes additional resources.
Already the United States and law enforcement partners around the world have succeeded in disrupting the activities of several ransomware gangs. The REvil ransomware infrastructure was taken down and arrests were made, the Darkside operation shut down and its suspected successor BlackMatter also. Suspected members of the Clop ransomware operation have been arrested, and Europol has arrested 12 individuals in connection with LockerGoga, MegaCortex, and Dharma ransomware attacks.
While the arrests and infrastructure takedowns will have a short-term effect, ransomware threat actors are likely to regroup, set up new operations, and recommence their attacks as they have done in the past.
An Easy Step to Take to Improve Ransomware Defenses
Businesses need to take steps to combat the ransomware threat, but since many different methods are used to gain access to networks, this can be a challenge. The best place to start is to make sure defenses against phishing emails are put in place. Most ransomware attacks start with a phishing email, which either delivers malware or gives attackers credentials that provide them with the foothold in networks that they need to conduct their attacks.
Email security solutions such as SpamTitan filter out malicious messages and prevent them from reaching inboxes where they can fool employees. Technical solutions such as email security gateways are far more effective than end user training at blocking threats, although it is also important to make sure employees are aware of cybersecurity best practices and are taught how to identify a phishing email.
Email filtering solutions such as SpamTitan perform an in-depth analysis of all email content and can detect malicious links and email attachments. When emails fail the checks, they are sent to the quarantine folder where they can be reviewed. This allows security teams to gain a better understanding of the threats that are targeting their organization and also allows false positives to be identified so filtering rules can be updated.
SpamTitan incorporates dual antivirus engines for detecting known malware variants and email sandboxing where suspicious attachments are sent for in-depth analysis. The Bitdefender-powered sandbox allows new malware variants to be identified, and machine learning technology ensures email filtering improves over time.
A huge array of checks and controls ensure malicious messages are blocked, but that all happens behind the scenes. Administrators benefit from a clean, easy-to-use interface that requires no technical skills to navigate and use. All information and controls are intuitive.
If you would like to find out more about improving your defenses against ransomware, malware, phishing, and other email and web-based threats, give the TitanHQ team a call. All TitanHQ cybersecurity solutions are available on a free trial, allowing you to put them to the test in your own environment before making a decision about a purchase.
Ransomware attacks can be incredibly expensive and business email compromise (BEC) scams can result in transfers of millions of dollars to attackers, but these breaches often start with an email.
Phishing emails are sent to employees that ask them to click on a link, which directs them to a webpage where they are asked to provide their login credentials, for Microsoft 365 for example. Once credentials are entered, they are captured and used to access that individual’s account. The employee is often unaware that anything untoward has happened.
The stolen credentials give an attacker the foothold in the network that is needed to launch a major cyberattack on the business. The phisher may use the email account to send further phishing emails to other employees in the company, with the aim being to gain access to the credentials of an individual with administrative privileges or the credentials of an executive.
An executive’s account can be used to send emails to an individual in the company responsible for making wire transfers. A request is sent for a wire transfer to be made and the transfer request is often not recognized as fraudulent until the funds have been transferred and withdrawn from the attacker’s account. These BEC scams often result in tens of thousands of dollars – or even millions – being transferred.
An alternative attack involves compromising the email accounts of employees and sending requests to payroll to have direct deposit information changed. Salaries are then transferred into attacker-controlled accounts.
Phishers may act as affiliates for ransomware-as-a-service (RaaS) gangs and use the access they gain through phishing to compromise other parts of the network, steal data, and then deploy ransomware, or they may simply sell the network access to ransomware gangs.
When email accounts are compromised, they can be used to attack vendors, customers, and other contacts. From a single compromised email account, the damage caused is considerable and often far-reaching. Data breaches often cost millions of dollars to mitigate. All this from a single response to a phishing email.
Phishing campaigns require very little skill to conduct and require next to no capital investment. The ease at which phishing attacks can be conducted and the potential profits that can be gained from attacks make this attack method very attractive for cybercriminals. Phishing can be used to attack small businesses with poor cybersecurity defenses, but it is often just as effective when attacking large enterprises with sophisticated perimeter defenses. This is why phishing has long been one of the most common ways that cybercriminals attack businesses.
See how SpamTitan Plus inspects all URLs to identify links to malicious websites. Book a free demo. Book Free Demo
How to Deal with the Phishing Threat
Phishing attacks may lead to the costliest data breaches, but they are one of the easiest types of cyberattacks to prevent; however, some investment in cybersecurity and training is required. The most important first step is to purchase an advanced spam filter. This technical control is essential for preventing phishing emails from reaching end users’ inboxes. If the phishing emails do not arrive in an inbox, they cannot be clicked by an employee.
Not all spam filtering solutions are created equal. Basic spam filters are effective at blocking most threats, but some phishing emails will still be delivered to inboxes. Bear in mind that phishers are constantly changing tactics and are trying to get one step ahead of cybersecurity firms. Most spam filtering solutions will block messages from malicious IP addresses and IP addresses with poor reputations, along with any messages identified in previous phishing campaigns and messages containing known variants of malware.
Advanced spam filtering solutions use AI and machine learning techniques to identify messages that deviate from the normal emails a business typically receives, are able to detect previously unseen phishing emails, and incorporate Sender Policy Framework and DMARC to identify email impersonation attacks. Email sandboxing is also included which is used to identify previously unseen malware threats. Greylisting is a feature of advanced spam filters that involves initially rejecting a message and requesting it be resent. The delay in a response, if one is received at all, indicates the mail server is most likely being used for spamming. Spam servers are usually too busy on huge spam runs to resend messages that have initially been rejected.
Advanced spam filters also feature outbound email scanning, which can identify compromised email accounts and can block phishing messages from being sent internally or externally from a hacked mailbox.
SpamTitan incorporates all of these advanced controls, which is why it is capable of blocking more threats than basic spam filters. Independent tests have shown SpamTitan blocks in excess of 99.97% of malicious messages.
SpamTitan Plus provides leading-edge anti-phishing protection with “zero-day” threat protection and intelligence. Book Free Demo
Don’t Neglect End User Training
No spam filter will be 100% effective at blocking phishing threats, at least not without also blocking an unacceptable number of genuine emails. It is therefore important to provide regular security awareness training to the workforce, with a strong emphasis on phishing. Employees need to be taught how to identify a phishing email and conditioned how to respond when a threat is received (alert their security team).
Since phishing tactics are constantly changing, regular training is required. When training is reinforced, it is easier to develop a security culture and regular training sessions will raise awareness of the latest phishing threats. It is also recommended to conduct phishing simulation exercises to test the effectiveness of the training program and to identify individuals who require further training.
Web Filtering is an Important Anti-Phishing Control
The key to blocking phishing attacks is to adopt a defense-in-depth approach. That means implementing multiple overlapping layers of security. One important additional layer is a web filtering solution. Spam filters target the phishing emails, whereas web filters work by blocking access to the webpages hosting the phishing kits that harvest credentials. With a spam filter and web filter implemented, you are tackling phishing from different angles and will improve your defenses.
A web filter will block access to known malicious websites, providing time-of-click protection against malicious hyperlinks in phishing emails. A web filter will also prevent employees from being redirected to phishing web pages from malicious website adverts when browsing the Internet. Web filters also analyze the content of web pages and will block access to malicious web content that has not previously been identified as malicious. Web filters will also block malware and ransomware downloads.
WebTitan is a highly effective DNS-based web filtering solution that protects against phishing, malware, and ransomware attacks. The solution can protect office workers but also employees who are working remotely.
SpamTitan Plus provides multi-layered detection and blocking of malicious URLs. Book a free demo now. Book Free Demo
Speak to TitanHQ Today About Improving your Phishing Defenses
TitanHQ has been developing anti-phishing and anti-malware solutions for more than two decades. TitanHQ’s email and web security solutions are cost effective, flexible, easy to implement, and easy to maintain. They are consistently given top marks on software review sites and are a big hit with IT security professionals and managed service providers (MSPs). TitanHQ is the leading provider of email and web security solutions to MSPs serving the SMB market.
If you want to improve your phishing defenses and block more threats, contact the TitanHQ team today for further information on SpamTitan and WebTitan. Both solutions are available on a 100% free trial of the full product complete with product support. Product demonstrations can also be booked on request.
Ransomware attacks have increased significantly since the start of 2020 and that increase has continued in 2021. While these attacks are occurring more frequently than ever, the threat from phishing has not gone away and attacks are still rife. Phishing attacks may not make headline news like ransomware attacks on hospitals that threaten patient safety, but they can still be incredibly damaging.
The aim of many phishing attacks is to obtain credentials. Email credentials are often targeted as email accounts contain a treasure trove of data. That data can be extremely valuable to cybercriminals. In healthcare for example, email accounts contain valuable healthcare data, health insurance information, and Social Security numbers, which can be used to commit identity theft, obtain medical treatment, and for tax fraud. Entire email accounts are often exfiltrated in the attacks and the accounts used to send tailored phishing emails to other individuals in the company.
Many data breaches start with a phishing email, with phishing often used by an attacker to gain a foothold in a network that can be used in a much more extensive attack on an organization. Phishing emails are often the first step in a malware or ransomware attack.
Multiple surveys have recently been conducted on IT leaders and employees that show phishing is a very real and present danger. Two recent surveys conducted in the United States and United Kingdom indicate almost three quarters of businesses have experienced a data breach as a result of a phishing attack in the past 12 months. One study indicated over 50% of IT leaders had seen an increase in phishing attacks in the past 12 months, while the other put the figure at 80%.
During the pandemic, many businesses were faced with the option of switching to a remote workforce or shutting down. The increase in remote working was a godsend for phishers, who increase their attacks on employees. Many IT departments lacked visibility with a remote workforce and found it harder to block phishing attacks than when employees are in the office. Staff shortages in IT have certainly not helped.
Staff training is important to raise awareness of the threat from phishing, but remote working has made that harder. Training needs to be provided regularly as it can easily be forgotten and bad habits can slip in. Phishing tactics are also constantly changing, so regular training is needed to keep employees aware of the latest threats and phishing techniques, so they know what to look for. It does not help that phishing attacks are increasingly targeted and more sophisticated and can be difficult for employees to spot even if they have received regular training.
So how can businesses combat the threat from phishing and avoid being one of the three quarters of companies that experience a phishing data breach each year? Training is important, but the right technology is required.
Two of the most important technical solutions that should be implemented to block phishing attacks are spam filters and web filters. Both are effective at combatting phishing, albeit from different angles. When both are used together, protection is better than the sum of both parts.
A spam filter must have certain features to block sophisticated phishing threats. Blacklists are great for identifying emails from known malicious IP addresses, but IP addresses frequently change. Machine learning approaches are needed to identify previously unseen phishing tactics and threats from IP addresses not known to be malicious. Multiple AV engines can help block more malware threats, while email sandboxing can identify new malware variants. DMARC is also vital to block email impersonation attacks, while outbound scanning is important to rapidly detect compromised mailboxes. All of these features are employed by SpamTitan, which is why the solution has such a high block rate (over 99.97%) and low false positive rate.
Web filters are primarily used to restrict access to malicious and undesirable websites, whether they are sites with pornographic content or malicious sites used for phishing and malware distribution. Web filters, especially DNS-based filters, greatly improve protection against threats and will block access to known malicious websites. They will also block malware downloads and restrict access to questionable websites that serve no work purpose but increase risk. WebTitan will do this and more, and can easily be configured to protect remote workers, no matter where they choose to access the Internet.
With phishing attacks increasing it is important that businesses deploy solutions to counter the threat to stay one step ahead of the phishers. For further information on SpamTitan and WebTitan, and how they can protect your business, give the TitanHQ team a call. Both solutions are available on a free trial to allow you to see for yourself the difference they make. You can sign up for a free trial of SpamTitan here, and WebTitan on this link.
On June 24, 2021, Microsoft announced Windows 11 will soon be released. Windows 11 is a major upgrade of the Windows NT operating system, which will be the successor to Windows 10. Such a major release doesn’t happen that often – Windows 10 was released in 2015 – so there has been a lot of interest in the new operating system. The new Windows version is due for public release at the end of 2021, but there is an opportunity to get an early copy for free.
On June 28, Microsoft revealed the first Insider Preview of Windows 11. Upgrading to the new Windows version is straightforward. For a lucky few (or unlucky few if Windows 11 turns out to be exceptionally buggy), an upgrade just requires a user to enroll in the Dev channel of the Windows Insider Program. That said, many people have been trying to get an upgrade from unofficial sources.
