Spam software is a network security 101 basic protection that should be in place at every organization. Spam software filters out productivity-draining spam messages and prevents phishing emails and other email-based threats from being delivered to employees’ inboxes.
Research conducted by the intelligence software and anti-phishing training company PhishMe shows that 91% of cyberattacks start with a phishing email. Phishing emails aim to get the recipient to divulge sensitive information such as bank account information or login credentials. However, over the course of the past 12 months, cybercriminals have increasing used spam email to distribute ransomware. In Q3, 2016, PhishMe reported that 97% of phishing emails were being used to deliver ransomware or ransomware downloaders. Spam email is now the number one vector used to deliver malware and ransomware.
Spam email campaigns are also becoming more sophisticated and it is becoming much harder to distinguish spam from genuine emails. Many of the latest campaigns contain no spelling mistakes, are grammatically correct and use imagery from well-known brands with smart, professional layouts.
Cybercriminals are also using social engineering techniques to fool end users into clicking malicious links and opening infected email attachments. Without spam software to quarantine those emails, they will be delivered to inboxes and employees are likely to be fooled into taking the requested actions.
Fortunately, advanced spam solutions can now filter out more than 99% of spam emails, with SpamTitan preventing more than 99.9% of spam emails from being delivered. This category contains up to date information on spam software, new threats that are now blocked and advice for organizations on improving defenses against email threats.
Malware sandboxing for email is now vital for email security. Suspicious files that pass AV checks are sent to the sandbox where they are safely detonated and subjected to behavioral analysis.
Email-based Cyberattacks are Increasing
Email is one of the most common initial access vectors used by cybercriminals. Initial access to victims’ networks is gained via two main methods: email attachments and embedded URLs. The first attack type involves emails with attachments that contain malicious code, such as macros. If the files are opened and the code is allowed to execute, it will trigger the download and execution of malware from a remote server, or in some cases, malware will be executed in the memory (fileless malware).
The other method, which is now more common since Microsoft started blocking macros in Office documents by default if they are received via the Internet, is for phishing emails to be sent that contain malicious URLs. These URLs may be added to the message body or be hidden inside documents. These URLs point to an Internet site that hosts malware which is silently downloaded when the link is visited or the user is tricked into installing the malware.
Businesses need to ensure they have adequate defenses to block email-based attacks. The first line of defense is an email security solution that will scan the message headers, message body, and attachments and perform reputation checks on the sender. Email security solutions use blacklists of malicious domains and IP addresses and will block messages from these domains and IPs if they have previously been used for phishing, scams, or malware distribution. Checks will be performed on URLs and the messages are searched for the signatures of spam and phishing content – words and phrases commonly used by threat actors. If these checks are failed, the messages will be quarantined.
To block malware, email security solutions scan email attachments using anti-virus engines, which search for the signatures of malware – specific parts of the malware code that have been identified in previous malware analyses. The anti-virus software is regularly updated, and new signatures are added when new malware variants are identified. While these scans will block all known malware if the signature for malware is not in the definition list, the file will not be classed as malicious, and the message will be delivered to the end user. Unfortunately, new malware variants are being released faster than ever before to get around signature-based detection. To block unknown malware another method is required – malware sandboxing for email.
Malware Sandboxing for Email
Advanced email security solutions include malware sandboxing for email. If an email attachment passes the standard checks and anti-virus scans, it is sent to a sandbox where the behavior of the file is analyzed. A sandbox is an isolated, secure environment where files can be opened and analyzed without risk. Any checks of the environment that are performed by malware when it is executed are often passed as the sandbox is created to look exactly like a real endpoint. Any actions performed by files when they are opened are analyzed in detail and if any checks fail, the file and email will be quarantined and all other copies of that email will be removed from the email system. These checks may take a few minutes to perform, so there will be a slight delay in delivering genuine emails.
SpamTitan, TitanHQ’s award-winning email security solution, includes a powerful next-gen sandbox that is powered by Bitdefender. The malware sandboxing service uses powerful emulation tools to ensure that files are inspected using real-time intelligence along with comprehensive detection techniques, which provide advanced threat protection and zero-day exploit detection. To avoid unnecessary email delivery delays, SpamTitan has strong machine learning, static analysis, and behavior detection technologies which ensure that only files that require further analysis get sent to the sandbox. If all sandbox checks are passed, the message will be delivered. If one or more checks are failed, the message will be quarantined, and the results passed to Bitdefender’s Global Protective Network. If that threat is encountered again, it will be recognized and will be quarantined immediately and will not need to get sent to the sandbox to be detonated again.
With SpamTitan malware sandboxing for email, businesses will be well protected against zero-day malware threats that would otherwise be delivered to inboxes. For more information give the TitanHQ team a call. SpamTitan with malware sandboxing for email is also available on a 14-day free trial.
Implementing your own sandboxing technology for email can be complex and costly. SpamTitan Email Security has an inbuilt sandbox, so all the hard work is done for you. You get the full cybersecurity benefits of a sandbox at a very low cost.
What are the Benefits of an Email Sandbox?
Email sandboxing is no longer a ’want’ it is now a ‘must-have.’ Cybercriminal groups are conducting huge numbers of attacks, nation-state actors are targeting businesses to steal their proprietary data, and these attacks are getting far more sophisticated and can easily evade standard security solutions. The consequences of a successful cyberattack are severe. IBM’s 2023 Cost of a Data Breach Report indicates that the average cost of a successful attack and data breach has risen to $4.45 million in the United States. It is no surprise that many small to medium-sized businesses fold within 6 months of a successful attack.
As has been the case for many years, one of the easiest ways to gain initial access to a company’s network is via email. Employees are targeted as they can be tricked into disclosing their credentials or installing malware. Email security solutions such as spam filters and secure email gateways are capable of blocking many threats, but they are failing to block zero-day malware threats. Traditional email security solutions are reliant on signature-based detection methods for blocking malware. When a malware threat is detected and analyzed by security researchers, the signature for that malware variant is added to the definition list. Email security solutions use signature-based detection methods to block 100% of known malware.
The problem comes with new malware, for which no signature has been defined. Without a signature, malware will not be identified as malicious if it is encountered. If a novel malware variant is attached to an email, the email will most likely be delivered and can be opened by an end user and new malware variants are now being released at an incredible rate. While signature-based detection has served businesses well, additional protection is now required – email sandboxing.
With an email security solution that has an email sandbox, inbound messages will first be subjected to standard checks. An email sandbox is then used to safely analyze the behavior of files in an environment where no harm can be caused. If malware is executed, it will be detected based on its behavior rather than a signature. The threat will then be blocked, and no harm will be caused.
SpamTitan Email Sandboxing Technology for Email
With SpamTitan, the initial checks include AI-based and machine-learning detection, which is capable of detecting previously unseen phishing threats. All attachments are scanned with two antivirus engines to ensure 100% of known malware threats are detected and blocked. The sandbox provides an extra layer of protection. When initial checks are passed, suspicious messages are sent to the sandbox for deep analysis. File attachments are safely detonated, their behavior is analyzed, and the results are checked against an extensive array of online repositories. The process usually takes just a few minutes, or in some cases, a maximum of 20 minutes.
If a threat is detected it is reported to the Bitdefender Global Protective Network – Bitdefender’s cloud threat intelligence service. If that threat is detected again by SpamTitan or any device connected to the network, it will not need to be sent to the sandbox again and all devices will be protected against that threat. The latest malware variants often include code that checks for running security solutions and whether it has landed on a real endpoint. If a virtual environment is detected and the malware determines it is in a sandbox, it will not perform its malicious actions and may delete itself to prevent analysis. To get around this, the email sandbox emulates a real endpoint and analyzes files by leveraging purpose-built, advanced machine-learning algorithms. The sandbox incorporates anti-evasion and anti-exploit techniques and performs aggressive behavior analysis. Every evasion attempt by malware is properly marked and the files are flagged.
The sandbox analyzes a broad range of targets, including documents, spreadsheets, and executable files, and is capable of identifying and blocking polymorphic malware and other threats that have been developed for undetectable attacks. With email-based cyberattacks increasing in number and sophistication, businesses need to ensure they have advanced defenses. With SpamTitan sandboxing technology for email you get advanced threat protection at an affordable price. To find out more, call the TitanHQ team today or take advantage of a free 14-day free trial of SpamTitan.
Sandboxing in cybersecurity terms refers to an isolated virtual machine that is used for testing code and analyzing files. Since the sandbox is isolated from other systems and networks, unverified code, untested programs, email attachments, and files downloaded from the Internet can be executed or detonated safely. Code is executed and files are opened and their behavior is analyzed to determine if they are safe or if they may cause damage to data or systems. In the sandbox, the activities that can be performed are restricted so they can’t cause any real damage. If code is executed in the sandbox and it is determined to be malicious, it will be deleted or quarantined for further analysis. Sandboxing is also used for checking URLs. For instance, some web browsers will first open a URL in a sandbox where permissions are set to the lowest privilege levels. If any attempt is made to perform an action that is not permitted, access to the URL will either be blocked or the user will receive a warning.
Why is Sandboxing Important?
In software development, new code may have unintended consequences, such as causing other systems to malfunction, which in a production environment could cause unacceptable and costly downtime. A sandbox allows code to be fully tested to ensure it is safe. A security sandbox protects against malicious code that has been deliberately written to cause damage and/or provide access to systems and data. For example, ransomware is malicious code that encrypts files to prevent them from being accessed. A threat actor then demands payment for the keys to decrypt files. If that code was allowed to execute on the network, data could be permanently lost, or a ransom would need to be paid to recover files.
Cyberattacks on businesses have been increasing and are now being conducted more frequently than ever before. The average ransom demand in data theft and ransomware attacks is now more than $1.5 million, and data from Rapid7 suggests more than 1,500 organizations fell victim to ransomware attacks in the first half of 2023, with more than 20 new ransom groups emerging. Cybercriminals also still use backdoors, keyloggers, banking trojans, and information stealers to gain access to networks and steal sensitive data. To make matters worse, new malware and ransomware variants are constantly being released and these evade security solutions that rely on signature-based detection. It is vital that all files and applications are thoroughly tested before being allowed anywhere near the network and sandboxing allows even previously unseen malicious files to be identified and neutralized.
Email Sandboxing
Email security solutions often use sandboxing for attachments and URLs. With email attachments, they will first be scanned using standard anti-virus engines to determine if they contain known malware or malicious code. These AV checks will only detect known malware. New malware variants that have not been encountered before cannot be detected, as standard AV solutions search for signatures of known malware. Email sandboxing is used to detect new malware, often referred to as zero-day threats. Files that are determined to be clean after AV scanning are sent to the sandbox for behavioral analysis. Email security solutions may also use a sandbox for testing embedded URLs in messages and will follow the links and check the destination and assess whether it contains any threats.
Email Sandboxing from TitanHQ
SpamTitan is a multi-award-winning email security solution from TitanHQ that offers advanced threat protection at an affordable price. SpamTitan blocks phishing, malware, spam, viruses, and other malicious email threats and includes a Bitdefender-powered email sandbox. Emails that pass the initial barrage of checks, including antivirus scans, are sent to the sandbox where they are safely detonated, and their behavior is analyzed. The SpamTitan sandbox combines the latest threat analysis with powerful emulation tools to ensure that files are inspected using real-time intelligence along with comprehensive detection techniques, ensuring businesses are protected against zero-day threats. For more information on SpamTitan Email Security, give the TitanHQ team a call today.
Sandboxing is the use of a virtual environment for testing code and safely opening untrusted files. The sandbox is an isolated and secure environment that emulates a legitimate endpoint; however, there are no connections to the business network, the sandbox environment contains no real data, and if dangerous code is executed, no harm will be caused.
Advantages of Email Sandboxing
Sandboxing is important because of the sheer number and complexity of threats faced by businesses. Cybercriminal groups are conducting increasing numbers of attacks, new groups are constantly being formed, and their attacks are becoming much more sophisticated. The cost of these attacks and the resultant data breaches are also spiraling. According to the 2023 Cost of a Data Breach Report from IBM, on average, data breaches cost $4.45 million to resolve in the United States and $10.93 million for a healthcare data breach.
Many of these threats come from email. Emails are used to send attachments containing malicious code that downloads malware that provides a cyber actor with access to the network. Links to malicious websites are also distributed via email where malware is downloaded. While businesses have a degree of protection if they have anti-virus software installed, most anti-virus solutions can only detect known malware variants – Malware that has previously been analyzed and had its signature added to the solution’s malware definition list. Antivirus solutions will not detect new malware variants nor fileless malware, which is executed in the memory with no files downloaded to the disk.
Sandboxing provides an additional layer of protection against zero-day malware and ransomware attacks and will allow malicious files to be identified, detected, and quarantined before they can do any harm, even if they have not previously been encountered. In the sandbox, malware is identified by the actions it tries to perform, not by any signature.
Disadvantages of Email Sandboxing
While there are clear benefits, there are some disadvantages of email sandboxing. Businesses may want to add email sandboxing to their cybersecurity arsenal, but email sandboxes can be complicated to set up and run, and they can require a considerable amount of resources and can be expensive to run. Another of the disadvantages of email sandboxing is analyzing file attachments takes time and messages cannot be delivered until all checks have been performed. It is therefore inevitable that there will be email delivery delays.
As with any cybersecurity solution, there is the potential for false positives. An email attachment may be determined to be malicious when it is actually harmless. In such cases, important business emails may be blocked or deleted. The last main disadvantage is malware often contains code that determines if it has landed on the targeted endpoint or if it is in a virtual environment. If the latter is detected, the malware may delete itself or not perform any of its programmed malicious actions. Considering the cost of a successful cyberattack, the advantages of email sandboxing outweigh the disadvantages, provided the right sandboxing solution is chosen.
SpamTitan Email Security with Sandboxing
SpamTitan is an award-winning email security solution from TitanHQ that provides advanced threat protection at an affordable price. The solution is easy to implement and use and protects thousands of SMBs and managed service providers (MSPs) by blocking spam, viruses, malware, ransomware, and links to malicious websites from your emails. SpamTitan’s ATP defense uses inbuilt Bayesian auto-learning and heuristics to defend against advanced threats and evolving cyberattack techniques and features an integrated email sandbox tool that is part of Bitdefender’s Global Protective Network.
SpamTitan uses advanced intelligent technologies, such as AI, to predict and prevent advanced threats and the sandbox accurately mimics a real endpoint to trick malware into determining it has reached its intended target. As with any sandbox, there are delays in delivering emails but this is kept to a minimum. SpamTitan has multiple layers of security and sophisticated sandbox technology, which means only specific and dangerous emails will be sandboxed. Even if a legitimate email lands in a sandbox, the delivery delay will be, at most, twenty minutes. While there may be false positives on occasion, no emails are deleted. They are quarantined to allow administrators to check the validity of the results.
If you want to improve security and get the advantages of email sandboxes while eliminating the disadvantages, give the TitanHQ team a call today. SpamTitan is also available on a free 14-day trial to allow you to test the product and sandbox in your own environment before making a purchase decision.
Multiple layers of security are required to protect against increasingly sophisticated email attacks. A malicious file sandbox for email should be one of those layers to ensure your business is protected against zero-day and stealthy malware threats.
Email: The Most Common Initial Access Vector Used by Cybercriminals
There are many ways that cybercriminals can attack businesses, but email is the most common initial access vector. Most employees have email accounts which means they can be easily reached, and social engineering techniques are used to trick employees into opening malicious attachments or visiting links in emails. Cybercriminals have become adept at exploiting human weaknesses in defenses.
One of the main aims of email campaigns is to deliver malware to provide persistent access to victims’ networks. Executable files may be attached to emails and hidden using double file extensions to make the files appear to be legitimate documents, PDF files, or spreadsheets. Office files may be attached that have malicious macros which, if allowed to run, trigger the download of a first-stage malware payload. The problem for businesses is these campaigns are becoming much more sophisticated, they often bypass standard email security defenses, and they land in inboxes where they can be opened by employees.
Defending against sophisticated email attacks requires a defense-in-depth approach, which should include a spam filter/secure email gateway, a web filter, multifactor authentication, an endpoint detection and response solution, and security awareness training for employees. To improve protection further and defend against new and stealthy malware threats, it is important to have a malicious file sandbox for email.
What is a Malicious File Sandbox?
A malicious file sandbox is an isolated virtual environment where untrusted, suspicious files can be detonated securely without risking network or data security. The sandbox is used for analyzing emails, documents, application files, and other executable files to determine their true nature. When an email is received, it must first pass through a spam filter which looks for the common signatures of spam and phishing emails, performs reputation checks on the sender, analyzes the message content, and scans email attachments using antivirus software. The spam filter will filter out the majority of spam and phishing emails and all known malware variants using the antivirus software.
The problem is many email attacks are stealthy and have been developed to be undetectable, and cyber actors are skilled at getting their emails past email defenses and into inboxes. One way this is achieved is by using polymorphic malware, which cannot be detected by standard email security solutions and antivirus software. A malicious file sandbox is needed to protect against these novel threats.
When suspicious files are received that pass the front-end checks, they are sent to the sandbox for in-depth analysis of their behavior. The malicious file sandbox is configured to look like a real target environment to ensure that when an email is sent to the sandbox any malware acts as it would in the wild and is tricked into determining that it has landed on the endpoint of its intended target. No harm can be caused in the sandbox as the environment is isolated and not set up locally. If malware is detected, a report is generated of any malicious intent or unexpected actions, and actionable insights are provided to allow the threat to be blocked.
