Spam Software

Spam software is a network security 101 basic protection that should be in place at every organization. Spam software filters out productivity-draining spam messages and prevents phishing emails and other email-based threats from being delivered to employees’ inboxes.

Research conducted by the intelligence software and anti-phishing training company PhishMe shows that 91% of cyberattacks start with a phishing email. Phishing emails aim to get the recipient to divulge sensitive information such as bank account information or login credentials. However, over the course of the past 12 months, cybercriminals have increasing used spam email to distribute ransomware. In Q3, 2016, PhishMe reported that 97% of phishing emails were being used to deliver ransomware or ransomware downloaders. Spam email is now the number one vector used to deliver malware and ransomware.

Spam email campaigns are also becoming more sophisticated and it is becoming much harder to distinguish spam from genuine emails. Many of the latest campaigns contain no spelling mistakes, are grammatically correct and use imagery from well-known brands with smart, professional layouts.

Cybercriminals are also using social engineering techniques to fool end users into clicking malicious links and opening infected email attachments. Without spam software to quarantine those emails, they will be delivered to inboxes and employees are likely to be fooled into taking the requested actions.

Fortunately, advanced spam solutions can now filter out more than 99% of spam emails, with SpamTitan preventing more than 99.9% of spam emails from being delivered. This category contains up to date information on spam software, new threats that are now blocked and advice for organizations on improving defenses against email threats.

30% of British SMEs Have Suffered a COVID-19 Lockdown Phishing Attack

A recent survey by Capterra on British SMEs has revealed 30% have fallen victim to a phishing attack during the COVID-19 lockdown. Just under half of the phishing emails received (45%) were related to coronavirus or COVID-19.

COVID-19 phishing emails increased significantly during the first quarter of 2020 as the coronavirus spread around the world. Since the virus was unknown to science, scientists have been working tirelessly to learn about the virus, the disease it causes, how the virus is spread, and what can be done to prevent infection. The public has been craving information as soon as it is available, which creates the perfect environment for phishing attacks. People want information and threat actors are more than happy to offer to provide it.

The Capterra survey highlights the extent to which these campaigns are succeeding. Employees are receiving phishing emails and being fooled by the social engineering tactics the scammers have adopted. The high success rate has seen many threat actors temporarily abandon their tried and tested phishing campaigns that they were running before the SARS-CoV-2 outbreak, and have repurposed their campaigns to take advantage of the public’s thirst for knowledge about the virus. In the first quarter of 2020, KnowBe4 reported a 600% increase in COVID-19 and coronavirus themed phishing emails.

The high percentage of businesses that have experienced phishing attacks during the COVID-19 lockdown indicates many SMEs need to augment their anti-phishing defenses. There is also a need for further training to be provided to employees, as the emails are being opened and links are being clicked.

On the training front, formal training sessions may be harder to administer with so many employees working remotely. Consider conducting short training sessions via teleconferencing platforms and sending regular email alerts warning about the latest techniques, tactics and procedures being used in targeted attacks on remote workers. Phishing simulation exercises can be hugely beneficial and will help to condition workers to check emails thoroughly and report any threats received. These simulations also help identify which employees need further training to help them recognize potential phishing attacks.

Of course, the best way to ensure that employees do not open phishing emails and malicious attachments is to ensure they are not delivered to employees’ inboxes. That requires an advanced spam filtering solution.

Many SMEs and SMBs have now moved to an Office 365 hosted email solution, in which case email filtering will be taking place using Microsoft’s Exchange Online Protection – The default spam filtering service that protects all office 365 users. If you are reliant on this solution for filtering out phishing emails and other types of malicious messages, you should consider adding a third-party solution on top of EOP.

Exchange Online Protection provides a reasonable level of security and can block phishing emails and known malware threats, but it lacks the features of more advanced spam filtering solutions and cloud-based email security gateways, such as machine learning and predictive technology to identify attacks that have not been seen before.

As an additional protection against phishing attacks, a web filtering solution should be considered. In the event of a phishing email arriving in an inbox, a web filter serves as an additional layer of protection to prevent attempts by employees to visit websites linked in the emails. When an attempt is made to visit a known phishing website or web content that violates your acceptable internet usage policies, access will be blocked and the user will be directed to a local web page telling them why access has been denied.

Multi-factor authentication should also be implemented for email to ensure that in the event that credentials are compromised, a second factor must be provided before access to the email account is granted.

For more information on spam filtering and web filtering, and further information on TitanHQ’s advanced cloud-based email security solution – SpamTitan – and DNS-based web filtering solution – WebTitan – give the TitanHQ team a call today.