Unsurprisingly, unofficial ISOs that claim to provide Windows 11 do not. Instead, they deliver malware. Threat actors have been distributing these fake Windows 11 installers and using them to deliver a wide range of malicious payloads. At best, these fake Windows 11 installers will deliver adware or unwanted programs. More likely, malware will be installed with various degrees of maliciousness, such as Remote Access Trojans and backdoors that give the attackers full access to the victims’ devices, information stealers such as keyloggers that steal passwords and other sensitive data, cryptocurrency miners, and ransomware.
Researchers at Kaspersky Lab have identified several fake Windows 11 installers doing the rounds, including one seemingly legitimate installer named 86307_windows 11 build 21996.1 x64 + activator.exe. Despite the name and 1.76GB file size, it was not what it seemed. If the user executed the file and agreed to the terms and conditions, the file would proceed to download a different executable that delivers a range of malicious software onto the user’s device.
As the hype builds ahead of the official release date, we can expect there to be many other fake installers released. Hackers do love a major software release, as its easy to get users to double click on executable files. Malicious adverts, websites, and emails offering free copies of Windows 11 will increase, so beware.
Ensure you have an advanced and effective spam filtering solution such as SpamTitan in place to protect against malicious emails, and a web filter such as WebTitan installed to block malicious file downloads. You should also make sure that you only install software or applications from official sources and take care to ensure that you really are on the official website of the software developer before downloading any files. A double click on a malicious executable file could cause a great deal of pain and expense for you and your employer.
The two main cybersecurity threats that businesses now have to deal with are phishing and ransomware attacks and those threats have become even more common over the past 12 months. Cybercriminals stepped up their attacks during the pandemic with many phishing campaigns launched using the novel coronavirus as a lure. These campaigns sought to distribute malware and steal credentials.
Ransomware attacks also increased in 2020. Several new ransomware-as-a-service (RaaS) operations were launched in 2020 and the number of attacks on businesses soared. In addition to encrypting files, data theft was also highly prevalent n 2020, with most ransomware operators stealing data prior to encrypting files. This double extortion tactic proved to be very effective. Many businesses were forced to pay the ransom even though they had backups and could have recovered their files. Payments were made to ensure data stolen in the attack was deleted and not misused, published, or sold.
Phishing and ransomware attacks often go hand in hand and are often used together in the same attack. Phishing emails are used to install malware, which in turn is used to provide access for ransomware gangs. The Emotet and TrickBot Trojans are notable examples. Operators of both of those Trojans teamed up with ransomware gangs and sold access once they had achieved their own objectives. The credentials stolen in phishing attacks are also sold onto RaaS affiliates and provide the foothold they need to conduct their devastating attacks.
Phishing campaigns are easy to conduct, low cost, and they can be very effective. Largescale campaigns involve millions of messages, and while most of those emails will be blocked by email security solutions or will be identified by employees as a threat, all it takes is for one employee to respond to a phishing email for an attacker to gain the access they need.
TitanHQ recently partnered with Osterman Research to explore how these and other cyber threats have affected businesses over the past 12 months. This new and original study involved an in-depth survey of security professionals to find out how those threats have affected their organization and how effective their defenses are at repelling attackers.
The survey showed the most common security incidents suffered by businesses were business email compromise (BEC) attacks, where employees are tricked into taking an action suggested in a scam email from the CEO, CFO or another high-level executive. These attacks often involve the genuine email account of an executive being compromised in a phishing scam and the attacker using that account to target employees in the same organization.
The next biggest threat was phishing emails that resulted in a malware infection, followed by phishing messages that stole credentials and resulted in an account compromise. The survey showed that these attacks are extremely common. 85% of interviewed security professionals said they had experienced one or more of 17 different types of security breaches in the past 12 months. While attacks were common, only 37% of respondents said their defenses against phishing and ransomware attacks were highly effective.
There are several steps that can be taken to improve defenses against phishing and ransomware attacks. End user training is important to teach employees what to look for and how to identify these types of threats. However, there is always potential for human error, so training alone is not the answer. Email security is the best defense. By blocking these threats at source, they will not land in inboxes and employees will not be tested. Email security should be combined with a web security solution to block the web-based component of phishing attacks and stop malware and ransomware downloads from the Internet.
The findings of the Osterman and TitanHQ survey will be explained in detail at an upcoming webinar on June 30, 2021. Attendees will also learn how they can significantly reduce the risk of ransomware and phishing attacks.
The webinar will be conducted by Michael Sampson, Senior Analyst at Osterman Research and Sean Morris, Chief Technology Officer at TitanHQ. You can Register Your Place Here
Reselling Office 365 doesn’t offer much in the way of profit for MSPs, although there are benefits for MSPs that come from offering Office 365 and it is possible to make Office 365 more profitable.
Before explaining where the margin is for MSPs in Office 365, let’s first take a look at the benefits for MSPs from offering Office 365.
Benefits for MSPs from Offering Office 365 to Clients
SMBs are increasingly moving from on-premises solutions to the cloud and Office 365 is one of the most popular cloud services. Office 365 now has more than 135 million commercial monthly users and that number is growing rapidly.
MSPs may not be able to make much from Office 365 alone, but by providing Office 365 MSPs can win more business and gain a competitive advantage. There is no outlay involved with offering Office 365 to clients, the product is great and meets clients’ needs, and money can be made from handling Office 365 migrations.
MSPs can also benefit from migrating existing clients from Exchange or SBS Exchange to Office 365. Office 365 is far easier to manage so they stand to save a great deal of time on troubleshooting and maintenance, which can be a major headache with Exchange.
By offering Office 365 you can win more business, reduce operational costs, and stay competitive. However, the best way to make money from Office 365 is through add-on services.
How MSPs Can Make Office 365 More Profitable
The margins for MSPs on Office 365 are rather thin to say the least. Many MSPs find that offering Office 365 on its own doesn’t provide any profit at all. Charging extra per license to improve profitability is an option, but clients could just go direct to avoid the extra cost.
The margins may be small, but managing Office 365 does not require a great deal of effort. You may only make around 50c or $1 per user but sign up enough clients and you could get a reasonable return. There is an opportunity for profit at scale; however, to make a decent return you need to sell services around Office 365.
One of the best ways to make Office 365 more profitable is by offering additional security services. Security is an area where Office 365 can be significantly improved, especially spam filtering. Microsoft has incorporated a spam filter and anti-phishing protections into Office 365, but they fall short of the protection offered by a dedicated third-party spam filter.
Phishing is the number one security threat faced by businesses and Office 365 anti-phishing protections leave a lot to be desired. By offering enhanced spam and phishing protection through a third-party spam filter, not only can MSPs make a decent margin on the add-on solution, by blocking phishing attacks and malware at source, a considerable amount of time can be saved on support. Offering spam filtering can help to generate additional recurring revenue, with SpamTitan provided as a high margin, subscription based SaaS solution.
There are plenty of other opportunities for selling third-party solutions to make up for the lack of options in Office 365. Email archiving is an easy sell and a quick win for MSPs. An email archive is important for compliance and security, saves on storage space, and improves efficiency, and gives clients access to emails from any location. Email archiving is available with office 365, but the solution has some severe drawbacks, and may not meet compliance requirements. Offering a feature-rich email archiving solution that is fully compliant, easy to use, with lightning fast search and retrieval should be an easy sell to Office 365 users.
Spam filtering, email archiving, web filtering, and encryption can be bundled together as an enhanced security package, with each element providing a decent return for MSPs. Given the cost of mitigating a data breach, by preventing breaches, an enhanced security offering will pay for itself and should not be too difficult to sell to Office 365 users.
Office 365 MSP Add-ons from TitanHQ
For more than 20 years TitanHQ has been developing innovative security solutions for businesses. Today, more than 7,500 businesses are protected by TitanHQ security solutions and more than 2,000 MSPs have signed up to the TitanHQ Alliance Program.
All TitanHQ solutions have been developed from the ground to meet the needs of the SMB marketplace and MSPs. TitanHQ’s spam filtering solution – SpamTitan, email archiving solution – ArcTitan, and web filtering solution – WebTitan, save MSPs support and engineering time, have great margins, and can be easily integrated into MSPs security stacks to make Office 365 more profitable. All TitanHQ solutions are quick and easy to deploy, and can be implemented into your existing Service Stack through API’s and RMM integrations. The MSP-client hierarchy enables you to keep clients separated and choose whether to manage client settings in bulk or on an individual basis. MSPs benefit from competitive pricing strategies, including monthly billing as we understand your clients are billed monthly.
There are multiple hosting options, including hosting the solution within your own data center, and all TitanHQ products can be supplied as a white label, ready to take your own branding. We have made our solutions as easy as possible to use, with intuitive controls and everything placed at your fingertips. However, should you ever have a problem, you will benefit from the best customer service in the industry, as well as scalable pre-sales and technical support and sales & technical training.
Low management overhead – A set and forget solution
Use our private cloud or your own data center
Extensive suite of APIs for integration into your central management system
Multi-tenant solution with multiple management roles
Scalable to thousands of users
In and outbound email scanning with IP domain protection
Extensive drill down reporting
Flexible pricing models to suit your needs, including monthly billing
Generous margins for MSPs
Fully customizable branding
TitanSHIELD Program for MSPs
To make it as easy as possible for MSPs to incorporate our world class network security solutions into their service stacks, TitanHQ developed the TitanSHIELD program. The TitanShield MSP Program allows MSPs to take advantage of TitanHQ’s proven technology so that they can sell, implement and deliver our advanced network security solutions directly to their client base. Under the TitanSHIELD program you get the following benefits:
TitanSHIELD Benefits
Sales Enablement
Marketing
Partner Support
Private or Public Cloud deployment
Access to the Partner Portal
Dedicated Account Manager
White Label or Co-branding
Co-Branded Evaluation Site
Assigned Sales Engineer Support
API integration
Social Network participation
Access to Global Partner Program Hotline
Free 30-day evaluations
Joint PR
Access to Partner Knowledge Base
Product Discounts
Joint White Papers
Technical Support
Competitive upgrades
Partner Events and Conferences
24/7 Priority Technical Support
Tiered Deal Registration
TitanHQ Newsletter
5 a.m. to 5 p.m. (PST) Technical Support
Renewal Protection
Better Together Webinars
Online Technical Training and FAQs
Advanced Product Information
Partner Certificate – Sales and technical
Access to Partner Technical Knowledge Base
Competitive Information and Research
Sales Campaigns in a box
Not-for-Resale (NFR) Key
Public Relations Program and Customer Testimonials
Product Brochures and Sales Tools
TitanHQ Corporate Style Guide and Logo Usage
Partner Advisory Council Eligibility
TitanHQ Partner Welcome Kit
QTRLY Business Planning and Review
Access to TitanHQ’s MVP Rewards Program
Access to Partner Support
To find out more about TitanHQ’s MSP offerings, for details of pricing and MSP margins, contact the TitanHQ Alliance Program team today and take the first step toward making Office 365 more profitable.
TitanHQ has announced the release of a new version of WebTitan Cloud that includes new security features, easier administration, and the introduction of WebTitan OTG (on-the-go) for Chromebooks for the education sector.
One of the main changes introduced with WebTitan Cloud version 4.16 is the addition of DNS Proxy 2.06, which supports filtering of users in Azure Active Directory. This is in addition to on-premise AD and directory integration for Active Directory. The support for Azure Active Directory will make it easier for customers to enjoy the benefits of WebTitan Cloud, while making management easier and less time-consuming. Support for further directory services will be added with future releases to meet the needs of customers.
Current WebTitan customers do not need to do anything to upgrade to the latest version of WebTitan, as updates to WebTitan Cloud are handled by TitanHQ and users will be upgraded to the latest version automatically to ensure they benefit from improved security, the latest fixes, and new functionality.
The latest WebTitan Cloud release has allowed TitanHQ to introduce a new solution specifically to meet the needs of clients in the education sector – WebTitan OTG (on-the-go) for Chromebooks.
The use of Chromebooks has grown significantly over the past year, which corresponds with an increase in student online activity. WebTitan OTG for Chromebooks allows IT professionals in the education sector to ensure compliance with federal and state laws, including the Children’s Internet Protection Act (CIPA), and ensure students can use their Chromebooks safely and securely.
WebTitan OTG for Chromebooks is a DNS-based web filtering solution that requires no proxies, VPNs or any additional hardware and since the solution is DNS-based, there is no impact on Internet speed. Once implemented, filtering controls can be set for all Chromebook users, no matter where they connect to the Internet. The controls will be in place in the classroom and at home and all locations in between.