The SpamTitan Malicious File Sandboxing Service
SpamTitan is an award-winning anti-spam and anti-phishing solution from TitanHQ that is used by thousands of businesses and managed service providers to protect against email-based attacks. The solution leverages artificial intelligence and machine learning algorithms to detect novel threats and predict new attacks, reputation checks are conducted using SPF, DKIM, and DMARC, users are protected from malicious links in emails, and the solution has dual antivirus engines that scan for known malware.
SpamTitan also includes a Bitdefender-powered malicious file sandbox for blocking zero-day malware threats. The sandbox analyzes a broad range of targets, including emails, documents, application files, and other executable files, and leverages purpose-built, advanced machine-learning algorithms, aggressive behavior analysis, anti-evasion techniques, and memory snapshot comparison to detect sophisticated threats and delivers advanced threat protection and zero-day exploit detection. The sandbox also extracts, analyzes, and validates URLs within files.
The sandbox is not located on the endpoint so there are no performance implications, and strong machine learning and behavior detection technologies ensure that only files that require further analysis are sent to the Sandbox. If a malicious file is detected, the sandbox informs Bitdefender’s cloud threat intelligence service to ensure the threat is instantly blocked globally and will not need to be set to the sandbox for analysis again. The sandbox allows businesses to identify and block malicious files such as polymorphic malware and other threats that have been developed for use in undetectable attacks.
The SpamTitan malicious file sandbox delivers best-in-class detection, advanced anti-evasion technologies, innovative pre-filtering, and MITRE ATT&CK framework support. If you want the best protection from dangerous malware, you need a malicious file sandbox for email, and with SpamTitan you get that and more at a very affordable price. For more information on the capabilities of SpamTitan and details of pricing, give the TitanHQ team a call. SpamTitan is also available on a free 14-day trial to allow you to test the product in your own environment before making a purchasing decision.
Message sandboxing is a security feature of spam filters, secure email gateways, and other email security solutions where inbound messages are sent to a secure and isolated environment where the messages are subjected to behavioral analysis. File attachments are detonated and analyzed for malicious properties and actions, such as attempted file downloads from the Internet, command-and-control center callbacks, and attempts to write code to the memory.
What is a Sandbox?
In the technology sense, a sandbox is a contained virtual environment that is separate and isolated from other applications, operating systems, data, and internal networks. Sandboxes have several uses. In software development, a sandbox is used for testing new code, where it can be observed for unexpected compatibility issues, allowing software developers to troubleshoot the code without causing any harm to live systems and data.
In cybersecurity, a sandbox is used to open untrusted files, follow potentially malicious links, and analyze suspicious code and malware. If malware was installed and executed on a standard machine, the threat actor would be given remote access, malware may exfiltrate sensitive data, or in the case of ransomware, encrypt files. Since the sandbox is a secure environment, any malicious action has no consequences, and files can be studied in safety.
A sandbox is a virtual environment that is often configured to mimic a genuine endpoint. One of the first actions taken by malware is to explore the environment it is in to check whether it is on a genuine device. If not, it is likely not to run any malicious routines and may self-delete to prevent analysis. By configuring the sandbox to mirror a genuine endpoint, the malware can be tricked into performing its malicious routines, which are detected and logged. The intelligence gathered is fed into the email security solution, and all users of that solution, locally and globally, will be protected from that malware sample in the future.
Why is Message Sandboxing Necessary?
Traditional email security solutions check message headers, perform reputation checks of senders, scan email attachments with antivirus engines, follow embedded hyperlinks, and examine the content of the message for known spam and phishing signatures. For many years, these checks alone have been sufficient and ensure that more than 99% of spam and phishing emails are detected and blocked along with all known malware.
Email attacks have been getting much more sophisticated in recent years and new malware variants are being released at never-before-seen rates. A malware phishing campaign, for instance, will not just use one iteration of malware, but many, with each sample differing sufficiently to defeat signature-based detection mechanisms. Cybercriminals are using automation to spin up masses of samples and AI is being used to develop novel phishing methods.
AI and machine learning capabilities are now required in email security for blocking these zero-day threats, and email message sandboxing is necessary for detecting novel malware threats. Advanced email security solutions leverage AI, machine learning, and email sandboxing and protect against the rapidly evolving threat landscape. Without these features, many malicious messages will be delivered.
How to Set Up Message Sandboxing
The easiest way to get started and set up message sandboxing is to use SpamTitan Email Security. SpamTitan has been developed to be easy to set up and use by businesses of all sizes, from small offices and coffee shops to small and medium-sized businesses and large enterprises. Being cloud-based, there is no software to install, just a small configuration change to your MX record (information on how to do this is provided). The solution can be accessed through a web-based interface, and the solution can be configured in just a few minutes.
Users benefit from spam and phishing detection rates of more than 99.99%, a very low false positive rate and a Bitdefender-powered email sandbox. The email sandbox leverages advanced machine learning algorithms, aggressive behavior analysis, anti-evasion techniques, and memory snapshot comparison to detect zero-day threats.
Without an email sandbox, you are likely to be exposed to many malicious messages. With sandbox email protection, you have much better control of the content that reaches user inboxes.
Do you know how to sandbox email attachments? If you have yet to start using a sandbox for email, you will be exposed to advanced malware and phishing threats. The good news is it is quick and easy to improve protection with a sandbox, and it requires no advanced techniques or skills, but before presenting an easy email sandboxing solution, we should explain why email sandboxing is now a vital part of email security
Email Sandboxing Detects Advanced and Sophisticated Threats
A hacker writes the code for a new malware variant or generates the code using an AI tool, and then sends that malware via email. A traditional email security solution will not block that malware, as it has not detected it before and it doesn’t have the malware signature in its definition list. The email would most likely be delivered, and the intended recipient could open it and infect their device with malware. From there, the entire network could be compromised and ransomware could be deployed.
How could a new, previously unseen threat be blocked? The answer is email sandboxing. When a file passes initial checks, such as AV scans, the attachment is sent to an email sandbox where its behavior is analyzed. It doesn’t matter if the malware has not been seen before. If the file performs any malicious actions, they will be detected, the threat will be blocked, and if that threat is encountered again, it will be immediately neutralized.
Email sandboxing is now an essential part of email security due to the sheer number of novel malware variants now being released. That includes brand new malware samples, malware with obfuscated code, polymorphic malware, and known malware samples that differ just enough to avoid signature-based detection mechanisms. Without behavioral analysis in a sandbox, these threats will be delivered.
The Easy Way to Sandbox Email Attachments
Setting up an email sandbox need not be complicated and time-consuming. All you need to do is sign up for an advanced cloud-based email security solution such as SpamTitan Email Security. SpamTitan is a 100% cloud-based email security solution that requires no software downloads or complex configurations. Just point your MX record to the SpamTitan Cloud and use your login credentials to access the web-based interface. You can adjust the settings to suit your needs, and the setup process is quick, easy, and intuitive, and generally takes around 20-30 minutes.
The solution is fed threat intelligence from a global network of more than 500 million endpoints, ensuring it is kept up to date and can block all known and emerging threats. You will be immediately protected from known malware and ransomware threats, phishing emails, spam, BEC attacks, and spear phishing, and you will benefit from email sandboxing, where suspicious emails are sent for deep analysis to identify zero-day phishing and malware threats.
The SpamTitan email sandbox is powered by Bitdefender and has purpose-built, advanced machine learning algorithms, decoys and anti-evasion techniques, anti-exploit, and aggressive behavior analysis. If a file is analyzed in the sandbox and found to be malicious, SpamTitan updates Bitdefender’s Global Protective Network, ensuring that the new threat is blocked globally.
Email sandboxing doesn’t need to be complicated. Just use SpamTitan from TitanHQ. SpamTitan is available on a free trial, with customer support provided throughout the 14-day trial to help you get the most out of the solution. We are sure you will love it for the level of protection provided and how easy it is to use.
Businesses are now targeted by advanced persistent threat actors looking for proprietary data, financially motivated threat actors looking to steal sensitive data and conduct extortion attacks, and hacktivist groups that aim to disrupt business operations.
Many of these attacks see initial access to internal networks and accounts gained via email. Credential phishing and malware phishing attempts serve a similar purpose and allow threat actors to obtain initial access to allow them to achieve their objectives, whether that is to gain persistent access for espionage purposes, to steal data, use ransomware, or wipe devices.
Email techniques such as phishing and spear phishing for credential theft or the use of malspam emails for delivering malware can be sophisticated and difficult for end users to detect. Further, advances in artificial intelligence have led to generative AI solutions that are capable of producing flawless phishing emails and generating novel social engineering techniques to trick users into taking the required actions – following a link, disclosing sensitive data, or downloading and executing malware.
Spam filters and secure email gateways have long protected businesses against these threats, but increasingly sophisticated techniques are now used that can bypass the protections of traditional email security solutions and reach end users. To combat these threats email security solutions have had to adapt. Cutting-edge email security solutions such as SpamTitan Email Security have AI and machine learning capabilities that are capable of detecting advanced and sophisticated attacks, in addition to DMARC, SPK, and DKIM reputation checks, and blacklists of known malicious IP addresses and domains.
One of the biggest threats comes from malware, either attached to emails or downloaded from URLs that are linked in email messages. For many years, antivirus engines have been effective at detecting and blocking malware threats, and while they still provide a degree of protection, AV engines are signature-based. When a new malware sample is detected, a unique signature is detected and added to a malware definition list. When a new file is received, it will be checked against all known signatures. If that signature is detected, the file will be quarantined or deleted.
New malware samples, which are being released at an incredible rate, will not be detected as malicious, as their signature has yet to be created and added to the list. These files will therefore not be detected as malicious and will be delivered to inboxes. To protect against this, advanced email security solutions use email sandboxing.
Email sandboxing involves creating an isolated, protected environment for analyzing suspicious emails. If front-end checks are passed, the email is sent to the sandbox for deep analysis. The sandbox is a protected environment where no harm can be caused, and files can be safely analyzed for malicious behavior.
TitanHQ’s Email Sandbox Service
In response to growing threats, TitanHQ added a next-generation email sandbox to its SpamTitan Email Security solution in 2019 to better protect users against malware, spear-phishing, advanced persistent threats (APTs), and to provide security teams with insights into new threats.
TitanHQ’s email sandbox service incorporates award-winning machine learning and behavioral analysis technologies, allowing security teams to safely detonate suspicious files in a secure environment that mirrors production endpoints. Malicious actors are tricked into thinking their malicious payloads have reached their intended target, and the malicious activities are detected. The sandbox analyzes documents, spreadsheets, application files, and executable files, and can detect malware, including polymorphic malware, and other sophisticated threats that have been developed for use in undetectable targeted attacks.
The TitanHQ email sandbox service leverages purpose-built, advanced machine learning algorithms, decoys and anti-evasion techniques, anti-exploit, and aggressive behavior analysis, and all results are checked against an extensive array of online repositories. The analysis takes from a few seconds to a few minutes, and if a malicious file is detected, the results will be uploaded to a cloud threat intelligence service and all users will be protected. If that threat is detected on any device globally, it will not need to be sent to the sandbox again and will be instantly neutralized.
SpamTitan email sandbox service greatly increases the detection rate of elusive threats in the pre-execution stage, including APTs, targeted attacks, evasion techniques, obfuscated malware, custom malware, and ransomware, allows security teams to quickly integrate advanced emulation-based malware analysis, and protects against a rapidly evolving threat landscape.
You can put the SpamTitan email sandbox service to the test today by signing up for a 100% free trial and instantly start protecting your business with sandbox technology.
Sandboxing is a security feature that protects against malicious code. Rather than execute potentially unsafe code in a standard environment, it is sent to the sandbox – an isolated environment where no harm can be caused.
How Does a Sandbox Work?
A sandbox is an important cybersecurity tool for protecting host devices, operating systems, and data from being exposed to potential threats. The sandbox is a highly controlled system that is used to analyze untrusted applications, files, or code. The sandbox is isolated from the network and real data, and there are only essential resources that are authorized for use. It is not possible for a sandboxed file to access other parts of the network, resources, or the file system, only those specifically set up for the sandbox.
Sandboxes can have different environments. One of the most common implementations uses virtualization. A virtual machine (VM) is set up specifically to examine suspicious programs and code. Some sandboxes include emulation of operating systems to mimic a standard endpoint. Some malware samples perform checks of their environment before executing malicious routines to make sure they are not in a VM. If a VM is detected, the malware will not execute malicious routes and may self-delete to prevent analysis. By emulating a standard endpoint, these checks can be passed to allow analysis. Some sandboxes have full system emulation, which includes the host machine’s physical hardware as well as its operating system and software. These sandboxes provide deeper visibility into the behavior and impact of a program.
In email security, files, attachments, URLs, and programs are sent to the sandbox to check whether they are benign or malicious. The analyses can take between a few seconds to a few minutes, and if any malicious activity is detected, the file will be either quarantined and made available for further study or it will be deleted. Any other instances of that file will be removed from the email system, and any future encounters will see the file, attachment, URL, or program deleted.
SpamTitan Email Sandboxing
SpamTitan Email Security includes a Bitdefender-powered email sandbox to ensure users are protected against zero-day threats. All emails are subjected to a barrage of checks and tests, including scans using two different antivirus engines. SpamTitan features strong machine learning, static analysis, and behavior detection technologies to ensure that only files that require deep analysis get sent to the sandbox. This is important, as deeper analysis may take several minutes, so verified clean and safe messages will not be unduly delayed.
Files that are sent to the sandbox for deep analysis are executed and monitored for signs of malicious activity, with self-protection mechanisms in place to ensure every evasion attempt by a piece of malware is properly marked. The sandbox has purpose-built, advanced machine learning algorithms, decoys and anti-evasion techniques, anti-exploit, and aggressive behavior analysis. All results are checked across known threats in an extensive array of online repositories. If a malicious file is detected, the sandbox updates the Bitdefender’s cloud threat intelligence service – the Bitdefender Global Protective Network – and the sandbox will never have to analyze that threat again as it will be blocked globally.
If you want to improve protection against zero-day threats, give the TitanHQ team a call to find out more about SpamTitan. SpamTitan is available on a free trial to allow you to test it out in your own environment before making a purchase decision.
What is sandbox security? In an IT sense, sandbox security refers to the use of an isolated environment for testing potentially malicious or unsafe code. The sandbox is an environment that resembles the organization’s real environment. The sandbox is made to look like it is a legitimate rather than a virtual environment; however, the sandbox is totally isolated from other systems and contains no real data.
A sandbox is used for malware analysis, testing potentially unsafe code, or as a guest environment with a tightly controlled set of resources, with no ability to inspect the host system or gain access to the networks, therefore not exposing any threats to real systems or data. For example, if a file needs to be opened and it is unclear whether it contains malicious code, it is opened in a sandbox. Security teams can assess the behavior of the file to determine if it is benign or malicious, and if it is the latter, no harm will be caused.
Sandboxes are commonly used for testing new code to determine whether it is safe and compatible with other systems, without actually putting those systems at risk. The sandbox is used to perform troubleshooting to identify any problematic parts of the code. One of the main benefits of sandbox security is blocking cyberattacks, and sandboxing has become indispensable for email security.
Email Sandboxing
Email sandboxing is the use of a sandbox environment for inbound email, which can be used to protect against phishing and malware threats. When an email is received that contains an attachment or a hyperlink, these can be evaluated in the sandbox before the message is released for delivery to the end user’s inbox. Phishing is one of the most common ways that malicious actors gain initial access to internal networks. Emails are often sent that contain hyperlinks to URLs that host phishing kits that steal credentials or sites hosting malware. These emails can be sent to a sandbox where the links can be followed, and the content of the URLs assessed. If a file download is triggered, the file can be analyzed to determine its behavior.
The same applies to email attachments. An email attachment such as a Word document or Excel spreadsheet may contain a malicious macro or other malicious code, which could provide a threat actor with remote access to the device and network. By opening the attachment in the sandbox, the behavior of the file can be analyzed safely. If found to be malicious, all other instances of that malware can be removed and if the file is received again, it will be automatically deleted. Security teams can also safely study malware to determine the nature of the threat and learn important information about the adversary and their intentions.
Why Is Email Sandboxing So Important?
Traditional email security solutions are effective at detecting and blocking known malware threats. They use one or more antivirus engines for scanning email attachments for known signatures of viruses and malware. If these signatures are detected, the threat will be blocked. The problem with signature-based detection is the signature must be known. While virus definition lists are updated on a daily or even hourly basis, new malware threats are constantly being released. If a new malware variant is received for which there is no signature, it will not be detected as malicious and will be delivered to an inbox where it can be executed.
Sandbox security plugs this security gap. If an attachment passes AV checks, it is sent to the sandbox for deep analysis of its behavior, allowing zero-day malware threats to be detected and blocked. Cybercriminals do not just use one version of a malware sample, they use many different versions, each differing sufficiently to evade AV checks. Without sandbox security, organizations are at risk of infection with these malware variants.
TitanHQ’s SpamTitan Email Security solution features dual antivirus engines for detecting known malware threats, and a Bitdefender-powered email sandbox for detecting zero day malware and phishing threats and provides security teams with valuable insights into new threats to help them mitigate risks. Give the TitanHQ team a call to find out more about how SpamTitan with sandbox security can improve your security posture. SpamTitan is also available on a free trial to allow you to put the product to the test and see for yourself the difference it makes.
https://www.spamtitan.com/blog/email-sandboxing-key-blocking-malware-threats/Email security solutions with email sandboxing block more malware threats than traditional spam filters, even novel malware variants that have yet to be identified as malicious. Without this important feature, emails with malicious attachments will likely be delivered to inboxes where they can be opened by employees. All it takes is for one employee to open a malicious file for malware to be installed that gives a threat actor the foothold they need for a comprehensive attack on the network.
