Spam Software
Spam software is a network security 101 basic protection that should be in place at every organization. Spam software filters out productivity-draining spam messages and prevents phishing emails and other email-based threats from being delivered to employees’ inboxes.
Research conducted by the intelligence software and anti-phishing training company PhishMe shows that 91% of cyberattacks start with a phishing email. Phishing emails aim to get the recipient to divulge sensitive information such as bank account information or login credentials. However, over the course of the past 12 months, cybercriminals have increasing used spam email to distribute ransomware. In Q3, 2016, PhishMe reported that 97% of phishing emails were being used to deliver ransomware or ransomware downloaders. Spam email is now the number one vector used to deliver malware and ransomware.
Spam email campaigns are also becoming more sophisticated and it is becoming much harder to distinguish spam from genuine emails. Many of the latest campaigns contain no spelling mistakes, are grammatically correct and use imagery from well-known brands with smart, professional layouts.
Cybercriminals are also using social engineering techniques to fool end users into clicking malicious links and opening infected email attachments. Without spam software to quarantine those emails, they will be delivered to inboxes and employees are likely to be fooled into taking the requested actions.
Fortunately, advanced spam solutions can now filter out more than 99% of spam emails, with SpamTitan preventing more than 99.9% of spam emails from being delivered. This category contains up to date information on spam software, new threats that are now blocked and advice for organizations on improving defenses against email threats.
by G Hunt |
March 4, 2025 |
Phishing & Email Spam, Spam Software, Website Filtering
There has been a surge in infostealer malware infections, with detections up almost 60% from the previous year. Infostealers gather system information, stored files, and sensitive data and exfiltrate the information to their command and control server. Once installed, they can remain undetected for long periods of time, exfiltrating sensitive data such as usernames and passwords by logging keystrokes, with some variants capable of taking screenshots and capturing audio and video by taking control of the microphone and webcam.
The majority of infostealers are used to attack Windows systems; however, a new infostealer called FrigidStealer has been identified that is being used to target Mac users. FrigidStealer is capable of stealing saved cookies, password-related files in the Safari and Chrome browsers, and login credentials, along with cryptocurrency wallet credentials, Apple Notes containing passwords, documents, spreadsheets, text files, and other sensitive data from the user’s home directory. The gathered data is added to a compressed file in a hidden folder in the user’s home directory and is exfiltrated to its command and control server.
The threat actor behind the campaign distributes FrigidStealer under the guise of important web browser updates on compromised websites. The threat actor injects malicious JavaScript into the HTML of the webpage which generates a fake browser update notification to website visitors. The notifications warn the user that they must update their browser to continue to view the page, with the displayed notification tailored to the browser in use.
The notifications look professional, include the appropriate logos for either Google Chrome or Safari, and contain an update button that the user must click to proceed. Clicking the button will trigger the download of an installer (DMG file), which must be manually launched. The user is required to enter their password to get around macOS Gatekeeper protections. If the password is entered, the file is executed and FrigidStealer is delivered.
A similar campaign is being conducted targeting Windows users. The Windows campaign uses similar techniques, although it tricks the user into downloading and executing an MSI installer, which delivers one of two different info stealers, Lumma Stealer or DeerStealer. The threat actor is also targeting Android devices in a similar way, delivering an APK file that contains the Marcher banking Trojan.
With infostealer infections soaring, businesses need to make sure they have the right security solutions in place and should be providing regular security awareness training to the workforce. Employees should be instructed to never download browser updates when prompted to do so on websites or run any suggested commands on their devices, as the updates and commands are likely to be malicious.
A web filter is strongly recommended for controlling access to the Internet and blocking visits to malicious websites. The WebTitan DNS filter can used to protect users on or off the network and is constantly updated with threat intelligence on new malicious websites. If an attempt is made to visit a known malicious website, that attempt will be blocked. The web filter can also be configured to block file downloads from the internet by file type, allowing IT teams to prevent employees from downloading executable files.
While this is a web-based campaign, information stealers are commonly distributed in phishing emails, either through malicious attachments or embedded hyperlinks. TitanHQ’s SpamTitan cloud-based anti-spam service is a powerful AI-driven email security solution with email sandboxing and advanced threat detection capabilities. SpamTitan outperformed all other tested solutions in recent tests by VirusBulletin, blocking 100% of phishing emails and 100% of malware.
by G Hunt |
February 27, 2025 |
Phishing & Email Spam, Security Awareness, Spam Software
Cybercriminals have extensively used ransomware in their attacks on businesses, government entities, and critical infrastructure, and while these attacks often make headline news and cause massive disruption, there is a much more common malware threat – Information stealers.
Information stealers are malware that is silently installed on devices that can remain undetected for long periods of time. These types of malware have many different capabilities and can serve as downloaders for other malicious payloads, but their main function is information theft. Information theft is achieved in several ways, depending on the malware variant in question. These malware types often have keylogging capabilities and can record keystrokes as they are entered on the keyboard, allowing sensitive information such as usernames and passwords to be captured. They can often record audio from the microphone, take control of the webcam and record video, and take screenshots. They can also steal browser histories, cookies, and other sensitive information.
The information stolen from the victim allows the threat actor to conduct follow-on attacks, access accounts and steal further sensitive data, access and drain financial accounts, or commit identity theft and other types of fraud. Information stealers can also provide a threat actor with access to a device, and that access is often sold to specialized cybercriminal groups such as ransomware actors. Many hackers now act as initial access brokers, using information stealers to gain access before selling that access to other cybercriminal groups.
Information stealers such as Lumma, AgentTesla, FormBook, Redline, and StealC have been increasingly used in recent years, especially last year. Check Point observed a 58% increase in attacks from the previous year, and a report from the threat intelligence firm KELA suggested that lists of credentials obtained from information stealers are being shared on cybercrime forums. The credential lists included billions of logins that had been captured from infected devices, which, according to KELA, included around 4.3 million devices, of which around 330 million credentials had been stolen. An estimated 40% were corporate credentials.
The breach notification service, Have I Been Pwned (HIBP), has recently added 284 million compromised accounts to the service. The credentials were identified from chats on a Telegram channel called ALIEN TXTBASE, with the data obtained from information stealer logs. HIBP founder Troy Hunt said the stealer logs included 23 billion rows of data with 493 million unique website and email address pairs and around 284 million unique email addresses. Hunt said 244 million passwords were not previously known to the HIBP service, with 199 million already in its database.
The extent to which these malware variants are used, and the increase in use in 2024, clearly demonstrates the importance of advanced malware protection and the sheer number of compromised credentials suggests many businesses have been infected with information stealers. The problem for businesses is that these malware variants can be difficult to identify, as new versions are constantly being released. Traditional antivirus software is signature-based, which means it can only detect known malware. When new malware is identified, a signature of that malware is obtained and fed into antivirus software. If a malware signature is not in the software’s definition list, it will not be detected. There are several ways that these information stealers are distributed, with email being one of the most common. They can also be downloaded from the internet from malicious websites in drive-by downloads or installed along with pirated software or doctored versions of legitimate software installers.
Defending against information stealers requires a combination of measures – a defense-in-depth approach, with multiple overlapping layers of security. Given the high volume of infections stemming from email, businesses need a spam filter to block malicious emails. Antispam software will block many malicious emails; however, an antispam server must have advanced antimalware defenses. That means traditional signature-based detection and advanced behavioral detection to ensure previously unseen malware is identified and blocked.
SpamTitan uses dual anti-virus engines for detecting known threats and a next-generation email sandbox for behavioral analysis. If standard checks are passed, suspicious messages are sent to the sandbox – a safe environment where they are detonated and their behavior is analyzed. This vastly improves the detection rate, and in recent independent tests, SpamTitan outperformed all other tested email security solutions and had a 100% malware detection rate.
Security awareness training needs to be provided to the workforce to ensure that employees have the skills to recognize and avoid threats, no matter where they are encountered. Through training, employees should be conditioned to always report potential threats to their security team, and businesses can promote security best practices and eradicate risky behaviors. TitanHQ offers businesses a comprehensive training and phishing simulation platform – SafeTitan – that has been shown to be highly effective at improving employees’ security awareness.
Many malware infections occur via the Internet, and while training can reduce risk, a technical security solution is required to block threats. WebTitan is a DNS-based web filter that is used to block access to known malicious websites, assess websites in real-time for malicious content, block certain file downloads from the Internet, and restrict the sites and web pages employees can access.
With these three security solutions in your arsenal, you will be able to significantly improve your security posture and block information stealers and other threats. Give the TitanHQ team a call today to find out more or take advantage of a free trial of these solutions.
by G Hunt |
February 16, 2025 |
Security Awareness, Spam Software
A phishing campaign has been identified that targets corporate Facebook credentials and has so far involved more than 12,000 messages to users worldwide. The campaign has primarily targeted enterprises in the European Union (45.5%), United States (45%), and Australia (9.5%) with the phishing emails sent using a legitimate Salesforce automated mailing service. When emails are sent via this service, a sender email address can be specified; however, if no address is supplied, the emails appear to have been sent directly from Salesforce from the noreply@salesforce.com email address, per the terms of service. As such, any recipient of the email may mistakenly believe that the emails are official.
The emails include fake versions of the Facebook logo, which recipients should be able to identify as fake; however, the emails are well-written, and the subject matter is sufficiently concerning to warrant a click. The emails warn the recipient about a copyright infringement claim that has been filed under the Digital Millennium Copyright Act (DMCA) against the user’s personal account, indicating material has been shared via their account that is in violation of copyright laws.
The messages include the date of the complaint, that it was reported by Universal Music Group, and is due to the unauthorized use of copyrighted music. The recipient is told they must respond to the claim by the close of business if they wish to contest the claim. The date of the required response is only 24 hours after the complaint date, therefore an immediate response is required. As is common with phishing attempts, there is a threat – permanent restrictions on the user’s Facebook account. The message includes a button to click to contest the claim, but rather than direct the user to a login page, they are directed to a fake support page, where they are provided with further information on the restrictions that have or will be applied. Several variations of that email have been identified, including warnings that Facebook surveillance systems have identified a copyright issue and, as a result, limitations have been placed on the user’s account.
Those restrictions include the disabling of personal ad accounts and audiences, blocking the management of advertising assets or people for businesses, and preventing the user from creating or running ads and managing ad accounts. In order to have those restrictions removed, the user must click the button to request a review, which directs the user to a spoofed Facebook login page. If credentials are entered, they will be captured and used to log in to the user’s account. The campaign, identified by Check Point Research, targets business users, many of whom will rely on Facebook for advertising and customer contact, therefore the consequences of an account restriction could be serious, and certainly serious enough to warrant filing an appeal. What is unclear is how the threat actor uses the compromised accounts. Potentially they could be used for further scams, which could cause considerable reputational damage to the business.
Protecting against these types of phishing campaigns requires a combination of email security and user awareness. An email security solution can prevent these messages from reaching inboxes, thus neutralizing the threat, but security awareness training should also be provided to workforce members to help them identify and avoid phishing attempts. In this case, Facebook admins for the business should be warned about the campaign and instructed to log in to Facebook directly via their web browser if they receive any copyright infringement notices purporting to have been sent by Facebook. If there is a problem with their account, it will be apparent when login into their account.
With the SafeTitan security awareness training platform from TitanHQ, it is easy to create and automate security awareness training programs and roll out new training content in relation to specific threats, only providing that training to the individuals who are likely to be targeted. Phishing simulations can easily be created to test awareness of these phishing scams, with relevant training automatically delivered in response to clicks on phishing emails.