Administrators can easily apply filtering controls for all students, different groups of students, and staff members, including enforcing Safe Search. The solution will block access to age-inappropriate content, phishing web pages, malicious websites used for distributing malware, and any category of website administrators wish to block. Chromebooks can also easily be locked down to prevent anyone bypassing the filtering controls set by the administrator.
WebTitan OTG for Chromebooks delivers fast and effective user- and device-level web filtering and empowers students to discover the Internet in a safe and secure fashion. Reports can be generated on demand or scheduled which provide information on Chromebook user locations, the content that has been accessed, and any attempts to bypass filtering, with real-time views of Internet access also possible.
“This new release comes after an expansive first quarter. The launch of WebTitan Cloud 4.16 brings phenomenal new security features to our customers,” Said TitanHQ CEO, Ronan Kavanagh. “After experiencing significant growth in 2020, TitanHQ expects these product enhancements and new features to make 2021 another record-breaking year.”
Ransomware attacks on the education sector in the United Kingdom have increased sharply since February, and the sector was already extensively targeted by threat groups long before then. The education sector is an attractive target for cybercriminals as sizeable amounts of sensitive data are stored within computer systems that can be easily monetized if stolen.
Students’ personally identifiable information is of more value than that of adults, and it can often be used for years before any fraud is detected. Higher education institutions often have intellectual property and research data that is incredibly valuable and can easily be sold on for a huge profit. Ransomware attacks prevent access to essential data, and with the pandemic forcing the education sector to largely switch to online learning, when communication channels and websites are taken out of action learning can grind to a halt.
In the United Kingdom, the reopening of schools and universities has only been possible with COVID-19 testing and contact tracing, which is also disrupted by ransomware attacks. Files are encrypted which prevents access to essential testing and monitoring data, further hampering the ability of schools, colleges, and universities to operate.
As is the case with healthcare, which has also seen a major increase in cyberattacks during the pandemic, services are majorly disrupted without access to computer systems, and there is considerable pressure on both industries to pay the ransom demands to recover from the attacks more quickly. Ransoms are more likely to be paid than in other industry sectors.
What makes the education sector an even more attractive prospect for cybercriminals is poorer security defenses than other industries. The lack of security controls makes attacks much more likely to succeed. On top of that, students often use their own devices to connect to networks so security can be very difficult to police, and many departments make their own IT decisions, which can easily result in vulnerabilities being introduced and remaining unaddressed.
The ease and profitability of attacks has made education a top target for ransomware gangs. Emsisoft reports education was the sector most targeted by ransomware gangs in 2020.
The increase in ransomware attacks on educational institutions in the United Kingdom prompted the UK’s National Cyber Security Center to issue a warning in March to all entities in the education sector about the risk of cyberattacks. NCSC noted in its alert that there was a significant increase in attacks in August and September 2020, and a further rise in attacks since February 2021.
University of Hertfordshire Suffers Major Cyberattack
One of the most damaging university cyberattacks in recent months occurred at the University of Hertfordshire. Late on April 14, cybercriminals struck, with the attack impacting all of the university’s systems. No cloud systems were available, nor MS Teams, Canvas, or Zoom. The attack forced the university to cancel all of its online classes for the following day, although in person teaching was able to continue provided computer access was not necessary.
It has been more than a week since the attack, and while some systems are now back online, disruption is still being experienced with student records, university business services, learning resource centre services, data storage, student services, staff services, and the postgraduate application portal, with the email system also considered to be at risk.
The university has not confirmed the nature of the attack, but it has the hallmarks of a ransomware attack, although the university has issued a statement stating that the attack did not involve data theft.
The University of Hertfordshire is certainly not alone. In March, South and City College of Birmingham was hit with a ransomware attack that took all of its computer systems out of action, with the college forced to switch to online learning for its 13,000 students.
UK Schools also Under Attack
The cyberattacks in the United Kingdom have not been limited to universities. School systems have also suffered more than their fair share of attacks. In March, the Harris Federation, which runs 50 schools in the UK, suffered a ransomware attack that took out communications systems and majorly affecting online learning for 37,000 students.
Also in March, the Nova Education Trust suffered a ransomware attack that took its systems out of action and affected 15 schools, all of which lost access to their communication channels including the phone system, email, and websites. The Castle School Education Trust also suffered a ransomware attack in March that disrupted the online functions of 23 schools.
What Can Be Done to Stop Cyberattacks in Education?
Cybersecurity must become a major focus for schools, colleges, and universities. The attacks are being conducted because they are easy and profitable and, until that changes, the attacks are not likely to slow and, in all likelihood, will continue to increase.
To protect against attacks, the education sector needs to implement multi-layered security defenses and find and address vulnerabilities before they are discovered by ransomware gangs and other cybercriminal operations.
The best place to start is by improving security for the two main attack vectors: email and the Internet. That is an area where TitanHQ can help. To find out more, get in touch with the TitanHQ team today and take the first step towards improving your security posture and better protecting your networks and endpoints from extremely damaging cyberattacks.
Threat actors are constantly changing their tactics, techniques, and procedures (TTP) to increase the chances of getting their malicious payloads delivered. Spam and phishing emails are still the most common methods used for delivering malware, with the malicious payloads often downloaded via the web via hyperlinks embedded in emails.
A new tactic that has been adopted by the threat group behind the IcedID banking Trojan cum malware downloader involves hijacking contact forms on company websites. Contact forms are used on most websites to allow individuals to register interest. These contact forms typically have CAPTCHA protections which limit their potential for use in malicious campaigns, as they block bots and require each contact request to be performed manually.
However, the threat actors behind the IcedID banking Trojan have found a way of bypassing CATCHA protections and have been using contact forms to deliver malicious emails. The emails generated by contact forms will usually be delivered to inboxes, as the contact forms are trusted and are often whitelisted, which means email security gateways will not block any malicious messages.
In this campaign, the contact forms are used to send messages threatening legal action over a copyright violation. The messages submitted claim the company has used images on its website that have been added without the image owner’s permission. The message threatens legal action if the images are not immediately removed from the website, and a hyperlink is provided in the message to Google Sites that contains details of the copyrighted images and proof they are the intellectual property of the sender of the message.
Clicking the hyperlink to review the supplied evidence will result in the download of zip file containing an obfuscated .js downloader that will deliver the IcedID payload. Once IcedID is installed, it will deliver secondary payloads such as TrickBot, Qakbot, and Ryuk ransomware.
IcedID distribution has increased in recent weeks, not only via this method but also via phishing emails. A large-scale phishing campaign is underway that uses a variety of business-themed lures in phishing emails with Excel attachments that have Excel 4 macros that deliver the banking Trojan.
The increase in IcedID malware distribution is likely part of a campaign to infect large numbers of devices to create a botnet that can be rented out to other threat groups under the malware-as-a-service model. Now that the Emotet botnet has been taken down, which was used to deliver different malware and ransomware variants, there is a gap in the market and IcedID could be the threat that takes over from Emotet. In many ways the IcedID Trojan is very similar to Emotet and could become the leading malware-as-a-service offering for delivering malware payloads.
To find out how you can protect your business against malware and phishing threats at a reasonable price, give the TitanHQ team a call today and discover for yourself why TitanHQ email and web security solutions consistently get 5-star ratings from users for protection, price, ease of use, and customer service and support.
TitanHQ has been recognized for its email security, web security, and email archiving solutions, collecting not one, not two, but three prestigious awards from Expert Insights.
Expert Insights was launched in 2018 to help businesses find cybersecurity solutions to protect their networks and devices from an ever-increasing number of cyber threats. Researching cybersecurity solutions can be a time-consuming process, and the insights and information provided by Expert Insights considerably shortens that process. Unlike many resources highlighting the best software solutions, Expert Insights includes ratings from verified users of the products to give users of the resource valuable insights about how easy products are to use and how effective they are at blocking threats. Expert Insights has helped more than 100,000 businesses choose cybersecurity solutions and the website is visited by more than 40,000 individuals a month.
Each year, Expert Insights recognizes the best and most innovative cybersecurity solutions on the market in its “Best-Of” Awards. The editorial team at Expert Insights assesses vendors and their products on a range of criteria, including technical features, ease-of-use, market presence, and reviews by verified users of the solutions. Each product is assessed by technology experts to determine the winners in a broad range of categories, including cloud, email, endpoint, web, identity, and backup security.
“2020 was an unprecedented year of cybersecurity challenges, with a rapid rise in remote working causing a massive acceleration in cybercrime,” said Craig MacAlpine, CEO and Founder, Expert Insights. “Expert Insights’ Best-Of awards are designed to recognize innovative cybersecurity providers like TitanHQ that have developed powerful solutions to keep businesses safe against increasingly sophisticated cybercrime.”
Three TitanHQ cybersecurity solutions were selected and named winners in the Expert Insights’ 2021 “Best-Of” Awards in the Email Security Gateway, Web Security, and Email Archiving categories. SpamTitan was named winner in the Email Security Gateway category, WebTitan won in the Web Security category, and ArcTitan was named a winner in the Email Archiving category. SpamTitan and WebTitan were praised for the level of protection provided, while being among the easiest to use and most cost-effective solutions in their respective categories.
All three products are consistently praised for the level of protection provided and are a bit hit with enterprises, SMBs, and MSPs. The solutions attract many 5-star reviews from real users on the Expert Insights site and many other review sites, including Capterra, GetApp, Software Advice, Google Reviews, and G2 Crowd. The cybersecurity solutions are now used by more than 8,500 businesses and over 2,500 MSPs.
“The recent pandemic and the growth of remote working initiatives have further highlighted the need for multiple layers of cybersecurity and our award-winning solutions form key pillars in this security strategy,” said Ronan Kavanagh, CEO, TitanHQ. “We will continue to innovate and provide solutions that MSPs can use to deliver a consistent, secure and reliable experience to their customers.”
To protect their clients from phishing attacks, Managed Service Providers (MSPs) need to provide a comprehensive range of cybersecurity solutions. This post explores the risks from phishing and suggests some easy to implement anti-phishing solutions for MSPs to add to their security offerings.
Phishing is the Number One Cyber Threat Faced by SMBs
Phishing is the number one cyber threat faced by businesses and one of the hardest to defend against. All it takes is for an employee to respond to a single phishing email for a costly data breach to occur. The consequences for the company can be severe.
Email accounts contain a wide range of sensitive information. A phishing attack on a UnityPoint Health hospital in Des Moines, IA, in 2018 saw the protected health information of 1.4 million patients compromised. Also in 2018, a phishing attack on the Boys Town National Research Hospital saw one account compromised that contained the information of more than 105,300 patients. Phishing emails are also used to introduce malware and ransomware. These attacks can be even more damaging and costly to mitigate.
The healthcare industry is extensively targeted by phishers due to the high value of healthcare data, although all industry sectors are at risk. In response to the high number of cyberattacks and the current threat levels, the Trump administration recently launched the “Know the Risk, Raise your Shield” campaign. The campaign aims to raise awareness of the threat from phishing and other attack methods and encourage private businesses to do more to improve their defenses.
Phishing will continue to be a major threat to businesses for the foreseeable future. Attacks will continue because they require relatively little skill to conduct, phishing is highly effective, and attacks can be extremely lucrative.
Easy to Implement Anti-Phishing Solutions for MSPs
There is no single solution that will provide total protection against phishing attacks. Businesses need layered defenses, which provides an opportunity for MSPs. SMBs can struggle to implement effective defenses against phishing on their own and look to MSPs for assistance.
MSPs that can provide a comprehensive anti-phishing package will be able to protect their clients, prevent costly phishing attacks, and generate more business. Effective anti-phishing controls are also an easy sell. Given the cost of mitigating attacks, the package is likely to pay for itself. But what solutions should be included in MSPs anti-phishing offerings?
Listed below are three easy-to-implement anti-phishing solutions for MSPs to offer to their clients, either individually or part of an anti-phishing security package.
Advanced Spam Filtering
Advanced spam filtering solutions are essential. They block phishing emails on the server before they can be delivered to inboxes or employees’ spam folders. An advanced spam filter will block in excess of 99.9% of spam and malicious emails and by itself, is the single most important solution to implement.
SpamTitan is an ideal anti-phishing solution for MSPs. This cloud-based solution supports an unlimited number of domains, all of which can be protected through an easy to use interface. The solution supports per domain administrators, with each able to implement elements of their own email such as searches and the release of messages from the quarantine folder. Reports can be generated per domain and those reports can be scheduled and automatically sent to clients. The solution can be fully rebranded to take an MSP logo and color scheme, and the solution can be hosted in TitanHQ’s private cloud or within your own data center.