What is an Email Sandbox?
In cybersecurity terms, a sandbox is an isolated, virtual machine where potentially unsafe code can be executed in safety, files can be subjected to deep analysis, and URLs can be visited without risk. In the sandbox, the behavior of files, code, and URLs is inspected, and since the sandbox is not networked and there is no access to real data or applications, there is no risk of causing any damage. Email sandboxing is used to identify malicious code and URLs in emails. The email sandbox mirrors standard endpoints to trick malicious actors into thinking that they have reached their intended target. Emails may pass front-end tests that look at the reputation of the sender, email headers, the content of the messages, and subject attachments to signature-based anti-virus tests, but there is no guarantee that the emails are safe without sandbox-based behavioral analysis.
Why is Email Sandboxing Important?
Cyber threat actors have been developing techniques for bypassing standard email security solutions such as embedding malicious URLs in PDF attachments, hiding malicious content in compressed files, using multiple redirects on hyperlinks, and including links to legitimate cloud-based platforms such as SharePoint for distributing malware. Traditional email security solutions can filter out spam and phishing emails, but they often fail to block more sophisticated threats, especially zero-day malware threats. Email sandboxing provides an extra layer of protection against sophisticated threats such as spear-phishing emails, advanced persistent threats (APTs), and novel malware variants.
A few years ago, new malware variants were released at a fairly slow pace; however, threat actors are now using automation and artificial intelligence to generate new malware variants at an alarming rate. Malware samples are used that deviate sufficiently from a known threat to be able to bypass signature-based detection mechanisms, ensuring they reach their intended targets. Rather than just using one version of malware in their email campaigns, dozens of versions are created on a daily basis. While security awareness training will help employees identify and avoid suspicious emails, threat actors have become adept at social engineering and often hoodwink employees.
The SpamTitan Email Sandbox
The SpamTitan email sandbox is a powerful next-generation security feature with award-winning machine-learning and behavioral analysis technologies. Powered by Bitdefender, the SpamTitan sandbox for email allows files to be safely detonated where they can do no harm. Email attachments that pass the barrage of checks performed by SpamTitan are sent to the sandbox for deep analysis. The sandbox is a virtual environment that is configured to appear to be a typical endpoint and incorporates purpose-built, advanced machine learning algorithms, decoys and anti-evasion techniques, anti-exploit, and aggressive behavior analysis. Files are also subjected to checks across an extensive array of online repositories, with the sandbox checks taking just a few minutes. That ensures that genuine emails are not unduly delayed. If malicious properties are detected in the sandbox, the threat intelligence is passed to Bitdefender’s Global Protective Network (cloud threat intelligence service). If the threat is encountered again, it will be detected and blocked without having to be analyzed again in the sandbox.
The SpamTitan sandbox is used for a wide range of attachments, including office documents to check for malicious URLs, macros, and scripts, and all executable and application files. The sandbox allows SpamTitan to detect polymorphic malware and other threats that have been designed for use in undetectable targeted attacks. If a malicious file is detected, the email is not sent to a spam folder where it could be opened by an end user, it is quarantined in a directory on the local email server which only an administrator can access. Administrators may wish to conduct further investigations to gain insights into how their organization is being targeted.
Threat actors are conducting increasingly sophisticated attacks, so email security solutions need to be deployed that are capable of detecting these advanced threats. With zero-day threats on the rise, now is the ideal time to improve your email defenses with SpamTitan. Why not sign up for a free trial of SpamTitan today to put the solution to the test to see the difference the advanced threat detection capabilities make to your security posture? Product demonstrations can also be requested by contacting TitanHQ, and our friendly sales team will be more than happy to discuss SpamTitan with you and the best deployment options to meet the needs of your business.
Commonly asked questions about email sandboxing so you know what to expect from an email security solution with a sandbox, and why this advanced feature is vital for email security.
What is an Email Sandbox?
One of the commonly asked questions about email sandboxing is what is an email sandbox? Like the children’s equivalent, it is a safe space for building, destroying, and experimenting. In cybersecurity terms, it is an isolated environment where harm cannot be caused to anything outside of that environment. An email sandbox is an isolated virtual machine that is used for performing risky actions, such as opening unknown attachments and analyzing files and URLs in depth, rather than using a real machine where there is a risk of harm being caused such as file encryption by ransomware, theft of sensitive information, or wiping of data.
Why is an Email Sandbox Important?
Email is the most common vector used in cyberattacks. Through emails, cyber threat actors can gain initial access to a protected network from where they can steal sensitive data or move laterally for a more comprehensive attack. One of the most common ways of gaining remote access is through malware. Once malware is downloaded, an attacker can remotely perform commands and gain full control of an infected device. While businesses use antivirus software to detect and remove malware, these solutions are signature-based. In order to detect malware, the signature of the malware must be in the definition list used by the anti-virus solution, which means the malware must have previously been encountered. Novel malware variants that have not yet been determined to be malicious will not be identified as such and will therefore be delivered to inboxes where they can be executed by employees. An email sandbox is used to safely detonate suspicious files and inspect their behaviors. The behavioral analysis allows previously unknown malware samples can be identified and blocked. This is important due to the volume of new malware samples that are now being released.
How Does an Email Sandbox Protect Against Malware?
Email security solutions with sandboxing perform the same front-end checks as traditional email security solutions and will identify and block many malicious messages. If the initial checks are passed, and the messages are determined to potentially pose a risk, they will be sent to the sandbox for behavioral analysis. Once inside the safety of the sandbox, the attachments will be opened and subjected to various tests. The sandbox is configured to appear to be a normal endpoint, so any malware will be tricked into running malicious commands as it would if it had reached its intended target. The actions of the file are assessed, and if they are determined to be malicious they will be sent to a quarantine folder. By performing these checks, new malware variants can be identified and blocked before any harm is caused.
Will Sandboxing Delay Message Delivery?
Performing standard checks of messages is a quick process, often causing imperceptible delays in mail delivery. Performing in-depth analysis takes longer, so there will be a delay in message delivery. Many emails will not need to be sent to the sandbox and will be delivered immediately, but if sandboxing is required, there will be a delay while the behaviors of the email and attachments are analyzed. Some malware has built-in anti-analysis capabilities and will delay any malicious processes to combat sandboxing. Time is therefore required to ensure full analysis. With SpamTitan, the delay will be no longer than 20 minutes.
How Can I Avoid Message Delivery Delays?
SpamTitan incorporates artificial intelligence and machine learning capabilities which minimize the number of emails that are sent to the sandbox, and SpamTitan will check every 15 seconds to ensure that emails are delivered as soon as the sandbox analysis is complete. SpamTitan’s sandbox is part of Bitdefender’s Global Protective Network, which ensures rapid checks of suspicious messages. To avoid delays, certain email addresses and domains can be added to a whitelist, which means they will not be sent to the sandbox for analysis, ensuring rapid delivery.
What are the Benefits of Email Sandboxing?
The sandbox provides an important extra layer of protection against malware threats and malicious links. It will detect advanced attacks early and prevent breaches, reduce incident response costs and efforts, reduce the threat-hunting burden, and increase the detection rate of elusive threats in the pre-execution stage, including APTs, targeted attacks, evasion techniques, obfuscated malware, custom malware, ransomware.
How Does the SpamTitan Sandbox Work?
SpamTitan will subject all inbound emails to a battery of front-end tests, and if these are passed but the email is still suspicious, the message and attachment will be sent to the sandbox and the user will be informed that the message is in the sandbox for review. The email and attachments will then be opened in an isolated cloud platform or a secure customer virtual environment. If malware is detected, the email is blocked and assigned ATP.Sandbox and will be listed under “Viruses” in the relevant quarantine report and the intelligence gathered will be used to protect all users from that threat in the future. After twenty minutes of interrogation, if no malicious actions are identified, the file is marked clean and the email is passed onto the recipient.
How Can I Find Out More About Email Security and Sandboxing?
If you have unacceptable numbers of spam and malicious messages being delivered to inboxes, are receiving large numbers of queries about suspicious emails from your employees, or if you have experienced a malware infection via email recently, you should speak with TitanHQ about improving email security with SpamTitan.
SpamTitan has artificial intelligence and machine learning capabilities, a next-gen email sandbox, and a 99.99% detection rate with a very low false positive rate. Further, SpamTitan is very competitively priced, easy to use, and requires little maintenance. The solution is also available on a 100% free trial, with full product support provided for the duration of the trial.
Email sandboxing is important for security, as it will block threats that traditional email filters fail to detect. While sandboxing is now considered to be an essential element of email security, one disadvantage is that it will delay the delivery of emails. In this post, we will explain why that is and how email delivery delays can be minimized or avoided altogether.
What Does Queued for Sandbox Mean?
If you use SpamTitan or another email security solution with email sandboxing, you may see the message “email queued for sandbox” from time to time. The queued for sandbox meaning is the message has been determined to warrant further inspection and it has been sent to the sandbox for deeper analysis. This is most likely because the email includes an attachment that is determined to be risky, even though it has passed the initial antivirus scans.
While email sandboxing is important for security, there is a downside, and that is processing messages in a sandbox and conducting behavioral inspection takes a little time. That means there will be a delay in delivering messages that have been sandboxed while behavioral checks are performed. Messages will only be delivered once all sandbox checks have been passed. If a large volume of suspicious emails are received at the same time, messages will be queued for analysis, hence the queued for sandbox message being displayed.
Sandbox Delays for Inbound Emails
The processing of messages in a sandbox can take a little time. Cyber threat actors do not want their malware and malicious code analyzed in a sandbox, as it will allow their malware to be identified. Further, once a malware sample has been identified, details will be shared with all other users of that security solution, which means no user will have that malicious file delivered to their inbox. SpamTitan’s email sandbox is powered by Bitdefender, so all members of the Bitdefender network who subscribe to its feeds will also be protected.
Many malware samples now have anti-sandbox technologies to prevent this. When the malware is dropped on a device it will analyze the environment it is in before launching any malicious actions. If it senses it is in a sandbox it will terminate and may attempt to self-delete to prevent analysis. One technique often seen is delaying any malicious processes for a set time after the payload is delivered. Many sandboxes will only analyze files for a short period, and the delay may be sufficient to trick the sandbox into releasing the file. It is therefore necessary to give the sandbox sufficient time for a full analysis.
Are Your Sandbox Delays Too Long?
Conducting analyses of emails in a sandbox is resource-intensive and can take several minutes and there may be delays to email delivery that are too long for some businesses. There are ways to avoid this, which we will discuss next, but it may be due to the email security solution you are using. The SpamTitan email sandbox is part of Bitdefender’s Global Protective Network, which was chosen not only for cutting-edge threat detection but also the speed of analysis. If you are experiencing long delays receiving emails, you should take advantage of the free trial of SpamTitan to see the difference the solution makes to the speed of email delivery for emails that require sandbox analysis.
How the SpamTitan Sandbox for Email Minimizes Delays
SpamTitan does not send all messages to the sandbox to avoid unnecessary email delays. If a message is suspicious and the decision is taken to send it to the sandbox for analysis, SpamTitan will check to see if the analysis has been completed every 15 seconds to ensure it is released in the shortest possible time frame. Employees will be aware that they have received a message that has been sent to the sandbox as the message delivery status is displayed in their history. Provided all sandbox checks are passed, the email will be delivered. This process will take no longer than 20 minutes. If a file is determined to be legitimate, details are retained by SpamTitan so if the attachment or message is encountered again, it will not be subjected to further analysis in the sandbox.
How to Avoid Sandbox Delays to Message Delivery
There are ways to avoid messages being placed in the queue for sandbox inspection. While it is not always advisable for security reasons, it is possible to whitelist specific email addresses and domains. This will ensure that emails from important clients that need a rapid response will be delivered without delay and will not be sent to the sandbox. The problem with this approach is that if a whitelisted email address or a domain is compromised and used to send malicious messages, they will be delivered.
What Happens if a Message is Misclassified as Malicious?
False positives do occur with spam and phishing emails as email filtering is not an exact science. While this is rare with SpamTitan, any misclassified emails will not be deleted as they will be sent to a quarantine folder. That folder can be configured to be accessible only by an administrator. The administrator can then check the validity of the quarantined messages and release any false positives. Since SpamTitan has artificial intelligence and machine learning capabilities, it will learn from any false positives, thus reducing the false positive rate in the future.
Talk with TitanHQ About Improving Email Security
If you are not currently using an email security solution with sandboxing or if your current email security solution is not AI-driven, contact TitanHQ to find out more about how SpamTitan can improve protection against sophisticated email threats. SpamTitan is available on a free trial to allow you to put the product to the test before deciding on a purchase, and product demonstrations can be arranged on request. If you proceed with a purchase, you will also benefit from TitanHQ’s industry-leading customer service. If you ever have a problem or a query, help is rapidly at hand.
You may have heard that email sandboxing is an important security feature, but how does an email sandbox block malware and why is this security feature necessary? In this post, we explain what an email sandbox is, why it is now an important element of email security, and how email sandboxes work.
An email sandbox is a secure and isolated environment where emails and their attachments are subjected to behavioral analysis. In the sandbox, malicious files and code can be safely detonated where no harm can be caused. Say an email is received that contains malicious code that is used to drop and execute ransomware on a device. Executing that code on a standard machine would initiate the process that ends with file encryption. Execute that code in an email sandbox and the malicious behavior would be detected and no harm would be caused. The email and code will then be eradicated from the email system, and the threat intelligence gathered will be sent to a global network to ensure that if the email or code is encountered again it will be immediately blocked.
Many Email Security Solutions Fail to Detect the Most Serious Threats
Traditional email security solutions perform many tests on emails to determine the likelihood of them being spam or malicious. DMARC and SPF are used to check the legitimacy of the sender, checks are performed on the reputation of an IP address/domain, and the subject, title, and body of a message are analyzed for signs of phishing and spam. Email attachments are also subject to anti-virus checks, which will identify and block all known malware variants. The result? Filtered emails contain no known spam, no known malicious hyperlinks, and no known malware.
The problem with traditional email security solutions is they are unable to detect unknown spam, phishing attempts, and malware. If a threat actor uses a previously unseen phishing email, which includes either a link to a fresh URL or a site with a good reputation, that email will most likely be delivered. If a new malware variant is sent via email, its signature will not be present in any virus or malware definition list and will similarly be delivered to an end user’s inbox. Threat intelligence is shared with email security solutions and they are constantly updated as new threats are found but there is a lag, during which time these threats will be delivered to inboxes. That is why an email sandbox is needed.
How an Email Sandbox Works
Antivirus scans will block the majority of malware, but not novel (zero-day) malware threats. When an email security solution has email sandboxing, the same checks are initially performed, and if they are passed, emails are sent to the sandbox for further analysis. The email sandbox is an isolated environment on a virtual machine that is configured to look like a genuine endpoint. As far as the threat actor is concerned, their email will have reached their intended target and the file should execute as it would on a standard machine.
In the sandbox, emails and attachments are opened and links are followed and behavior is analyzed in detail to determine if any malicious or suspicious actions occur such as a command-and-control center callbacks, attempted file encryption, or scans for running processes. If a Word document is opened that contains no hyperlinks, no macros, and no malicious scripts, and nothing suspicious occurs in the time it is present in the sandbox, the file will be determined as benign and the email will then be delivered to the intended recipient. If any malicious actions are detected, the file will be sent to a local quarantine directory where it can only be accessed by the administrator. The intelligence gathered will be sent to the global network and all users will be protected almost instantly. All copies of that message and the attachment will also be removed from the entire mail system.
Email Sandboxing and AI-Driven Threat Detection are Now Vital
Email sandboxing is now vital for email security as new malware variants are being released at an incredible rate and signature-based detection methods cannot detect new malware threats. In addition to email sandboxing, artificial intelligence must be leveraged to look for novel phishing messages, as phishing attempts are also increasing in sophistication. These AI-based checks look for messages that deviate from the typical messages received by a company, and greatly reduce the volume of spam and phishing emails that reach inboxes.
The threat landscape is constantly changing so advanced email defenses are now essential. If you are still using an email security solution without email sandboxing and AI-driven threat detection, your company is at risk. Speak to the team at TitanHQ to find out more about SpamTitan and how the award-winning email security solution can enhance your company’s security posture.
SpamTitan is a next-generation anti-spam, anti-phishing, and anti-malware solution for businesses that incorporates AI-based threat detection, email sandboxing, and many other advanced email security features. Some of the most important and best-loved features of SpamTitan are explained below:
Email Sandboxing in SpamTitan
Email sandboxing is a vital element of email security, yet many email security solutions lack this feature. An email sandbox is a secure, virtual machine where links can be followed and attachments opened where they cannot cause any harm. A malicious link that leads to an automatic malware download can be followed in safety, and even the nastiest piece of malware can be executed without risk as the sandbox is isolated, not connected to any network, and contains no real data.
The sandbox is configured to appear to be a genuine endpoint in order to trick malicious actors into thinking malware has reached its intended target. When a file is opened in the sandbox it is subject to deep analysis, and any malicious or suspicious actions are detected. Emails are subject to a battery of front-end checks, including scans using two anti-virus engines, and any emails that pass these checks but are determined to potentially pose a risk are sent to the sandbox for behavioral analysis. That includes emails along with any attached documents, spreadsheets, and executable files.