TitanHQ’s anti-spam software, SpamTitan, provides excellent protection against phishing, as demonstrated by recent tests by VirusBulletin. The cloud-based anti-spam service outperformed all other antispam solutions in the latest round of tests, blocking 100% of phishing emails and 100% of malware, earning SpamTitan the top spot for overall score. If you are not happy with your anti-phishing defenses or feel you are paying too much for protection, give the TitanHQ team a call and ask about SpamTitan. If you have yet to provide regular security awareness training to your workforce, why not sign up for a free trial of Safetitan and put the product to the test on your workforce?
by G Hunt |
February 3, 2025 |
Phishing & Email Spam, Security Awareness, Spam Software
Investigations of cyberattacks have identified an increasing number of incidents that started with email bombing. A high percentage of cyberattacks involve phishing, where emails are sent to employees to trick them into visiting a malicious website and disclosing their credentials, or opening a malicious file that installs malware. Email bombing is now being used to increase the effectiveness of phishing campaigns.
With email bombing, the user is sent a large number of spam emails in a short period of time, such as by adding a user to a large number of mailshots, news services, and spam lists. The threat actor creates a genuine spam issue then impersonates a member of the IT department and claims they can fix the problem, with content often made via a Microsoft Teams message. If the user accepts, they are tricked into installing remote access software and granting the threat actor remote access to their device. The threat actor will establish persistent access to the user’s device during the remote access session. What starts with an email bombing attack often ends with a ransomware attack.
There are several measures that you should consider implementing to prevent these attacks. If you use Microsoft Teams, consider restricting calls and messages from external organizations, unless there is a legitimate need to accept such requests. If so, ensure permission is only given to trusted individuals such as business partners. The use of remote access tools should be restricted to authorized personnel only, and steps should be taken to prevent the installation of these tools, including using a web filter to block downloads of these tools (and other executables) from the Internet.
An spam filter should be implemented to block spam and unwanted messages. Advanced spam filters such as SpamTitan use AI-guided detection and machine learning to block spam, phishing, and other malicious emails, along with email sandboxing to identify novel threats and zero-day malware. In the Q4, 2024, tests at VirusBulletin, the SpamTitan spam filtering service blocked 99.999% of spam emails, 100% of phishing emails, and 100% of malware with a 0.000% false positive rate, earning SpamTitan top position out of all anti-spam software under test.
Businesses should not underestimate the importance of security awareness training and phishing simulations. Regular security awareness training should be provided to all members of the workforce to raise awareness of the tactics used by cybercriminals. A cyberattack is much more likely to occur as a result of a phishing or social engineering attempt than the exploitation of a software vulnerability. Businesses that use the SafeTitan security awareness training platform and phishing simulator have reduced susceptibility to email attacks by up to 80%. For more information on TitanHQ cybersecurity solutions, including award-winning anti-spam solutions for managed service providers, give the TitanHQ team a call or take advantage of a free trial of any of TitanHQ’s cybersecurity solutions.
by G Hunt |
December 29, 2024 |
Phishing & Email Spam, Spam Software
Detections of the Remcos remote access trojan (RAT) have increased recently with threat actors adopting new tactics to deliver this popular commercially available malware. The Remcos RAT is offered under the malware-as-a-service model, where purchasers can use the malware to remotely control infected devices and steal sensitive data.
The Remcos RAT is primarily delivered via phishing emails with malicious attachments, with each of the two main variants delivered using distinct methods. One of the variants is distributed in phishing emails using Microsoft Office open XML attachments that exploit a Microsoft Office memory corruption remote code execution vulnerability (CVE-2027-11882) to execute an embedded script that downloads an intermediate payload that will in turn deliver the Remcos RAT. The vulnerability does not affect newer Office versions, such as Microsoft 365, only older versions prior to Office 2016.
Lures commonly used include fake purchase orders, where the email claims to include purchasing specifications in the attached Excel file. If opened, the spreadsheet is blurred and the user is told the document is protected, and to enable editing to view the file. In the background, the vulnerability is exploited to deliver and execute an HTA file, triggering the processes that lead to the installation of the Remcos RAT. When delivered, the Remocos RAT is injected into a legitimate Windows executable (RegAsm.exe).
The second variant uses a VBS attachment with an obfuscated PowerShell script to download files from a remote server and inject code into RegAsm.exe. Since the final payload is injected into legitimate Windows processes, the malware is often not detected by security solutions. Once installed, persistence is maintained via registry modifications to ensure the malware remains active after a reboot. Lures used to deliver this variant include payment confirmations, with details included in the attached DOCX file.
The highest number of infections have occurred in the United States and India, and there has been a sharp rise in infections in recent months showing that the campaigns are proving effective. A combination of technical measures and security awareness training will help to prevent Remcos RAT infections. Phishing campaigns such as this show why it is important to stay on top of patching and ensure that all systems are kept up to date, and to migrate from software that has reached end-of-life to supported software versions. Endpoint security software is important; however, detection of the Remcos RAT can be difficult since files are not written to the hard drive.
The primary defense is an advanced email security solution. SpamTitan, TitanHQ’s spam filtering service, is an ideal choice as it includes reputation checks, SPF, DKIM, & DMARC, machine-learning algorithms to identify anomalies in emails, and email sandboxing, where attachments are sent for extensive analysis including pattern filtering. In recent tests by VirusBulletin, the engine that powers SpamTitan scored highest out of all 11 tested email security solutions, with a 100% malware and phishing catch rate.
It is important to keep the workforce up to date on the latest security threats and to teach and reinforce security best practices. The SafeTitan security awareness training platform makes this easy for businesses and MSPs, allowing effective security awareness training programs to be created that are tailored to individuals and user roles. The training can be automated to be delivered regularly to employees, as can phishing simulations using the SafeTitan phishing simulator to test the effectiveness of training. Businesses with Microsoft 365 would benefit from the PhishTitan platform. Based on the same engine that powers SpamTitan, PhishTitan helps to protect Microsoft 365 environments from the advanced threats that Microsoft fails to block, add banners to emails from external sources and helps security teams rapidly mitigate phishing threats.
by G Hunt |
December 23, 2024 |
Industry News, Spam Software
TitanHQ’s email security solutions achieved first place in Q4 performance tests by the leading security information portal, testing, and certification body, VirusBulletin. The security engine that powers TitanHQ’s SpamTitan email security and PhishTitan anti-phishing platform for Microsoft 365 was put to the test alongside 10 other market-leading email security solutions and achieved the highest overall score out of all 11 solutions, building on the joint 1st overall score in the Q3, 2024 round of tests, 2nd position in the Q3 tests, and 3rd position in the Q1, 2024 tests.
The top position was achieved with a 100% phishing catch rate, a 100% malware catch rate, and a 0.00% false positive rate. This was the third consecutive quarter that TitanHQ’s solutions had a perfect score for catching malware and the third consecutive quarter that TitanHQ has been awarded the VBSpam+ award for outstanding performance. “We are thrilled to have significantly outperformed our main competitors and surpassed the industry average,” said TitanHQ CEO, Ronan Kavanagh. “Our unwavering commitment to providing unmatched email security is evident in these results, and we remain dedicated to protecting our clients from evolving cyber threats.”
Over the past two decades, VirusBulletin has tested, reviewed, and benchmarked enterprise-level security solutions to determine how effective the solutions are at blocking real-world threats. VirusBulletin has a formidable reputation for providing businesses with invaluable independent intelligence about the rapidly evolving threat landscape, and businesses look to performance tests when selecting security solutions to make sure they perform as well as the vendors’ claim. For the Q4, 2024 tests of enterprise-level anti-spam software, TitanHQ’s cloud-based anti-spam service was put to the test alongside solutions from Bitdefender, Fortinet, Mimecast, N-able, Sophos, Rspamd, SEPPmail, Net at Work, and Zoho. The tests ran for 16 days in November 2024 and included evaluations of almost 107,000 emails, of which 105,228 were spam and 1,315 were legitimate emails. 1,045 of the emails contained a malicious attachment and 16,825 contained a link to a web page hosting phishing content or malware.
Virus Bulletin Q4, 2024 Test Scores
| Metric |
TitanHQ Score |
| Malware catch rate |
100.000% |
| Phishing catch rate |
100.000% |
| Spam Catch (SC) rate |
99.999% |
| Project Honey Pot SC rate |
99.998% |
| MXMailData SC rate |
100.000% |
| Abusix SC rate |
99.999% |
| False Positive (FP) Rate |
0.000% |
| Newsletters FP rate |
0.0% |
| Final Score |
99.999% |
“With only two spam samples missed – one of which was from the unwanted category – no false positives of any kind, and a final score value of 99.999, SpamTitan showed the best performance in this test, ranking top for final score,” explained VirusBulletin. “Needless to say, a well-deserved VBSpam+ certification is awarded.”
Virus Bulletin 2024 Test Scores
| Test Period |
Phishing catch Rate |
Malware Catch Rate |
Spam Catch Rate |
Position |
| Q1 |
99.91% |
99.95% |
99.98% |
3rd |
| Q2 |
99.99% |
100% |
99.98% |
2nd |
| Q3 |
99.98% |
100% |
99.98% |
1st (Joint) |
| Q4 |
100% |
100% |
99.99% |
1st |
The test results confirm that TitanHQ is a leading enterprise spam filter provider; however. TitanHQ’s spam filtering service and anti-phishing solution for M365 are suitable for use by businesses of all sizes. While incredibly powerful and feature-rich, they are easy to implement and use. The solutions have also been developed from the ground up to meet the needs of MSPs to help them better protect their clients from rapidly evolving threats. “We’ve seen a remarkable influx of new MSP customers migrating from other solutions, consistently highlighting TitanHQ’s ability to deliver immediate and substantial threat mitigation,” said Kavanagh.
If you want industry-leading email protection from spam, phishing, and malware, give the TitanHQ team a call today to find out more about getting started with SpamTitan and PhishTitan. Product demonstrations can be arranged on request and all TitanHQ solutions are available on a free trial.
by G Hunt |
December 18, 2024 |
Industry News, Spam Software
TitanHQ has announced that the latest version of SpamTitan (Skellig 9.07) has been launched, offering significant enhancements to improve detection, usability, and overall security. The new version of SpamTitan Skellig builds on previous versions that have been demonstrated to provide exceptional protection against malware, phishing, and spam, as evidenced by recent independent tests by VirusBulletin.
In Q3, 2024, SpamTitan achieved joint first place for overall score in the phishing, spam, and malware detection tests, and in Q4, 2024, performed even better beating all other industry-leading competitors to achieve the top spot with an overall score of 99.999%, including a malware and phishing catch rate of 100%, a spam catch rate of 99.999%, and a false positive rate of 0.000%, earning SpamTitan its third consecutive VPSpam+ award.
The latest release of the SpamTitan Skellig engine includes numerous security updates, including significant improvements with enhanced Domain and Display Name anti-spoofing protection and updated anti-spoofing screens. The settings for Domain and Display Name anti-spoofing have been separated to make it easier to see which features have been enabled and the update makes MSP’s lives easier as these split options are available at the customer level, so there is no need to drill down to each domain-level setting. The update will reduce the time that needs to be spent managing security defenses. Further, the update provides greater flexibility and control for inbox protection, since Display Name anti-spoofing is independent of user policies. That means it is possible to upload a custom list of Display Name/email pairs for more targeted protection. To improve usability, changes have also been made under the cover for Quarantine Reports to ensure they are delivered more reliably and on-time
TitanHQ is committed to making continuous security improvements to improve detection and simplify security management to make its products easier and less time-consuming to use, ensuring users have complete control of how protections are applied. The new version will be updated automatically for current users, and if you are yet to try our spam filtering service, give the TitanHQ team today for help getting you started with a free trial.
by G Hunt |
November 26, 2024 |
Phishing & Email Spam, Spam Software
It is all too easy to place too much reliance on multifactor authentication (MFA) to protect against phishing attacks. In theory, if an employee is duped by a phishing email and their credentials are stolen, MFA should stop the threat actor from using those credentials to access the account, as they will not have the necessary additional authentication factor(s). The reality is somewhat different. While MFA can – and does – block many attacks where credentials have been obtained, it is far from infallible. MFA has made it much harder to compromise accounts but, in response, threat actors have developed new tactics to bypass MFA protections.