Cybersecurity Best Practices for Home Workers

When it comes to cybersecurity and home working, CIOs and IT teams have a challenge – How to ensure the same level of protection is provided for remote workers as they get when they are in the office. To help we have compiled a set of cybersecurity best practices for home workers to help IT teams prepare for a massive increase in telecommuting

The cybersecurity protections at home will not be nearly as good for home workers as protections in the office, which are much easier to implement and maintain. IT departments will therefore need to teach telecommuting workers cybersecurity best practices for home working and their devices will need to be configured to access applications and work resources securely. With so many workers having to telecommute, this will be a major challenge.

The coronavirus pandemic has forced businesses to rapidly expand the number of telecommuting workers and having to increase capacity in such a short space of time increases the potential for mistakes. Further, testing may not be nearly as stringent as necessary given the time pressure IT workers are under. Their teams too are likely to be depleted due to self-isolating workers.

One area where standards are likely to slip is staff training on IT. Many employees will be working from home for the first time and will have to use new methods and applications they will not be familiar with. The lack of familiarity can easily lead to mistakes being made. It is important that even though resources are limited you still teach cybersecurity best practices for home workers. Do not assume that telecommuting workers will be aware of the steps they must take to work securely away from the office.

Steps for IT Teams to Take to Improve Cybersecurity for Home Workers

Listed below are some of the key steps that IT teams need to take to improve security for employees that must now work from home.

Ensure VPNs are Provided and Updated

Telecommuting workers should not be able to access their work environment unless they use a VPN. A VPN will ensure that all traffic is encrypted, and data cannot be intercepted in transit. Enterprise-grade VPNs should be used as they are more robust and provide greater security. Ensure there are sufficient licenses for all workers, and you have sufficient bandwidth available. You must also make sure that the VPN is running the latest software version and patches are applied, even if this means some downtime to perform the updates. VPN vulnerabilities are under active attack.

Set up Firewalls for Remote Workers

You will have a firewall in place at the office and remote workers must have similar protections in place. Software firewalls should be implemented to protect remote workers’ devices. Home routers may have inbuilt firewalls. Talk employees through activating hardware firewalls if they have them on their home routers and ensure that passwords are set to prevent unauthorized individuals from connecting to their home Wi-Fi network.

Apply the Rule of Least Privilege

Remote workers introduce new risks, and with large sections of the workforce telecommuting, that risk is considerable. Remote workers are being targeted by cybercriminals and through web- and email-based attacks. In the event of a malware infection or credential theft, damage can be limited by ensuring workers only have access to resources absolutely necessary for them to perform their work duties. If possible, restrict access to sensitive systems and data.

Ensure Strong Passwords are Being Set

To protect against brute force attacks, ensure good password practices are being followed. Consider using a password manager to help employees remember their passwords. The use of complex passwords should be enforced.

Implement Multifactor Authentication

Multifactor authentication should be implemented on all applications that are accessed by remote workers. This measure will ensure that if credentials are compromised, system access is not granted unless a second factor is provided.

Ensure Remote Workers’ Devices Have Antivirus Software installed

Antivirus software must be installed on all devices that are allowed to connect to work networks and the solutions must be set to update automatically.

Set Windows Updates to Automatic

Working remotely makes it harder to monitor user devices and perform updates. Ensure that Windows updates are set to occur automatically outside of office hours. Instruct workers to leave their devices on to allow updates to take place.

Use Cloud-Based Backup Solutions

To prevent accidental data loss and to protect against ransomware attacks, all data must be backed up. By using cloud-based backups, in the event of data loss, data can be restored from the cloud-backup service.

Teach Cybersecurity Best Practices for Home Workers

All telecommuting workers must be shown how they need to access their work environment securely when working away from the office. Reinforce IT best practices with home workers, provide training on the use of VPNs, provide training on cybersecurity dos and don’ts when working remotely, and explain procedures for reporting problems.

Define Procedures for Dealing with a Security Incident

Members of the IT team are also likely to be working remotely so it is essential that everyone is aware of their role and responsibilities. In the event of a security incident, workers should have clear procedures to follow to ensure the incident is resolved quickly and efficiently.

Implement a Web Filter

A web filter will help to protect against web-based malware attacks by blocking access to malicious websites and will help to prevent malware downloads and the installation of shadow IT. Also consider applying content controls to limit employee activities on corporate-owned devices. Drive-by malware attacks have increased and the number of malicious domains registered in the past few weeks has skyrocketed.

Use Encrypted Communication Channels

When you need to communicate with telecommuting workers, ensure you have secure communications channels to use where sensitive information cannot be intercepted. Use encryption for email and secure text message communications, such as Telegram or WhatsApp.

Ensure Your Email Security Controls are Sufficient

One of the most important cybersecurity best practices for home workers is to take extra care when opening emails. Phishing and email-based malware attacks have increased significantly during the coronavirus pandemic. Ensure training is provided to help employees identify phishing emails and other email threats.