Sandboxing for email is important because of the speed at which novel malware samples are used in attacks. Rather than just use one version of a keylogger in a campaign, a threat actor will use dozens of versions of that keylogger, each differing slightly to evade signature-based detection mechanisms. AI and automation are used by threat actors to churn out new malware variants rapidly, and signature-based detection alone is no longer good enough. With sandboxing, email protection is greatly improved against these zero-day threats which would otherwise be delivered to end users’ inboxes.
Pattern Filtering in SpamTitan
One of the most loved features of SpamTitan is Pattern Filtering. It saves IT security teams a considerable amount of their precious time by ensuring spammy and phishy emails are not delivered. The Pattern Filtering feature allows administrators to use their own terminology to block inbound emails. Simply set a word or phrase through Pattern Filtering, and SpamTitan will search the subject line and message body and can be configured to generate a warning or quarantine the email if the word or phrase is found.
An example of where this can be useful is combating the Nigerian scam/419 fraud, a type of advanced fee fraud. The 419 comes from Section 419 of the Nigerian Criminal Code which prohibits this kind of scam. While the scam is common with Nigerian cybercriminals, cybercriminal groups in many different countries also conduct this type of scam. While the themes of the emails vary, they all have the same aim. An example would be a prominent person who has substantial funds in their account has been unable to transfer the funds out of the country due to unfair restrictions. They offer to transfer these funds to the user’s account to get the money out of the country in exchange for a percentage of those funds as payment, which may be as high as 20%, which is a life-changing amount of money. The catch? In order to proceed, charges need to be covered and they must be paid in advance. The Pattern Filtering option can be used to block these emails by incorporating phrases commonly used in these emails.
Geo-Filtering in SpamTitan
SpamTitan also incorporates geo-filtering, which allows users to block emails from specific countries. If you never do business with countries in Africa, for example, you can simply block all emails coming from African IP addresses with a few clicks of a mouse, rather than manually blocking IP addresses from which you get a lot of spam emails. This feature saves IT teams a considerable amount of time. One user who has benefited greatly from this feature is Benjamin Jeffrey, IT manager at M&M Golf Cars. His company was receiving many requests from countries that the company does not do business with and was getting flooded with spam emails from a specific IP subnet in a country. He configured the geo-filtering and instantly blocked all those messages. When he checked 6 months after configuring that feature, around 12,000 emails had been blocked. Geo-blocking is also useful for blocking malware quickly. Malware distribution campaigns are often launched from a handful of countries, and geo-filtering can be used to block those messages with ease.
AI and Machine Learning in SpamTitan
SpamTitan has AI and machine learning capabilities to improve the detection of spam and phishing emails. These technologies learn about the emails that are typically received by a company and create a baseline against which new emails can be measured. When emails deviate from the norms, they are flagged as risky and are subjected to more stringent security checks or are quarantined for manual inspection. These technologies greatly improve spam and phishing email catch rates and allow SpamTitan to improve day-by-day. These technologies are a vital defense against zero-day phishing threats – new threats that have not been encountered on the 500+ million endpoints from which threat intelligence is gathered.
Find out More About SpamTitan
These are just some of the most loved and most beneficial features of SpamTitan. In addition to having a high catch-rate and low false positive rate, SpamTitan is one of the most affordable email security solutions on the market, it’s quick and easy to set up, and requires little maintenance. The features, price, and ease of use are why it is loved by thousands of small- and medium-sized businesses, enterprises, and managed service providers. To find out more, give the TitanHQ team a call. The product is available on a 100% free trial if you want to put it to the test, and product demonstrations can be arranged on request.
TitanHQ has made several enhancements to its suite of cybersecurity solutions this month, including an update to the SafeTitan security awareness training and phishing simulation platform to better meet the needs of Managed Service Providers (MSPs) and the release of a new version of the WebTitan DNS-based web filtering solution – Version 5.03, which is now being rolled out for all customers. SpamTitan spam-filter users are also due to get an upgrade, with version 9.01 of the platform due to be released.
The SafeTitan update added a new Auto Campaigns feature for MSPs to better meet the needs of their SMB clients and protect them against increasingly sophisticated phishing threats. While it is vital to have an email security solution such as SpamTitan in place to block email-based threats, workforces also need to be provided with security awareness training to ensure they have the skills to recognize and avoid the full range of cyber threats.
The SafeTitan platform can be used by SMBs for training their workforces and giving them practice at identifying threats and also by MSPs to meet the training needs of their clients. The new Auto Campaigns feature is an automation tool that allows MSPs to reduce the time spent planning and managing security awareness and phishing simulation campaigns for their SMB clients. The AI-driven feature helps MSPs streamline the security training process and improve efficiency while saving time and resources. The Auto Campaigns feature allows MSPs to create an annual set of phishing simulation campaigns for all clients within minutes.
WebTitan is an award-winning web filtering solution that is used by thousands of SMBs, enterprises, and MSPs for controlling access to the Internet and blocking web-based cyber threats. The latest version of the platform includes several new features and bug fixes.
Users now benefit from a new summary report page, the custom block page has a new layout, and several new features have been added. These include support for the customization of the global default policy on the MSP level, which allows the application of a custom default policy on the creation of a customer account. Support has been added for the customization of the default policy on the customer level, it is now possible to inherit the allowed & blocked domains from the customer default policy, and support has been added for allowing/blocking a top-level domain (TLD) on a customer policy and global domains.
SpamTitan is due for an imminent upgrade which will include several new, advanced MSP features. Version 9.01 will have a new history/quarantine feature for MSPs, that will allow them to quickly act on customer emails at the MSP level. Link Lock inheritance has been added at the MSP level to avoid having to drill down to individual domains to make changes, and a new pattern filtering feature has been added which simplifies SpamTitan administration for MSPs and allows them to secure all customers from one place. There is also a simplified mail view, which improves the user experience and makes email analysis simpler.
MSPs also have an Other Products option, which allows them to easily offer other products in the TitanSecure bundle to customers – ArcTitan email archiving, WebTitan web filtering, and SafeTitan security awareness training – and provide a comprehensive, multi-layered security defense system to customers.
Phishing is still the most common method used by cybercriminals in attacks on businesses, as has been confirmed by a new survey of IT security and identity professionals. The Identity Defined Security Alliance recently conducted a survey on 529 IT security professionals and identity professionals at organizations with more than 1,000 employees and found 62% had experienced an identity-related incident in 2022, and out of those, 93% said they had experienced an email phishing incident.
Phishing is popular with cybercriminals as it is easy to conduct campaigns, which can be largely automated and require little skill. These campaigns are low cost and they are effective, as people can easily be fooled into disclosing their credentials or downloading malicious files. Email remains the most common vector used for phishing, with emails usually including a web-based component. Users are directed to malicious websites where malware is downloaded, or their credentials are harvested.
Phishing campaigns can be made even more effective if the emails are targeted. General phishing emails that are sent in massive spamming campaigns will attract a low number of responses but certainly enough to make these campaigns worthwhile; however, by targeting small numbers of individuals the response rate increases dramatically. Spear phishing involves tailoring emails for a specific group of people or researching individuals and sending personalized phishing emails. The survey revealed 49% of respondents had experienced spear phishing attacks in the past year.
Phishing is no longer solely conducted via email, and attacks involving other attack vectors have been steadily increasing. SMS and instant messaging platforms are commonly used for phishing. These phishing attacks are referred to as smishing attacks and phishing can occur over the phone – termed vishing. 27% of respondents said they experienced smishing or vishing attacks in the past year.
Phishing attacks can be extremely costly for businesses. These attacks are conducted to gain initial access to business networks to steal sensitive data, which can be used in a wide variety of ways. Once access to networks is gained and all valuable data has been stolen, access to those networks is often sold to other threat actors such as ransomware gangs for follow-on attacks. Businesses are also increasingly being sued for data breaches by employees and customers, the attacks take time to remediate causing business disruption and often result in significant reputational damage.
Phishing attacks are increasing in sophistication as well as number. While it was once sufficient to implement a spam filtering solution and antivirus software to block attacks, defenses have had to become more comprehensive and sophisticated and provide multiple layers of protection.
TitanHQ solutions can form the basis of a robust defense against phishing. TitanHQ offers three cybersecurity solutions that work seamlessly together that can be used by businesses to mount a formidable defense against phishing attacks, with each solution tackling the threat of phishing from a different angle.
The first layer of defense comes from SpamTitan Email Security – An advanced email security solution for blocking phishing and spam emails, including attacks seeking credentials and those delivering malware. SpamTitan incorporates anti-virus software (dual AV engines) for detecting known malware variants, and behavioral analysis through email sandboxing for detecting zero-day (unknown) malware threats.
Protection against the web-based element of phishing comes from the WebTitan DNS filter, which is used to prevent employees from visiting malicious websites and for controlling access to the Internet through category and keyboard-based web filtering. WebTitan blocks downloads of malicious files and risky file types, and secures the DNS to block command-control callbacks. WebTitan not only blocks phishing attacks via email but also phishing and other malicious websites encountered through web browsing, such as via redirects to malicious websites from online adverts (malvertising).
The third layer of protection is concerned with improving human defenses, which is vital considering that more than 80% of data breaches involve the human element (Verizon Data Breach Investigations Report). SafeTitan is used to create effective security awareness training, tailored to meet the needs of each business and individual. The platform includes a huge library of training content that can be tailored for user groups and individuals which covers all aspects of security. Through SafeTitan training, businesses can raise awareness of threats and eradicate bad security practices. The solution also includes a phishing simulator for testing employees, which delivers on-the-spot training in real-time in response to security mistakes.
Cybercriminals are unlikely to stop conducting attacks and they are only likely to increase in number and sophistication. Businesses therefore need to make sure their defenses are up to scratch. For more information on these TitanHQ solutions, contact the sales team today. You can also take advantage of free trials of these solutions to test them before deciding on a purchase.
Business email compromise (BEC) is big business. For several years, BEC attacks have been the leading cause of losses to cybercrime according to the Federal Bureau of Investigation (FBI). Over the past 5 years, BEC incidents have resulted in more than $43 billion in losses globally, with $83,883,493 in reported losses to BEC scams in 2022.
BEC, also known as email account compromise (EAC), is a sophisticated scamming technique that targets employees and the businesses they work for. These attacks can be conducted to obtain sensitive information such as W-2 forms, which can be used for large-scale tax fraud, but most commonly attempt fraudulent payments, where an employee is tricked into changing payment details for an upcoming payment.
BEC attacks usually start with phishing emails. These can be general phishing emails to gain access to any employee email account, which is then used to send further phishing emails within a company and to vendors to get the high-value email credentials that the attackers seek. Alternatively, spear phishing emails are crafted on well-researched targets, such as employees in the finance department of a company who are likely to have responsibility for making wire transfers or employees at vendors who handle customer accounts. Social engineering techniques are used in the phishing emails to trick the targets into disclosing their credentials.
When access is gained to a targeted email account, the attacker can learn a great deal about the company and can identify vendors/clients, view invoices, and learn about upcoming payments. The style of the target’s emails can be identified, so emails can be carefully crafted using a similar writing style and language to prevent the scam from being detected. A request is then made via email to change banking details for an upcoming payment to attacker-controlled accounts. These accounts are commonly created at overseas banks in Thailand, Hong Kong, China, Mexico, and Singapore.
When the payment is made, funds are rapidly transferred to other accounts or are withdrawn, often before the fraudulent payment is detected. The payments are often large – tens of thousands, hundreds of thousands, or millions of dollars. One common tactic used in BEC attacks is to impersonate construction companies. Research is conducted online to identify a company’s current work projects, and company email accounts are targeted. When access to accounts is gained, the scammers identify contact information, bid information, and project costs.
Construction projects often involve regular payments during construction, so the attackers change bank account information for an upcoming sizable payment. The client of the construction company expects to make a payment, so a simple change of bank account information is unlikely to arouse suspicion, especially since the request comes from a genuine company domain and email account with the correct logos and footers. Oftentimes, the victim has been communicating with the construction company through the same email account. Email communications between the victim and the scammer can span several emails, with the attackers taking their time before making the request. Reports of losses to the FBI between 2018 and 2020 show the fraudulent payments range from around $10,000 to $4 million.
Defending against BEC attacks requires a combination of measures that aim to block the initial account compromise, detect any compromises, identify suspicious requests, and monitor accounts for any irregularities. Advanced phishing defenses are required to block the initial phishing attacks where account credentials are obtained. SpamTitan performs a barrage of tests to identify and block phishing and spear phishing emails. These attacks can involve spoofing rather than email account compromise, and SpamTitan solutions can detect and block emails from fake accounts as well as malware, which is often used to gain initial access to networks before pivoting to email accounts.
SpamTitan also incorporates machine-learning detection mechanisms to identify deviations from the standard emails that a business usually receives, which can identify and block the initial phishing emails and fraudulent emails sent from compromised accounts, since checks are performed on inbound and outbound emails. 2-factor or multi-factor authentication should also be enabled for all company email accounts.
2-factor authentication processes should also be established for any changes to account information. Any request to change account information or change upcoming payments should be verified using a second authentication mechanism such as a telephone call to a verified contact number. Staff should also be provided with security awareness training to alert them to phishing and BEC attacks. SafeTitan security awareness training has extensive training content on phishing and BEC attacks and allows training courses to be easily developed and automated for the specific employees who are likely to be targeted in these scams to provide them with advanced training on how to detect BEC attacks.
For more information on improving email security and security awareness training, contact TitanHQ. TitanHQ solutions are available on a free trial, with full access to customer support for the duration of the trial to help you get the most out of the products.
Business email compromise tactics commonly change, so businesses need to ensure that they provide regular security awareness training to their workforce. Businesses that implement an ongoing security awareness training program can ensure that all employees are made aware of the emerging tactics so that when a threat is received, they will be able to identify it as such and report it to their security team.
BEC attacks typically involve spoofing an individual or company to get an individual to make a fraudulent wire transfer to an attacker-controlled account. The FBI has recently reported that tactics are becoming more sophisticated, and telephone numbers are also being spoofed. When the targeted individual calls to verify the authenticity of the emailed request, they speak with the scammer. It is vital to ensure that employees are told to verify the authenticity of any out-of-band requests for payments, changes to account details, requests for gift cards, and other common scam tactics but to ensure that verified contact information is used, and never the contact information supplied in the email.
Another BEC tactic that is becoming increasingly common attempts to obtain goods under false pretenses, instead of tricking people into making wire transfers. This tactic is often adopted by less advanced threat actors, as they do not have to recruit the money mules to accept the payments. According to the FBI, scammers are impersonating the email domains of U.S. companies and are spoofing emails with the real names of company employees, so if checks are performed, they will be passed.
The scammers trick vendors into believing they are conducting legitimate business transactions and fulfilling purchase orders for distribution to new customers. Scams identified by the FBI include the targeting of vendors of agricultural equipment, construction materials, computer hardware, solar energy products, and more. The goods are distributed and by the time the scam is identified, they have been moved on and cannot be traced or recovered. Since these purchase orders are often for bulk goods, thousands or hundreds of thousands of dollars can be lost.
Businesses often provide new customers with credit repayment terms such as net-30 or net-60, where they are not required to pay for the goods for 30 or 60 days. That means by the time the scam is identified the goods have long since been moved and sold. Businesses naturally conduct credit checks before offering those terms, but the attackers are supplying fake credit references and fraudulent W-9 forms to vendors to get the payment terms to allow them to purchase goods without any upfront payment.
The best way to protect against these scams is to ensure that you have an advanced email security solution in place – Such as SpamTitan – to block the initial contact via email. However, it is also important to provide security awareness training to the workforce.
SafeTitan is a modular training platform that allows businesses to develop custom training courses for different individuals, roles, and departments, and to ensure that the training provided is relevant. The platform includes hundreds of training modules and can be tailored to meet the needs of all organizations. The training content is regularly updated to include the latest tactics that are being used, allowing businesses to keep all members of the workforce 100% up to date on the latest threats.
Administrators can trigger training modules for all members of the workforce when new threats are identified. The modules are easy to fit into busy workflows and take no longer than 10 minutes. Through SafeTitan security awareness training, businesses can develop a security culture and greatly reduce susceptibility to phishing and BEC attacks. Data from the SafeTitan phishing simulation platform shows businesses can reduce susceptibility to email scams by up to 80% over time through email attack simulations.
For more information on SafeTitan Security awareness training and phishing simulations contact TitanHQ today.
Business email compromise (BEC) may not be the most prevalent form of cybercrime, but it is one of the costliest. Over the last few years, BEC attacks have seen the greatest losses out of any form of cybercrime, and BEC attacks have been increasing. According to the Federal Bureau of Investigation (FBI), between July 2019 and December 2021, losses to BEC attacks increased by 65%, and between June 2016 and July 2019 there were 241,206 complaints about BEC attacks and $43,312,749,946 was lost to the scams. In 2022, there were almost 22,000 victims of BEC attacks and adjusted losses to these scams were more than $2.7 billion.
In a typical BEC scam, a criminal sends an email message to a targeted individual that appears to have come from a known source making a legitimate request. Commonly, a company that the victim regularly deals with sends an invoice with an updated bank account or mailing address. A scam may be conducted where the victim is asked to purchase gift cards and email the serial numbers. Scams often target homebuyers, where the message appears to come from the title company with instructions on how to wire the payment. An executive may be impersonated and the tax information of all employees may be requested. There are many variations of these scams, and they often result in thousands, hundreds of thousands, or even millions of dollars in losses.