For example, there is a scam where an employee is contacted by an individual who claims to be from their IT department. The scammer tells them there is an issue with their account and they need to update their password. They are directed to a site where they are prompted to enter their password and enter the MFA code sent to their phone. The threat actor uses that information in real-time to access their account. Multiple campaigns have targeted IT helpdesk staff, with the threat actor impersonating an employee. They provide information to verify their identity (obtained in an earlier phase of the campaign) and ask to register a new device to receive their MFA codes.
Phishing-as-a-service toolkits (PhaaS) capable of defeating MFA are advertised on hacking forums and Telegram channels that can be purchased or rented. They involve an adversary-in-the-middle (AitM) attack and use a reverse proxy between the victim and the legitimate portal for the credentials being sought. The user is directed to a login page that appears exactly as expected, as the user is logging into the genuine site. What is unknown to the user is the attacker sits between them and the site and captures credentials and the session cookie after MFA is successfully navigated. The attacker then has access to the account for the duration of the session cookie and can register a new device to receive future codes.
PhaaS kits are a serious threat and are proving popular with cybercriminals. Take the Rockstar 2FA kit for example, which is advertised for $200 for a 2-week subscription. The kit includes everything a phisher needs, including MFA bypass, login pages for targeting specific credentials, session cookie harvesting, undetectable malicious (FUD) links and link redirectors, a host of phishing templates, and an easy-to-use admin panel that allows tracking of phishing campaigns. The phishing URLs available are also hosted on legitimate services such as Google Docs Viewer, Microsoft OneDrive, and LiveAgent – sites commonly trusted by email security solutions. This is just one phishing kit. There are many being offered with similar capabilities.
The take-home message is that MFA, while important, can be bypassed. For maximum protection, phishing-resistant multifactor authentication should be used – e.g. smartcards or FIDO security keys. These MFA tools can be expensive to implement, so at the very least ensure that you have some form of MFA implemented and implement several other layers of defenses. An advanced spam filtering service such as SpamTitan is essential, as it can block phishing emails to ensure they do not reach end users. Review sites often rate SpamTitan as one of the best spam filters for business due to how easy the solution is to use and its excellent detection rate. In November 2024, in tests by Virus Bulletin, SpamTitan blocked 100% of malware and 100% of phishing emails out of a test involving around 125,000 messages. Previous assessments had a catch rate of more than 99.99%, demonstrating the reliability and accuracy of the solution.
Another layer of protection can be provided by a web filter, which will block attempts to visit known malicious websites, such as those used for phishing and malware distribution. WebTitan provides time-of-click protection, as does TitanHQ’s PhishTitan product – an anti-phishing solution specifically developed to protect M365 accounts against phishing by augmenting Microsoft’s controls to catch the phishing emails that EOP and Defender miss.
Technical defenses are important, but so too is workforce training. Through regular security awareness training and phishing simulations, employees can be taught cybersecurity best practices and how to identify and avoid scam emails. If you want to improve your defenses against phishing and malware, give the TitanHQ team a call and have a chat about your options. All TitanHQ solutions are easy to use, are available on a free trial, and full product support is provided during that trial.
by G Hunt |
August 28, 2024 |
Spam Software
Phishing is the name given to a type of cyberattack where the threat actor uses deception to trick an individual into taking an action that benefits the threat actor. A lure is used to get the targeted individual to respond and these attacks typically create a sense of urgency. Urgency is required as phishers need users to act quickly rather than stop and think about the request. The faster the response, the less time there is to identify the scam for what it is. There is often a threat to help create a sense of urgency, such as negative consequences if no action is taken.
Phishing can take place over the phone, SMS, and instant messaging platforms, but email is the most common way of getting the phishing lure in front of an employee. It is now common for businesses to provide security awareness training to the workforce to raise awareness of phishing threats and to have a spam email filter in place to detect and quarantine these malicious emails before they reach inboxes; however, even with robust defenses in place, some malicious emails will arrive in inboxes and employees are often tricked into responding.
Security awareness training programs teach employees to stop and think before taking any request in an email, which is the last thing phishers want the recipients of their emails to do. One of the ways they can get a quick response is to make the recipient believe that the email has been sent from an internal email account, either through spoofing or by using a compromised internal email account. Some of the lures used in phishing attempts that the majority of employees will at least open and read, are detailed below.
HR Themed Phishing Emails
One of the ways that phishers increase the chance of a user responding is to use Human Resources (HR)-themed lure, as any communication from the HR department is usually taken seriously by employees. These phishing attempts include the types of notifications that HR departments often send via email, examples of which include:
- Changes to working hours
- Updates to working practices
- Dress code changes
- Upcoming training/cybersecurity training sessions
- Annual leave notifications
- Payroll information requests
- Tax matters
- Healthcare and wellness benefit updates
- Employee rewards programs
- Notifications about disciplinary procedures
IT Department Notifications
Notifications from the IT department are also common as employees typically open these emails and act quickly. These include:
- Internet activity reports
- Security alerts
- The discovery of unauthorized software
- Changes to access rights
- Requires software installations
Notifications from Board Members
Phishers often impersonate the CEO or other executives, as they know that employees will want to respond quickly and are unlikely to question requests from these authority figures. CEOs are commonly impersonated in business email compromise attacks, where the threat actor tries to get an employee to make a wire transfer to their account, purchase gift cards, or divulge sensitive information. These emails may include a hyperlink to a website where the user is told they must enter their login credentials, a hyperlink to a website where a file download takes place, or the emails may include an attachment. Common file types used in these email campaigns include PDF files, HTML attachments, Office files, and compressed files. These files may contain malware or malicious scripts, or may be used to hide information from spam filtering software. For example, PDF files are commonly used that contain malicious links. By adding the link to the PDF file, there is less chance that spam filtering software will find and follow the link.
How to Defend Against These Common Email Threats
Defending against email attacks requires advanced anti spam software and regular security awareness training for the workforce. SpamTitan from TitanHQ is an advanced cloud-based anti-spam service that performs comprehensive checks for spam and malicious emails, including an inbound spam filter and outbound filtering with data loss prevention. SpamTitan performs reputation checks of the sender’s domain and email account, recipient verification, anti-spoofing checks, and alias recognition, and allows geoblocking to prevent the delivery of emails from certain locations (overseas, for instance).
SpamTitan also incorporates extensive content filtering mechanisms, including rewriting URLs to identify the true destination, URL checks to identify malicious content, anti-phishing measures including machine learning algorithms to detect suspicious content that deviates from the standard emails typically received, Bayesian analysis to identify spam and phishing, OLE detection, dual antivirus engines, and email sandboxing. Sandboxing is key to blocking malware threats, including previously unseen malware. With SpamTitan in place, the vast majority of threats will not arrive in inboxes. In recent independent tests, SpamTitan had a 99.99% spam detection rate, a 99.98% phishing detection rate, and a 100% malware detection rate, with zero false positives.
TitanHQ also offers a comprehensive security awareness training platform called SafeTitan. SafeTitan makes it easy for businesses to create and automate security awareness training programs for the workforce, and tailor programs for different departments and user groups. The content is fun and engaging and is delivered in modules of more than 10 minutes, which makes security awareness training easy to fit into busy workflows. SafeTitan also includes a phishing simulator for assessing the effectiveness of training and for giving employees practice at identifying phishing attempts, including the types of phishing attempts mentioned in this article that often fool employees.
SpamTitan and SafeTitan, like all TitanHQ solutions, are easy to implement, use, and maintain, and are available on a free trial. For advice on improving cybersecurity at your business and for further information on TitanHQ solutions, call the team today and take the first step toward improving your security posture.
by G Hunt |
March 29, 2024 |
Phishing & Email Spam, Spam Software
TitanHQ has claimed a Top 3 position in a recent Virus Bulletin email security test, achieving an exceptional 99.98% spam catch rate and 99.91% phishing catch rate for the cutting-edge filtering engine that powers the SpamTitan (email security) and PhishTitan (phishing protection) solutions, earning TitanHQ the prestigious VBSpam+ certification for the products.
Virus Bulletin is a security information portal and independent testing and certification body that has earned a formidable reputation within the cybersecurity community for providing security professionals with intelligence about the latest developments in the global threat landscape. Virus Bulletin conducts regular tests of security solutions to determine how well they perform at detecting and blocking threats, and for more than 20 years has been benchmarking cybersecurity solutions. Virus Bulletin’s public certifications cover all types of security threat protection, including anti-spam and anti-phishing solutions for enterprises.
In the Q1, 2024 tests, Virus Bulletin assessed nine comprehensive email security solutions, including TitanHQ’s email security suite which comprises SpamTitan and PhishTitan. The email security solutions were put to the test to assess how effective they are at blocking unsolicited and unwanted spam emails and malicious messages of all types. TitanHQ’s solutions achieved exceptional scores at blocking spam and phishing emails, with a spam catch rate of 99.983%, a malware catch rate of 99.511%, and a phishing catch rate of 99.914% with zero false positives. The final score for the Q1, 2024 tests was 99.983, cementing TitanHQ’s position as a leading provider of anti-phishing and anti-spam solutions for managed service providers and businesses.
“This test reaffirms TitanHQ’s unrivaled prowess in spam and phishing protection—we stand as the first choice for combating phishing attempts and spam infiltrations,” said Ronan Kavanagh, CEO at TitanHQ. “Our customers need not settle for anything less. With TitanHQ solutions, they receive unparalleled defense against phishing and spam and experience minimal false positives.
While there are many ways that cybercriminals and nation state actors breach company networks and gain access to sensitive data, phishing is the leading initial access vector. Despite phishing being such a prevalent threat, many businesses lack security solutions that can consistently identify and block these malicious messages, which results in costly compromises, data breaches, and devastating ransomware attacks. According to one study by researchers at CoreView on 1.6 million Microsoft 365 users, 90% lacked essential security protections that can combat threats such as phishing.
While Microsoft has security solutions that can block spam and phishing emails, they are unable to block advanced phishing threats. PhishTitan has been developed to work seamlessly with M365 and catch the phishing threats that M365 misses. Even Microsoft’s most advanced anti-phishing protection, the costly E5 premium security offering, fails to block many advanced threats. Testing has shown that for every 80,000 emails received, PhishTitan identifies and blocks 20 unique, sophisticated phishing attempts that Microsoft’s top solution misses, and many businesses cannot afford Microsoft’s top level of protection and are reliant on its basic anti-spam and anti-phishing protection.
If you want to improve your defenses against phishing and malware and block more spam emails, give the TitanHQ team a call and ask about SpamTitan and PhishTitan. Both email filtering solutions are available on a free trial, so you can put them to the test and see for yourself the difference they make.
by G Hunt |
November 10, 2023 |
Network Security, Spam Software
Sandboxing is the use of a virtual environment for testing code and safely opening untrusted files. The sandbox is an isolated and secure environment that emulates a legitimate endpoint; however, there are no connections to the business network, the sandbox environment contains no real data, and if dangerous code is executed, no harm will be caused.
Advantages of Email Sandboxing
Sandboxing is important because of the sheer number and complexity of threats faced by businesses. Cybercriminal groups are conducting increasing numbers of attacks, new groups are constantly being formed, and their attacks are becoming much more sophisticated. The cost of these attacks and the resultant data breaches are also spiraling. According to the 2023 Cost of a Data Breach Report from IBM, on average, data breaches cost $4.45 million to resolve in the United States and $10.93 million for a healthcare data breach.
Many of these threats come from email. Emails are used to send attachments containing malicious code that downloads malware that provides a cyber actor with access to the network. Links to malicious websites are also distributed via email where malware is downloaded. While businesses have a degree of protection if they have anti-virus software installed, most anti-virus solutions can only detect known malware variants – Malware that has previously been analyzed and had its signature added to the solution’s malware definition list. Antivirus solutions will not detect new malware variants nor fileless malware, which is executed in the memory with no files downloaded to the disk.
Sandboxing provides an additional layer of protection against zero-day malware and ransomware attacks and will allow malicious files to be identified, detected, and quarantined before they can do any harm, even if they have not previously been encountered. In the sandbox, malware is identified by the actions it tries to perform, not by any signature.