Consider augmenting email security to ensure more threats are blocked. If you use Office 365, a third-party email security solution layered on top will provide much better protection. Exchange Online Protection (EOP) is unlikely to provide the level of protection you need against phishing and zero-day malware threats. Consider an email security solutions with data loss protection functions to protect against insider threats.

Monitor for Unauthorized Access

More devices connecting to work environments makes it much easier for threat actors to hide malicious activity. Make sure monitoring is stepped up. An intrusion detection system that can identify anomalous user behavior would be a wide investment.

For further information on enhancing email security and web filtering to protect remote workers during the coronavirus pandemic, contact TitanHQ today.

Email Security and Home Working During the COVID-19 Crisis

In this post we explore email security and home working and offer advice to help businesses ensure their workers, devices, and networks are protected.

The 2019 Novel Coronavirus pandemic has forced many workers to self-isolate at home and an increasing number of employees want to work from home to reduce risk of contracting COVID-19. Businesses are under pressure to allow their workers to stay at home and use either company-issued or personal devices to access their networks and work remotely.

Cybercriminals are constantly changing their tactics, techniques, and procedures and they have jumped at the opportunity provided by the Novel Coronavirus. People are scared and rightly so. COVID-19 has a high mortality rate and the virus is spreading like wildfire. People want information about cases in their local area, advice on how to protect themselves, and information about possible cures. Cybercriminals have obliged and are conducting phishing campaigns that claim to offer all that information. Many campaigns have now been detected from many different threat groups that attempt to obtain login credentials and spread malware. Since early January when the first major campaigns were detected, the volume of coronavirus and COVID-19 emails has increased significantly.

Campaigns are being conducted impersonating authorities on the Novel Coronavirus and COVID-19, such as the World Health Organization (WHO), the U.S. Centers for Disease Control and Prevention (CDC), the U.S. Department of Health and Human Services, and other government agencies. COVID-19-themed emails are being sent to remote workers that spoof HR departments warning about cases that have been detected within the organization. Health insurers are being spoofed in campaigns that include invoices for coverage for COVID-19.

Since January, more than 16,000 Coronavirus and COVID-19-themed domains have been registered which are being used to host phishing kits and distribute malware. Researchers at CheckPoint Software report that those domains are 50% more likely to be malicious than other domains registered in the same period.

Email security and home working will naturally be a major concern for IT teams given the sheer number of home workers due to the Coronavirus pandemic and the volume of attacks that are now being conducted targeting home workers. With so many devices now connecting to networks remotely, if cybercriminals do obtain credentials, it will be much harder for IT teams to identify threat actors connecting remotely. Fortunately, there are steps that can be taken to improve email security and home working need not majorly increase risk.

You should make sure that your employees can only connect to your network and cloud-based services through a VPN. Enterprise VPNs can be configured to force all traffic through the VPN to reduce the potential for error. Make sure that the VPN is configured to start automatically when the device is powered up.

It is crucial that all remote workers are protected by a robust and effective email security solution. It is not possible to stop cybercriminals targeting remote workers, but it is possible to stop phishing and malware threats from reaching inboxes.

To protect your employees against phishing attacks and malware, an advanced email security solution is essential. If you use Office 365 for email, do not rely on Office 365 email security. You will need greater protection than Exchange Online Protection provides to protect against phishing, spear phishing, and zero-day threats.

SpamTitan has multiple detection mechanisms to identify and block the full range of email threats. SpamTitan incorporates SPF and DMARC to provide protection against email impersonation attacks, machine learning algorithms and predictive technology to protect against zero-day attacks, advanced phishing protection from whaling and spear phishing attacks by scanning inbound email in real-time, dual antivirus engines to block malware threats, and sandboxing for in depth analysis of suspicious attachments. SpamTitan also includes 6 specialist RBLs, supports whitelisting, blacklisting, and greylisting, and incorporates multiple threat intelligence feeds.

There is an increased risk of insider threats with remote workers. To provide protection and to prevent accidental policy violations, SpamTitan incorporates a data loss prevention filter to stop credit card numbers, Social Security numbers, and other data types from being sent via email.

No email security solution will be able to block 100% of email threats, 100% of the time. It is therefore important to provide regular cybersecurity training to employees to make them aware of phishing threats, train them how to identify a phishing email or social engineering scam, and to condition remote employees how to respond should a threat be received. Phishing simulation exercises are also useful to find out which employees require additional training and to identify possible gaps in training programs. IT security basic training refreshers should also be provided to ensure employees know what can and cannot be done with work devices.

Multifactor authentication must be implemented on all applications and email accounts to provide protection in the event of an account compromise. If credentials are stolen and used from a previously unknown location or an unfamiliar device, a second authentication factor must be provided before access is granted. You should also disable macros on all user devices, unless a specific user needs to use macros for work.

To find out more about how you can improve email security for remote workers, give the TitanHQ team a call today. You can arrange a demonstration to see SpamTitan in action and you can also sign up for a free trial to put SpamTitan to the test in your own environment.