Security Awareness Training and Testing
While the majority of malicious emails will be blocked at source, a very small percentage may slip through the net. It is therefore essential for employees to be aware of the risks from phishing and to have the skills to identify potential phishing emails. MSPs can help their clients by providing a staff training program. Many security awareness training companies offer MSP programs to help manage training for clients and a platform to conduct phishing simulation exercises to test security awareness.
DNS-Based Web Filtering
Even with training, some employees may be fooled by phishing emails. This is to be expected, since many phishing campaigns use messages which are highly realistic and virtually indistinguishable from genuine emails. Spam filters will block malicious attachments, but a web filter offers protection from malicious hyperlinks that direct users to phishing websites.
A DNS-based web filter blocks attempts by employees to access phishing websites at the DNS-level, before any content is downloaded. When an employee clicks on a phishing email, they will be directed to a block screen rather than the phishing website. Being DNS-based, web filters are easy to implement and no appliances are required.
WebTitan is an ideal web filtering solution for MSPs. WebTitan can be configured in just a couple of minutes and can protect all clients from web-based phishing attacks, with the solution managed and controlled through a single easy-to-use interface. Reports can be automatically scheduled and sent to clients, and the solution is available in full white-label form ready for MSPs branding. A choice of hosting solutions is also offered, and the solution can connect with deployment, billing and management tools through APIs.
Key Product Features of SpamTitan and WebTitan for MSPs
Easy to manage: There is a low management overhead. SpamTitan and WebTitan are set and forget solution. We handle all the updates and are constantly protecting against new threats globally, in real-time.
Scalability: Regardless of your size you can deploy the solution within minutes. SpamTitan and WebTitan are scalable to thousands of users.
Extensive API: MSPs provided with API integration to provision customers through their own centralized management system; a growth-enabling licensing program, with usage-based pricing and monthly billing.
Hosting Options: SpamTitan and WebTitan can be deployed as a cloud based service hosted in the TitanHQ cloud, as a dedicated private cloud, or in the service provider’s own data center.
Extensive drill down reporting: Integration with Active Directory allows detailed end user reporting. Comprehensive reports can be created on demand or via the scheduled reporting options.
Support: World class support – we are renowned for our focus on supporting customers.
Tried & Tested: TitanHQ solutions are used by over 1500 Managed Service Providers worldwide.
Rebrandable: Rebrand the platform with your corporate logo and corporate colors to reinforce your brand or to resell it as a hosted service.
TitanSHIELD Program for MSPs
To make it as easy as possible for MSPs to incorporate our world class network security solutions into their service stacks, TitanHQ developed the TitanSHIELD program. The TitanShield MSP Program allows MSPs to take advantage of TitanHQ’s proven technology so that they can sell, implement and deliver our advanced network security solutions directly to their client base. Under the TitanSHIELD program you get the following benefits:
TitanSHIELD Benefits
Sales Enablement
Marketing
Partner Support
Private or Public Cloud deployment
Access to the Partner Portal
Dedicated Account Manager
White Label or Co-branding
Co-Branded Evaluation Site
Assigned Sales Engineer Support
API integration
Social Network participation
Access to Global Partner Program Hotline
Free 30-day evaluations
Joint PR
Access to Partner Knowledge Base
Product Discounts
Joint White Papers
Technical Support
Competitive upgrades
Partner Events and Conferences
24/7 Priority Technical Support
Tiered Deal Registration
TitanHQ Newsletter
5 a.m. to 5 p.m. (PST) Technical Support
Renewal Protection
Better Together Webinars
Online Technical Training and FAQs
Advanced Product Information
Partner Certificate – Sales and technical
Access to Partner Technical Knowledge Base
Competitive Information and Research
Sales Campaigns in a box
Not-for-Resale (NFR) Key
Public Relations Program and Customer Testimonials
Product Brochures and Sales Tools
TitanHQ Corporate Style Guide and Logo Usage
Partner Advisory Council Eligibility
TitanHQ Partner Welcome Kit
QTRLY Business Planning and Review
Access to TitanHQ’s MVP Rewards Program
Access to Partner Support
For further information on TitanHQ’s anti-phishing solutions for MSPs, contact the TitanHQ team today and enquire about joining the TitanSHIELD program.
The threat of phishing is ever present, especially for the healthcare industry which is often targeted by phishers due to the high value of healthcare data and compromised email accounts. Phishing attacks are having a major impact on healthcare providers in the United States, which are reporting record numbers of successful phishing attacks. The industry is also plagued by ransomware attacks, with many of the attacks having their roots in a successful phishing attack. One that delivers a ransomware downloader such as the Emotet and TrickBot Trojans, for example.
A recent survey conducted by HIMSS on U.S. healthcare cybersecurity professionals has confirmed the extent to which phishing attacks are succeeding. The survey, which was conducted between March and September 2020, revealed phishing to be the leading cause of cybersecurity incidents at healthcare organizations in the past year, being cited as the cause of 57% of incidents.
One interesting fact to emerge from the survey is the lack of appropriate protections against phishing and other email attacks. While it is reassuring that 91% of surveyed organizations have implemented antivirus and antimalware solutions, it is extremely concerning that 9% appear to have not. Only 89% said they had implemented firewalls to prevent cybersecurity incidents.
Then there is multi-factor authentication. Multifactor authentication will do nothing to stop phishing emails from being delivered, but it is highly effective at preventing stolen credentials from being used to remotely access email accounts. Microsoft suggested in a Summer 2020 blog post that multifactor authentication will stop 99.9% of attempts to use stolen credential to access accounts, yet multifactor authentication had only been implemented by 64% of healthcare organizations.
That does represent a considerable improvement from 2015 when the survey was last conducted, when just 37% had implemented MFA, but it shows there is still considerable for improvement, especially in an industry that suffers more than its fair share of phishing attacks.
In the data breach reports that are required for compliance with the Health Insurance Portability and Accountability Act (HIPAA) Rules, which healthcare organizations in the U.S are required to comply with, it is common for breached organizations to state they are implementing MFA after experiencing a breach, when MFA could have prevented that costly breach from occurring in the first place. The HIMSS survey revealed 75% of organizations augment security after suffering a cyberattack.
These cyberattacks not only take up valuable resources and disrupt busines operations, but they can also have a negative impact on patient care. 28% of respondents said cyberattacks disrupted IT operations, 27% said they disrupted business operations, and 20% said they resulted in monetary losses. 61% of respondents said the attacks had an impact on non-emergency clinical care and 28% said the attacks had disrupted emergency care, with 17% saying they had resulted in patient harm. The latter figure could be underestimated, as many organizations do not have the mechanisms in place to determine whether patient safety has been affected.
The volume of phishing attacks that are succeeding cannot be attributed to a single factor, but what is clear is there needs to be greater investment in cybersecurity to prevent these attacks from succeeding. An effective email security solution should be top of the list – One that can block phishing emails and malware attacks. Training on cybersecurity must be provided to employees for HIPAA compliance, but training should be provided regularly, not just once a year to meet compliance requirements. Implementation of multifactor authentication is also an essential anti-phishing measure.
One area of phishing protection that is often overlooked is a web filter. A web filter blocks the web-based component of phishing attacks, preventing employees from accessing webpages hosting phishing forms. With the sophisticated nature of today’s phishing attacks, and the realistic fake login pages used to capture credentials, this anti-phishing measure is also important.
Many hospitals and physician practices have limited budgets for cybersecurity, so it is important to not only implement effective anti-phishing and anti-malware solutions, but to get effective solutions at a reasonable price. That is an area where TitanHQ excels.
TitanHQ can provide cost-effective cloud-based anti-phishing and anti-malware solutions to protect against the email- and web-based components of cyberattacks and both of these solutions are provided at a very reasonable cost, with flexible payment options.
Further, these solutions have been designed to be easy to use and require no technical skill to set up and maintain. The ease of use, effectiveness, and low price are part of the reason why the solutions are ranked so highly by users, achieving the best rankings on Capterra, GetApp and Software Advice.
If you want to improve your defenses against phishing, prevent costly cyberattacks and data breaches, and the potential regulatory fines that can follow, give the TitanHQ team today and inquire about SpamTitan Email Security and WebTitan Web Security.
Black Friday and Cyber Monday are fast approaching and this year even more shoppers will be heading online to secure their Christmas bargains due to the COVID-19 pandemic. In many countries, such as the UK, lockdowns are in place that have forced retailers to close the doors of their physical shops, meaning Black Friday deals will only be available online. 2020 is likely to see previous records smashed with even more shoppers opting to purchase online due to many shops being closed and to reduce the risk of infection.
Surge in Phishing Attacks in the Run Up to Black Friday
The fact that many consumers have been forced to shop online due to COVID-19 has not been missed by cybercriminals, who have started their holiday season scams early this year. Every year sees a sharp rise in phishing emails and online scams that take advantage of the increase in sales in the run up to Christmas, but this year the data show cybercriminals have stepped up their efforts to spread malware, steal sensitive data, and fool the unwary into making fraudulent purchases.
Recent figures released by Check Point show there has been a 13-fold increase in phishing emails in the past 6 weeks with one in every 826 emails now a phishing attempt. To put that figure into perspective, 1 in 11,000 emails in October 2020 were phishing emails. Check Point reports 80% of the phishing emails were related to online sales, discounts, and special offers, and as Black Friday and Cyber Monday draws ever closer, the emails are likely to increase further.
Local lockdowns have piled pressure on smaller retailers, who are at risk of losing even more busines to the large retailers such as Amazon. In order to get their much-needed share of sales in the run up to Christmas, many have started conducting marketing campaigns via email to showcase their special offers and discounts. Those messages are likely to make it easier for cybercriminals to operate and harder for individuals to distinguish the genuine special offers from the fraudulent messages.
Cybercriminals have also started using a range of different techniques to make it harder for individuals to identify phishing and scam messages. Some campaigns involved the use of CAPTCHAs to fool both security solutions and end users, and the use of legitimate cloud services such as Google Drive and Dropbox for phishing and malware distribution is also rife.
With the scams even harder to spot and the volume of phishing and other scam emails up considerably, it is even more important for businesses to ensure their security measures are up to scratch and scam websites and phishing emails are identified and blocked.
How to Improve your Defenses Against Black Friday Phishing Scams and Other Threats
This is an area where TitanHQ can help. TitanHQ has developed two security solutions that work seamlessly together to provide protection from phishing and malware attacks via email and the Internet, not just protecting against previously seen threats, but also zero-day malware and phishing threats.
The SpamTitan email security and WebTitan web security solutions use a layered approach to threat detection, each incorporating multiple layers of protection to ensure that threats are identified and blocked. Both solutions leverage threat intelligence using a crowd sourced approach, to provide protection against emerging and even zero-minute threats.
SpamTitan uses smart email filtering and scanning, incorporating machine learning and behavioral analysis techniques to detect and isolate suspicious emails, dual antivirus engines, sandboxing to trick cybercriminals into thinking they have reached their target, and SPF, DKIM, and DMARC to detect and block email impersonation attacks.
WebTitan is an AI-powered cloud-based DNS web filtering solution that provides protection from online threats such as malware and ransomware and the web-based component of phishing attacks. The solution uses automation and advanced analytics to search through billions of URLs/IPs and phishing sites that could lead to a malware or ransomware infection or the compromising of employee credentials. The solution is an effective cybersecurity measure for protecting against web-based threats for office-based employees and remote workers alike.
If you want to protect your business this holiday season and beyond and improve your defenses against email and web-based threats, give the TitanHQ team a call. Product demonstrations can be arranged, advice offered on the best deployments, and if the solutions are not suitable for your business, we will tell you so. You can also trial both solutions free of charge to evaluate their performance in your own environment before making a decision on a purchase.
The cybercriminal organization behind Ryuk ransomware – believed to be an eastern European hacking group known as Wizard Spider – has stepped up attacks on hospitals and health systems in the United States. This week has seen a wave of attacks on hospitals from the Californian coast to the eastern seaboard, with 6 Ryuk ransomware attacks on hospitals reported in a single day.
Ryuk ransomware causes widespread file encryption across entire networks, crippling systems and preventing clinicians from accessing patient data. Even when the attacks are detected quickly, systems must be shut down to prevent the spread of the ransomware. While hospitals have disaster protocols for exactly this kind of scenario and patient data can be recorded using pen and paper, the disruption caused is considerable. Non-essential surgeries and appointments often need to be cancelled and, in some cases, hospitals have been forced to divert patients to alternative medical facilities.