Disadvantages of Email Sandboxing
While there are clear benefits, there are some disadvantages of email sandboxing. Businesses may want to add email sandboxing to their cybersecurity arsenal, but email sandboxes can be complicated to set up and run, and they can require a considerable amount of resources and can be expensive to run. Another of the disadvantages of email sandboxing is analyzing file attachments takes time and messages cannot be delivered until all checks have been performed. It is therefore inevitable that there will be email delivery delays.
As with any cybersecurity solution, there is the potential for false positives. An email attachment may be determined to be malicious when it is actually harmless. In such cases, important business emails may be blocked or deleted. The last main disadvantage is malware often contains code that determines if it has landed on the targeted endpoint or if it is in a virtual environment. If the latter is detected, the malware may delete itself or not perform any of its programmed malicious actions. Considering the cost of a successful cyberattack, the advantages of email sandboxing outweigh the disadvantages, provided the right sandboxing solution is chosen.
SpamTitan Email Security with Sandboxing
SpamTitan is an award-winning email security solution from TitanHQ that provides advanced threat protection at an affordable price. The solution is easy to implement and use and protects thousands of SMBs and managed service providers (MSPs) by blocking spam, viruses, malware, ransomware, and links to malicious websites from your emails. SpamTitan’s ATP defense uses inbuilt Bayesian auto-learning and heuristics to defend against advanced threats and evolving cyberattack techniques and features an integrated email sandbox tool that is part of Bitdefender’s Global Protective Network.
SpamTitan uses advanced intelligent technologies, such as AI, to predict and prevent advanced threats and the sandbox accurately mimics a real endpoint to trick malware into determining it has reached its intended target. As with any sandbox, there are delays in delivering emails but this is kept to a minimum. SpamTitan has multiple layers of security and sophisticated sandbox technology, which means only specific and dangerous emails will be sandboxed. Even if a legitimate email lands in a sandbox, the delivery delay will be, at most, twenty minutes. While there may be false positives on occasion, no emails are deleted. They are quarantined to allow administrators to check the validity of the results.
If you want to improve security and get the advantages of email sandboxes while eliminating the disadvantages, give the TitanHQ team a call today. SpamTitan is also available on a free 14-day trial to allow you to test the product and sandbox in your own environment before making a purchase decision.
Additional Articles Related to Email Sandboxing
Email Sandboxing
Email Sandboxing Service
Sandboxing Blocking Malware Threats
Email Sandboxing Pattern Filtering
How does an email sandbox block malware?
Email Sandboxing and Message Delivery Delays
Commonly Asked Questions about Email Sandboxing
What is sandbox security?
How does a sandbox work?
How to sandbox email attachments
What is message sandboxing?
What is malware sandboxing for email?
What is sandboxing in cybersecurity?
What are the advantages and disadvantages of email sandboxing?
Sandboxing Technology for Email
What is a malicious file sandbox for email?
by G Hunt |
November 5, 2023 |
Network Security, Spam Software
Multiple layers of security are required to protect against increasingly sophisticated email attacks. A malicious file sandbox for email should be one of those layers to ensure your business is protected against zero-day and stealthy malware threats.
Email: The Most Common Initial Access Vector Used by Cybercriminals
There are many ways that cybercriminals can attack businesses, but email is the most common initial access vector. Most employees have email accounts which means they can be easily reached, and social engineering techniques are used to trick employees into opening malicious attachments or visiting links in emails. Cybercriminals have become adept at exploiting human weaknesses in defenses.
One of the main aims of email campaigns is to deliver malware to provide persistent access to victims’ networks. Executable files may be attached to emails and hidden using double file extensions to make the files appear to be legitimate documents, PDF files, or spreadsheets. Office files may be attached that have malicious macros which, if allowed to run, trigger the download of a first-stage malware payload. The problem for businesses is these campaigns are becoming much more sophisticated, they often bypass standard email security defenses, and they land in inboxes where they can be opened by employees.
Defending against sophisticated email attacks requires a defense-in-depth approach, which should include a spam filter/secure email gateway, a web filter, multifactor authentication, an endpoint detection and response solution, and security awareness training for employees. To improve protection further and defend against new and stealthy malware threats, it is important to have a malicious file sandbox for email.
What is a Malicious File Sandbox?
A malicious file sandbox is an isolated virtual environment where untrusted, suspicious files can be detonated securely without risking network or data security. The sandbox is used for analyzing emails, documents, application files, and other executable files to determine their true nature. When an email is received, it must first pass through a spam filter which looks for the common signatures of spam and phishing emails, performs reputation checks on the sender, analyzes the message content, and scans email attachments using antivirus software. The spam filter will filter out the majority of spam and phishing emails and all known malware variants using the antivirus software.
The problem is many email attacks are stealthy and have been developed to be undetectable, and cyber actors are skilled at getting their emails past email defenses and into inboxes. One way this is achieved is by using polymorphic malware, which cannot be detected by standard email security solutions and antivirus software. A malicious file sandbox is needed to protect against these novel threats.
When suspicious files are received that pass the front-end checks, they are sent to the sandbox for in-depth analysis of their behavior. The malicious file sandbox is configured to look like a real target environment to ensure that when an email is sent to the sandbox any malware acts as it would in the wild and is tricked into determining that it has landed on the endpoint of its intended target. No harm can be caused in the sandbox as the environment is isolated and not set up locally. If malware is detected, a report is generated of any malicious intent or unexpected actions, and actionable insights are provided to allow the threat to be blocked.
The SpamTitan Malicious File Sandboxing Service
SpamTitan is an award-winning anti-spam and anti-phishing solution from TitanHQ that is used by thousands of businesses and managed service providers to protect against email-based attacks. The solution leverages artificial intelligence and machine learning algorithms to detect novel threats and predict new attacks, reputation checks are conducted using SPF, DKIM, and DMARC, users are protected from malicious links in emails, and the solution has dual antivirus engines that scan for known malware.
SpamTitan also includes a Bitdefender-powered malicious file sandbox for blocking zero-day malware threats. The sandbox analyzes a broad range of targets, including emails, documents, application files, and other executable files, and leverages purpose-built, advanced machine-learning algorithms, aggressive behavior analysis, anti-evasion techniques, and memory snapshot comparison to detect sophisticated threats and delivers advanced threat protection and zero-day exploit detection. The sandbox also extracts, analyzes, and validates URLs within files.
The sandbox is not located on the endpoint so there are no performance implications, and strong machine learning and behavior detection technologies ensure that only files that require further analysis are sent to the Sandbox. If a malicious file is detected, the sandbox informs Bitdefender’s cloud threat intelligence service to ensure the threat is instantly blocked globally and will not need to be set to the sandbox for analysis again. The sandbox allows businesses to identify and block malicious files such as polymorphic malware and other threats that have been developed for use in undetectable attacks.
The SpamTitan malicious file sandbox delivers best-in-class detection, advanced anti-evasion technologies, innovative pre-filtering, and MITRE ATT&CK framework support. If you want the best protection from dangerous malware, you need a malicious file sandbox for email, and with SpamTitan you get that and more at a very affordable price. For more information on the capabilities of SpamTitan and details of pricing, give the TitanHQ team a call. SpamTitan is also available on a free 14-day trial to allow you to test the product in your own environment before making a purchasing decision.
Additional Articles Related to Email Sandboxing
Email Sandboxing
Email Sandboxing Service
Sandboxing Blocking Malware Threats
Email Sandboxing Pattern Filtering
How does an email sandbox block malware?
Email Sandboxing and Message Delivery Delays
Commonly Asked Questions about Email Sandboxing
What is sandbox security?
How does a sandbox work?
How to sandbox email attachments
What is message sandboxing?
What is malware sandboxing for email?
What is sandboxing in cybersecurity?
What are the advantages and disadvantages of email sandboxing?
Sandboxing Technology for Email
What is a malicious file sandbox for email?
by G Hunt |
October 28, 2023 |
Spam Advice, Spam Software
Message sandboxing is a security feature of spam filters, secure email gateways, and other email security solutions where inbound messages are sent to a secure and isolated environment where the messages are subjected to behavioral analysis. File attachments are detonated and analyzed for malicious properties and actions, such as attempted file downloads from the Internet, command-and-control center callbacks, and attempts to write code to the memory.
What is a Sandbox?
In the technology sense, a sandbox is a contained virtual environment that is separate and isolated from other applications, operating systems, data, and internal networks. Sandboxes have several uses. In software development, a sandbox is used for testing new code, where it can be observed for unexpected compatibility issues, allowing software developers to troubleshoot the code without causing any harm to live systems and data.
In cybersecurity, a sandbox is used to open untrusted files, follow potentially malicious links, and analyze suspicious code and malware. If malware was installed and executed on a standard machine, the threat actor would be given remote access, malware may exfiltrate sensitive data, or in the case of ransomware, encrypt files. Since the sandbox is a secure environment, any malicious action has no consequences, and files can be studied in safety.
A sandbox is a virtual environment that is often configured to mimic a genuine endpoint. One of the first actions taken by malware is to explore the environment it is in to check whether it is on a genuine device. If not, it is likely not to run any malicious routines and may self-delete to prevent analysis. By configuring the sandbox to mirror a genuine endpoint, the malware can be tricked into performing its malicious routines, which are detected and logged. The intelligence gathered is fed into the email security solution, and all users of that solution, locally and globally, will be protected from that malware sample in the future.
Why is Message Sandboxing Necessary?
Traditional email security solutions check message headers, perform reputation checks of senders, scan email attachments with antivirus engines, follow embedded hyperlinks, and examine the content of the message for known spam and phishing signatures. For many years, these checks alone have been sufficient and ensure that more than 99% of spam and phishing emails are detected and blocked along with all known malware.
Email attacks have been getting much more sophisticated in recent years and new malware variants are being released at never-before-seen rates. A malware phishing campaign, for instance, will not just use one iteration of malware, but many, with each sample differing sufficiently to defeat signature-based detection mechanisms. Cybercriminals are using automation to spin up masses of samples and AI is being used to develop novel phishing methods.
AI and machine learning capabilities are now required in email security for blocking these zero-day threats, and email message sandboxing is necessary for detecting novel malware threats. Advanced email security solutions leverage AI, machine learning, and email sandboxing and protect against the rapidly evolving threat landscape. Without these features, many malicious messages will be delivered.
How to Set Up Message Sandboxing
The easiest way to get started and set up message sandboxing is to use SpamTitan Email Security. SpamTitan has been developed to be easy to set up and use by businesses of all sizes, from small offices and coffee shops to small and medium-sized businesses and large enterprises. Being cloud-based, there is no software to install, just a small configuration change to your MX record (information on how to do this is provided). The solution can be accessed through a web-based interface, and the solution can be configured in just a few minutes.
Users benefit from spam and phishing detection rates of more than 99.99%, a very low false positive rate and a Bitdefender-powered email sandbox. The email sandbox leverages advanced machine learning algorithms, aggressive behavior analysis, anti-evasion techniques, and memory snapshot comparison to detect zero-day threats.
Without an email sandbox, you are likely to be exposed to many malicious messages. With sandbox email protection, you have much better control of the content that reaches user inboxes.
by G Hunt |
October 15, 2023 |
Phishing & Email Spam, Spam Software
Do you know how to sandbox email attachments? If you have yet to start using a sandbox for email, you will be exposed to advanced malware and phishing threats. The good news is it is quick and easy to improve protection with a sandbox, and it requires no advanced techniques or skills, but before presenting an easy email sandboxing solution, we should explain why email sandboxing is now a vital part of email security
Email Sandboxing Detects Advanced and Sophisticated Threats
A hacker writes the code for a new malware variant or generates the code using an AI tool, and then sends that malware via email. A traditional email security solution will not block that malware, as it has not detected it before and it doesn’t have the malware signature in its definition list. The email would most likely be delivered, and the intended recipient could open it and infect their device with malware. From there, the entire network could be compromised and ransomware could be deployed.