TrickBot Trojan Now Includes Module for Brute Force RDP Attacks

The TrickBot Trojan is a sophisticated banking Trojan that was first identified in 2016. While the malware was initially just an information stealer concerned with stealing online banking credentials, the malware has evolved considerably over the past four years and several modules have been added that provide a host of additional malicious capabilities.

The TrickBot Trojan’s information stealing capabilities have been significantly enhanced. In addition to banking credentials, it will steal system and network information, email credentials, tax data, and intellectual property. TrickBot is capable of moving laterally and silently infecting other computers on the network using legitimate Windows utilities and the EternalRomance exploit for the SMBv1 vulnerability. The malware can add a backdoor for persistent access. TrickBot also serves as a malware downloader and will download other malicious payloads, including Ryuk ransomware.

The Trojan is frequently updated and new variants are regularly released. The Command and Control infrastructure is also constantly changing. According to an analysis by Bitdefender, more than 100 new IPs are added to its C&C infrastructure each month with each having a lifespan of around 16 days. The malware and its infrastructure are highly sophisticated, and while steps have been taken to dismantle the operation, the attackers are managing to stay one step ahead.

TrickBot is primarily distributed by spam email through the Emotet botnet. Infection with Emotet sees TrickBot downloaded, and infection with TrickBot sees a computer added to the Emotet botnet. Once all useful information has been obtained from an infected system, the baton is passed over to the Ryuk ransomware operators with a reverse shell opened giving the Ryuk ransomware operators access to the system.

A recent analysis of a variant captured by Bitdefender on January 30, 2020 has shown another method of distribution has been added to its arsenal. The Trojan now has a module for bruteforcing RDP. The brute force RDP attacks are mainly being conducted on organizations in the financial services, education, and telecom industries and are currently targeted on organizations in the United States and Hong Kong at this stage, although it is likely that the attacks will spread geographically over the coming weeks. The attacks are being conducted to steal intellectual property and financial information.

Since the TrickBot Trojan is modular, it can be constantly updated with new features and the evolution of the malware so far, and its success, means it will continue to be a threat for some time to come. Fortunately, it is possible to prevent infections by practicing good cyber hygiene.

Spam is still the primary method of delivery for both the Emotet Trojan and TrickBot so an advanced spam filter is essential. Since new variants are constantly being released, signature-based detection methods alone are insufficient. SpamTitan incorporates a Bitdefender-powered sandbox to analyze suspicious email attachments for malicious activity. This ensures the malicious activity of never-before-seen malware variants is identified and the emails are quarantined before they can cause any harm.

If you don’t need RDP, ensure it is disabled. If you do, ensure access is restricted and strong passwords are set. Use rate limiting to block login attempts after a set number of failures and ensure multifactor authentication is implemented to stop stolen credentials from being used.

For further information on SpamTitan Email Security and to find out how you can improve your defenses against email and web-based attacks, contact the TitanHQ team today.

Beware of COVID-19 Phishing Emails

Several new COVID-19 phishing email campaigns have been detected over the past few days that are exploiting fear about the novel coronavirus pandemic to deliver computer viruses and steal sensitive information.

People are naturally worried about getting infected with the real virus especially with the high fatality rate, so emails related to COVID-19 are likely to be opened.

Some of the phishing emails that have been intercepted are easy to identify as malicious. They are poorly written with spelling mistakes and grammatical errors, but some campaigns have been expertly crafted and are highly convincing and are likely to catch out many people.

The first COVID-19 phishing campaigns were detected in January and the number has steadily grown over the past few weeks. Many different threat groups are now using COVID-19 phishing lures to fool the unwary into disclosing credentials, visiting malicious links, or downloading malware.

The World Health Organization (WHO) has issued a warning after several phishing campaigns were detected that impersonated WHO. The emails claimed to provide essential information about cases in the local area along with advice on how to avoid infection. One of the most recently detected campaigns claimed to provide “Coronavirus Updates” with the emails containing a ZIP file attachment that appeared to be a PDF file – MYHEALTH.PDF. However, the file was actually an executable file – MYHEALTH.exe. If the file was opened, it triggered the download of GULoader, which in turn downloads Formbook malware from Google Drive. Another similar campaign included a Word attachment that downloaded the TrickBot Trojan, which is being used to deliver Ryuk ransomware as a secondary payload.

The Centers for Disease Control and prevention is also being impersonated. One campaign claims the novel coronavirus had become an airborne threat and warns of new cases in the local area. The emails appear to have been sent from a legitimate CDC email account – CDC-Covid19[@]cdc.gov. The emails include an attachment titled “Safety Precautions” which appears to be an Excel spreadsheet, but it actually a .exe executable file. Double clicking on the file attachment triggers the download of a banking Trojan.