It is unclear if any ransomware attacks on U.S. hospitals have resulted in fatalities, but there was recently a fatality in an attack in Germany, where a patient was rerouted to a different hospital and died before lifesaving treatment could be provided. Had the ransomware attack not occurred, treatment could have been provided in time to save the patient’s life. The attacks in the United States also have the potential to result in loss of life, especially in such as large-scale, coordinated campaign.
Earlier in the week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Department of Health and Human Services (HHS) issued an advisory after credible evidence emerged indicating Ryuk ransomware attacks on U.S. hospitals and healthcare providers were about to increase.
It is unclear why the attacks have increased now and the exact motives behind the current campaign, but recently Microsoft and U.S. Cyber Command, in conjunction with several cybersecurity firms, disrupted the TrickBot botnet – A network of devices infected with the TrickBot Trojan. The TrickBot Trojan is operated by a different cybercriminal group to Ryuk, but it was extensively used to deliver Ryuk ransomware. The botnet is back up and running, with the threat actors switching to alternative infrastructure, but there have been suggestions that this could be a response to the takedown.
The Ryuk ransomware attacks on hospitals come at a time when healthcare providers are battling the coronavirus pandemic. In the United States the number of new cases is higher than at any time since the start of the pandemic. Hospitals cannot afford to have systems taken out of action and patient care disrupted. The timing of the attacks is such that hospitals may feel there is little alternative other than paying the ransom to ensure that disruption is kept to a minimum. Ransomware gangs are known to time their attacks to cause maximum disruption.
Ryuk ransomware attacks on hospitals have been steadily increasing in the United States prior to the latest spike. Figures released by Check Point Research in the past few days show ransomware attacks on hospitals increased 71% from September, with healthcare the most targeted industry sector, not only in October, but also Q3, 2020. Ryuk ransomware attacks account for 75% of all ransomware attacks on hospitals in the United States.
There is concern that the latest attacks will be just the tip of the iceberg. Some security experts suggest the gang is looking to target hundreds of hospitals and health systems in the United States in this campaign. Each attack on a health system could see several hospitals affected. The attack this week on the University of Vermont Health Network impacted 7 hospitals.
Defending against ransomware attacks can be a challenge, as multiple methods are used to gain access to healthcare networks. Ryuk ransomware is commonly delivered by the TrickBot Trojan, which is delivered as a secondary payload by the Emotet Trojan. The Buer loader and BazarLoader are also being used to deliver Ryuk ransomware. These malware downloaders are delivered via phishing emails so a good spam filter is therefore important.
Employees should be made aware of the increased threat of attack and advised to exercise extra caution with emails. Software updates need to be applied promptly and all systems kept fully patched and up to date. Default passwords should be changed, and complex passwords used, with multi-factor authentication implemented where possible. If it is not necessary for systems to be connected to the Internet, they should be disconnected, and RDP should be disabled where possible.
It is also essential for regular backups of critical data to be made and for those backups to be stored securely on non-networked devices to ensure that in the event of an attack hospitals have the option to recover their data without having to pay the ransom.
Further information on indicators of compromise and other mitigations are available in the CISA Ryuk ransomware advisory.
Phishing is a cybersecurity threat that businesses of all sizes are likely to face and one that requires multiple phishing protection measures to prevent. Phishing is the term given to fraudulent attempts to obtain sensitive information such as login credentials to email accounts or employee/customer information. Phishing can take place over the telephone (vishing), via text message (SMiShing), or through social media networks and websites, but the most common phishing attacks take place over email.
When phishing occurs over email, an attack usually consists of two elements. A lure – a reason given in the email that encourages the user to take a particular action – and a web-based component, where sensitive information is collected.
For instance, an email is sent telling the recipient that there has been a security breach that requires immediate action. A link is supplied in the email that directs the recipient to a website where they are required to login and verify their identity. The website is spoofed to make it look like the site it is impersonating and when information is entered it is captured by the attacker.
Phishing protection measures should be deployed to block both of these components. First, you need a solution that stops the phishing attack at source and prevents phishing emails from being delivered to inboxes. You should also have security measures in place to prevent information from being handed over to the attackers at the web stage of the attack. As an additional protection, in case both of those measures fail, you need to prevent stolen credentials from being used to gain access to the account.
Four Essential Phishing Protection Measures
Phishing protection measures should consist of four elements: a spam filter, a web filter, end user training, and multi-factor authentication – often referred to as layered phishing defenses. If one layer should fail, others are in place to make sure the attack does not succeed.
Spam filtering
A spam filter is your first line of defense and one that will block the vast majority of email threats. An advanced spam filter will block in excess of 99.9% of spam, phishing, and malware-laced emails. Spam filters incorporate several layers of protection. They use blacklists of known spammers – domains, email accounts, and IP addresses that have previously been used for spamming, phishing, and other nefarious activities. Checks are performed on the message headers and the message body is subjected to multiple checks to identify malicious URLs and keywords commonly used in spam and phishing emails. Each message is given a score, and if that score is higher than a pre-defined threshold, the message will be either deleted or quarantined. Spam filters also incorporate antivirus engines that check messages for malicious attachments.
Web filtering
Cybercriminals are constantly changing tactics and developing new methods to obfuscate their phishing attempts to bypass spam filters. Spam filters are updated to block these new attacks, but there will be a lag and some messages will slip through the net on occasion. This is where a web filter kicks into action. A web filter will check a website against several blacklists and will assess the content of the website in real-time. If the website is deemed to be malicious, the user will not be permitted to connect, instead they will be directed to a local block page. Web filters also have AV software to prevent malware being downloaded and can be used to control the types of content users can access – blocking pornography for instance, or social media networks, gaming sites and other productivity drains.
End user training
Technical anti-phishing measures are important, but they will not block all attacks. It is therefore essential to provide end user training to help employees identify phishing and other malicious emails. A once-a-year formal training session should be conducted, with ongoing, regular shorter training sessions throughout the year to raise awareness of new threats and to reinforce the annual training. Phishing simulations should also be conducted to test whether training has been effective and to ensure that any knowledge gaps are identified and addressed.
Multi-factor authentication
If credentials are stolen in a phishing attack, or are otherwise obtained by a cybercriminal, multi-factor authentication can prevent those credentials from being used. In addition to a password, a second factor must be provided before account access is granted. This could be a token, code, or one-time password, with the latter usually sent to a mobile phone. While multi-factor authentication will block the majority of attempts by unauthorized individuals to access accounts, it is not infallible and should not be considered as a replacement for the other protections. Multi-factor authentication will also not stop malware infections.
Phishing Protection Solutions from TitanHQ
TitanHQ has developed two powerful cybersecurity solutions to help you protect against phishing and malware attacks: SpamTitan email security and the WebTitan web filter. Both of these solutions have multiple deployment options and are easy to implement, configure, and use. The solutions are consistently rated highly by end users for the level of protection provided, ease of deployment, ease of use, and for the excellent customer support if you ever have any problems or questions.
On top of that, pricing is totally transparent with no hidden extras, and the solutions are very competitively priced. Both are available on a free trial to allow you to test them in your own environment before committing to a purchase.
Security awareness for remote workers has never been more important. It is fair to say that there have never been more people working from home as there are now during the COVID-19 pandemic, and home workers are now being actively targeted by cybercriminals who see them as providing an easy way to gain access to their corporate networks to steal sensitive information, and install malware and ransomware.
Businesses may have already given their employees security awareness training to make sure they are made aware of the risks that they are likely to encounter and to teach them how to recognize threats and respond. However, working from home introduces many more risks and those risks may not have been covered in security awareness training sessions geared toward protecting office workers. It is also important to provide security training for employees, and this is especially important for remote workers, as risk increases when employees are working remotely.
In this post we will highlight some of the key areas that must be addressed in work-from-home (WFH) security awareness training for the workforce.
Increased Security Awareness for Remote Workers Required as COVID-19 Crisis Deepens
Naturally, as an email security solution provider, we strongly advocate the use of a powerful email security solution and layered technical defenses to protect against phishing, but technical controls, while effective, will not stop all threats from reaching inboxes. It is all too easy to place too much reliance on technical security solutions for securing email environments and work computers. The truth is that even with the best possible email security defenses in place, some threats will end up reaching inboxes.
The importance of providing security awareness training to the workforce and the benefits of doing so have been highlighted by several studies. One benchmarking study, conducted by the security awareness training provider KnowBe4, revealed 37.9% of employees fail phishing tests if they are not provided with security awareness and social engineering training. That figure has increased by 8.3% from the previous year. With security awareness training and phishing email simulations, the figure dropped to 14.1% after 90 days.
During the COVID-19 pandemic, the volume of phishing emails being sent has increased significantly and campaigns are being conducted targeting remote workers. The aim of the phishing campaigns is to obtain login credentials to email accounts, VPNs, and SaaS platforms and to spread malware and ransomware.
With so many employees now working from home, and the speed at which companies have had to transition from a largely office-based workforce to having virtually everyone working from home may have seen security awareness training for remote workers put on the back burner. However, with the lockdown likely to be extended for several months and attacks on the rise, it is important to make sure that training is provided, and as soon as possible.
Increase in COVID-19 Domain Registrations and Rise in Web-Based Attacks
Security awareness training for remote workers also needs to cover internet security as not all threats will arrive in inboxes. Most phishing attacks have a web-based component, and malicious websites are being set up for drive-by malware downloads. Currently, the vast majority of threats are using COVID-19 and the Novel Coronavirus as a lure to get remote workers to download malware, ransomware, or part with their login credentials.
Unsurprisingly, cybercriminals have increased web-based attacks, which are being conducted using a plethora of COVID-19 and novel coronavirus-themed domains. By the end of March, approximately 42,000 domains related to COVID-19 and coronavirus had been registered. An analysis by Check Point Research revealed those domains were 50% more likely to be malicious than other domains registered over the same period.
It is important to raise awareness of the risks of using corporate laptops for personal use such as browsing the Internet. Steps should also be taken to limit the websites that can be accessed by employees and, at the very least, a solution should be implemented and configured to block access to known malicious websites that are used for phishing, fraud, and malware distribution.
Shadow IT is a Major Security Risk
When employees are office-based and connected to the network, identifying shadow IT – unauthorized software and hardware used by employees – is more straightforward. The problem not only becomes harder to identify when employees work from home, the risk of unauthorized software being loaded onto corporate-issued devices increases.
Software downloaded onto work computers carries a risk of a malware infection and potentially offers an easy way to attack the user’s device and the corporate network. IT teams will have little visibility into the unauthorized software on users’ devices and whether it is running the latest version and has been patched against known vulnerabilities. It is important to cover shadow IT in security awareness training for remote workers and to make it clear that no software should be installed on work devices and that personal USB devices should not be connected to corporate devices without the go-ahead being given by the IT department.
The COVID-19 pandemic has seen many workers turn to teleconferencing platforms to communicate with the office, friends, and family. One of the most popular teleconferencing platforms is Zoom. Malicious installers have been identified that install the genuine Zoom client but have been bundled with malware. Installers have been identified that also install adware, Remote Access Trojans, and cryptocurrency miners.
How TitanHQ Can Help Improve Email Security
Several security awareness training firms have made resources available to businesses free of charge during the COVID-19 crisis to help them train the workforce, such as the SANS Institute. Take advantage of these resources and push them out to your workforce. If you are a small SMB, you may also be able to get access to free phishing simulation emails to test the workforce and reinforce training.
TitanHQ can’t help you with your remote worker cybersecurity awareness training, but we can help by ensuring employees have to deal with fewer threats by protecting against email and web-based attacks.
SpamTitan is an advanced and powerful cloud-based email security solution that will protect remote workers from phishing, spear phishing, malware, virus, and ransomware attacks by blocking attacks at the source and preventing the threats from reaching inboxes. SpamTitan features dual anti-virus engines to protect against known malware threats and email sandboxing to block unknown (zero-day) malware threats. SpamTitan incorporates several real-time threat intelligence feeds to block current and emerging phishing attacks and machine learning technology detects and blocks previously unseen phishing threats. SpamTitan has been developed to work seamlessly with Office 365 to allow businesses to create layered defenses, augmenting Microsoft’s protections and adding advanced threat detection and blocking capabilities.
WebTitan is a DNS filtering solution that will protect all workers from web-based attacks, no matter where they access the internet. WebTitan incorporates zero-minute threat intelligence and blocks malicious domains and web pages as soon as they are identified. The solution can also be used to carefully control the types of websites that remote workers can access on their corporate-owned devices, via keyword and category-based controls. WebTitan can also be configured to block the downloading of malicious files and software installers to control shadow IT.