How could a new, previously unseen threat be blocked? The answer is email sandboxing. When a file passes initial checks, such as AV scans, the attachment is sent to an email sandbox where its behavior is analyzed. It doesn’t matter if the malware has not been seen before. If the file performs any malicious actions, they will be detected, the threat will be blocked, and if that threat is encountered again, it will be immediately neutralized.
Email sandboxing is now an essential part of email security due to the sheer number of novel malware variants now being released. That includes brand new malware samples, malware with obfuscated code, polymorphic malware, and known malware samples that differ just enough to avoid signature-based detection mechanisms. Without behavioral analysis in a sandbox, these threats will be delivered.
The Easy Way to Sandbox Email Attachments
Setting up an email sandbox need not be complicated and time-consuming. All you need to do is sign up for an advanced cloud-based email security solution such as SpamTitan Email Security. SpamTitan is a 100% cloud-based email security solution that requires no software downloads or complex configurations. Just point your MX record to the SpamTitan Cloud and use your login credentials to access the web-based interface. You can adjust the settings to suit your needs, and the setup process is quick, easy, and intuitive, and generally takes around 20-30 minutes.
The solution is fed threat intelligence from a global network of more than 500 million endpoints, ensuring it is kept up to date and can block all known and emerging threats. You will be immediately protected from known malware and ransomware threats, phishing emails, spam, BEC attacks, and spear phishing, and you will benefit from email sandboxing, where suspicious emails are sent for deep analysis to identify zero-day phishing and malware threats.
The SpamTitan email sandbox is powered by Bitdefender and has purpose-built, advanced machine learning algorithms, decoys and anti-evasion techniques, anti-exploit, and aggressive behavior analysis. If a file is analyzed in the sandbox and found to be malicious, SpamTitan updates Bitdefender’s Global Protective Network, ensuring that the new threat is blocked globally.
Email sandboxing doesn’t need to be complicated. Just use SpamTitan from TitanHQ. SpamTitan is available on a free trial, with customer support provided throughout the 14-day trial to help you get the most out of the solution. We are sure you will love it for the level of protection provided and how easy it is to use.
by G Hunt |
October 5, 2023 |
Phishing & Email Spam, Spam Software
Sandboxing is a security feature that protects against malicious code. Rather than execute potentially unsafe code in a standard environment, it is sent to the sandbox – an isolated environment where no harm can be caused.
How Does a Sandbox Work?
A sandbox is an important cybersecurity tool for protecting host devices, operating systems, and data from being exposed to potential threats. The sandbox is a highly controlled system that is used to analyze untrusted applications, files, or code. The sandbox is isolated from the network and real data, and there are only essential resources that are authorized for use. It is not possible for a sandboxed file to access other parts of the network, resources, or the file system, only those specifically set up for the sandbox.
Sandboxes can have different environments. One of the most common implementations uses virtualization. A virtual machine (VM) is set up specifically to examine suspicious programs and code. Some sandboxes include emulation of operating systems to mimic a standard endpoint. Some malware samples perform checks of their environment before executing malicious routines to make sure they are not in a VM. If a VM is detected, the malware will not execute malicious routes and may self-delete to prevent analysis. By emulating a standard endpoint, these checks can be passed to allow analysis. Some sandboxes have full system emulation, which includes the host machine’s physical hardware as well as its operating system and software. These sandboxes provide deeper visibility into the behavior and impact of a program.
In email security, files, attachments, URLs, and programs are sent to the sandbox to check whether they are benign or malicious. The analyses can take between a few seconds to a few minutes, and if any malicious activity is detected, the file will be either quarantined and made available for further study or it will be deleted. Any other instances of that file will be removed from the email system, and any future encounters will see the file, attachment, URL, or program deleted.
SpamTitan Email Sandboxing
SpamTitan Email Security includes a Bitdefender-powered email sandbox to ensure users are protected against zero-day threats. All emails are subjected to a barrage of checks and tests, including scans using two different antivirus engines. SpamTitan features strong machine learning, static analysis, and behavior detection technologies to ensure that only files that require deep analysis get sent to the sandbox. This is important, as deeper analysis may take several minutes, so verified clean and safe messages will not be unduly delayed.
Files that are sent to the sandbox for deep analysis are executed and monitored for signs of malicious activity, with self-protection mechanisms in place to ensure every evasion attempt by a piece of malware is properly marked. The sandbox has purpose-built, advanced machine learning algorithms, decoys and anti-evasion techniques, anti-exploit, and aggressive behavior analysis. All results are checked across known threats in an extensive array of online repositories. If a malicious file is detected, the sandbox updates the Bitdefender’s cloud threat intelligence service – the Bitdefender Global Protective Network – and the sandbox will never have to analyze that threat again as it will be blocked globally.
If you want to improve protection against zero-day threats, give the TitanHQ team a call to find out more about SpamTitan. SpamTitan is available on a free trial to allow you to test it out in your own environment before making a purchase decision.
Additional Articles Related to Email Sandboxing
Email Sandboxing
Email Sandboxing Service
Sandboxing Blocking Malware Threats
Email Sandboxing Pattern Filtering
How does an email sandbox block malware?
Email Sandboxing and Message Delivery Delays
Commonly Asked Questions about Email Sandboxing
What is sandbox security?
How does a sandbox work?
How to sandbox email attachments
What is message sandboxing?
What is malware sandboxing for email?
What is sandboxing in cybersecurity?
What are the advantages and disadvantages of email sandboxing?
Sandboxing Technology for Email
What is a malicious file sandbox for email?
by G Hunt |
September 27, 2023 |
Phishing & Email Spam, Spam Software
https://www.spamtitan.com/blog/email-sandboxing-key-blocking-malware-threats/Email security solutions with email sandboxing block more malware threats than traditional spam filters, even novel malware variants that have yet to be identified as malicious. Without this important feature, emails with malicious attachments will likely be delivered to inboxes where they can be opened by employees. All it takes is for one employee to open a malicious file for malware to be installed that gives a threat actor the foothold they need for a comprehensive attack on the network.
What is an Email Sandbox?
In cybersecurity terms, a sandbox is an isolated, virtual machine where potentially unsafe code can be executed in safety, files can be subjected to deep analysis, and URLs can be visited without risk. In the sandbox, the behavior of files, code, and URLs is inspected, and since the sandbox is not networked and there is no access to real data or applications, there is no risk of causing any damage. Email sandboxing is used to identify malicious code and URLs in emails. The email sandbox mirrors standard endpoints to trick malicious actors into thinking that they have reached their intended target. Emails may pass front-end tests that look at the reputation of the sender, email headers, the content of the messages, and subject attachments to signature-based anti-virus tests, but there is no guarantee that the emails are safe without sandbox-based behavioral analysis.
Why is Email Sandboxing Important?
Cyber threat actors have been developing techniques for bypassing standard email security solutions such as embedding malicious URLs in PDF attachments, hiding malicious content in compressed files, using multiple redirects on hyperlinks, and including links to legitimate cloud-based platforms such as SharePoint for distributing malware. Traditional email security solutions can filter out spam and phishing emails, but they often fail to block more sophisticated threats, especially zero-day malware threats. Email sandboxing provides an extra layer of protection against sophisticated threats such as spear-phishing emails, advanced persistent threats (APTs), and novel malware variants.
A few years ago, new malware variants were released at a fairly slow pace; however, threat actors are now using automation and artificial intelligence to generate new malware variants at an alarming rate. Malware samples are used that deviate sufficiently from a known threat to be able to bypass signature-based detection mechanisms, ensuring they reach their intended targets. Rather than just using one version of malware in their email campaigns, dozens of versions are created on a daily basis. While security awareness training will help employees identify and avoid suspicious emails, threat actors have become adept at social engineering and often hoodwink employees.
The SpamTitan Email Sandbox
The SpamTitan email sandbox is a powerful next-generation security feature with award-winning machine-learning and behavioral analysis technologies. Powered by Bitdefender, the SpamTitan sandbox for email allows files to be safely detonated where they can do no harm. Email attachments that pass the barrage of checks performed by SpamTitan are sent to the sandbox for deep analysis. The sandbox is a virtual environment that is configured to appear to be a typical endpoint and incorporates purpose-built, advanced machine learning algorithms, decoys and anti-evasion techniques, anti-exploit, and aggressive behavior analysis. Files are also subjected to checks across an extensive array of online repositories, with the sandbox checks taking just a few minutes. That ensures that genuine emails are not unduly delayed. If malicious properties are detected in the sandbox, the threat intelligence is passed to Bitdefender’s Global Protective Network (cloud threat intelligence service). If the threat is encountered again, it will be detected and blocked without having to be analyzed again in the sandbox.
The SpamTitan sandbox is used for a wide range of attachments, including office documents to check for malicious URLs, macros, and scripts, and all executable and application files. The sandbox allows SpamTitan to detect polymorphic malware and other threats that have been designed for use in undetectable targeted attacks. If a malicious file is detected, the email is not sent to a spam folder where it could be opened by an end user, it is quarantined in a directory on the local email server which only an administrator can access. Administrators may wish to conduct further investigations to gain insights into how their organization is being targeted.
Threat actors are conducting increasingly sophisticated attacks, so email security solutions need to be deployed that are capable of detecting these advanced threats. With zero-day threats on the rise, now is the ideal time to improve your email defenses with SpamTitan. Why not sign up for a free trial of SpamTitan today to put the solution to the test to see the difference the advanced threat detection capabilities make to your security posture? Product demonstrations can also be requested by contacting TitanHQ, and our friendly sales team will be more than happy to discuss SpamTitan with you and the best deployment options to meet the needs of your business.
Additional Articles Related to Email Sandboxing
Email Sandboxing
Email Sandboxing Service
Sandboxing Blocking Malware Threats
Email Sandboxing Pattern Filtering
How does an email sandbox block malware?
Email Sandboxing and Message Delivery Delays
Commonly Asked Questions about Email Sandboxing
What is sandbox security?
How does a sandbox work?
How to sandbox email attachments
What is message sandboxing?
What is malware sandboxing for email?
What is sandboxing in cybersecurity?
What are the advantages and disadvantages of email sandboxing?
Sandboxing Technology for Email
What is a malicious file sandbox for email?
by G Hunt |
September 15, 2023 |
Phishing & Email Spam, Spam Software
Commonly asked questions about email sandboxing so you know what to expect from an email security solution with a sandbox, and why this advanced feature is vital for email security.
What is an Email Sandbox?
One of the commonly asked questions about email sandboxing is what is an email sandbox? Like the children’s equivalent, it is a safe space for building, destroying, and experimenting. In cybersecurity terms, it is an isolated environment where harm cannot be caused to anything outside of that environment. An email sandbox is an isolated virtual machine that is used for performing risky actions, such as opening unknown attachments and analyzing files and URLs in depth, rather than using a real machine where there is a risk of harm being caused such as file encryption by ransomware, theft of sensitive information, or wiping of data.
Why is an Email Sandbox Important?
Email is the most common vector used in cyberattacks. Through emails, cyber threat actors can gain initial access to a protected network from where they can steal sensitive data or move laterally for a more comprehensive attack. One of the most common ways of gaining remote access is through malware. Once malware is downloaded, an attacker can remotely perform commands and gain full control of an infected device. While businesses use antivirus software to detect and remove malware, these solutions are signature-based. In order to detect malware, the signature of the malware must be in the definition list used by the anti-virus solution, which means the malware must have previously been encountered. Novel malware variants that have not yet been determined to be malicious will not be identified as such and will therefore be delivered to inboxes where they can be executed by employees. An email sandbox is used to safely detonate suspicious files and inspect their behaviors. The behavioral analysis allows previously unknown malware samples can be identified and blocked. This is important due to the volume of new malware samples that are now being released.
How Does an Email Sandbox Protect Against Malware?