Email and text-based phishing campaigns are targeting UK taxpayers and impersonate HM Revenue and Customs (HMRC). The emails include a legitimate HMRC logo and advise the recipients about a new COVID-19 tax refund program. According the emails, the refund program was set up in cooperation with National Insurance and National Health Services and allows taxpayers to claim back tax to help deal with the coronavirus pandemic. In order to receive the refund, the user is told they must supply their name, address, mother’s maiden name and their bank card number.

In the past few days, a web-based malware distribution campaign has been identified. Several websites are now displaying world maps and dashboards that allow people to track the spread of the virus and find out about the location of new cases. People are naturally concerned about cases in their local area, and the website maps are attracting a lot of visitors.

Shai Alfasi, a security researcher at Reason Labs, discovered several websites using fake versions of maps and dashboards. The websites prompt users to download an application that allows them to track infections in real-time. The application is an executable file that delivers the AZORult information stealer.

With COVID-19 infections increasing and showing no sign of slowing, COVID-19 phishing campaigns are likely to continue. Organizations should raise awareness of the threat of COVID-19 phishing attacks with their employees and ensure appropriate technical solutions are implemented to block web and email-based attacks. TitanHQ can help with the latter and can provide advanced email and web security solutions to block these attacks. If you have not yet implemented a web filter or email security solution to protect your Office 365 accounts, now is a good time to start. Contact TitanHQ today for further information.

Tax Season Phishing Scams and Malspam Campaigns Start in Earnest

Tax season is now underway and business email compromise scammers have stepped up their efforts to obtain W-2 forms for tax fraud. These attacks often start with spear phishing emails targeting the CEO and the executive board. Once email credentials have been obtained, the accounts are then accessed, and emails are sent internally to payroll and the HR department requesting the W-2 forms of employees who have worked in the previous tax year.

Scammers targets businesses as there is much greater potential for profit than attacks on individual taxpayers, although consumers also need to be wary of IRS-related phishing scams. This time of year sees an increase in IRS phishing scams. Scammers impersonate the IRS and send emails informing taxpayers about a tax refund that is due and demands are sent for outstanding tax, with threats of dire consequences if prompt action is not taken to address issues.

Advances in email security have meant cybercriminals have had to get creative as it is harder to sneak phishing emails past email defenses. Phishing scams are now commonly initiated via text message, post, and over the telephone. There has already been one campaign identified where consumers are being targeted using robocalls warning that Social Security numbers have been suspended after suspicious activity was detected.

While many of these scams seek personal information, others are conducted to spread malware. One threat group that started its tax-related scams early this year is the Emotet gang. A campaign is currently being conducted that uses emails containing fake signed W-9 forms.

Signed W-9 forms are requested by companies from their contractors if they have been paid in excess of $600 during the tax year. Many companies will have requested signed W-9 forms from their contractors to confirm addresses and tax identification numbers, so they will be expecting copies of these forms in their inboxes.

The Emotet emails are short and to the point, saying “Thank you for your help. Pleased see attached file.” The emails include a Word document attachment named W-9.doc. When the document is opened, the Office 365 logo is displayed along with text stating the document was created in OpenOffice and requires the user to enable editing and enable content. Doing so triggers the silent download of the Emotet Trojan.

This is just one of the tax-related messages being used by the Emotet gang. There are likely to be many more variants sent over the next few weeks. Other cybercriminals gangs will similarly be conducting their own tax-themed phishing campaigns to spread different malware variants and ransomware.

Businesses, tax preparers, and consumers need to be on high alert during tax season for phishing scams and emails spreading malware.

Now is a good time for businesses to review their cybersecurity defenses and enhance protection against phishing and malware attacks. If you use Office 365 and rely on the anti-phishing protections built into Office 365 (EOP), you should consider enhancing your anti-phishing and anti-malware protection with a third-party spam filter – One that has superior malspam detection capabilities.

This is an area where TitanHQ can help. SpamTitan uses a variety of advanced techniques to detect and block phishing threats and zero-day malware, including a sandbox where unknown and suspicious email attachments are subject to in-depth analysis. Give the TitanHQ team a call to find out more about SpamTitan, improving office 365 malware and phishing protection, and to arrange a product demonstration and free trial of SpamTitan.

In the meantime, take steps to alert your workforce about tax-season phishing scams and prepare them in case a phishing email arrives in their inbox. An email alert sent to your employees about the threat of tax-season scams could prevent a costly phishing attack or malware infection.

How to Improve Your Email Defenses and Block Spear Phishing Attacks

The majority of businesses have experienced a phishing attack in the past year, and according to one survey on SMBs in the United States, 72% have experienced a phishing attack in the past 3 months.

In healthcare, phishing is the leading cause of data breaches by some distance. In November 2019, there were 17 phishing-related data breaches reported to the Department of Health and Human Services Office for Civil Rights out of 33 for the month. Since OCR only makes breach reports public if they have resulted in the exposure of 500 or more records, the total number of phishing attacks is likely to be substantially higher.