For more information on protecting your business during the COVID-19 crisis, to arrange a product demonstration of SpamTitan and/or WebTitan, and to register for a free trial of either solution to allow you to start instantly protecting against email and web-based threats, contact TitanHQ today!
When it comes to cybersecurity and home working, CIOs and IT teams have a challenge – How to ensure the same level of protection is provided for remote workers as they get when they are in the office. To help we have compiled a set of cybersecurity best practices for home workers to help IT teams prepare for a massive increase in telecommuting
The cybersecurity protections at home will not be nearly as good for home workers as protections in the office, which are much easier to implement and maintain. IT departments will therefore need to teach telecommuting workers cybersecurity best practices for home working and their devices will need to be configured to access applications and work resources securely. With so many workers having to telecommute, this will be a major challenge.
The coronavirus pandemic has forced businesses to rapidly expand the number of telecommuting workers and having to increase capacity in such a short space of time increases the potential for mistakes. Further, testing may not be nearly as stringent as necessary given the time pressure IT workers are under. Their teams too are likely to be depleted due to self-isolating workers.
One area where standards are likely to slip is staff training on IT. Many employees will be working from home for the first time and will have to use new methods and applications they will not be familiar with. The lack of familiarity can easily lead to mistakes being made. It is important that even though resources are limited you still teach cybersecurity best practices for home workers. Do not assume that telecommuting workers will be aware of the steps they must take to work securely away from the office.
Steps for IT Teams to Take to Improve Cybersecurity for Home Workers
Listed below are some of the key steps that IT teams need to take to improve security for employees that must now work from home.
Ensure VPNs are Provided and Updated
Telecommuting workers should not be able to access their work environment unless they use a VPN. A VPN will ensure that all traffic is encrypted, and data cannot be intercepted in transit. Enterprise-grade VPNs should be used as they are more robust and provide greater security. Ensure there are sufficient licenses for all workers, and you have sufficient bandwidth available. You must also make sure that the VPN is running the latest software version and patches are applied, even if this means some downtime to perform the updates. VPN vulnerabilities are under active attack.
Set up Firewalls for Remote Workers
You will have a firewall in place at the office and remote workers must have similar protections in place. Software firewalls should be implemented to protect remote workers’ devices. Home routers may have inbuilt firewalls. Talk employees through activating hardware firewalls if they have them on their home routers and ensure that passwords are set to prevent unauthorized individuals from connecting to their home Wi-Fi network.
Apply the Rule of Least Privilege
Remote workers introduce new risks, and with large sections of the workforce telecommuting, that risk is considerable. Remote workers are being targeted by cybercriminals and through web- and email-based attacks. In the event of a malware infection or credential theft, damage can be limited by ensuring workers only have access to resources absolutely necessary for them to perform their work duties. If possible, restrict access to sensitive systems and data.
Ensure Strong Passwords are Being Set
To protect against brute force attacks, ensure good password practices are being followed. Consider using a password manager to help employees remember their passwords. The use of complex passwords should be enforced.
Implement Multifactor Authentication
Multifactor authentication should be implemented on all applications that are accessed by remote workers. This measure will ensure that if credentials are compromised, system access is not granted unless a second factor is provided.
Ensure Remote Workers’ Devices Have Antivirus Software installed
Antivirus software must be installed on all devices that are allowed to connect to work networks and the solutions must be set to update automatically.
Set Windows Updates to Automatic
Working remotely makes it harder to monitor user devices and perform updates. Ensure that Windows updates are set to occur automatically outside of office hours. Instruct workers to leave their devices on to allow updates to take place.
Use Cloud-Based Backup Solutions
To prevent accidental data loss and to protect against ransomware attacks, all data must be backed up. By using cloud-based backups, in the event of data loss, data can be restored from the cloud-backup service.
Teach Cybersecurity Best Practices for Home Workers
All telecommuting workers must be shown how they need to access their work environment securely when working away from the office. Reinforce IT best practices with home workers, provide training on the use of VPNs, provide training on cybersecurity dos and don’ts when working remotely, and explain procedures for reporting problems.
Define Procedures for Dealing with a Security Incident
Members of the IT team are also likely to be working remotely so it is essential that everyone is aware of their role and responsibilities. In the event of a security incident, workers should have clear procedures to follow to ensure the incident is resolved quickly and efficiently.
Implement a Web Filter
A web filter will help to protect against web-based malware attacks by blocking access to malicious websites and will help to prevent malware downloads and the installation of shadow IT. Also consider applying content controls to limit employee activities on corporate-owned devices. Drive-by malware attacks have increased and the number of malicious domains registered in the past few weeks has skyrocketed.
Use Encrypted Communication Channels
When you need to communicate with telecommuting workers, ensure you have secure communications channels to use where sensitive information cannot be intercepted. Use encryption for email and secure text message communications, such as Telegram or WhatsApp.
Ensure Your Email Security Controls are Sufficient
One of the most important cybersecurity best practices for home workers is to take extra care when opening emails. Phishing and email-based malware attacks have increased significantly during the coronavirus pandemic. Ensure training is provided to help employees identify phishing emails and other email threats.
Consider augmenting email security to ensure more threats are blocked. If you use Office 365, a third-party email security solution layered on top will provide much better protection. Exchange Online Protection (EOP) is unlikely to provide the level of protection you need against phishing and zero-day malware threats. Consider an email security solutions with data loss protection functions to protect against insider threats.
Monitor for Unauthorized Access
More devices connecting to work environments makes it much easier for threat actors to hide malicious activity. Make sure monitoring is stepped up. An intrusion detection system that can identify anomalous user behavior would be a wide investment.
For further information on enhancing email security and web filtering to protect remote workers during the coronavirus pandemic, contact TitanHQ today.
The first California Consumer Privacy Act lawsuit has been filed over an alleged failure to adequately protect consumer data. The lawsuit has been filed against Hanna Andersson, a children’s clothing company, and its ecommerce platform provider, Salesforce.com.
The California Consumer Privacy Act took effect on January 1, 2020. Under Civil Code 1798.100 – 1798.199, consumers could start exercising their new rights under CCPA from the compliance date. One of those rights is being able to take legal action against companies for privacy violations, such as the theft of personal data in a data breach.
The California Consumer Privacy Act lawsuit was filed in the U.S. District Court for the Northern District of California on behalf of a victim of a 2019 data breach. The lawsuit alleges negligence and a failure to implement reasonable safeguards to protect consumer data, and that the data breach occurred as a direct result of the alleged negligence. A claim for damages has not been stated, although the right has been reserved to seek damages and relief at a later date.
The breach in question was announced by Hanna Andersson on January 15, 2020. Hackers had gained access to its systems and downloaded malware, which allowed the attackers to steal information such as names, personal information, and payment card data. That information was subsequently listed for sale on the dark web.
The California Consumer Privacy Act allows Californians to file for damages of up to $750 per data breach, so a class action California Consumer Privacy Act lawsuit arising from a sizeable data breach could prove extremely costly for a company. In this case, the data breach affected approximately 10,000 California residents, so damages up to $7,500,000 could potentially be claimed.
Enforcement of CCPA
Enforcement of compliance by the California Attorney General has been delayed and will start 6 months after the publication of the final regulations or July 1, 2020, whichever comes sooner. Since the final regulations have yet to be published, the enforcement date will be July 1, 2020. California Attorney General Xavier Bercerra has already stated that he will make an example of businesses that fail to comply with CCPA.
It should be noted that there is nothing in CCPA that prevents the state attorney general from issuing notices of noncompliance before that date and consumers can already file lawsuits to claim damages. It is therefore essential for all entities covered by CCPA to ensure that they are honoring the new consumer rights and have implemented safeguards to protect consumer data.
How TitanHQ Can Help with CCPA Compliance
TitanHQ offers two powerful security solutions that can help covered entities ensure the data of consumers is protected and data breaches are prevented. These two cybersecurity solutions protect against the two most common attack vectors – Email and the internet.
SpamTitan is a powerful anti-spam, anti-malware, and anti-phishing solution that protects email systems from phishing and spear phishing attacks, known and zero-day malware threats, and email-based ransomware attacks.
WebTitan is a companion solution that blocks the web-based element of phishing attacks, exploit kits, and drive-by malware downloads over the internet, while also controlling the content that employees can access on wired and wireless networks.
TitanHQ can also help covered entities comply with the right to know and right to delete consumer rights afforded by CCPA through ArcTitan. ArcTitan is an email archiving solution that allows organizations to meet state and federal email data retention requirements and quickly find emails containing consumer data. If a California resident exercises their right to know what data is held on them by a company, or requests all of their personal data is deleted, that information can quickly be found in the archive. ArcTitan will also allow you to quickly find email data for eDiscovery in the event of any legal disputes.
For further information on these solutions, to schedule a product demonstration, or to arrange a free trial of the full solutions (with full customer support), give the TitanHQ team a call today.
TitanHQ has announced a new partnership with Pax8. The partnership means Pax8 partners now have access to TitanHQ’s cloud-based email security solution – SpamTitan – and its DNS filtering solution, WebTitan.
Pax8 is the leader in cloud distribution. The company simplifies the cloud buying process and empowers businesses to achieve more with the cloud. The company has been named Best in Show for two consecutive years at the Next Gen and XChange conferences and is positioned at number 60 in the 2019 Inc. 5000 list of the fastest growing companies.
Pax8 carefully selects the vendors it works with and only offers market-leading channel friendly solutions to its partners. When searching for further cybersecurity solutions for its partners, TitanHQ was determined to be the perfect fit. TitanHQ is the leading provider of cloud-based email and web security solutions for managed service providers (MSPs) serving the SMB marketplace and its cybersecurity solutions are much loved by users. This was clearly shown in the 2019 G2 Crowd Report on Email Security Gateways where SpamTitan was named leader, having achieved 4- or 5-star ratings by 97% of its users, with 92% saying they would recommend the solution to other businesses.
Phishing, malware, and ransomware attacks have all increased in the past year and the cost of mitigating those attacks continues to rise. By implementing SpamTitan and WebTitan, SMBs and MSPs can secure their email environments and block web-based threats and keep their networks secure.
SpamTitan provides excellent protection for Office 365 environments. The solution detects and blocks phishing and email impersonation attacks and prevents known and zero-day malware and ransomware threats from reaching inboxes. The WebTitan Cloud DNS filtering solution blocks the web-based component of cyberattacks by preventing end users from visiting malicious websites, such as those harboring malware and phishing kits.
Both solutions are quick and easy to implement, can be seamlessly integrated into MSPs service stacks and cloud-management platforms, and Pax8 partners benefit from highly competitive and transparent pricing, centralized billing, and leading customer support.
“I am delighted to partner with the Pax8 team,” said Ronan Kavanagh, CEO, TitanHQ. “Their focus and dedication to the MSP community are completely aligned with ours at TitanHQ, and we look forward to delivering our integrated solutions to their partners and customers.”
IT professionals have long known that employees are a weak link in the security chain. Recent studies have confirmed this to be the case. Employees are poor at identifying phishing emails and other email-based threats and, to be fair on employees, many have received no training and phishing scams are becoming much more targeted and sophisticated.
The number of successful phishing attacks on businesses is difficult to determine, as many attacks go unreported, even when they result in the exposure of consumer data. In regulated industries, such as the healthcare industry in the United States, the picture is much clearer.
The Health Insurance Portability and Accountability Act – or HIPAA as it is better known – requires healthcare organizations to report breaches of patient information. Summaries of data breaches of 500 or more records are also made public and can be seen on the Department of Health and Human Services’ Office for Civil Rights data breach portal.
In 2019 alone, there have been at least 147 incidents of hacking of email accounts. The cost of those breaches is staggering. In those 147 incidents, the hacked email accounts contained the records of 2,762,691 individuals. According to the Ponemon Institute/IBM Security 2019 Cost of a Healthcare Data Breach report, the cost per exposed healthcare record is $423. Those breaches are therefore likely to have cost $1,168,618,293.
A recent study conducted by GetApp confirmed how often employees are fooled by phishing attacks in other industries. For the study, 714 individuals were surveyed from a range of businesses in the United States. Almost a quarter of those businesses have experienced at least one successful phishing attack and 43% of employees said that someone in their organization had clicked on a phishing email.
The aim of the study was to explore whether businesses were providing security awareness training to their employees to help them identify phishing emails. Only 27% of organizations did. It is therefore no surprise that employees often fall for phishing scams.
The provision of security awareness training, with a particular focus on phishing and social engineering, is vital. Even with layered defenses, some phishing emails will arrive in inboxes, so employees need to be taught the skills they need to help them identify email threats. Employees should then be tested by conducting phishing email simulations. That allows businesses to find out if the training has been taken on board. Without training and testing, employees will remain a liability. Over time their phishing identification shills will improve.