Email security solutions with sandboxing perform the same front-end checks as traditional email security solutions and will identify and block many malicious messages. If the initial checks are passed, and the messages are determined to potentially pose a risk, they will be sent to the sandbox for behavioral analysis. Once inside the safety of the sandbox, the attachments will be opened and subjected to various tests. The sandbox is configured to appear to be a normal endpoint, so any malware will be tricked into running malicious commands as it would if it had reached its intended target. The actions of the file are assessed, and if they are determined to be malicious they will be sent to a quarantine folder. By performing these checks, new malware variants can be identified and blocked before any harm is caused.
Will Sandboxing Delay Message Delivery?
Performing standard checks of messages is a quick process, often causing imperceptible delays in mail delivery. Performing in-depth analysis takes longer, so there will be a delay in message delivery. Many emails will not need to be sent to the sandbox and will be delivered immediately, but if sandboxing is required, there will be a delay while the behaviors of the email and attachments are analyzed. Some malware has built-in anti-analysis capabilities and will delay any malicious processes to combat sandboxing. Time is therefore required to ensure full analysis. With SpamTitan, the delay will be no longer than 20 minutes.
How Can I Avoid Message Delivery Delays?
SpamTitan incorporates artificial intelligence and machine learning capabilities which minimize the number of emails that are sent to the sandbox, and SpamTitan will check every 15 seconds to ensure that emails are delivered as soon as the sandbox analysis is complete. SpamTitan’s sandbox is part of Bitdefender’s Global Protective Network, which ensures rapid checks of suspicious messages. To avoid delays, certain email addresses and domains can be added to a whitelist, which means they will not be sent to the sandbox for analysis, ensuring rapid delivery.
What are the Benefits of Email Sandboxing?
The sandbox provides an important extra layer of protection against malware threats and malicious links. It will detect advanced attacks early and prevent breaches, reduce incident response costs and efforts, reduce the threat-hunting burden, and increase the detection rate of elusive threats in the pre-execution stage, including APTs, targeted attacks, evasion techniques, obfuscated malware, custom malware, ransomware.
How Does the SpamTitan Sandbox Work?
SpamTitan will subject all inbound emails to a battery of front-end tests, and if these are passed but the email is still suspicious, the message and attachment will be sent to the sandbox and the user will be informed that the message is in the sandbox for review. The email and attachments will then be opened in an isolated cloud platform or a secure customer virtual environment. If malware is detected, the email is blocked and assigned ATP.Sandbox and will be listed under “Viruses” in the relevant quarantine report and the intelligence gathered will be used to protect all users from that threat in the future. After twenty minutes of interrogation, if no malicious actions are identified, the file is marked clean and the email is passed onto the recipient.
How Can I Find Out More About Email Security and Sandboxing?
If you have unacceptable numbers of spam and malicious messages being delivered to inboxes, are receiving large numbers of queries about suspicious emails from your employees, or if you have experienced a malware infection via email recently, you should speak with TitanHQ about improving email security with SpamTitan.
SpamTitan has artificial intelligence and machine learning capabilities, a next-gen email sandbox, and a 99.99% detection rate with a very low false positive rate. Further, SpamTitan is very competitively priced, easy to use, and requires little maintenance. The solution is also available on a 100% free trial, with full product support provided for the duration of the trial.
Additional Articles Related to Email Sandboxing
Email Sandboxing
Email Sandboxing Service
Sandboxing Blocking Malware Threats
Email Sandboxing Pattern Filtering
How does an email sandbox block malware?
Email Sandboxing and Message Delivery Delays
Commonly Asked Questions about Email Sandboxing
What is sandbox security?
How does a sandbox work?
How to sandbox email attachments
What is message sandboxing?
What is malware sandboxing for email?
What is sandboxing in cybersecurity?
What are the advantages and disadvantages of email sandboxing?
Sandboxing Technology for Email
What is a malicious file sandbox for email?
by G Hunt |
September 10, 2023 |
Phishing & Email Spam, Spam Software
Email sandboxing is important for security, as it will block threats that traditional email filters fail to detect. While sandboxing is now considered to be an essential element of email security, one disadvantage is that it will delay the delivery of emails. In this post, we will explain why that is and how email delivery delays can be minimized or avoided altogether.
What Does Queued for Sandbox Mean?
If you use SpamTitan or another email security solution with email sandboxing, you may see the message “email queued for sandbox” from time to time. The queued for sandbox meaning is the message has been determined to warrant further inspection and it has been sent to the sandbox for deeper analysis. This is most likely because the email includes an attachment that is determined to be risky, even though it has passed the initial antivirus scans.
While email sandboxing is important for security, there is a downside, and that is processing messages in a sandbox and conducting behavioral inspection takes a little time. That means there will be a delay in delivering messages that have been sandboxed while behavioral checks are performed. Messages will only be delivered once all sandbox checks have been passed. If a large volume of suspicious emails are received at the same time, messages will be queued for analysis, hence the queued for sandbox message being displayed.
Sandbox Delays for Inbound Emails
The processing of messages in a sandbox can take a little time. Cyber threat actors do not want their malware and malicious code analyzed in a sandbox, as it will allow their malware to be identified. Further, once a malware sample has been identified, details will be shared with all other users of that security solution, which means no user will have that malicious file delivered to their inbox. SpamTitan’s email sandbox is powered by Bitdefender, so all members of the Bitdefender network who subscribe to its feeds will also be protected.
Many malware samples now have anti-sandbox technologies to prevent this. When the malware is dropped on a device it will analyze the environment it is in before launching any malicious actions. If it senses it is in a sandbox it will terminate and may attempt to self-delete to prevent analysis. One technique often seen is delaying any malicious processes for a set time after the payload is delivered. Many sandboxes will only analyze files for a short period, and the delay may be sufficient to trick the sandbox into releasing the file. It is therefore necessary to give the sandbox sufficient time for a full analysis.
Are Your Sandbox Delays Too Long?
Conducting analyses of emails in a sandbox is resource-intensive and can take several minutes and there may be delays to email delivery that are too long for some businesses. There are ways to avoid this, which we will discuss next, but it may be due to the email security solution you are using. The SpamTitan email sandbox is part of Bitdefender’s Global Protective Network, which was chosen not only for cutting-edge threat detection but also the speed of analysis. If you are experiencing long delays receiving emails, you should take advantage of the free trial of SpamTitan to see the difference the solution makes to the speed of email delivery for emails that require sandbox analysis.
How the SpamTitan Sandbox for Email Minimizes Delays
SpamTitan does not send all messages to the sandbox to avoid unnecessary email delays. If a message is suspicious and the decision is taken to send it to the sandbox for analysis, SpamTitan will check to see if the analysis has been completed every 15 seconds to ensure it is released in the shortest possible time frame. Employees will be aware that they have received a message that has been sent to the sandbox as the message delivery status is displayed in their history. Provided all sandbox checks are passed, the email will be delivered. This process will take no longer than 20 minutes. If a file is determined to be legitimate, details are retained by SpamTitan so if the attachment or message is encountered again, it will not be subjected to further analysis in the sandbox.
How to Avoid Sandbox Delays to Message Delivery
There are ways to avoid messages being placed in the queue for sandbox inspection. While it is not always advisable for security reasons, it is possible to whitelist specific email addresses and domains. This will ensure that emails from important clients that need a rapid response will be delivered without delay and will not be sent to the sandbox. The problem with this approach is that if a whitelisted email address or a domain is compromised and used to send malicious messages, they will be delivered.
What Happens if a Message is Misclassified as Malicious?
False positives do occur with spam and phishing emails as email filtering is not an exact science. While this is rare with SpamTitan, any misclassified emails will not be deleted as they will be sent to a quarantine folder. That folder can be configured to be accessible only by an administrator. The administrator can then check the validity of the quarantined messages and release any false positives. Since SpamTitan has artificial intelligence and machine learning capabilities, it will learn from any false positives, thus reducing the false positive rate in the future.
Talk with TitanHQ About Improving Email Security
If you are not currently using an email security solution with sandboxing or if your current email security solution is not AI-driven, contact TitanHQ to find out more about how SpamTitan can improve protection against sophisticated email threats. SpamTitan is available on a free trial to allow you to put the product to the test before deciding on a purchase, and product demonstrations can be arranged on request. If you proceed with a purchase, you will also benefit from TitanHQ’s industry-leading customer service. If you ever have a problem or a query, help is rapidly at hand.
Additional Articles Related to Email Sandboxing
Email Sandboxing
Email Sandboxing Service
Sandboxing Blocking Malware Threats
Email Sandboxing Pattern Filtering
How does an email sandbox block malware?
Email Sandboxing and Message Delivery Delays
Commonly Asked Questions about Email Sandboxing
What is sandbox security?
How does a sandbox work?
How to sandbox email attachments
What is message sandboxing?
What is malware sandboxing for email?
What is sandboxing in cybersecurity?
What are the advantages and disadvantages of email sandboxing?
Sandboxing Technology for Email
What is a malicious file sandbox for email?
by G Hunt |
September 5, 2023 |
Phishing & Email Spam, Spam Software
You may have heard that email sandboxing is an important security feature, but how does an email sandbox block malware and why is this security feature necessary? In this post, we explain what an email sandbox is, why it is now an important element of email security, and how email sandboxes work.
An email sandbox is a secure and isolated environment where emails and their attachments are subjected to behavioral analysis. In the sandbox, malicious files and code can be safely detonated where no harm can be caused. Say an email is received that contains malicious code that is used to drop and execute ransomware on a device. Executing that code on a standard machine would initiate the process that ends with file encryption. Execute that code in an email sandbox and the malicious behavior would be detected and no harm would be caused. The email and code will then be eradicated from the email system, and the threat intelligence gathered will be sent to a global network to ensure that if the email or code is encountered again it will be immediately blocked.
Many Email Security Solutions Fail to Detect the Most Serious Threats
Traditional email security solutions perform many tests on emails to determine the likelihood of them being spam or malicious. DMARC and SPF are used to check the legitimacy of the sender, checks are performed on the reputation of an IP address/domain, and the subject, title, and body of a message are analyzed for signs of phishing and spam. Email attachments are also subject to anti-virus checks, which will identify and block all known malware variants. The result? Filtered emails contain no known spam, no known malicious hyperlinks, and no known malware.
The problem with traditional email security solutions is they are unable to detect unknown spam, phishing attempts, and malware. If a threat actor uses a previously unseen phishing email, which includes either a link to a fresh URL or a site with a good reputation, that email will most likely be delivered. If a new malware variant is sent via email, its signature will not be present in any virus or malware definition list and will similarly be delivered to an end user’s inbox. Threat intelligence is shared with email security solutions and they are constantly updated as new threats are found but there is a lag, during which time these threats will be delivered to inboxes. That is why an email sandbox is needed.
How an Email Sandbox Works
Antivirus scans will block the majority of malware, but not novel (zero-day) malware threats. When an email security solution has email sandboxing, the same checks are initially performed, and if they are passed, emails are sent to the sandbox for further analysis. The email sandbox is an isolated environment on a virtual machine that is configured to look like a genuine endpoint. As far as the threat actor is concerned, their email will have reached their intended target and the file should execute as it would on a standard machine.
In the sandbox, emails and attachments are opened and links are followed and behavior is analyzed in detail to determine if any malicious or suspicious actions occur such as a command-and-control center callbacks, attempted file encryption, or scans for running processes. If a Word document is opened that contains no hyperlinks, no macros, and no malicious scripts, and nothing suspicious occurs in the time it is present in the sandbox, the file will be determined as benign and the email will then be delivered to the intended recipient. If any malicious actions are detected, the file will be sent to a local quarantine directory where it can only be accessed by the administrator. The intelligence gathered will be sent to the global network and all users will be protected almost instantly. All copies of that message and the attachment will also be removed from the entire mail system.
Email Sandboxing and AI-Driven Threat Detection are Now Vital
Email sandboxing is now vital for email security as new malware variants are being released at an incredible rate and signature-based detection methods cannot detect new malware threats. In addition to email sandboxing, artificial intelligence must be leveraged to look for novel phishing messages, as phishing attempts are also increasing in sophistication. These AI-based checks look for messages that deviate from the typical messages received by a company, and greatly reduce the volume of spam and phishing emails that reach inboxes.