Phishing attacks are increasing, and the reason is simple. Phishing is the easiest way of attacking an organization to deliver malware or obtain sensitive information. That is because phishing targets the weakest link: Employees. Employees are getting better at identifying phishing emails through security awareness training, but cybercriminals have responded and are now conducting highly sophisticated phishing attacks that are much harder for employees to identify.

There has also been an increase in spear phishing attacks. This is a much more targeted form of phishing. Instead of millions of emails being sent out in a campaign, only a handful are sent or to very specific targets. The emails are written to maximize the chances of success and are usually personalized.

So how can a business improve its defenses against phishing and spear phishing? Unfortunately, there is no silver bullet. Businesses need to take a defense in depth approach to significantly improve resilience to phishing attacks.

The best place to start is with an advanced email security solution. Phishing requires some form of manual action in order to succeed. If you prevent phishing emails from reaching inboxes, employees will not be able to click on links or download malware. An advanced email security solution will be able to block the vast majority of phishing emails before they reach your email system.

You will no doubt already have a spam filtering solution in place, but is it effective? Are phishing emails still being delivered? One common mistake made by SMBs is to believe that their Office 365 environment is well protected by default, when the reality is Exchange Online Protection (EOP) that comes with Office 365 fails to block many phishing attempts. One study showed 25% of phishing emails were not blocked by EOP. If you want to improve your defenses against phishing, you should use a third-party anti-spam and anti-phishing solution on top of EOP: One that compliments EOP but provides greater protection. SpamTitan for example.

With more phishing emails being blocked, your security posture will be much improved, but you can’t stop there. No anti-phishing solution will block all phishing threats, 100% of the time. Since all it takes is for one phishing email to be clicked for a data breach to occur, you need to add another layer to your defenses.

A DNS filtering solution provides protection against the web-based part of phishing attacks. When an employee clicks a link in an email and is directed to a fake Office 365 login page or a site where malware is downloaded, the attempt to access the site will be blocked.

A DNS filter blocks attempts to access phishing sites at the DNS lookup stage, before any web content is downloaded. If an attempt is made to access a phishing site, the employee will be directed to a block page before any harm is done. DNS filters can also block malware downloads from sites that are not yet known to be malicious.

Employees are the weak link that are targeted by cybercriminals so it is important they are trained how to recognize phishing emails. You should provide security awareness training regularly to develop security aware culture in your organization. Over time, employees can be conditioned to respond correctly and report phishing threats to the security team. Also conduct phishing simulation exercises to make sure training has been effective. A failed phishing simulation allows you to identify a weak link and provide further training.

If all of the above defenses have failed, there is another layer that can keep your business protected: Multi-factor authentication. MFA requires another factor to be used before access to an email account or other system is provided. If an employee’s login credentials are disclosed in a phishing attack, MFA should stop those credentials from being used by a cybercriminal to access to gain access email accounts and other systems.

All of these layers are necessary to block today’s sophisticated phishing threats. It may seem like a lot of expense, but the above anti-phishing measures need not be expensive. TitanHQ can’t train your employees to be security titans, but through SpamTitan Email Security and WebTitan DNS filtering, phishing threats can be blocked.

To find out more about improving your defenses against phishing, give the TitanHQ team a call today.

Employee Susceptibility to Phishing Emails Highlights Need for Strong Email Security

IT professionals have long known that employees are a weak link in the security chain. Recent studies have confirmed this to be the case. Employees are poor at identifying phishing emails and other email-based threats and, to be fair on employees, many have received no training and phishing scams are becoming much more targeted and sophisticated.

The number of successful phishing attacks on businesses is difficult to determine, as many attacks go unreported, even when they result in the exposure of consumer data. In regulated industries, such as the healthcare industry in the United States, the picture is much clearer.

The Health Insurance Portability and Accountability Act – or HIPAA as it is better known – requires healthcare organizations to report breaches of patient information. Summaries of data breaches of 500 or more records are also made public and can be seen on the Department of Health and Human Services’ Office for Civil Rights data breach portal.

In 2019 alone, there have been at least 147 incidents of hacking of email accounts. The cost of those breaches is staggering. In those 147 incidents, the hacked email accounts contained the records of 2,762,691 individuals. According to the Ponemon Institute/IBM Security 2019 Cost of a Healthcare Data Breach report, the cost per exposed healthcare record is $423. Those breaches are therefore likely to have cost $1,168,618,293.

A recent study conducted by GetApp confirmed how often employees are fooled by phishing attacks in other industries. For the study, 714 individuals were surveyed from a range of businesses in the United States. Almost a quarter of those businesses have experienced at least one successful phishing attack and 43% of employees said that someone in their organization had clicked on a phishing email.