It is worth noting that security awareness training for employees is a requirement of HIPAA, yet many employees are still fooled. Training and phishing simulations can help reduce an organization’s susceptibility to phishing attacks, but employees, being human, will still make mistakes.
The solution is layered defenses. No one cybersecurity solution will block all phishing attempts, and certainly not without also blocking many legitimate email communications. Multiple solutions are therefore required.
It is essential for advanced email security defenses to be implemented to block phishing emails and make sure phishing and malspam (spam emails containing malware) never reach inboxes. That means an advanced spam filtering solution is a must.
SpamTitan for has been independently tested and shown to block in excess of 99.9% of spam emails and 100% of emails containing known malware. SpamTitan also blocks zero-day threats using a combination of advanced detection techniques. This is achieved through heuristic analyses, blacklists, trust scores, greylisting, sandboxing, DMARC, and SPF to name just a few.
SpamTitan has also been developed to compliment Office 365 security and provide a greater level of protection against phishing and other malicious email threats. It should be noted that Microsoft’s Exchange Online Protection was recently shown to allow 25% of phishing emails through.
Should phishing emails arrive in inboxes and be opened by end users, other controls are required to prevent clicks from resulting in malware infections or the theft of credentials. Here a web filtering solution such as WebTitan is important. When a link in an email is clicked, before the webpage is displayed, the URL and the content of the webpage is checked and the user is prevented from visiting the webpage if it, or its domain, is associated with phishing or malware distribution. Malware downloads can also be blocked from websites, even those with a high trust score. Together these solutions form the backbone of your phishing defenses. Further, these two solutions are quick and easy to implement, simple to use and maintain, and they are inexpensive.
Add antivirus protection, multi-factor authentication, and end user training, and you will be well protected from phishing and email and web-based malware attacks.
For further information on improving your defenses against phishing, spear phishing, and malware, give the TitanHQ team a call today.
If you are a managed service provider, contact the TitanHQ channel team and discover why TitanHQ is the leading provider of cloud-based email and web security solutions for MSPs serving the SMB market.
Cyberattacks on managed service providers have been increasing over the past few months and they are now a key target for hackers. If a hacker can gain access to the systems of a managed service provider, their remote administration tools can be used to launch attacks on their clients.
There have been several major cyberattacks on managed services providers in the past few weeks, with nation-state-backed hacking groups targeting MSPs serving enterprises and ransomware gangs are conducting attacks on MSPs serving small and medium-sized businesses.
Three major cyberattacks on managed service providers serving healthcare organizations in the United States have been reported in the past two months. All three have affected more than 100 healthcare clients and one impacted 400.
In late November, the Milwaukee-based managed IT service provider, Virtual Care Provider Inc., was attacked with Ryuk ransomware. The attack started on November 17, 2019, and affected all of its clients’ data. Around 110 nursing homes and acute care facilities were prevented from accessing their patients’ medical records. The consequences for its clients were dire. Assisted living facilities and nursing homes were prevented from billing for Medicaid, which meant essential funding was not provided and nursing homes were prevented from ordering essential drugs for patients. Virtual Care Provider was issued with a $14 million ransom demand, which the company could not afford to pay. The managed service provider had around 20% of its services affected and had to rebuild around 100 servers.
The ransomware was deployed as a secondary payload by the TrickBot Trojan. TrickBot had been installed on its network 14 months previously via a malicious email attachment.
A few weeks later, a Colorado-based managed service provider serving dental practices was attacked with ransomware. Complete Technology Solutions was infected with a ransomware variant called Sodinokibi. First, the MSP was attacked, and then its remote administration tools were used to deploy ransomware on the networks of more than 100 dental practices. A ransom demand of $700,000 was issued, which the MSP refused to pay. Its clients are now having to pay the attackers for the keys to decrypt their files. Only a few that had backups stored off the network were able to recover without paying the ransom.
This is the second such attack to affect a company serving the dental industry. The dental record backup service provider, PerCSoft, was also attacked with Sodinokibi ransomware. That attack affected approximately 400 dental practices. CyrusOne was also attacked with Sodinokibi ransomware and its managed services division and six of its clients were affected.
It is not only ransomware that is being used in the attacks. Nation-state threat groups such as APT10 are also targeting MSPs. Their aims are different. The attacks are being conducted to gain access to the intellectual property of their enterprise customers.
As cyberattacks on managed service providers increase, MSPs must ensure that they have adequate defenses in place to keep the hackers at bay. This is an area where TitanHQ can help. TitanHQ is the leading provider of cloud-based email and web security solutions for managed service providers that serve the SMB market.
TitanHQ offers a trio of solutions for MSPs under the TitanShield program. SpamTitan email security is a powerful cloud-based solution that keeps inboxes free of spam, phishing emails, and malware. SpamTitan incorporates SPF and DMARC to block email impersonation attacks, dual antivirus engines to detect known malware threats, and heuristics and sandboxing to identify and block zero-day threats.
WebTitan Cloud is a 100% cloud-based DNS filtering solution that works seamlessly with SpamTitan to block web-based phishing attacks and malware downloads. The solution allows you to monitor and identify malicious threats in real-time and includes AI-driven protection against active and emerging phishing URLs, including zero-minute threats.
The third solution is ArcTitan, a cloud-based email archiving solution that provides protection against data loss and helps MSPs and their clients meet their compliance obligations. ArcTitan serves as a black box flight recorder for email and stores email data securely in the cloud on Replicated Persistent Storage on AWS S3. When emails need to be searched and recovered, the searches are lightning-fast. ArcTitan can search up to 30 million emails a second.
ArcTitan has recently been moved to a brand new system, with the service delivered as a highly available, self-healing horizontally scaled Kubernetes cluster. Within that cluster are many different components working in harmony together, but independently. Should any component go down, that component can be taken offline and repaired with no impact on the others, ensuring a much more reliable service with minimal or no disruption during an outage. With ArcTitan, email is protected from cyberattacks.
These solutions are not only an ideal for improving the security posture of MSP clients, they can help to ensure that MSP systems are protected from attack. All TitanHQ solutions are quick and easy to implement, have a low management overhead, and are API-driven so they can easily be incorporated into MSP’s remote management and monitoring systems.
To find out more about the TitanShield program for managed service providers and to discover how TitanHQ’s cybersecurity solutions can improve yours and your clients’ security posture, give the TitanHQ channel team a call today.
Recent research has highlighted just how important it is for businesses to implement a range of defenses to ensure phishing emails are not delivered to inboxes and how business phishing protections are failing.
The studies were conducted to determine how likely employees are to click on phishing emails that arrive in their inboxes. Alarmingly, one study indicated almost three quarters of employees were fooled by a phishing test and provided their credentials to the attacker. In this case, the attacker was the consultancy firm Coalfire.
71% of the 525 businesses that were tested had at least one employee disclose login credentials in the phishing test, compared to 63% last year. At 20% of businesses, more than half of the employees who were tested fell for the phishing scam, compared to 10% last year.
A second study conducted by GetApp revealed a quarter of 714 surveyed businesses said they had at least one employee who responded to a phishing attack and disclosed their login credentials and 43% of businesses had employees that had clicked on phishing emails. The study also revealed only 27% of businesses provide security awareness training to employees, only 30% conduct phishing simulations, and 36% do not have multi-factor authentication in place on email.
The Importance of Layered Phishing Defenses
To mount an effective defense against phishing and other cyberattacks, a defense in depth approach to security is required.
With layered defenses, businesses are not replying on a single solution to block phishing attacks. Multiple defenses are put in place with the layers overlapping. If one measure proves to be ineffective at blocking a phishing email, others are in place to provide protection.
One area where many businesses fail is relying on Office 365 anti-phishing controls. A study by Avanan showed Office 365 phishing defenses to be effective at blocking most spam emails, but 25% of phishing emails were delivered to inboxes.
What is required is an advanced anti-spam and anti-phishing platform that can be layered on top of Office 365 to ensure that these phishing emails are blocked. SpamTitan can be seamlessly implemented in Office 365 environments and provides superior protection against phishing and malware attacks. SpamTitan blocks more than 99.9% of spam and phishing emails, 100% of known malware, and incorporates a host of features to identify zero-day threats.
As good as SpamTitan is at blocking email threats, other layers should be implemented to block phishing attacks. If a phishing email arrives in an inbox, a web filter will provide protection by blocking attempts by employees to visit phishing websites and sites hosting malware. WebTitan is a powerful DNS filtering solution that protects against the web-based element of phishing attacks. WebTitan adds an extra layer to phishing defenses and will block attempts by employees to visit malicious sites.
If an attacker succeeds in obtaining the credentials of an employee, it is important that those credentials cannot be used to gain access to the account. That protection is provided by multi-factor authentication. Multi-factor authentication is not infallible, but it will prevent stolen credentials from being used to access accounts in the majority of cases.
Security awareness training is also vital. Employees are the last line of defense and that defensive line will be tested. If employees are not trained how to identify phishing emails and other email security threats, they cannot be expected to recognize threats when they land in inboxes. An annual training session is no longer enough, considering how many phishing attacks are conducted on businesses and how sophisticated the attacks are becoming.
Security awareness training should consist of an annual training session with regular refresher training sessions throughout the year. Employees should be kept up to date on the latest tactics being used by cybercriminals to help them identify new scam emails that may bypass email security defenses. Phishing simulation exercises are also important. If these simulations are not conducted, businesses will have no idea how effective their training sessions have been, and which employees have not taken the training on board.
Cybercriminals are inventive and their attacks are becoming increasingly sophisticated. To help ensure you are prepared and can defend your business against these attacks, we have listed the top 10 cybersecurity threats your business is likely to face, along with some tips to help you prevent a costly data breach.
Cybercriminals are not just trying to attack large enterprises. Sure, a cyberattack on a large healthcare system or blue-chip company can be incredibly rewarding, but the defenses they have in place make attacks very difficult. SMBs on the other hand have far fewer resources to devote to cybersecurity and as a result they are easier to attack. The potential rewards may not be as great, but attacks are more likely to succeed which means a better return on effort. That is why so many SMBs are now being attacked.
There is a myriad of ways that a company can be attacked, and the tactics, techniques and procedures used by cybercriminals are constantly changing. The top 10 cybersecurity threats listed below include the main attack vectors that need to be blocked and will serve as a good starting point on which you can build a robust cybersecurity program.
Top 10 Cybersecurity Threats Faced by SMBs
We have listed the top 10 cybersecurity threats that SMBs need to defend against. All the threats listed below need to be addressed as any one of them could easily result in a costly data breach, data loss, or could cripple your business. Some of the threats listed below will be harder to address than others, and it will take time for your cybersecurity defenses to mature. The important thing is to start the ball rolling and address as many of these areas as soon as possible.
Human Error and Insider Threats
We have listed human error first, as it doesn’t matter what hardware and software solutions you implement, human error can easily undo much of your good work. Mistakes will be made by employees on occasion. What you need to do is reduce the potential for errors and limit the harm that can be caused.
Developing robust policies and procedures and providing training will help to ensure that your employees know how to act and more importantly, how not to.
Mistakes are not the only thing you need to take steps to try to prevent. There may also be individuals on your payroll who will take advantage of poor security for personal gain. You will also need to tackle the problem of insider threats and make it harder for rogue employees to cause harm and steal data. The measures listed below will help address threats from within and reduce risk.
Passwords
Enforce the use of strong passwords but make it easier for your employees to remember them so they don’t try to circumvent your password policy or, heaven forbid, write their passwords down. Implement a password manager to store their passwords so they only have one password or pass phrase to remember.
Rule of Least Privilege
It is obvious, but often overlooked. Don’t give employees access to resources they do not need for their day-to-day work duties. If their credentials are compromised, this will limit the harm caused. It will also limit the harm that can be caused by rogue employees.
Block the Use of USB Devices
USB devices make it easy for rogue employees to steal data and for malware to be accidentally or deliberately be introduced. Implement technical controls to prevent USB devices from being connected, and if they are required for work purposes only give permission to certain individuals to use them. Ideally, use more secure methods of transferring or storing data.
Monitor Employee Activity
If rogue employees are stealing data, you are only likely to find out if you are monitoring their computer activity. Similarly, if credentials are compromised, system logs will highlight any suspicious activity. Make sure logs are created and monitored. Consider using a security information and event management (SIEM) solution to automate this as much as possible.
Terminate Access at Point of Termination
Terminating an employee? Terminate their access to your systems at the point of termination. It is surprising how often employee access rights are not terminated for days, weeks, or even months after an employee has left the company.