BEC scammers often spoof an email account or a website, or they may compromise a legitimate email account through a phishing or spear phishing email. With access to email accounts, a scammer can search the accounts to find out more about the company and gain the information they need to conduct realistic scams. Malware may be sent via email that gives the attacker access to email accounts, which allows them to hijack message threads.
One of the most common types of BEC attacks involves the impersonation of an individual or company and a request to send fraudulent wire payments to attacker-controlled bank accounts. Historically, these scams have involved compromised vendor email accounts and a request to change bank account information for upcoming payments for goods and services. In its latest Internet Crime Report, the FBI said BEC scammers are increasingly targeting investment accounts, and utilizing custodial accounts held at financial institutions for cryptocurrency exchanges or requesting victims send funds directly to cryptocurrency platforms.
In the past, scammers have relied on their spoofing tactics but the scam fails if the targeted individual verifies the legitimacy of the request by phone. However, it is now becoming increasingly common for scammers to spoof legitimate business phone numbers and use these to confirm fraudulent banking details with victims. There have been many cases where the victims report they have called a title company or realtor using a known phone number, only to find out later that the phone number has been spoofed.
Defending against BEC attacks requires a combination of measures. First, since these attacks often start with a phishing email, a spam filtering service is essential. A spam filter will block the emails that allow credentials to be stolen and email accounts compromised. Spam filters can also detect and block spoofing and are the primary defense against these attacks. TitanHQ has developed SpamTitan Email Security to help businesses defend against BEC attacks, phishing, and other email-based attacks.
Unfortunately, email filtering alone is not sufficient. A spam filter will block the majority of email threats but additional measures need to be implemented. The key to defending against BEC attacks is defense-in-depth. These attacks target human weaknesses, so it is important to train the workforce to be aware of these scams and the changing tactics of BEC scammers. Employees need to be taught the red flags they need to look for in emails and the security best practices that can thwart these scams.
TitanHQ offers the SafeTitan security awareness platform to businesses which can be used to train employees to be more vigilant and tell them what they need to look for. The platform can be used to teach security best practices, such as carefully examining the email address, URL, and spelling used in any correspondence, and the importance of not clicking on anything in an unsolicited email or text message that asks them to update or verify account information.
The increase in spoofing means it is now essential to implement two-factor or multi-factor authentication, to add an extra level of security to protect accounts from unauthorized access. It is also vital to implement policies that require requests to be independently verified using confirmed contact numbers, not those provided via email.
Adopting such a defense-in-depth approach will help you protect against these financially damaging scams. Contact TitanHQ today to find out more about how you can cost-effectively improve email security and train your workforce.
G2 (formerly G2 Crowd) has recently published its G2 Crowd Grid® Winter 2023 Report, which highlights the leading IT security products for businesses. G2 Grid Reports are based on satisfaction scores from genuine business users of IT solutions and are plotted into a quadrant along with market presence data, with each solution positioned in one of four quadrants: Leader, High Performer, Contender, and Niche. The Leader quadrant indicates products have high satisfaction scores from users and a strong market presence.
TitanHQ is happy to announce that SpamTitan Email Security has been placed in the Leader quadrant in five categories: Cloud Email Security, Small Business Email Security, Email Anti-Spam SMB, Email Protection, and Email Security, and was also given a top five position in 12 other categories.
G2 is a trusted source of reviews of technology for business and is used by thousands of businesses to help them with their purchasing decisions. G2 includes more than 2,072,000 reviews of business software from genuine users of the solutions, and those data are combined with social media reviews and other trusted online sources of data for its quarterly Grid reports. The G2 platform and Grid Reports are relied upon by more than 5 million buyers every month.
TitanHQ is a Galway, Ireland-based provider of cloud-based cybersecurity solutions. Those solutions include email security, DNS filtering, email archiving, email encryption, security awareness training, and phishing simulations. The products consistently attract high satisfaction scores from users on G2 and other business software review platforms such as Capterra, Gartner, GetApp, and Software Advice. Across those platforms, SpamTitan has attracted more than 500 5-star ratings based on customer reviews, and SpamTitan is also the category leader for email security on PeerSpot and Expert Insights, two other highly trusted review platforms.
The high scores show how much users love using SpamTitan products – SpamTitan Cloud, SpamTitan Gateway, and SpamTitan Plus – and how effective they are at blocking email-based threats. SpamTitan Plus is the latest addition to the SpamTitan family of products and was launched last year to provide leading-edge protection against phishing attacks, in particular, real-time phishing threats by utilizing AI and machine learning and extensive threat intelligence data – more than any other anti-phishing solution on the market. The result is 1.5x faster detection of malicious emails than the leading industry anti-phishing solutions from Barracuda, Proofpoint, and Mimecast. In addition to providing excellent protection, SpamTitan is easy-to-implement, easy to use, and far more affordable for businesses than many similar solutions. Users also benefit from exceptional front-line support. If any problems are experienced, help is rapidly provided.
The naming of SpamTitan as a leader in so many categories is a testament to the hard work of everyone at TitanHQ, and the considerable investment in the product. “The overwhelmingly positive feedback from SpamTitan users on independent review sites is a return for the massive investment we made into our products and threat intel,” said Ronan Kavanagh, CEO, TitanHQ.
If you want to save money on email security without sacrificing protection, why not give SpamTitan a try by taking advantage of the free trial of the solution today and see for yourself why SpamTitan products are consistently rated so highly by users.
The cybersecurity company Cyren has collapsed, leaving its customers at risk. If you use Cyren for email and web security, you should change provider immediately!
It is sad news when any company is forced to significantly reduce its workforce, which for Cyren recently involved laying off 121 employees “in response to current market conditions and associated challenges with raising additional capital.” Cyren issued a press release saying that such extensive layoffs represent a significant reduction in all of the company’s workforce, and that “in the absence of additional sources of liquidity, management anticipates that the Company’s existing cash and projected cash flows from operations will not be sufficient to meet the Company’s working capital needs in the near term.”
So what does that mean for close to 1 billion users that rely on the company’s cybersecurity solutions? TitanHQ contacted the company’s CISO in relation to the news and received a response. “The SDK will work for as long as the systems in the cloud will continue running. Unfortunately, we have no personnel left to watch after the systems, so it is hard to predict how long they will run for.”
As a provider of email and web security solutions, TitanHQ can confirm that without constant updates to anti-spam signatures, the ability of a solution to block new phishing attacks will rapidly diminish, which means that customers will be exposed to threats. While it is possible that Cyren will be able to attract further investment, in the short term customers should be very concerned. Unfortunately, a mass exodus of customers is the last thing Cyren needs, but those customers need to ensure that they continue to be protected against email and web-based threats, which means switching to another solution provider.
TitanHQ has already received many calls from Cyren customers following the company’s February 1, 2023, press release announcing the financial difficulties the company is facing and has offered those customers a special deal that can provide short-term protection while they decide on the best next step, and that is to extend the free trial of SpamTitan Email Security and the WebTitan DNS Filter to 30 days.
Both solutions can be implemented in a matter of minutes and will ensure Cyren customers remain protected against email and web-based threats. The TitanHQ team has been busy helping Cyren customers get up and running with the two solutions over the past 2 weeks since the announcement was made.
Naturally, TitanHQ would love to continue to provide these solutions to Cyren customers past the 30-day free trial and hopes they continue to use the solutions, but this is a no-obligation free use of the platform aimed at helping Cyren customers stay protected. If after the end of the 30 days they decide to go elsewhere, that is no problem at all. This is a totally free offer with no obligation to continue and with no strings attached.
The TitanHQ team will be monitoring capacity – which is already hugely overprovisioned – to ensure that there is no impact on current users, and response times to queries are constantly monitored to ensure that customers are not impacted. TitanHQ’s infrastructure can also be rapidly scaled up to meet demand should the need arise.
Cyren customers wishing to take advantage of the offer should contact TitanHQ to speak to the migration team, and assistance will be provided to get you up and running quickly.
TitanHQ has collected 5 awards for its cybersecurity solutions in the Expert Insights Fall 2022 ‘Best-Of’ Awards across 5 product categories.
Expert Insights is an online platform for businesses that provides independent advice on business software solutions to help businesses make informed purchasing decisions about software solutions. The advice provided on the website is honest and objective, and the site features helpful guides to help businesses purchase with confidence. The site is used by more than 85,000 businesses each month, with the website helping more than 1 million readers each year.
Twice yearly, Best-of awards are given to the top ten solutions in each of the 41 product categories. The awards showcase the best quality solutions that are helping businesses to achieve their goals and defend against the barrage of increasingly sophisticated cyberattacks. The awards are based on several factors, such as the features of products, market presence, ease of use, and customer satisfaction scores, with the award winners chosen by the in-house team of editors. The editorial team conducts research into each solution to assess its performance, functionality, and usability, and assesses the reviews from genuine business users of the solutions.
TitanHQ collected five awards for its products in the Spring 2022 Best-of awards, and this has been followed up with another 5 Fall 2022 Best-of awards. TitanHQ was given a Best-of award for SafeTitan in the Phishing Simulation and Security Awareness Training categories, SpamTitan Cloud received an award in the Email Security category, WebTitan Cloud got an award in the Web Security category, and ArcTitan won in the Email Archiving category. Further, ArcTitan Email Archiving was rated the top solution in the Email Archiving category and SpamTitan was rated the top solution in the Email Security category.
There were several big winners at the Fall 2022 Expert Insights Best-of awards, with TitanHQ joining companies such as ESET, CrowdStrike, and Connectwise in winning big.
“We are honored that TitanHQ was named as a Fall 2022 winner of Expert Insights Best-Of award for phishing simulation, email security, security awareness training, web security and email archiving” said TitanHQ CEO, Ronan Kavanagh. “Our cloud-based platform allows partners and MSPs to take advantage of TitanHQ’s proven technology so they can sell, implement and deliver our advanced network security solutions directly to their client base”.
For more than 10 years, PeerSpot (formerly IT Central Station) has been helping tech pros make intelligent decisions on the best information technology solutions to implement to ensure they get the solutions that perfectly address the needs of their businesses. The PeerSpot Buying Intelligence Platform is powered by the world’s largest community of enterprise tech buyers and bridges the gap between vendors and buyers. Vendors are helped through the voice of their customers, and enterprise tech buyers receive relevant and practical advice to help them make better purchasing decisions. The platform provides in-depth reviews of products, online forums, and tech buyers have access to direct Q&A support.
This year sees PeerSpot launch its first Annual User’s Choice Award program to recognize the products that are helping businesses to achieve their goals. Customers of enterprise technology vendors are invited to vote for their favorite B2B Enterprise Technology products across 11 product categories.
In 2022, those product categories are:
Endpoint Protection for Business
Firewalls
Backup and Recovery Software
Network Monitoring Software
HCI
All-Flash Storage Arrays
Email Security
Ethernet Switches
Application Security Tools
Functional Testing Tools
Rapid Application Development Software
In order for a solution to be included in the relevant category, it must be amongst the highest-rated products on the PeerSpot Buying Intelligence Platform. That requires a product to have generated significant user engagement on the platform and to have been rated highly by verified users of the solutions.
The winners in each category will be decided by popular vote.
TitanHQ is proud to have had its SpamTitan solution included as one of the top spam filtering, anti-phishing, and anti-malware solutions in the email security category. SpamTitan provides layered protection for enterprises, SMBs, and managed service providers and blocks email-based threats such as phishing, malware, spam, viruses, and botnets. The solution incorporates signature- and behavior-based detection to block malware threats and predictive technologies to anticipate zero-minute threats. SpamTitan is much loved by users not just for its performance, but also ease of set up, use, maintenance, price, and the industry-leading customer support provided by TitanHQ. SpamTitan has an overall star rating of 4.6/5 on the platform.
If you love using SpamTitan and it has helped your business block more threats, cut down on the resources you have had to devote to email security, or saved you money, TitanHQ encourages you to vote for SpamTitan. Voting will take around a minute of your time. Votes are being accepted until September 16th, 2022, and the winners in each category will be announced by PeerSpot on October 25, 2022.
TitanHQ has announced an update has been made to its flagship anti-phishing solution, SpamTitan Plus. The new enhancements have been added to the predictive phishing detection capabilities of SpamTitan Plus to help users block personalized URL attacks.
Phishing attacks on businesses have become much more sophisticated and new tactics are constantly being developed to evade standard email security solutions. While commercial email security solutions perform well at identifying and blocking spam emails, achieving detection rates in excess of 99%, blocking phishing emails is more of a challenge and many phishing threats sneak past email security solutions and are delivered to inboxes.
One of the ways that cyber threat actors bypass email security solutions is by creating personalized URLs for their phishing emails. One of the methods used by email security solutions for blocking phishing URLs is a real-time blacklist of known malicious URLs and IP addresses. If an email is sent from an IP address that has previously been used to send spam or phishing emails, the IP address is added to a blacklist and all emails from that IP address will be blocked. The URLs in phishing campaigns are set up and massive email runs are performed. When those URLs are detected as malicious, they are also added to a blacklist and will be blocked by email security solutions.
However, it is becoming increasingly common for personalized URLs to be used. These URLs can be personalized for the targeted organizations at the path and parameter level, and since a unique URL is used in each attack, standard anti-phishing measures such as blacklists are ineffective at detecting these URLs as malicious. That means the emails containing these malicious URLs are likely to be delivered to inboxes and can only be blocked after they have been delivered. That typically means an employee needs to report the email to their security team, and the security team must then act quickly to remove all phishing emails in that campaign from the email system. That process takes time and there is a risk that the links in the emails could be clicked, resulting in credential theft or malware infections. Most of the phishing detection feeds that are used by email security solutions do not gather the necessary intelligence to be able to inform customers of the level at which a phishing campaign should be blocked. SpamTitan Plus, however, does have that capability.
“With predictive phishing detection, SpamTitan Plus can now combat automated bot phishing,” said Ronan Kavanagh, CEO of TitanHQ. “At TitanHQ we always strive to innovate and develop solutions that solve real-security problems and provide tangible value to our customers. The end goal is to have our partners and customers two or three steps ahead of the phishers and cybercriminals.”
SpamTitan Plus
SpamTitan Plus is an AI-driven anti-phishing solution that is capable of blocking even the newest zero-day phishing threats. The solution has better coverage than any of the current market leaders and provides unparalleled time-of-click protection against malicious hyperlinks in phishing emails, with the lowest false positive rate of any product. SpamTitan Plus benefits from massive clickstream traffic from 600+ million users and endpoints worldwide, which sees the solution block 10 million new, never-before-seen phishing and malicious URLs a day.
The solution protects against URL-based email threats including malware and phishing, performs predictive analyses to identify suspicious URLs, URLs are rewritten to protect users, real-time checks are performed on every click, and the solution includes 100% of all current market-leading anti-phishing feeds. That translates into a 1.5x increase in unique phishing URL detections, 1.6x faster phishing detections than the current market leaders, and 5 minutes from initial detection of a malicious URL to protecting all end user mailboxes.
For more information about the best phishing solution for businesses, give the TitanHQ team a call today. Current users of SpamTitan Plus already have these new capabilities added, at no additional cost.
Phishing is commonly used to gain access to credentials to hijack email accounts for use in business email compromise (BEC) attacks. Once credentials have been obtained, the email account can be used to send phishing emails internally, with a view to obtaining the credentials of the main target. Alternatively, by spear phishing the target account, those steps can be eliminated.
If the credentials are obtained for the CEO or CFO, emails can be crafted and sent to individuals responsible for wire transfers, requesting payments be made to an attacker-controlled account. A common alternative is to target vendors, in an attack referred to as vendor email compromise (VEC). Once access is gained to a vendor’s account, the information contained in the email accounts provides detailed information on customers that can be targeted.
When a payment is due to be made, the vendor’s email account is used to request a change to the account for the upcoming payment. When the payment is made to the attacker-controlled account, it usually takes a few days before the non-payment is identified by the vendor, by which time it may be too late to recover the fraudulently transferred funds. While BEC and VEC attacks are nowhere near as common as phishing attacks, they are the leading cause of losses to cybercrime due to the large amounts of money obtained through fraudulent wire transfers. One attack in 2018 resulted in the theft of $23.5 million dollars from the U.S. Department of Defense.
In this case, two individuals involved in the scam were identified, including a Californian man who has just pleaded guilty to six counts related to the attack. He now faces up to 107 years in jail for the scam, although these scams are commonly conducted by threat actors in overseas countries, and the perpetrators often escape justice. The scam was conducted like many others. The BEC gang targeted DoD vendors between June 2018 and September 2018 and used phishing emails to obtain credentials for email accounts. An employee at a DoD vendor that had a contract to supply Aviation JA1 Turbine fuel to troops in southeast Asia for the DoD received an email that spoofed the U.S. government and included a hyperlink to a malicious website that had been created to support the scam.
The website used for the scam had the domain dia-mil.com, which mimicked the official dla.mil website, and email accounts were set up on that domain to closely resemble official email accounts. The phishing emails directed the employee to a cloned version of the government website, login.gov, which harvested the employee’s credentials. The credentials allowed the scammer to change bank account information in the SAM (System for Award Management) database to the account credentials of the shell company set up for the scam. When the payment of $23,453,350 for the jet fuel was made, it went to the scammers rather than the vendor.
Security systems were in place to identify fraudulent changes to bank account information, but despite those measures, the payment was made. The SAM database is scanned every 24 hours and any bank account changes are flagged and checked. The scammers learned of this and made calls to the Defense Logistics Agency and provided a reason why the change was made and succeeded in getting the change manually approved, although flags were still raised as the payment was made to a company that was not an official government contractor. That allowed the transfer to be reverted. Many similar scams are not detected in time and the recovery of funds is not possible. By the time the scam is identified, the scammers’ account has been emptied or closed.