The aim of the study was to explore whether businesses were providing security awareness training to their employees to help them identify phishing emails. Only 27% of organizations did. It is therefore no surprise that employees often fall for phishing scams.

The provision of security awareness training, with a particular focus on phishing and social engineering, is vital. Even with layered defenses, some phishing emails will arrive in inboxes, so employees need to be taught the skills they need to help them identify email threats. Employees should then be tested by conducting phishing email simulations. That allows businesses to find out if the training has been taken on board. Without training and testing, employees will remain a liability. Over time their phishing identification shills will improve.

It is worth noting that security awareness training for employees is a requirement of HIPAA, yet many employees are still fooled. Training and phishing simulations can help reduce an organization’s susceptibility to phishing attacks, but employees, being human, will still make mistakes.

The solution is layered defenses. No one cybersecurity solution will block all phishing attempts, and certainly not without also blocking many legitimate email communications. Multiple solutions are therefore required.

It is essential for advanced email security defenses to be implemented to block phishing emails and make sure phishing and malspam (spam emails containing malware) never reach inboxes. That means an advanced spam filtering solution is a must.

SpamTitan for has been independently tested and shown to block in excess of 99.9% of spam emails and 100% of emails containing known malware. SpamTitan also blocks zero-day threats using a combination of advanced detection techniques. This is achieved through heuristic analyses, blacklists, trust scores, greylisting, sandboxing, DMARC, and SPF to name just a few.

SpamTitan has also been developed to compliment Office 365 security and provide a greater level of protection against phishing and other malicious email threats. It should be noted that Microsoft’s Exchange Online Protection was recently shown to allow 25% of phishing emails through.

Should phishing emails arrive in inboxes and be opened by end users, other controls are required to prevent clicks from resulting in malware infections or the theft of credentials. Here a web filtering solution such as WebTitan is important. When a link in an email is clicked, before the webpage is displayed, the URL and the content of the webpage is checked and the user is prevented from visiting the webpage if it, or its domain, is associated with phishing or malware distribution. Malware downloads can also be blocked from websites, even those with a high trust score. Together these solutions form the backbone of your phishing defenses. Further, these two solutions are quick and easy to implement, simple to use and maintain, and they are inexpensive.

Add antivirus protection, multi-factor authentication, and end user training, and you will be well protected from phishing and email and web-based malware attacks.

For further information on improving your defenses against phishing, spear phishing, and malware, give the TitanHQ team a call today.

If you are a managed service provider, contact the TitanHQ channel team and discover why TitanHQ is the leading provider of cloud-based email and web security solutions for MSPs serving the SMB market.

Business Software Review Sites Show SpamTitan is Huge Hit with Users

Over the past 2 decades TitanHQ has been developing powerful cybersecurity solutions for SMBs and managed service providers (MSPs) that serve the SMB market. Naturally at TitanHQ we have great belief in our email security solution, SpamTitan. We believe it is the ideal spam filtering solution for SMBs and MSPs for preventing a myriad of email threats from reaching inboxes.

TitanHQ is the leading provider of cloud-based email security to MSPs serving the SMB market. We regularly receive positive feedback from MSPs and SMBs about how the solution has saved them hours of work compared to other email security solutions and has helped them improve email security and block more spam and stop malware and ransomware from reaching inboxes.

Positive feedback from end users proves we are getting it right and it inspires us to continue improving the solution to ensure it will keep on protecting our customers from malware, ransomware, viruses, botnets, and social engineering and phishing attacks for many years to come.

The positive feedback is not only provided to our engineers and customer service and sales teams. IT decision makers have posted highly positive reviews on the top business software review platforms and are letting other IT professionals know about their experiences implementing the solution, integrating it with their other cybersecurity solutions and management platforms, and what it is like to use SpamTitan on a daily basis.

In fact, across the different business review sites, SpamTitan has consistently received high scores. There is no other email security product on the market that has achieved such a wealth of positive reviews and feedback from end users.

Some of the positive reviews across the leading business software review sites are detailed below:

Gartner Peer Insights

Gartner Peer insights is one of the most highly respected review platforms from the world’s leading business advisory and research company. While Gartner strictly polices the review site, Gartner is unbiassed and has no hidden agenda. The review platform gives IT professionals the opportunity to give their honest feedback on software solutions that they have implemented to help other IT professionals save time and money in their search.

36 qualified users of SpamTitan have left reviews on the site and the solution has achieved highly positive feedback with an average user score of 4.7 out of 5.

“SpamTitan has been a very responsive vendor to work with, both during the sales process and with post-sales support. Tickets are responded to within several hours and often resolved within a day. The product itself is very MSP-friendly supporting delegation to client admins, multiple delivery pools, and attractive pricing. The catch rate is better than Exchange Online.”
Microsoft Team Lead in the Services Industry

“SpamTitan takes a little technical knowhow, but it’s powerful, flexible and affordable.” Director of IT and Telecom in the Healthcare Industry.