We will cover some more important safeguards to implement to protect against user error in the following 9 SMB cybersecurity threats.
Phishing and Social Engineering Attacks
Phishing is arguably the biggest cybersecurity threat faced by SMBs. Phishing is the use of social engineering techniques to persuade people to divulge sensitive information or take an action such as installing malware or ransomware. This is most commonly achieved via email, but can also occur via text messages, social media websites, or over the telephone.
Do not assume that your employees have common sense and know not to open email attachments from unknown individuals or respond to enticing offers from legal representatives of Nigerian princes. You must train your employees and teach cybersecurity best practices and show them how to identify phishing emails. Refresher training should be provided at regular intervals and you should conduct phishing simulation exercises (which can largely be automated) to find out who has taken the training on board and who is a liability that needs further training.
Employees are the last line of defense. You need a layer of security above your employees to make sure their security awareness training is never required. That means an advanced anti-spam solution needs to be in place to block threats before they reach inboxes. If you use Office 365, you should still implement an antispam solution. A recent study by Avanan revealed 25% of phishing emails bypass Office 365 antispam defenses.
Another layer of protection should also be implemented to protect against phishing: Multi-factor authentication. This is the use of an additional authentication factor that will kick into action if an attempt is made to use credentials from an untrusted device or location. If credentials are compromised in a phishing attack, multi-factor authentication should stop them from being used to gain access to email accounts, computers, or network resources.
Malware and Ransomware
Malware, viruses, ransomware, spyware, Trojans, worms, botnets, and cryptocurrency miners are all serious threats that you must take steps to block. It goes without saying, but we will say it none the less, you need to have antivirus software installed on all endpoints and your servers.
Malware can be installed in many ways. As previously mentioned, blocking USB devices is important and spam filtering software with sandboxing will protect you from email-based attacks. Most malware infections now occur via the internet, so a web filtering solution is also important. This will also add an extra layer to your phishing defenses. A web filter will block drive-by malware downloads, prevent employees from visiting malicious sites (including phishing websites) and also allows you to enforce your internet usage policies. A DNS filtering solution is the best choice. All filtering takes place in the cloud before any content is downloaded and it will not add to your patching burden.
Shadow IT
Shadow IT – The term given for any hardware or software in use that has not been authorized by your IT department. This could be a portable storage device such as a zip drive, a VPN client to bypass your web filter, an application to help with work tasks, or all manner of other software. It is surprising to find exactly how many of these programs are installed on users’ devices when IT support staff are called upon to sort out a problem!
So, what is the problem? Anything installed without authorization is a potential security and compliance risk. Your security team has no control over patching, and vulnerabilities in those applications could easily go addressed for months and give hackers an easy entry point into your network. Fake applications could be downloaded that are really malware, software packages often include a host of potentially unwanted programs and spyware, and any data stored in these applications could be transmitted to unsecure locations. Those applications and data contained therein are also unlikely to be backed up by the IT department. If anything happens, data can easily be lost.
Unpatched Software
The importance of prompt patching cannot be understated. Vulnerabilities exist in all software solutions. Sooner or later those vulnerabilities will be found, and exploits will be developed to take advantage. Security researchers are constantly looking for flaws that could potentially be exploited by threat actors to gain access to sensitive information, install malware, or remotely execute code. When these flaws are identified and patches are released, they need to be applied promptly. Oftentimes, vulnerabilities are being actively exploited by the time a patch is released. It is essential for these vulnerabilities to be addressed as soon as possible and for all software to be kept up to date.
When software or operating systems are approaching end of life, you must upgrade. When patches stop being issued and software is unsupported, any vulnerabilities will remain unaddressed and can easily be exploited.
Out of Date Hardware
Not all vulnerabilities come from out of date software. The hardware you use can also introduce risks. You must keep an inventory of all your hardware, so nothing slips through the cracks. Firmware updates should be applied as soon as it is made available and you should monitor for any devices that are approaching end of life. If your devices do not support the latest operating systems, then it is time to replace your hardware. This will naturally come at a cost, but so do cyberattacks and data breaches.
Unsecured IoT Devices
The Internet-of-Things offers convenience but IoT devices are a potential liability. IoT devices can send, store or transmit data so they must be be secured.
Unfortunately, in the hurry to connect everything to the internet device manufacturers often overlook security as do users of these devices. Take security cameras for instance. You may be able to access your cameras remotely, but you may not be the only person who can. If your security cameras are hacked, thieves could see what you have, where it is located, and where and when security is lax. There have been cases of security cameras being hacked due to the failure to change default credentials for remote management.
Ensure you change the default credentials on the devices and use strong passwords. Keep the devices up to date, and if the devices need to connect the network, make sure they are isolated from other resources. Cybercriminals can also take advantage of flaws in the applications to which these IoT devices connect. They must also be kept up to date.
Man-in-the-Middle Attacks and Public Wi-Fi
A man-in-the-middle (MITM) attack is an attack scenario where communications between two individuals (or one individual and a website or network) are intercepted and potentially altered. An employee may believe they are communicating securely, when everything they are saying or doing is being seen or recorded. An attacker could even control the conversation between two people and be communicating with each separately while both individuals believe they are communicating with each other. This method of attack most commonly occurs through unsecured Wi-Fi hotspots or evil twin hotspots – Fake Wi-Fi hotspots set up in coffee shops, airports, and any other location where free Wi-Fi is offered.
If you have remote workers, you need to take steps to ensure that all communications are kept private. This can be achieved in two main ways. By making sure employees use a secure VPN that encrypts their communications over public or unsecured Wi-Fi networks and also by implementing a DNS filtering solution. The DNS filtering solution provides the same protection for remote workers as it does for on-premises workers and will prevent malware downloads and employees from accessing malicious websites.
Mobile Security Threats
There is no denying the convenience of mobile devices (laptops, tablets, smartphones). They allow workers to be instantly contacted and lets them work from any location. Mobile devices improve employee mobility, can lead to greater employee satisfaction, and will help you to boost productivity. However, the devices also introduce new risks. Whether you supply these devices or operate a BYOD policy, you need to implement a range of security controls to ensure those risks are managed.
You need to make sure you know of every device that you allow to connect to the network. A mobile device security solution can help you gain visibility into mobile device use and allow you to control your applications and data.
You should ensure the devices have security controls applied, can only access your network via secure channels (VPN), ensure the devices are covered by a DNS filtering solution, and any work data stored on the devices needs to be encrypted.
Remote Desktop Protocol
Remote desktop protocol (RDP) allows employees remotely connect to your computers and servers when they are not in the office and lets your managed service provider quickly sort out your problems and maintain your systems without having to pay a visit. RDP also gives hackers an easy way to gain access your computers, servers, and steal data or install malware. Do you need RDP enabled? If not, disable it. Does it need to be used internally only? Make sure that RDP is not exposed to the internet.
If you do need RDP, then you need to exercise extreme caution. Make sure that users can only connect via a VPN or set firewall rules. Limit the individuals who have permissions to use RDP, ensure strong passwords are set, and that rate limiting is implemented to protect against brute force attacks. Also use multi-factor authentication.
Stolen RDP credentials are often used by hackers to gain access to systems, brute force attempts are often conducted, and vulnerabilities in RDP that have not been patched are frequently exploited. This is one of the main ways that ransomware is installed.
These are just the top 10 cybersecurity threats faced by SMBs. There are many more risks that need to be identified and mitigated to ensure you are protected. However, by addressing the above issues you will have already made it much harder for hackers and cybercriminals to do your business harm.
TitanHQ is Here to Help!
TitanHQ can assist by providing you with advanced cybersecurity solutions to protect against several of the above listed top 10 cybersecurity threats and will the two most commonly used attack vectors – email and the web-based attacks. These solutions – SpamTitan and WebTitan – are 100% cloud based, easy to implement and maintain, and will provide superior protection against malware, ransomware, viruses, botnets, and phishing attacks.
Further, these powerful solutions are affordable for SMBs. You are likely to be surprised to find out how little these enterprise-grade security solutions will cost. If you are a managed service provider that services the SMB market, you should also get in touch. SpamTitan and WebTitan have been developed by MSPs for MSPs. There is a host of reasons why TitanHQ is the leading provider of cloud-based email and web security solutions to MSPs that service the SMB market!
Contact our friendly (and non-pushy) sales team today to find out more, book a product demo, and register for a free trial.
Q3, 2019 has seen TitanHQ register record-breaking growth in the MSP market with its busiest ever quarter for MSP sales. TitanHQ now has more than 2,200 MSP partners and its cloud-based email security, web security, and email archiving platforms are now used by more than 8,200 businesses around the world.
Many great success stories start from humble beginnings, and TitanHQ is no exception. The company started life as Copperfasten Technologies in 1999 and sold anti-spam appliances to local businesses from its Galway, Ireland base. The company then developed its own cybersecurity solutions, starting with the anti-spam and anti-phishing solution, SpamTitan.
The product portfolio grew to include WebTitan web filtering, a powerful DNS-based web security solution to protect businesses from the full range of internet threats. That was followed by the launch of ArcTitan, a cloud-based email archiving solution for businesses that eases their email storage and compliance burden.
That trio of core TitanHQ products has proven to be a massive hit with managed service providers, although not by accident. Many companies have developed innovative solutions for SMBs but have only realized the importance of the MSP market later on. Additional features are then added to appeal to MSPs. TitanHQ took a different approach. Its solutions were developed by MSPs for MSPs and MSPs were considered at every stage of product development. The result is a suite of security solutions tailor-made for MSPs.
This approach, along with cutting-edge technology and industry-leading customer support, has seen the company go from strength to strength and become the gold standard in email and web security and the leading global provider of cloud-based security solutions for MSPs servicing the SMB market.
Phishing attacks on businesses are soaring, new malware variants are being released at record levels, and the current ransomware epidemic is threatening to derail businesses. Many SMBs lack the internal resources to block these threats and turn to MSPs to provide the security they need.
To cope with the increased demand, MSPs need solutions with 100% cloud-based architecture that seamlessly integrate into their existing centralized management systems and are easy to implement, use, and maintain. Ideally, those solutions need to be flexible, have a range of hosting options, be available in white-label form to take MSP branding, and also include generous margins. That is a big ask, and many solutions only tick a few of those boxes. However, TitanHQ’s suite of solutions include all those features and more.
TitanHQ also offers extensive sales enablement and marketing support, world-class customer service, and each MSP has a dedicated account manager, engineers, and a support team to help them maximize their sales opportunities and really grow their businesses.
As part of the celebration of the Q3, 2019 MSP growth, TitanHQ has launched a new initiative to ensure Q4 will be an even bigger success.
On October 22, TitanHQ announced a new disruptive price package for a SpamTitan Email Security and WebTitan DNS filtering bundle at an exclusive once-in-a-lifetime price. The initiative has been called Margin Maker for MSPs and is intended to ensure MSPs build profitability instantly in Q4, 2019.
The two solutions are provided in two private clouds, customized to meet MSPs email and web security needs, and secure the most common attack vectors – email and the web. The package includes advanced protection for email, including Office 365 environments, complimented by WebTitan DNS filtering to block web-based threats and implement content control for on-premises and remote workers. These solutions are naturally provided with extensive sales enablement and marketing support.
The aim is to make TitanHQ’s email and web security platforms even more appealing to MSPs and to encourage MSPs to offer both SpamTitan email security and WebTitan web filtering to their clients and maximize revenues.
One MSP that is already boosting its profits and achieving increased, reliable recurring monthly revenues is UK-based OpalIT. The MSP has bases in Newcastle and Edinburgh and a 6,000+ customer base. Prior to joining the TitanShield program, OpalIT was offering its clients firewall filtering and email filtering with Barracuda and Vade. The company has now switched to TitanHQ’s cybersecurity bundle and is pushing SpamTitan Email Security, WebTitan DNS filtering, and ArcTitan email archiving to its clients and is reaping the rewards.
“Opal IT moved to TitanHQ because of our MSP focused solutions, ease of deployments, extensive APIs functionality and the increased margin they’re now making. Our cybersecurity bundle solutions allow MSPs to provide their downstream customers with a layered defense approach” said Rocco Donnino, EVP Strategic Alliances, TitanHQ.
If you are a managed service provider, now is the perfect time to sign up with TitanHQ. Come and meet the TitanHQ channel team at the following MSP events to find out more about the TitanShield program for MSPs, OEMs, and service providers, and take advantage of the amazing new MSP package.
If you are unable to attend any of these events, be sure to give the TitanHQ team a call to find out more and take advantage of this exciting new and exclusive offer.