The threat landscape is constantly changing so advanced email defenses are now essential. If you are still using an email security solution without email sandboxing and AI-driven threat detection, your company is at risk. Speak to the team at TitanHQ to find out more about SpamTitan and how the award-winning email security solution can enhance your company’s security posture.
Additional Articles Related to Email Sandboxing
Email Sandboxing
Email Sandboxing Service
Sandboxing Blocking Malware Threats
Email Sandboxing Pattern Filtering
How does an email sandbox block malware?
Email Sandboxing and Message Delivery Delays
Commonly Asked Questions about Email Sandboxing
What is sandbox security?
How does a sandbox work?
How to sandbox email attachments
What is message sandboxing?
What is malware sandboxing for email?
What is sandboxing in cybersecurity?
What are the advantages and disadvantages of email sandboxing?
Sandboxing Technology for Email
What is a malicious file sandbox for email?
by G Hunt |
September 1, 2023 |
Network Security, Spam Software
SpamTitan is a next-generation anti-spam, anti-phishing, and anti-malware solution for businesses that incorporates AI-based threat detection, email sandboxing, and many other advanced email security features. Some of the most important and best-loved features of SpamTitan are explained below:
Email Sandboxing in SpamTitan
Email sandboxing is a vital element of email security, yet many email security solutions lack this feature. An email sandbox is a secure, virtual machine where links can be followed and attachments opened where they cannot cause any harm. A malicious link that leads to an automatic malware download can be followed in safety, and even the nastiest piece of malware can be executed without risk as the sandbox is isolated, not connected to any network, and contains no real data.
The sandbox is configured to appear to be a genuine endpoint in order to trick malicious actors into thinking malware has reached its intended target. When a file is opened in the sandbox it is subject to deep analysis, and any malicious or suspicious actions are detected. Emails are subject to a battery of front-end checks, including scans using two anti-virus engines, and any emails that pass these checks but are determined to potentially pose a risk are sent to the sandbox for behavioral analysis. That includes emails along with any attached documents, spreadsheets, and executable files.
Sandboxing for email is important because of the speed at which novel malware samples are used in attacks. Rather than just use one version of a keylogger in a campaign, a threat actor will use dozens of versions of that keylogger, each differing slightly to evade signature-based detection mechanisms. AI and automation are used by threat actors to churn out new malware variants rapidly, and signature-based detection alone is no longer good enough. With sandboxing, email protection is greatly improved against these zero-day threats which would otherwise be delivered to end users’ inboxes.
Pattern Filtering in SpamTitan
One of the most loved features of SpamTitan is Pattern Filtering. It saves IT security teams a considerable amount of their precious time by ensuring spammy and phishy emails are not delivered. The Pattern Filtering feature allows administrators to use their own terminology to block inbound emails. Simply set a word or phrase through Pattern Filtering, and SpamTitan will search the subject line and message body and can be configured to generate a warning or quarantine the email if the word or phrase is found.
An example of where this can be useful is combating the Nigerian scam/419 fraud, a type of advanced fee fraud. The 419 comes from Section 419 of the Nigerian Criminal Code which prohibits this kind of scam. While the scam is common with Nigerian cybercriminals, cybercriminal groups in many different countries also conduct this type of scam. While the themes of the emails vary, they all have the same aim. An example would be a prominent person who has substantial funds in their account has been unable to transfer the funds out of the country due to unfair restrictions. They offer to transfer these funds to the user’s account to get the money out of the country in exchange for a percentage of those funds as payment, which may be as high as 20%, which is a life-changing amount of money. The catch? In order to proceed, charges need to be covered and they must be paid in advance. The Pattern Filtering option can be used to block these emails by incorporating phrases commonly used in these emails.
Geo-Filtering in SpamTitan
SpamTitan also incorporates geo-filtering, which allows users to block emails from specific countries. If you never do business with countries in Africa, for example, you can simply block all emails coming from African IP addresses with a few clicks of a mouse, rather than manually blocking IP addresses from which you get a lot of spam emails. This feature saves IT teams a considerable amount of time. One user who has benefited greatly from this feature is Benjamin Jeffrey, IT manager at M&M Golf Cars. His company was receiving many requests from countries that the company does not do business with and was getting flooded with spam emails from a specific IP subnet in a country. He configured the geo-filtering and instantly blocked all those messages. When he checked 6 months after configuring that feature, around 12,000 emails had been blocked. Geo-blocking is also useful for blocking malware quickly. Malware distribution campaigns are often launched from a handful of countries, and geo-filtering can be used to block those messages with ease.
AI and Machine Learning in SpamTitan
SpamTitan has AI and machine learning capabilities to improve the detection of spam and phishing emails. These technologies learn about the emails that are typically received by a company and create a baseline against which new emails can be measured. When emails deviate from the norms, they are flagged as risky and are subjected to more stringent security checks or are quarantined for manual inspection. These technologies greatly improve spam and phishing email catch rates and allow SpamTitan to improve day-by-day. These technologies are a vital defense against zero-day phishing threats – new threats that have not been encountered on the 500+ million endpoints from which threat intelligence is gathered.
Find out More About SpamTitan
These are just some of the most loved and most beneficial features of SpamTitan. In addition to having a high catch-rate and low false positive rate, SpamTitan is one of the most affordable email security solutions on the market, it’s quick and easy to set up, and requires little maintenance. The features, price, and ease of use are why it is loved by thousands of small- and medium-sized businesses, enterprises, and managed service providers. To find out more, give the TitanHQ team a call. The product is available on a 100% free trial if you want to put it to the test, and product demonstrations can be arranged on request.
Additional Articles Related to Email Sandboxing
Email Sandboxing
Email Sandboxing Service
Sandboxing Blocking Malware Threats
Email Sandboxing Pattern Filtering
How does an email sandbox block malware?
Email Sandboxing and Message Delivery Delays
Commonly Asked Questions about Email Sandboxing
What is sandbox security?
How does a sandbox work?
How to sandbox email attachments
What is message sandboxing?
What is malware sandboxing for email?
What is sandboxing in cybersecurity?
What are the advantages and disadvantages of email sandboxing?
Sandboxing Technology for Email
What is a malicious file sandbox for email?
by G Hunt |
May 4, 2022 |
Phishing & Email Spam, Security Awareness, Spam Software
Phishing is commonly used to gain access to credentials to hijack email accounts for use in business email compromise (BEC) attacks. Once credentials have been obtained, the email account can be used to send phishing emails internally, with a view to obtaining the credentials of the main target. Alternatively, by spear phishing the target account, those steps can be eliminated.
If the credentials are obtained for the CEO or CFO, emails can be crafted and sent to individuals responsible for wire transfers, requesting payments be made to an attacker-controlled account. A common alternative is to target vendors, in an attack referred to as vendor email compromise (VEC). Once access is gained to a vendor’s account, the information contained in the email accounts provides detailed information on customers that can be targeted.
When a payment is due to be made, the vendor’s email account is used to request a change to the account for the upcoming payment. When the payment is made to the attacker-controlled account, it usually takes a few days before the non-payment is identified by the vendor, by which time it may be too late to recover the fraudulently transferred funds. While BEC and VEC attacks are nowhere near as common as phishing attacks, they are the leading cause of losses to cybercrime due to the large amounts of money obtained through fraudulent wire transfers. One attack in 2018 resulted in the theft of $23.5 million dollars from the U.S. Department of Defense.
In this case, two individuals involved in the scam were identified, including a Californian man who has just pleaded guilty to six counts related to the attack. He now faces up to 107 years in jail for the scam, although these scams are commonly conducted by threat actors in overseas countries, and the perpetrators often escape justice. The scam was conducted like many others. The BEC gang targeted DoD vendors between June 2018 and September 2018 and used phishing emails to obtain credentials for email accounts. An employee at a DoD vendor that had a contract to supply Aviation JA1 Turbine fuel to troops in southeast Asia for the DoD received an email that spoofed the U.S. government and included a hyperlink to a malicious website that had been created to support the scam.
The website used for the scam had the domain dia-mil.com, which mimicked the official dla.mil website, and email accounts were set up on that domain to closely resemble official email accounts. The phishing emails directed the employee to a cloned version of the government website, login.gov, which harvested the employee’s credentials. The credentials allowed the scammer to change bank account information in the SAM (System for Award Management) database to the account credentials of the shell company set up for the scam. When the payment of $23,453,350 for the jet fuel was made, it went to the scammers rather than the vendor.
Security systems were in place to identify fraudulent changes to bank account information, but despite those measures, the payment was made. The SAM database is scanned every 24 hours and any bank account changes are flagged and checked. The scammers learned of this and made calls to the Defense Logistics Agency and provided a reason why the change was made and succeeded in getting the change manually approved, although flags were still raised as the payment was made to a company that was not an official government contractor. That allowed the transfer to be reverted. Many similar scams are not detected in time and the recovery of funds is not possible. By the time the scam is identified, the scammers’ account has been emptied or closed.
The key to preventing BEC and VEC attacks is to deal with the issue at its source to prevent phishing emails from reaching inboxes and teach employees how to identify and avoid phishing scams. TitanHQ can help in both areas through SpamTitan Email Security and the SafeTitan security awareness training and phishing simulation platform. Businesses should also implement multifactor authentication to stop stolen credentials from being used to access accounts.
by G Hunt |
September 15, 2021 |
Industry News, Spam News, Spam Software
TitanHQ has released a new version of its award-winning email security solution that includes a new security feature – Geo-blocking email filtering, as well as several other security updates and fixes to improve usability.
Geo-blocking is a feature that has been requested by customers and has now been included in the product at no additional cost to users. Geo-blocking, as the name suggests, allows SpamTitan users to block or allow emails originating from certain geographical locations, based on either IP address or country. This feature allows businesses to add an extra layer of protection to block geographic threat vectors and stop malware, ransomware, and phishing emails from reaching inboxes.
The new feature allows businesses and organizations to block emails coming from any country. This extra control is important, as most malware-containing emails come from a handful of overseas countries – Countries that most small- to medium-sized businesses do not normally work with. Blocking emails from those countries eliminates threats, without negatively impacting the business.
Activating the geo-blocking feature could not be any easier. SpamTitan users can click to restrict emails from any country in the SpamTitan Country IP Database and all emails coming from those countries will be blocked. There will naturally be instances where things are not so cut and dry, but that is not a problem. Geo-blocking can be activated for a specific country, and IP addresses, domains, or email addresses of trusted senders within those countries can simply be whitelisted to ensure their messages are delivered.
“Geoblocking has been a much-requested feature and as always we listen to our customers and provide what they need to implement the very best email security they can,” said TitanHQ CEO Ronan Kavanagh. “After experiencing 30% growth in 2021, TitanHQ expects these product enhancements and new features to make 2021 another record-breaking year.”
Several other security enhancements have been made to further improve the already excellent threat detection and blocking mechanisms within SpamTitan. SpamTitan 7.11 includes an upgraded email sandboxing feature to provide even greater protection against malware, ransomware, phishing, spear-phishing, Advanced Persistent Threats, and malicious URLs embedded in emails. These enhancements also provide more detailed information about new threats to help SpamTitan users mitigate risk.
As always with a new release, recently reported bugs have been fixed, and SpamTitan has been further improved with enhanced email rendering in Mail Viewer. Users also now have the ability to remove quarantine report token expiry and improve domain verification, to name but a few of the enhancements.
SpamTitan is delivered either as a 100% cloud-based solution or as an anti-spam gateway, which is run as a virtual appliance on existing hardware. Existing SpamTitan Cloud customers need to do nothing to upgrade to the new version of the solution, released on September 14, 2021. SpamTitan Cloud is automatically updated to the latest version.