The key to preventing BEC and VEC attacks is to deal with the issue at its source to prevent phishing emails from reaching inboxes and teach employees how to identify and avoid phishing scams. TitanHQ can help in both areas through SpamTitan Email Security and the SafeTitan security awareness training and phishing simulation platform. Businesses should also implement multifactor authentication to stop stolen credentials from being used to access accounts.
It took 10 months for the operators of the Emotet botnet to return after their botnet infrastructure was shut down in an international law enforcement operation, and then just a further 3 months for Emotet malware to regain its position as the most widely deployed malware.
According to Check Point, in March 2022, Emotet reestablished itself as the most widely distributed malware. Emotet has emerged like a phoenix from the flames, and infections have been soaring, with March seeing an astonishing increase in infections. Check Point says as many as 10% of all organizations globally were infected with Emotet in March, which is twice the number of infections the firm recorded in February.
Emotet first appeared in 2014 and was initially a banking Trojan; however, the malware has evolved considerably. Like many other banking Trojans, modules have been added to give the malware new functionality and today the malware is operated under the malware-as-a-service model, with access to Emotet-infected devices sold to other cybercriminal operations, which in the past has included the TrickBot operators and ransomware gangs.
In November 2021, 10 months after the botnet’s infrastructure was taken down, security researchers started reporting the resurrection of Emotet. The TrickBot operators helped to rebuild the Emotet botnet by using their malware to download Emotet as a secondary payload, and in the past couple of months, massive spamming campaigns have been launched to distribute Emotet which have proven to be highly successful. Emotet is also a self-propagating malware and the emails used to distribute it are convincing. One of the Emotet spam email campaigns being tracked by Kaspersky has been scaled up considerably, increasing 10-fold in just one month. That campaign is being used to distribute Emotet and the linked malware QBot. In February, Kaspersky intercepted 3,000 emails. In March, 30,000 emails were intercepted.
Like previous campaigns distributing Emotet, business email threads are hijacked and replies are sent to those messages that contain malicious hyperlinks or attachments. Since the messages come from trusted senders and appear to be responses to genuine messages, the chance of them attracting a click is high. This campaign highlights the importance of having an email security solution than conducts scans of outbound as well as inbound mail. Security Awareness training is also important to condition the workforce to constantly be on the lookout for potential threats, even when emails appear to have been sent internally from corporate accounts or other trusted senders.
Some of the spam email campaigns have revealed new tactics, techniques, and procedures (TTPs) are being tested to distribute the malware. This April, Microsoft started blocking macros in Office files downloaded from the Internet by default. This is a problem for threat actors that have previously relied on macros in Excel spreadsheets and Word documents to download their malware, so it is no surprise to see the Emotet operators changing their tactics to get around this.
One campaign has been identified that uses XLL files – a type of dynamic link library (DLL) file – rather than Excel and Word files. XLL files increase the functionality of Excel, and using these files gets around the problem of VBA macros being blocked. Emotet is known for large spamming campaigns; however, this campaign was conducted on a small scale, possibly to test its effectiveness. Should the campaign prove successful, it will likely be scaled up. In this campaign, the emails are linked to OneDrive, and if the link in the email is clicked, the XLL file is downloaded in a password-protected .zip file. The password to unlock the .zip file is provided in the message body.
Emotet is also being distributed via Windows shortcut files (.LNK). The Emotet operators have used this tactic in the past in combination with VBS code; however, this campaign does away with the VBS code, and instead, the .LNK files are used to directly execute PowerShell commands that download the Emotet payload.
Is likely that the operators will switch to new variants that have lower detection rates by AV engines, as has been done many times in the past, which is why it is important to have an email security solution that is not reliant on signature-based detection mechanisms. Behavioral analysis is vital for detecting these new variants. An email security solution with email sandboxing will help to protect against new malware variants that have not had their Signatures uploaded into AV engines.
Managed Service Providers have a great opportunity on January 21, 2022, to discover some of the key products they can incorporate into their service stacks to help grow their business and provide even better value to their clients.
The Channel Pitch Livestream Event is totally free of charge for MSPs, MSSPs, ISPs, VARs, IT solution providers, and consultants and will introduce attendees to products from 7 innovative technology vendors that have been specifically curated for the Chanel Pitch event. The technology vendors have had their solutions adopted by some of the most successful MSPs and are being used to better protect their clients, improve efficiency, and significantly improve their bottom lines.
The event is being hosted by Serial Tech Entrepreneur Kevin Lancaster and Channel Evangelist Matt Solomon, both of whom are highly esteemed MSP industry professionals. They will be introducing 7 emerging technology vendors, each of which will give a 7-minute presentation on a key product for MSPs and other service providers.
TitanHQ is happy to announce that Conor Madden, Director of Sales, will be hosting one of the 7-minute presentations to introduce MSPs to TitanHQ’s award-winning cybersecurity solutions that have been proven to help MSPs significantly improve their profits while also ensuring downstream businesses are well protected from cyber threats.
The LiveStream Event will take place on January 21, 2022, at 4.00 p.m. GMT, 11 a.m. EST, 8 a.m. PST and attendees will be able to see presentations from the following vendors:
TitanHQ – Email and Web Security
Hook Security – Security Awareness Training
Nerdio – Azure
Nuvolex – XaaS Management
Speartip – SOC
Threatlocker – Application Whitelisting
Zomentum – Sales Automation
Attendees will be able to engage directly with vendors or provide 100% anonymous feedback.
TitanHQ has been included in the 2021 Deloitte Technology Fast 50 List of the fastest-growing tech companies in Ireland. The Award program has now been running for 22 years and celebrates innovation and entrepreneurship in Ireland’s indigenous technology sector.
Deloitte compiles the list based on percentage revenue growth over the past 4 years, with TitanHQ ranking in position 33 in the list after a long period of sustained growth. That growth continued throughout the COVID-19 pandemic when many businesses have struggled. Not only has the company significantly increased its customer base over the past 4 years, the workforce has also had a major expansion. Between September 2020 and April 2021, TitanHQ’s workforce doubled in size.
As well as impressive organic growth, TitanHQ has benefitted from investment from Livingbridge Investor Group which has allowed the company to continue to recruit the best talent to support its business and invest in product development. As well as making improvements to its existing product portfolio, the company released a new product this month – SpamTitan Plus.
SpamTitan Plus builds on the protection provided by SpamTitan Gateway and SpamTitan Cloud but significantly improves detection of the malicious URLs in emails that are used for phishing and malware distribution. SpamTitan Plus has coverage of all major phishing feeds and has the fastest and best detection rates of malicious URLs than any of the market-leading anti-spam solutions.
“As a result of increased demand globally for our solutions, we have invested heavily in product development and embarked on a recruitment campaign to double our workforce in a program that will allow that growth to continue,” said TitanHQ CEO, Ronan Kavanagh. “The quick move to remote working last year has made us all aware of how important it is to be adaptable and have the right security solutions in place to protect users, customers, company data, and systems.”
TitanHQ’s customer base has now increased to more than 12,000 businesses, including over 2,500 managed service providers in 150 countries, with much of TitanHQ’s growth over the past 4 years due to the increase in overseas customers. That growth was also recognized by Deloitte, which awarded TitanHQ runner-up spot in the Scale Up Award. The Scale Up Award recognizes companies that have enjoyed significant overseas growth over the past 4 years.
“Congratulations to all of the companies that ranked this year. This is the first year we have seen the impact the pandemic has had on revenues of Irish tech companies,” said David Shanahan, Partner, Deloitte “It will come as no surprise that many of this year’s winners have achieved accelerated growth and scale as a result of the pandemic and being able to capitalize on the global move to a digital way of life.”
Phishing is the number one cybersecurity threat faced by businesses and attacks are becoming highly sophisticated. Phishing is used to obtain sensitive information such as login credentials and for distributing malware and ransomware. 91% of all cyberattacks start with phishing emails.
Many businesses now provide security awareness training for the workforce to raise awareness of the threat from phishing and to teach employees the skills that will allow them to identify and avoid phishing emails, but the click rates in phishing emails remain high. According to Security Affairs, 97% of users fail to identify phishing emails. The reason is phishing emails are now being created that are virtually indistinguishable from genuine communications from trusted sources and phishers are experts at social engineering.
The best defense against phishing is a spam filter – A technical solution that scans all inbound (and outbound) emails and performs a wide range of checks and analyses, all of which must be passed in order for an email to be sent to an inbox. Spam filters scan the message headers and message body for signs of spam and phishing, and attachments are scanned using anti-virus engines that identify known malware variants. Hyperlinks in messages are also checked; however, phishers are constantly developing new techniques for hiding malicious URLs from email security solutions.
TitanHQ’s spam and phishing protection solution – SpamTitan – already provides excellent protection from spam and phishing emails; however, a new product – SpamTitan Plus – has now been launched that significantly improves detection rates. SpamTitan Plus provides advanced phishing protection with better coverage, better phishing link detections, faster detection speed, and also has the lowest false positive rate of any product.
“The overwhelming feedback from our users and customer base has been that phishing attacks are becoming more advanced, proficient, and dangerous. Phishing is the number one problem to solve in the email security community,” said TitanHQ CEO Ronan Kavanagh. “With that in mind, we allocated resources and investment to develop a solution with new, cutting-edge, robust, fast phishing threat intelligence driven by a team of security specialists. We’re very happy with the result – SpamTitan Plus”.
SpamTitan Plus includes leading-edge, AI-driven anti-phishing prevention and incorporates the newest “zero-day” threat intelligence, providing better protection than current market-leading email anti-spam service providers at neutralizing malicious links in emails.
All URLs in emails are inspected to determine if they are malicious and are rewritten, and a time-of-click analysis is performed. This is important as the URLs in phishing emails may not be malicious at the time of delivery and may be weaponized with malware after they have passed email security checks. The time-of-click protection involves several dynamic checks, including a page evaluation to identify spoofed websites and login pages and the following of any redirects. If a user clicks on a malicious URL, instead of being directed to the website they will be sent to a local block page that provides further information.
Independent tests of SpamTitan Plus show:
100% coverage of phishing threats from the current market-leading anti-phishing feeds
5X increase in unique phishing URL threat detection than the current market leaders
6X faster and more rapid phishing detection than the current market leaders
10 million new, previously undiscovered phishing URLs are detected every single day and there is only a 5-minute delay from the initial detection of a malicious URL to protect an end user’s mailbox.
SpamTitan is relied upon by 12,000 customers and 3,000 Managed Service Providers for protecting against spam and phishing emails. They can now choose to significantly improve protection with SpamTitan Plus. For more information about SpamTitan Plus, Give the TitanHQ team a call today.
There has been an alarming surge in ransomware attacks in 2021. Attacks have been conducted on businesses of all sizes, from large international enterprises with multi-million-dollar cybersecurity budgets to small businesses with just a handful of employees. The attacks have shown that no business is to large or small to be targeted.
Ransomware is a form of malware that is used to encrypt files to prevent them from being accessed. The attacker holds the keys to allow data to be decrypted, and those keys will only be provided if a ransom is paid. Ransom demands can range from a few thousand dollars for individual devices up to tens of millions of dollars for large companies.
900% Increase in Ransomware Attacks in 2021
This year has seen ransomware attacks conducted at an alarming level. CybSafe‘s data has revealed a 900% increase in ransomware attacks in the first 6 months of 2021 compared to the corresponding period last year. In addition to the increase in number, the cost of mitigating the attacks has increased and the ransom demands have been growing. This week, for example, Europe’s largest consumer electronics retailer – MediaMarkt – confirmed it was the victim of a Hive ransomware attack. The attackers reportedly demanded a payment of $240 million for the keys to decrypt files.
2021 has shown no company is off limits with multiple attacks conducted on critical infrastructure firms. One attack on Colonial Pipeline in the United States resulted in the shutdown of a fuel pipeline serving the Eastern Seaboard of the United States for a week. A ransom payment of $4.4 million was paid to the attackers to recover data.
The U.S. software company Kaseya, which provides a range of software solutions to businesses and managed service providers, suffered a major ransomware attack involving REvil ransomware. The REvil gang demanded a payment of $70 million for the keys to decrypt files. The attack affected around 40 managed service providers and an estimated 1,500 downstream businesses.
Attacks have also been conducted on many healthcare providers, with those attacks disrupting healthcare services and putting patient safety at risk. In May 2021, Ireland’s Health Service Executive (HSE) suffered a ransomware attack which is believed to have started with a phishing email. The response gave the Conti ransomware gang the access needed to encrypt files. A $20 million ransom demand was issued, although the attackers provided the keys free of charge in the end. Even so, the HSE took months to recover from the attack at considerable cost.
Ransomware Gangs Targeted by Law Enforcement
The above attacks represent just a tiny percentage of the ransomware attacks that have been publicly disclosed this year and it is clear that the threat of attack is unlikely to wane any time soon.
There has been some good news, however. The attacks on critical infrastructure firms have forced the U.S. government to step up its efforts to target ransomware-related crime. Following the attacks, ransomware attacks were elevated to a level akin to terrorist attacks, and with that comes additional resources.
Already the United States and law enforcement partners around the world have succeeded in disrupting the activities of several ransomware gangs. The REvil ransomware infrastructure was taken down and arrests were made, the Darkside operation shut down and its suspected successor BlackMatter also. Suspected members of the Clop ransomware operation have been arrested, and Europol has arrested 12 individuals in connection with LockerGoga, MegaCortex, and Dharma ransomware attacks.
While the arrests and infrastructure takedowns will have a short-term effect, ransomware threat actors are likely to regroup, set up new operations, and recommence their attacks as they have done in the past.
An Easy Step to Take to Improve Ransomware Defenses
Businesses need to take steps to combat the ransomware threat, but since many different methods are used to gain access to networks, this can be a challenge. The best place to start is to make sure defenses against phishing emails are put in place. Most ransomware attacks start with a phishing email, which either delivers malware or gives attackers credentials that provide them with the foothold in networks that they need to conduct their attacks.
Email security solutions such as SpamTitan filter out malicious messages and prevent them from reaching inboxes where they can fool employees. Technical solutions such as email security gateways are far more effective than end user training at blocking threats, although it is also important to make sure employees are aware of cybersecurity best practices and are taught how to identify a phishing email.
Email filtering solutions such as SpamTitan perform an in-depth analysis of all email content and can detect malicious links and email attachments. When emails fail the checks, they are sent to the quarantine folder where they can be reviewed. This allows security teams to gain a better understanding of the threats that are targeting their organization and also allows false positives to be identified so filtering rules can be updated.
SpamTitan incorporates dual antivirus engines for detecting known malware variants and email sandboxing where suspicious attachments are sent for in-depth analysis. The Bitdefender-powered sandbox allows new malware variants to be identified, and machine learning technology ensures email filtering improves over time.
A huge array of checks and controls ensure malicious messages are blocked, but that all happens behind the scenes. Administrators benefit from a clean, easy-to-use interface that requires no technical skills to navigate and use. All information and controls are intuitive.
If you would like to find out more about improving your defenses against ransomware, malware, phishing, and other email and web-based threats, give the TitanHQ team a call. All TitanHQ cybersecurity solutions are available on a free trial, allowing you to put them to the test in your own environment before making a decision about a purchase.
Expert Insights has announced its Fall 2021 Best-of Cybersecurity Awards and each of TitanHQ’s products was ranked No1 in their respective categories. This is the second successive year where TitanHQ has had a clean sweep and topped the list for Best Email Security Gateway, Best Web Security Solution, and Best Email Archiving Solution for Business. In addition, SpamTitan ranked top in the Best Email Security Solution for Office 365 category.
Expert Insights is a recognized online cybersecurity publication and industry analyst, that has technical and editorial teams in both the United States and United Kingdom. The publication covers cybersecurity and cloud-based technologies, and its website is used by more than 80,000 business owners, IT admins, and others each month to research B2B solutions. Expert Insights produces editorial buyers’ guides, blog posts, conducts interviews, and publishes industry analyses and technical product reviews from industry experts.
The annual awards are intended to recognize the leading cybersecurity companies and their products, with the winners selected based on industry recognition, customer feedback, and research conducted by its editorial team and independent technical analysts.
SpamTitan Email Security and WebTitan Web Security were both recognized for their powerful threat protection, and along with ArcTitan Email Archiving, were praised for ease-of-use, cost-effectiveness, and industry-leading technical and customer support.
“TitanHQ are proud to have received continued recognition for all three of our advanced cybersecurity solutions. As the threat landscape continues to be a significant risk to organizations across the globe, we are dedicated to continuous innovation to provide consistent, secure, and reliable protection to our customers,” said Ronan Kavanagh, TitanHQ CEO.
The advanced threat protection, ease-of-use, and cost-effectiveness of the solutions are part of the reason why TitanHQ is the leading provider of cloud-based security solutions for managed service providers serving the SMB market. These factors have helped to make the solutions the gold standard for SMBs looking to improve security and ensure compliance.
TitanHQ has released a new version of its award-winning email security solution that includes a new security feature – Geo-blocking email filtering, as well as several other security updates and fixes to improve usability.
Geo-blocking is a feature that has been requested by customers and has now been included in the product at no additional cost to users. Geo-blocking, as the name suggests, allows SpamTitan users to block or allow emails originating from certain geographical locations, based on either IP address or country. This feature allows businesses to add an extra layer of protection to block geographic threat vectors and stop malware, ransomware, and phishing emails from reaching inboxes.
The new feature allows businesses and organizations to block emails coming from any country. This extra control is important, as most malware-containing emails come from a handful of overseas countries – Countries that most small- to medium-sized businesses do not normally work with. Blocking emails from those countries eliminates threats, without negatively impacting the business.
Activating the geo-blocking feature could not be any easier. SpamTitan users can click to restrict emails from any country in the SpamTitan Country IP Database and all emails coming from those countries will be blocked. There will naturally be instances where things are not so cut and dry, but that is not a problem. Geo-blocking can be activated for a specific country, and IP addresses, domains, or email addresses of trusted senders within those countries can simply be whitelisted to ensure their messages are delivered.
“Geoblocking has been a much-requested feature and as always we listen to our customers and provide what they need to implement the very best email security they can,” said TitanHQ CEO Ronan Kavanagh. “After experiencing 30% growth in 2021, TitanHQ expects these product enhancements and new features to make 2021 another record-breaking year.”
Several other security enhancements have been made to further improve the already excellent threat detection and blocking mechanisms within SpamTitan. SpamTitan 7.11 includes an upgraded email sandboxing feature to provide even greater protection against malware, ransomware, phishing, spear-phishing, Advanced Persistent Threats, and malicious URLs embedded in emails. These enhancements also provide more detailed information about new threats to help SpamTitan users mitigate risk.
As always with a new release, recently reported bugs have been fixed, and SpamTitan has been further improved with enhanced email rendering in Mail Viewer. Users also now have the ability to remove quarantine report token expiry and improve domain verification, to name but a few of the enhancements.
SpamTitan is delivered either as a 100% cloud-based solution or as an anti-spam gateway, which is run as a virtual appliance on existing hardware. Existing SpamTitan Cloud customers need to do nothing to upgrade to the new version of the solution, released on September 14, 2021. SpamTitan Cloud is automatically updated to the latest version.
Users of SpamTitan Gateway will need to manually upgrade to the latest version via System Setup > System Updates.
Ransomware attacks can be incredibly expensive and business email compromise (BEC) scams can result in transfers of millions of dollars to attackers, but these breaches often start with an email.
Phishing emails are sent to employees that ask them to click on a link, which directs them to a webpage where they are asked to provide their login credentials, for Microsoft 365 for example. Once credentials are entered, they are captured and used to access that individual’s account. The employee is often unaware that anything untoward has happened.
The stolen credentials give an attacker the foothold in the network that is needed to launch a major cyberattack on the business. The phisher may use the email account to send further phishing emails to other employees in the company, with the aim being to gain access to the credentials of an individual with administrative privileges or the credentials of an executive.
An executive’s account can be used to send emails to an individual in the company responsible for making wire transfers. A request is sent for a wire transfer to be made and the transfer request is often not recognized as fraudulent until the funds have been transferred and withdrawn from the attacker’s account. These BEC scams often result in tens of thousands of dollars – or even millions – being transferred.
An alternative attack involves compromising the email accounts of employees and sending requests to payroll to have direct deposit information changed. Salaries are then transferred into attacker-controlled accounts.
Phishers may act as affiliates for ransomware-as-a-service (RaaS) gangs and use the access they gain through phishing to compromise other parts of the network, steal data, and then deploy ransomware, or they may simply sell the network access to ransomware gangs.
When email accounts are compromised, they can be used to attack vendors, customers, and other contacts. From a single compromised email account, the damage caused is considerable and often far-reaching. Data breaches often cost millions of dollars to mitigate. All this from a single response to a phishing email.
Phishing campaigns require very little skill to conduct and require next to no capital investment. The ease at which phishing attacks can be conducted and the potential profits that can be gained from attacks make this attack method very attractive for cybercriminals. Phishing can be used to attack small businesses with poor cybersecurity defenses, but it is often just as effective when attacking large enterprises with sophisticated perimeter defenses. This is why phishing has long been one of the most common ways that cybercriminals attack businesses.
See how SpamTitan Plus inspects all URLs to identify links to malicious websites. Book a free demo. Book Free Demo
How to Deal with the Phishing Threat
Phishing attacks may lead to the costliest data breaches, but they are one of the easiest types of cyberattacks to prevent; however, some investment in cybersecurity and training is required. The most important first step is to purchase an advanced spam filter. This technical control is essential for preventing phishing emails from reaching end users’ inboxes. If the phishing emails do not arrive in an inbox, they cannot be clicked by an employee.
Not all spam filtering solutions are created equal. Basic spam filters are effective at blocking most threats, but some phishing emails will still be delivered to inboxes. Bear in mind that phishers are constantly changing tactics and are trying to get one step ahead of cybersecurity firms. Most spam filtering solutions will block messages from malicious IP addresses and IP addresses with poor reputations, along with any messages identified in previous phishing campaigns and messages containing known variants of malware.
Advanced spam filtering solutions use AI and machine learning techniques to identify messages that deviate from the normal emails a business typically receives, are able to detect previously unseen phishing emails, and incorporate Sender Policy Framework and DMARC to identify email impersonation attacks. Email sandboxing is also included which is used to identify previously unseen malware threats. Greylisting is a feature of advanced spam filters that involves initially rejecting a message and requesting it be resent. The delay in a response, if one is received at all, indicates the mail server is most likely being used for spamming. Spam servers are usually too busy on huge spam runs to resend messages that have initially been rejected.
Advanced spam filters also feature outbound email scanning, which can identify compromised email accounts and can block phishing messages from being sent internally or externally from a hacked mailbox.
SpamTitan incorporates all of these advanced controls, which is why it is capable of blocking more threats than basic spam filters. Independent tests have shown SpamTitan blocks in excess of 99.97% of malicious messages.
SpamTitan Plus provides leading-edge anti-phishing protection with “zero-day” threat protection and intelligence. Book Free Demo
Don’t Neglect End User Training
No spam filter will be 100% effective at blocking phishing threats, at least not without also blocking an unacceptable number of genuine emails. It is therefore important to provide regular security awareness training to the workforce, with a strong emphasis on phishing. Employees need to be taught how to identify a phishing email and conditioned how to respond when a threat is received (alert their security team).
Since phishing tactics are constantly changing, regular training is required. When training is reinforced, it is easier to develop a security culture and regular training sessions will raise awareness of the latest phishing threats. It is also recommended to conduct phishing simulation exercises to test the effectiveness of the training program and to identify individuals who require further training.
Web Filtering is an Important Anti-Phishing Control
The key to blocking phishing attacks is to adopt a defense-in-depth approach. That means implementing multiple overlapping layers of security. One important additional layer is a web filtering solution. Spam filters target the phishing emails, whereas web filters work by blocking access to the webpages hosting the phishing kits that harvest credentials. With a spam filter and web filter implemented, you are tackling phishing from different angles and will improve your defenses.
A web filter will block access to known malicious websites, providing time-of-click protection against malicious hyperlinks in phishing emails. A web filter will also prevent employees from being redirected to phishing web pages from malicious website adverts when browsing the Internet. Web filters also analyze the content of web pages and will block access to malicious web content that has not previously been identified as malicious. Web filters will also block malware and ransomware downloads.
WebTitan is a highly effective DNS-based web filtering solution that protects against phishing, malware, and ransomware attacks. The solution can protect office workers but also employees who are working remotely.
SpamTitan Plus provides multi-layered detection and blocking of malicious URLs. Book a free demo now. Book Free Demo
Speak to TitanHQ Today About Improving your Phishing Defenses
TitanHQ has been developing anti-phishing and anti-malware solutions for more than two decades. TitanHQ’s email and web security solutions are cost effective, flexible, easy to implement, and easy to maintain. They are consistently given top marks on software review sites and are a big hit with IT security professionals and managed service providers (MSPs). TitanHQ is the leading provider of email and web security solutions to MSPs serving the SMB market.
If you want to improve your phishing defenses and block more threats, contact the TitanHQ team today for further information on SpamTitan and WebTitan. Both solutions are available on a 100% free trial of the full product complete with product support. Product demonstrations can also be booked on request.
Ransomware attacks have increased significantly since the start of 2020 and that increase has continued in 2021. While these attacks are occurring more frequently than ever, the threat from phishing has not gone away and attacks are still rife. Phishing attacks may not make headline news like ransomware attacks on hospitals that threaten patient safety, but they can still be incredibly damaging.
The aim of many phishing attacks is to obtain credentials. Email credentials are often targeted as email accounts contain a treasure trove of data. That data can be extremely valuable to cybercriminals. In healthcare for example, email accounts contain valuable healthcare data, health insurance information, and Social Security numbers, which can be used to commit identity theft, obtain medical treatment, and for tax fraud. Entire email accounts are often exfiltrated in the attacks and the accounts used to send tailored phishing emails to other individuals in the company.
Many data breaches start with a phishing email, with phishing often used by an attacker to gain a foothold in a network that can be used in a much more extensive attack on an organization. Phishing emails are often the first step in a malware or ransomware attack.
SpamTitan Plus provides leading edge anti-phishing protection with “zero-day” threat protection and intelligence. Book Free Demo
Multiple surveys have recently been conducted on IT leaders and employees that show phishing is a very real and present danger. Two recent surveys conducted in the United States and United Kingdom indicate almost three quarters of businesses have experienced a data breach as a result of a phishing attack in the past 12 months. One study indicated over 50% of IT leaders had seen an increase in phishing attacks in the past 12 months, while the other put the figure at 80%.
During the pandemic, many businesses were faced with the option of switching to a remote workforce or shutting down. The increase in remote working was a godsend for phishers, who increase their attacks on employees. Many IT departments lacked visibility with a remote workforce and found it harder to block phishing attacks than when employees are in the office. Staff shortages in IT have certainly not helped.
Staff training is important to raise awareness of the threat from phishing, but remote working has made that harder. Training needs to be provided regularly as it can easily be forgotten and bad habits can slip in. Phishing tactics are also constantly changing, so regular training is needed to keep employees aware of the latest threats and phishing techniques, so they know what to look for. It does not help that phishing attacks are increasingly targeted and more sophisticated and can be difficult for employees to spot even if they have received regular training.
So how can businesses combat the threat from phishing and avoid being one of the three quarters of companies that experience a phishing data breach each year? Training is important, but the right technology is required.
Two of the most important technical solutions that should be implemented to block phishing attacks are spam filters and web filters. Both are effective at combatting phishing, albeit from different angles. When both are used together, protection is better than the sum of both parts.
SpamTitan Plus provides multi-layered detection and blocking of malicious URLs. Book a free demo now. Book Free Demo
A spam filter must have certain features to block sophisticated phishing threats. Blacklists are great for identifying emails from known malicious IP addresses, but IP addresses frequently change. Machine learning approaches are needed to identify previously unseen phishing tactics and threats from IP addresses not known to be malicious. Multiple AV engines can help block more malware threats, while email sandboxing can identify new malware variants. DMARC is also vital to block email impersonation attacks, while outbound scanning is important to rapidly detect compromised mailboxes. All of these features are employed by SpamTitan, which is why the solution has such a high block rate (over 99.97%) and low false positive rate.
Web filters are primarily used to restrict access to malicious and undesirable websites, whether they are sites with pornographic content or malicious sites used for phishing and malware distribution. Web filters, especially DNS-based filters, greatly improve protection against threats and will block access to known malicious websites. They will also block malware downloads and restrict access to questionable websites that serve no work purpose but increase risk. WebTitan will do this and more, and can easily be configured to protect remote workers, no matter where they choose to access the Internet.
With phishing attacks increasing it is important that businesses deploy solutions to counter the threat to stay one step ahead of the phishers. For further information on SpamTitan and WebTitan, and how they can protect your business, give the TitanHQ team a call. Both solutions are available on a free trial to allow you to see for yourself the difference they make. You can sign up for a free trial of SpamTitan here, and WebTitan on this link.
Phishing is the most common way that cybercriminals gain access to business networks, and the primary defense against these attacks is a spam filter. Spam filters inspect all inbound emails for the signatures of spam, phishing, and malware and keep inboxes free of these threats.
There are many spam filtering services on the market that can protect against advanced email threats, but why have so many managed service providers (MSP) chosen TitanHQ has their email security solution provider? What does SpamTitan provide that is proving to be such a bit hit with MSPs?
Why Managed Service Providers Choose SpamTitan Email Security for Their Clients
SpamTitan in a multi-award-winning anti-spam solution that incorporates powerful features to protect against phishing and other email-based attacks. The solution is currently used by more than 1,500 MSPs worldwide with that number growing steadily each month.
We have listed 10 of the main reasons why SpamTitan is proving to be such a popular choice with MSPs.
Excellent malware protection
SpamTitan includes dual anti-virus engines from two leading AV providers and email sandboxing that incorporates machine learning and behavioral analysis to safely detonate suspicious files.
Defense in depth protection for Office 365 environments
SpamTitan includes multiple protection measures that provide defense in depth against email threats, with easy integration into Office 365 environments to significantly improve defenses against phishing and email-based malware attacks.
Advanced email blocking
SpamTitan supports upload block and allow lists per policy, advanced reporting, recipient verification and outbound email scanning, with the ability to whitelist/blacklist at both a global level as well as a domain level.
Protection against zero-day attacks
SpamTitan uses machine learning predictive technology to block zero-day threats, with AI-driven threat intelligence to block zero-minute attacks.
Data leak prevention
Easily set powerful data leak prevention rules and tag data to identify and prevent internal data loss.
Simple integration
SpamTitan is easy to integrate into your existing Service Stack through TitanHQ API’s and MSPs benefit from streamlined management with RMM integrations.
Competitive pricing with monthly billing
MSPs benefit from a fully transparent pricing policy, competitive pricing, generous margins, and monthly billing. There is also a short sales cycle – only 14 days of a free trial is required to fully test the solution.
White label option to reinforce your brand
SpamTitan can be provided to managed service providers as a white label version that can be fully rebranded to reinforce an MSPs brand.
Intuitive multi-tenant dashboard
MSP-client hierarchy enables you to keep clients separated and choose whether to manage client settings in bulk or on an individual basis. SpamTitan is also a set and forget solution, requiring minimal IT service intervention.
Industry-leading customer support
TitanHQ provides the best customer service in the industry. MSPs benefit from world class pre-sales and technical support and sales & technical training. MSPs get a dedicated account manager, assigned sales engineer support, access to the Global Partner Program Hotline, and 24/7 priority technical support.
If you have not yet started offering SpamTitan to your clients, give the TitanHQ channel team a call today for more information, to get started on a free trial, or for a product demonstration.
The two main cybersecurity threats that businesses now have to deal with are phishing and ransomware attacks and those threats have become even more common over the past 12 months. Cybercriminals stepped up their attacks during the pandemic with many phishing campaigns launched using the novel coronavirus as a lure. These campaigns sought to distribute malware and steal credentials.
Ransomware attacks also increased in 2020. Several new ransomware-as-a-service (RaaS) operations were launched in 2020 and the number of attacks on businesses soared. In addition to encrypting files, data theft was also highly prevalent n 2020, with most ransomware operators stealing data prior to encrypting files. This double extortion tactic proved to be very effective. Many businesses were forced to pay the ransom even though they had backups and could have recovered their files. Payments were made to ensure data stolen in the attack was deleted and not misused, published, or sold.
Phishing and ransomware attacks often go hand in hand and are often used together in the same attack. Phishing emails are used to install malware, which in turn is used to provide access for ransomware gangs. The Emotet and TrickBot Trojans are notable examples. Operators of both of those Trojans teamed up with ransomware gangs and sold access once they had achieved their own objectives. The credentials stolen in phishing attacks are also sold onto RaaS affiliates and provide the foothold they need to conduct their devastating attacks.
See how SpamTitan Plus inspects all URLs to identify links to malicious websites. Book a free demo. Book Free Demo
Phishing campaigns are easy to conduct, low cost, and they can be very effective. Largescale campaigns involve millions of messages, and while most of those emails will be blocked by email security solutions or will be identified by employees as a threat, all it takes is for one employee to respond to a phishing email for an attacker to gain the access they need.
TitanHQ recently partnered with Osterman Research to explore how these and other cyber threats have affected businesses over the past 12 months. This new and original study involved an in-depth survey of security professionals to find out how those threats have affected their organization and how effective their defenses are at repelling attackers.
The survey showed the most common security incidents suffered by businesses were business email compromise (BEC) attacks, where employees are tricked into taking an action suggested in a scam email from the CEO, CFO or another high-level executive. These attacks often involve the genuine email account of an executive being compromised in a phishing scam and the attacker using that account to target employees in the same organization.
The next biggest threat was phishing emails that resulted in a malware infection, followed by phishing messages that stole credentials and resulted in an account compromise. The survey showed that these attacks are extremely common. 85% of interviewed security professionals said they had experienced one or more of 17 different types of security breaches in the past 12 months. While attacks were common, only 37% of respondents said their defenses against phishing and ransomware attacks were highly effective.
There are several steps that can be taken to improve defenses against phishing and ransomware attacks. End user training is important to teach employees what to look for and how to identify these types of threats. However, there is always potential for human error, so training alone is not the answer. Email security is the best defense. By blocking these threats at source, they will not land in inboxes and employees will not be tested. Email security should be combined with a web security solution to block the web-based component of phishing attacks and stop malware and ransomware downloads from the Internet.
Even greater protection against phishing attacks. Book a free SpamTitan Plus demo. Book Free Demo
The findings of the Osterman and TitanHQ survey will be explained in detail at an upcoming webinar on June 30, 2021. Attendees will also learn how they can significantly reduce the risk of ransomware and phishing attacks.