Users of SpamTitan Gateway will need to manually upgrade to the latest version via System Setup > System Updates.
by G Hunt |
June 30, 2021 |
Network Security, Phishing & Email Spam, Spam Software
Phishing is the most common way that cybercriminals gain access to business networks, and the primary defense against these attacks is a spam filter. Spam filters inspect all inbound emails for the signatures of spam, phishing, and malware and keep inboxes free of these threats.
There are many spam filtering services on the market that can protect against advanced email threats, but why have so many managed service providers (MSP) chosen TitanHQ has their email security solution provider? What does SpamTitan provide that is proving to be such a bit hit with MSPs?
Why Managed Service Providers Choose SpamTitan Email Security for Their Clients
SpamTitan in a multi-award-winning anti-spam solution that incorporates powerful features to protect against phishing and other email-based attacks. The solution is currently used by more than 1,500 MSPs worldwide with that number growing steadily each month.
We have listed 10 of the main reasons why SpamTitan is proving to be such a popular choice with MSPs.
Excellent malware protection
SpamTitan includes dual anti-virus engines from two leading AV providers and email sandboxing that incorporates machine learning and behavioral analysis to safely detonate suspicious files.
Defense in depth protection for Office 365 environments
SpamTitan includes multiple protection measures that provide defense in depth against email threats, with easy integration into Office 365 environments to significantly improve defenses against phishing and email-based malware attacks.
Advanced email blocking
SpamTitan supports upload block and allow lists per policy, advanced reporting, recipient verification and outbound email scanning, with the ability to whitelist/blacklist at both a global level as well as a domain level.
Protection against zero-day attacks
SpamTitan uses machine learning predictive technology to block zero-day threats, with AI-driven threat intelligence to block zero-minute attacks.
Data leak prevention
Easily set powerful data leak prevention rules and tag data to identify and prevent internal data loss.
Simple integration
SpamTitan is easy to integrate into your existing Service Stack through TitanHQ API’s and MSPs benefit from streamlined management with RMM integrations.
Competitive pricing with monthly billing
MSPs benefit from a fully transparent pricing policy, competitive pricing, generous margins, and monthly billing. There is also a short sales cycle – only 14 days of a free trial is required to fully test the solution.
White label option to reinforce your brand
SpamTitan can be provided to managed service providers as a white label version that can be fully rebranded to reinforce an MSPs brand.
Intuitive multi-tenant dashboard
MSP-client hierarchy enables you to keep clients separated and choose whether to manage client settings in bulk or on an individual basis. SpamTitan is also a set and forget solution, requiring minimal IT service intervention.
Industry-leading customer support
TitanHQ provides the best customer service in the industry. MSPs benefit from world class pre-sales and technical support and sales & technical training. MSPs get a dedicated account manager, assigned sales engineer support, access to the Global Partner Program Hotline, and 24/7 priority technical support.
If you have not yet started offering SpamTitan to your clients, give the TitanHQ channel team a call today for more information, to get started on a free trial, or for a product demonstration.
by G Hunt |
May 21, 2020 |
Network Security, Spam News, Spam Software
A recent survey by Capterra on British SMEs has revealed 30% have fallen victim to a phishing attack during the COVID-19 lockdown. Just under half of the phishing emails received (45%) were related to coronavirus or COVID-19.
COVID-19 phishing emails increased significantly during the first quarter of 2020 as the coronavirus spread around the world. Since the virus was unknown to science, scientists have been working tirelessly to learn about the virus, the disease it causes, how the virus is spread, and what can be done to prevent infection. The public has been craving information as soon as it is available, which creates the perfect environment for phishing attacks. People want information and threat actors are more than happy to offer to provide it.
The Capterra survey highlights the extent to which these campaigns are succeeding. Employees are receiving phishing emails and being fooled by the social engineering tactics the scammers have adopted. The high success rate has seen many threat actors temporarily abandon their tried and tested phishing campaigns that they were running before the SARS-CoV-2 outbreak, and have repurposed their campaigns to take advantage of the public’s thirst for knowledge about the virus. In the first quarter of 2020, KnowBe4 reported a 600% increase in COVID-19 and coronavirus themed phishing emails.
The high percentage of businesses that have experienced phishing attacks during the COVID-19 lockdown indicates many SMEs need to augment their anti-phishing defenses. There is also a need for further training to be provided to employees, as the emails are being opened and links are being clicked.
On the training front, formal training sessions may be harder to administer with so many employees working remotely. Consider conducting short training sessions via teleconferencing platforms and sending regular email alerts warning about the latest techniques, tactics and procedures being used in targeted attacks on remote workers. Phishing simulation exercises can be hugely beneficial and will help to condition workers to check emails thoroughly and report any threats received. These simulations also help identify which employees need further training to help them recognize potential phishing attacks.
Of course, the best way to ensure that employees do not open phishing emails and malicious attachments is to ensure they are not delivered to employees’ inboxes. That requires an advanced spam filtering solution.
Many SMEs and SMBs have now moved to an Office 365 hosted email solution, in which case email filtering will be taking place using Microsoft’s Exchange Online Protection – The default spam filtering service that protects all office 365 users. If you are reliant on this solution for filtering out phishing emails and other types of malicious messages, you should consider adding a third-party solution on top of EOP.
Exchange Online Protection provides a reasonable level of security and can block phishing emails and known malware threats, but it lacks the features of more advanced spam filtering solutions and cloud-based email security gateways, such as machine learning and predictive technology to identify attacks that have not been seen before.
As an additional protection against phishing attacks, a web filtering solution should be considered. In the event of a phishing email arriving in an inbox, a web filter serves as an additional layer of protection to prevent attempts by employees to visit websites linked in the emails. When an attempt is made to visit a known phishing website or web content that violates your acceptable internet usage policies, access will be blocked and the user will be directed to a local web page telling them why access has been denied.
Multi-factor authentication should also be implemented for email to ensure that in the event that credentials are compromised, a second factor must be provided before access to the email account is granted.
For more information on spam filtering and web filtering, and further information on TitanHQ’s advanced cloud-based email security solution – SpamTitan – and DNS-based web filtering solution – WebTitan – give the TitanHQ team a call today.
by G Hunt |
March 24, 2020 |
Phishing & Email Spam, Spam Software
In this post, we explore email security and home working and offer advice to help businesses ensure their workers, devices, and networks are protected.
The 2019 Novel Coronavirus pandemic has forced many workers to self-isolate at home and an increasing number of employees want to work from home to reduce the risk of contracting COVID-19. Businesses are under pressure to allow their workers to stay at home and use either company-issued or personal devices to access their networks and work remotely.
Cybercriminals are constantly changing their tactics, techniques, and procedures and they have jumped at the opportunity provided by the Novel Coronavirus. People are scared and rightly so. COVID-19 has a high mortality rate and the virus is spreading like wildfire. People want information about cases in their local area, advice on how to protect themselves, and information about possible cures. Cybercriminals have obliged and are conducting phishing campaigns that claim to offer all that information. Many campaigns have now been detected from many different threat groups that attempt to obtain login credentials and spread malware. Since early January when the first major campaigns were detected, the volume of coronavirus and COVID-19 emails has increased significantly.
Campaigns are being conducted impersonating authorities on the Novel Coronavirus and COVID-19, such as the World Health Organization (WHO), the U.S. Centers for Disease Control and Prevention (CDC), the U.S. Department of Health and Human Services, and other government agencies. COVID-19-themed emails are being sent to remote workers that spoof HR departments warning about cases that have been detected within the organization. Health insurers are being spoofed in campaigns that include invoices for coverage for COVID-19.
Since January, more than 16,000 Coronavirus and COVID-19-themed domains have been registered which are being used to host phishing kits and distribute malware. Researchers at CheckPoint Software report that those domains are 50% more likely to be malicious than other domains registered in the same period.
Email security and home working will naturally be a major concern for IT teams given the sheer number of home workers due to the Coronavirus pandemic and the volume of attacks that are now being conducted targeting home workers. With so many devices now connecting to networks remotely, if cybercriminals do obtain credentials, it will be much harder for IT teams to identify threat actors connecting remotely. Fortunately, there are steps that can be taken to improve email security and home working need not majorly increase risk.
You should make sure that your employees can only connect to your network and cloud-based services through a VPN. Enterprise VPNs can be configured to force all traffic through the VPN to reduce the potential for error. Make sure that the VPN is configured to start automatically when the device is powered up.
It is crucial that all remote workers are protected by a robust and effective email security solution. It is not possible to stop cybercriminals targeting remote workers, but it is possible to stop phishing and malware threats from reaching inboxes.
To protect your employees against phishing attacks and malware, an advanced email security solution is essential. If you use Office 365 for email, do not rely on Office 365 email security. You will need greater protection than Exchange Online Protection provides to protect against phishing, spear phishing, and zero-day threats.
SpamTitan has multiple detection mechanisms to identify and block the full range of email threats. SpamTitan incorporates SPF and DMARC to provide protection against email impersonation attacks, machine learning algorithms and predictive technology to protect against zero-day attacks, advanced phishing protection from whaling and spear phishing attacks by scanning inbound email in real-time, dual antivirus engines to block malware threats, and email sandboxing for in-depth analysis of suspicious attachments. SpamTitan also includes 6 specialist RBLs, supports whitelisting, blacklisting, and greylisting, and incorporates multiple threat intelligence feeds.
There is an increased risk of insider threats with remote workers. To provide protection and prevent accidental policy violations, SpamTitan incorporates a data loss prevention filter to stop credit card numbers, Social Security numbers, and other data types from being sent via email.
No email security solution will be able to block 100% of email threats, 100% of the time. It is therefore important to provide regular cybersecurity training to employees to make them aware of phishing threats, train them how to identify a phishing email or social engineering scam, and to condition remote employees how to respond should a threat be received. Phishing simulation exercises are also useful to find out which employees require additional training and to identify possible gaps in training programs. IT security basic training refreshers should also be provided to ensure employees know what can and cannot be done with work devices.
Multifactor authentication must be implemented on all applications and email accounts to provide protection in the event of an account compromise. If credentials are stolen and used from a previously unknown location or an unfamiliar device, a second authentication factor must be provided before access is granted. You should also disable macros on all user devices unless a specific user needs to use macros for work.
You can arrange a demonstration to see SpamTitan in action and you can also sign up for a free trial to put SpamTitan to the test in your own environment.
by G Hunt |
October 7, 2012 |
Spam Software
The SC Magazine Awards 2013 will soon be announced. Each year the periodical assesses the best IT security products and issues awards to the companies supplying the best, most innovative, and effective security products. Competition is fierce in the industry, and many companies have released new products this year. Others have released new versions of security products with even better protection.
This year SpamTitan Technologies has been selected and named as a finalist in the best Anti-Malware category. The provider of Anti-Spam and web filtering security products is one of the leading providers of security products that protect organizations from email and web borne threats.
SpamTitan Technologies Anti-Spam solutions incorporate dual AV protection; using the anti-virus engines of two leading providers – Bitdefender and Clam Anti-Virus. The spam-busting software conducts a heuristic scan analysis offering excellent protection. Potentially harmful and suspicious emails are caught in its spam filter and are quarantined rather than being delivered to end users’ email inboxes. The software has been shown to trap spam emails before patterns have even been identified, and even provides a zero-hour response to new email threats.
The inclusion in the best Anti-Malware category is the result of the hard work by the entire team at SpamTitan Technologies. A considerable amount of research and development has gone into the latest version of the spam-fighting software. The new version is even better, more efficient, and more effective than ever before.
The Readers Trust Anti-Malware finalists will be assessed by a panel of readers who have volunteered their time to vote for the best products on offer. These individuals have a high level of skill and will use their expertise in the area of IT security to determine which product will be voted the best Anti-Malware product of the year. The panel of judges have come from a wide range of organizations of all sizes and from all major market verticals.
The results of the final vote are eagerly awaited by all participants. The annual awards can be used as a guide to the best Anti-Malware, Anti-Virus and IT security products to install to protect users and computer networks from attack.
Have you tried SpamTitan’s Anti-Malware solution? Are you happy with the software and the catch rates?
If so, register your vote for the SC Magazine Awards 2013 today!