The webinar will be conducted by Michael Sampson, Senior Analyst at Osterman Research and Sean Morris, Chief Technology Officer at TitanHQ. You can Register Your Place Here
Reselling Office 365 doesn’t offer much in the way of profit for MSPs, although there are benefits for MSPs that come from offering Office 365 and it is possible to make Office 365 more profitable.
Before explaining where the margin is for MSPs in Office 365, let’s first take a look at the benefits for MSPs from offering Office 365.
Benefits for MSPs from Offering Office 365 to Clients
SMBs are increasingly moving from on-premises solutions to the cloud and Office 365 is one of the most popular cloud services. Office 365 now has more than 135 million commercial monthly users and that number is growing rapidly.
MSPs may not be able to make much from Office 365 alone, but by providing Office 365 MSPs can win more business and gain a competitive advantage. There is no outlay involved with offering Office 365 to clients, the product is great and meets clients’ needs, and money can be made from handling Office 365 migrations.
MSPs can also benefit from migrating existing clients from Exchange or SBS Exchange to Office 365. Office 365 is far easier to manage so they stand to save a great deal of time on troubleshooting and maintenance, which can be a major headache with Exchange.
By offering Office 365 you can win more business, reduce operational costs, and stay competitive. However, the best way to make money from Office 365 is through add-on services.
How MSPs Can Make Office 365 More Profitable
The margins for MSPs on Office 365 are rather thin to say the least. Many MSPs find that offering Office 365 on its own doesn’t provide any profit at all. Charging extra per license to improve profitability is an option, but clients could just go direct to avoid the extra cost.
The margins may be small, but managing Office 365 does not require a great deal of effort. You may only make around 50c or $1 per user but sign up enough clients and you could get a reasonable return. There is an opportunity for profit at scale; however, to make a decent return you need to sell services around Office 365.
One of the best ways to make Office 365 more profitable is by offering additional security services. Security is an area where Office 365 can be significantly improved, especially spam filtering. Microsoft has incorporated a spam filter and anti-phishing protections into Office 365, but they fall short of the protection offered by a dedicated third-party spam filter.
Phishing is the number one security threat faced by businesses and Office 365 anti-phishing protections leave a lot to be desired. By offering enhanced spam and phishing protection through a third-party spam filter, not only can MSPs make a decent margin on the add-on solution, by blocking phishing attacks and malware at source, a considerable amount of time can be saved on support. Offering spam filtering can help to generate additional recurring revenue, with SpamTitan provided as a high margin, subscription based SaaS solution.
There are plenty of other opportunities for selling third-party solutions to make up for the lack of options in Office 365. Email archiving is an easy sell and a quick win for MSPs. An email archive is important for compliance and security, saves on storage space, and improves efficiency, and gives clients access to emails from any location. Email archiving is available with office 365, but the solution has some severe drawbacks, and may not meet compliance requirements. Offering a feature-rich email archiving solution that is fully compliant, easy to use, with lightning fast search and retrieval should be an easy sell to Office 365 users.
Spam filtering, email archiving, web filtering, and encryption can be bundled together as an enhanced security package, with each element providing a decent return for MSPs. Given the cost of mitigating a data breach, by preventing breaches, an enhanced security offering will pay for itself and should not be too difficult to sell to Office 365 users.
Office 365 MSP Add-ons from TitanHQ
For more than 20 years TitanHQ has been developing innovative security solutions for businesses. Today, more than 7,500 businesses are protected by TitanHQ security solutions and more than 2,000 MSPs have signed up to the TitanHQ Alliance Program.
All TitanHQ solutions have been developed from the ground to meet the needs of the SMB marketplace and MSPs. TitanHQ’s spam filtering solution – SpamTitan, email archiving solution – ArcTitan, and web filtering solution – WebTitan, save MSPs support and engineering time, have great margins, and can be easily integrated into MSPs security stacks to make Office 365 more profitable. All TitanHQ solutions are quick and easy to deploy, and can be implemented into your existing Service Stack through API’s and RMM integrations. The MSP-client hierarchy enables you to keep clients separated and choose whether to manage client settings in bulk or on an individual basis. MSPs benefit from competitive pricing strategies, including monthly billing as we understand your clients are billed monthly.
There are multiple hosting options, including hosting the solution within your own data center, and all TitanHQ products can be supplied as a white label, ready to take your own branding. We have made our solutions as easy as possible to use, with intuitive controls and everything placed at your fingertips. However, should you ever have a problem, you will benefit from the best customer service in the industry, as well as scalable pre-sales and technical support and sales & technical training.
Low management overhead – A set and forget solution
Use our private cloud or your own data center
Extensive suite of APIs for integration into your central management system
Multi-tenant solution with multiple management roles
Scalable to thousands of users
In and outbound email scanning with IP domain protection
Extensive drill down reporting
Flexible pricing models to suit your needs, including monthly billing
Generous margins for MSPs
Fully customizable branding
TitanSHIELD Program for MSPs
To make it as easy as possible for MSPs to incorporate our world class network security solutions into their service stacks, TitanHQ developed the TitanSHIELD program. The TitanShield MSP Program allows MSPs to take advantage of TitanHQ’s proven technology so that they can sell, implement and deliver our advanced network security solutions directly to their client base. Under the TitanSHIELD program you get the following benefits:
TitanSHIELD Benefits
Sales Enablement
Marketing
Partner Support
Private or Public Cloud deployment
Access to the Partner Portal
Dedicated Account Manager
White Label or Co-branding
Co-Branded Evaluation Site
Assigned Sales Engineer Support
API integration
Social Network participation
Access to Global Partner Program Hotline
Free 30-day evaluations
Joint PR
Access to Partner Knowledge Base
Product Discounts
Joint White Papers
Technical Support
Competitive upgrades
Partner Events and Conferences
24/7 Priority Technical Support
Tiered Deal Registration
TitanHQ Newsletter
5 a.m. to 5 p.m. (PST) Technical Support
Renewal Protection
Better Together Webinars
Online Technical Training and FAQs
Advanced Product Information
Partner Certificate – Sales and technical
Access to Partner Technical Knowledge Base
Competitive Information and Research
Sales Campaigns in a box
Not-for-Resale (NFR) Key
Public Relations Program and Customer Testimonials
Product Brochures and Sales Tools
TitanHQ Corporate Style Guide and Logo Usage
Partner Advisory Council Eligibility
TitanHQ Partner Welcome Kit
QTRLY Business Planning and Review
Access to TitanHQ’s MVP Rewards Program
Access to Partner Support
To find out more about TitanHQ’s MSP offerings, for details of pricing and MSP margins, contact the TitanHQ Alliance Program team today and take the first step toward making Office 365 more profitable.
Phishing is the leading cause of data breaches and 2020 saw phishing-related data breaches increase again. The recently released Verizon 2021 Data Breach Investigations Report shows there was an 11% increase in phishing attacks in 2020, with work-from-home employees extensively targeted with COVID-19 themed phishing lures.
Phishing attacks are conducted to steal credentials or deliver malware, with the former often leading to the latter. Once credentials have been obtained, they can either be used by threat actors to gain access to business networks to steal data and launch further attacks on an organization. Credentials stolen in phishing attacks are often sold to other threat groups such as ransomware gangs. From a single phishing email, a business could be brought to its knees and even prevented from operating.
The fallout from a phishing attack can be considerable, and it is therefore no surprise that many businesses fail after a successful cyberattack. According to ID Agent, 60% of companies go out of business within 6 months of a cyberattack – The cost of recovery and the damage to the company’s reputation can simply be too great.
Considering the potentially devastating consequences of a phishing attack it is surprising that many businesses fail to implement appropriate protections to block attacks and do not make sure their employees are able to recognize and avoid phishing threats.
A recent study conducted by the phishing simulation vendor KeepNet Labs highlighted just how often employees fall for these scams. In a test involving 410,000 simulated phishing emails, more than half of the emails were opened, 32% of individuals clicked a (fake) malicious link or opened an attachment, and 13% of individuals provided their login credentials in response to the emails.
SpamTitan Plus provides multi-layered detection and blocking of malicious URLs. Book a free demo now. Book Free Demo
How to Defend Against Phishing Attacks
It is vital for the workforce to be prepared, as phishing emails can easily end up in inboxes regardless of the security protections in place to block the messages. Fortunately, through regular security awareness training, employees can be trained how to spot a phishing email. Following security awareness training, phishing email simulations are useful for identifying weak links – employees that need further training. Over time, it is possible to significantly improve resilience to these damaging and incredibly costly cyberattacks.
The importance of solid technical email security defenses cannot be overestimated as even with training, phishing emails can be very difficult for employees to identify. Phishing emails often have plausible lures, the email messages can be extremely well written, and often appear to have come from trusted sources. It is common for the emails to impersonate trusted companies and include their color schemes and logos and the websites that users are directed to are often carbon copies of the genuine websites they spoof.
There are three technical solutions that can be implemented in addition to the provision of training that can greatly improve the security posture of an organization against phishing attacks. These three solutions provide three layers of defenses, so should one fail to detect and block a threat, the others will be in place to provide protection.
3 Essential Technical Phishing Controls for Businesses
The most important technical control against phishing is a spam filter. A spam filter will block the majority of phishing and spam emails and will stop them reaching inboxes, but the percentage of emails blocked can vary considerably from solution to solution. Most spam filters will block 99% or more of spam and phishing emails, but what is needed is a solution that will block more than 99.9% of spam and malicious emails. SpamTitan for instance, has an independently verified catch rate of 99.97%, ensuring your inboxes are kept free of threats.
With SpamTitan Plus malicious URL protection, we take a multi-layered approach to combat malicious links. Book Free Demo
An often-neglected area of phishing protection is a web filter. Web filters are extensively used by businesses and the education sector for blocking access to inappropriate web content such as pornography. Web filters are also an important anti-phishing measure for blocking the web-based component of phishing attacks. When an employee clicks a link in an email that directs them to a phishing page, the web filter will block access. WebTitan Cloud is constantly updated with new malicious URLs as they are created via multiple threat intelligence feeds. WebTitan blocks malware downloads from the Internet and can be configured to block access to risky websites that serve no work purpose.
The last measure that should be implemented is multi-factor authentication for email accounts. In addition to a password, MFA requires another form of authentication to be provided before access is granted. Without that additional factor, the account cannot be accessed. This is an important security measure that kicks in when credentials have been stolen to block unauthorized account access.
If you want to improve your defenses against phishing, these three technical controls along with end user training will keep your business safe. To find out more, and how little these protections cost, give the TitanHQ team a call today!
Ransomware attacks are soaring and phishing and email impersonation attacks are being conducted at unprecedented levels. In 2020, ransomware attacks ran amok. Security experts estimate the final cost to global businesses from ransomware in 2020 will be $20 billion. They also predict that the ransomware trend will continue to be the number one threat in the coming years. Why? Because ransomware makes money for cybercriminals.
Ransomware criminals know no boundaries in their rush to make money. Every social engineering trick in the book has played out over the years, from sextortion to phishing. Feeding the loop of social manipulation to generate a ransom demand is the proliferation of stolen data, including login credentials: credential stuffing attacks, for example, are often related to ransomware attacks, login to privileged accounts allowing malware installation. Cybersecurity defenses are being tested like never before.
Find out more about securing email accounts and blocking email impersonation attacks. Sign up for a free SpamTitan demo today. Book Free Demo
Personal Data is Targeted
Large enterprises are big targets as they store vast quantities of personal data which can be used for identity theft. Retailers are being attacked to obtain credit/debit card information and attacks on hospitals provide sensitive health data that can be used for medical identity theft.
Small businesses are not such an attractive target, but they do store reasonable amounts of customer data and attacks can still be profitable. A successful attack on Walmart would be preferable, but attacks on SMBs are far easier to pull off. SMBs typically do not have the budgets to invest in cybersecurity and often leave gaps that can be easily exploited by cybercriminals.
One of the most common methods of attacking SMBs is phishing. If a phishing email makes it to an inbox, there is a reasonable chance that the message will be opened, the requested action taken and, as a result, credentials will be compromised or malware will be installed.
The 2018 KnowBe4 Phishing Industry Benchmarking Report shows that on average, the probability of an employee clicking on a malicious hyperlink or taking another fraudulent request is 27%. That means one in four employees will click a link in a phishing email or obey a fraudulent request.
Email impersonation attacks are often successful. They involve sending an email to an individual or small group in an organization with a plausible request. The sender of the message is spoofed so the email appears to have been sent from a known individual or company. The email will use a genuine email address on a known business domain. Without appropriate security controls in place, that message will arrive in inboxes and several employees are likely to click and disclose their credentials or open an infected email attachment and install malware. Most likely, they will not realize they have been scammed.
One method that can be used to prevent these spoofed messages from being delivered is to apply Domain-based Message Authentication, Reporting and Conformance (DMARC) rules. In a nutshell, DMARC consists of two technologies – Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM).
SPF is a DNS-based filtering control that helps to identify spoofed messages. SPF sets authorized sender IP addresses on DNS servers. Recipient servers perform lookups on the SPF records to make sure that the sender IP matches one of the authorized vendors on the organization’s DNS servers. If there is a match the message is delivered. If the check fails, the message is rejected or quarantined.
DKIM involves the use of an encrypted signature to verify the sender’s identity. That signature is created using the organization’s public key and is decrypted using the private key available to the email server. DMARC rules are then applied to either reject or quarantine messages that fail authentication checks. Quarantining messages is useful as it allows administrators to check to make sure the genuine emails have not been flagged incorrectly.
Reports can be generated to monitor email activity and administrators can see the number of messages that are being rejected or dropped. A sudden increase in the number of rejected messages indicates an attack is in progress.
DMARC seems complex, but with the right setup, it’s an invaluable security tool that defends against phishing and malicious email content. With phishing one of the most common ways attackers steal data, it’s important for organizations to implement the right solutions and rules that stop these messages before they can reach a user’s inbox.
While SPF provides a certain degree of protection against email spoofing, DMARC is far more dependable. SpamTitan email security incorporates DMARC authentication to provide even greater protection against email spoofing attacks. DMARC is not a silver bullet that will stop all email impersonation and phishing attacks. It is an extra layer of security that can greatly reduce the number of threats that arrive in inboxes.
Find out more about securing email accounts and blocking email impersonation attacks. Sign up for a free SpamTitan demo today. Book Free Demo
Organizations must adapt to Cyber-Threats
Phishing, Impersonation attacks, ransomware – all must be stopped before the point of entry and not left to be dealt with after an attack has taken hold. The use of social engineering to manipulate users, along with stolen data and credentials to propagate attacks, and adaptive tools that evade detection, makes ransomware a formidable security threat.
Endpoint protection is clearly not enough. A powerful anti-spam solution like SpamTitan can detect threats in real-time before they become an infection. Unlike traditional endpoint anti-malware, smart monitoring platforms perform real-time updates and protect against active and emerging phishing URLs and threats. Cybercriminals are masters of invention and have many tricks up their sleeve, however, businesses can fight back, but to do so, they must take real-time action.
TitanHQ’s anti-phishing and anti-spam solution – SpamTitan – incorporates DMARC to stop email impersonation attacks along with advanced anti-malware features, including a Bitdefender-powered email sandbox.
For further information securing email accounts and blocking email impersonation attacks, contact TitanHQ today.
FAQs
Can you explain how to stop email impersonation with DMARC?
You need to create a DMARC record with your DNS hosting provider. You create a new TXT record, add a _DMARC host value, add value information by setting v=DMARC1 and the p tag as p=none or p=quarantine or p=reject. Then perform a DMARC check to verify the values and syntax are correct. Start with p=none to verify, then change to p=quarantine or p=reject once you have checked the validity of the record. The p record tells the receiving mail server what to do with a message that doesn’t pass DMARC checks.
How to stop email impersonation using DMARC on SpamTitan
Configuring DMARC settings in SpamTitan is quick and easy. You can do this by navigating to System Setup > Mail Authentication > DMARC. We have produced a step-by-step guide on how to enable and configure DMARC in SpamTitan, which can be found in the SpamTitan Gateway Admin Guide.
How does DMARC prevent an email impersonation attack?
DMARC is a protocol that works in conjunction with SPF and DKIM to ensure a message is sent from a sender indicated in the From header. DMARC uses the SPF and DKIM authentication checks and authenticates them against the same domain that is visible in the From header field. In short, DMARC checks whether the message was really was sent from the email address that is visible to the recipient.
I need to know how to prevent impersonation attacks on our clients
SpamTitan helps to stop impersonation and manipulation attacks on clients by scanning outbound emails. In the event of a mailbox being compromised, outbound scanning will alert your SpamTitan administrator about any email impersonation attack being attempted from that mailbox, as well as identifying mailboxes that are being used for spamming or malware delivery.
Do employees need to be taught how to prevent impersonation attacks?
With SpamTitan, email impersonation attacks can be blocked; however, it is still recommended to provide training to the workforce on how to identify phishing emails and other malicious messages. Training should include telling employees the signs of an email impersonation attack and should be tailored to user groups based on the level of risk. Training should be reinforced throughout the year.
Find out more about securing email accounts and blocking email impersonation attacks. Sign up for a free SpamTitan demo today. Book Free Demo
This year sees PeerSpot launch its first Annual User’s Choice Award program to recognize the products that are helping businesses to achieve their goals. Customers of enterprise technology vendors are invited to vote for their favorite B2B Enterprise Technology products across 11 product categories.