“SpamTitan is superb giving control back to the user and giving time back to IT staff. The product is amazing, it stopped 99% of spam and gives total control back to the user, it is web based and was easy to migrate to. The support and migration management from TitanHQ was brilliant.” IT Security Manager in the Manufacturing Industry.

G2 Crowd

G2 Crowd is one of the leading business software review sites. 139 verified users of SpamTitan have left reviews on the site and the solution has achieved an overall score of 4.6 out of 5. SpamTitan has been rated consistently highly in all rating categories, achieving 9.3 out of 10 for meets requirements and ease of doing business with, 9.2 for ease of setup and quality of support, 9.1 for ease of use, and 9.0 for ease of admin.

Additionally, each quarter, G2 Crowd compiles its Email Security Grid and rates solutions based on customer feedback and market presence. For four consecutive quarters, SpamTitan has been the Top Email Security Solution.

“I really like the customization that is available for this product. We have total control over the spam filter environment for all our customers. The environment is stable which is very important to us and our customers. The support staff was great when we were getting our environment configured. They were quick to reply to emails and reach out to assist us as needed. The spam filtering is top-notch and much better than other products we have used.”
Jeff Banks, Director Of Technology.

Antispam that is affordable, flexible and powerful.” Mike S, Director of IT and Telecommunications.

“Cloud Version is Great for Managed Service Providers.” Andrew B, Vice President.

“Minimizes our exposure to harmful malware and junk emails.” David C, Outreach Specialist.

Google Reviews

112 users of SpamTitan have taken the time to submit their feedback to Google Reviews. The solution is consistently given top marks by users and has achieved an overall review score of 4.9 out of 5.

Some of the positive feedback from users includes:

“TitanHQ is an excellent solution which ticks many boxes. It’s simple to setup, and gives a huge range of functionality all from within one place. My experience of the Support help desk has been great with a team that really do know their product. I highly recommend TitanHQ.” Chris Bell.

“The Titan Span filter is by far one of the best email filters I have ever used. It was simple to setup, it allows users to release their own emails from quarantine quick and easy.” Joseph Walsh.

“Great product. Spam reduced to almost zero and no user complaints. Configuration is simple and support is awesome. Love it!” George Homme.

Capterra

Capterra is a leading software review site that has been active for 20 years. The site has now been purchased by Gartner which moderates reviews on the site.  Capterra includes more than 700 categories of software products and is one of the most highly respected business software review sites. It is relied upon by IT decision makers the world over.

SpamTitan has been reviewed by 379 users and has achieved an overall review score of 4.6 out of 5.

“It’s as close to “set it and forget it” as you can come in the IT field. Right out of the box support helped me set everything up in less than 20 minutes, no hardware to worry about, nothing like that. Literally all I have to do is check to see if something was blocked incorrectly once in a while, white list it, and done. I’ve been using spam titan for almost a year and in that time we have blocked over 200k spam/malicious emails for a 30 person company before they even hit employee mailboxes. I shut off the service for 48 hours just to make sure it easy legit, it was, and I haven’t shut it off again since. Whitelisting and blacklisting domains and specific emails are super easy. Support Staff are awesome and go into detail when resolving problems if they were to arise or even if you just have a question. They have always been friendly and courteous and super personable and have been some of the best people to work with in all my years doing IT.” Benjamin Jones, Director Of Information Technology.

“SpamTitan has saved me, saved my company time, and has some of the best support people around. It’s as close to “set it and forget it” as you can come in the IT field. Right out of the box support helped me set everything up in less than 20 minutes, no hardware to worry about, nothing like that. Literally all I have to do is check to see if something was blocked incorrectly once in a while, white list it, and done. I’ve been using spam titan for almost a year and in that time we have blocked over 200k spam/malicious emails for a 30 person company before they even hit employee mailboxes.” Benjamin J, Director of Information Technology.

Spiceworks

Members of the Spiceworks community have also rated SpamTitan highly. The solution has been reviewed by 56 users and has an overall rating of 4.6 out of 5.

Software Advice

The software review site Software Advice includes 350 reviews of SpamTitan from business users and has achieved an average score of 5.58 out of 5.

SpamFilterReviews

According to SpamFilterReviews, SpamTitan is the top-rated spam filtering solution on the site with a score of 4.9 out of 5.

8 Essential Email Security Best Practices for SMBs

The aim of this post is to provide you with some easy to adopt email security best practices that will greatly improve your organization’s security posture.

Email is the Most Common Attack Vector!

It is a certainty that business email systems will be attacked so email security measures must be implemented. The best form of email security is to do away with email altogether, but since businesses rely on email to communicate with customers, partners, and suppliers, that simply isn’t an option.

Email not only makes it easy to communicate with the people you need to for your business to operate, it also allows cybercriminals to easily communicate with your employees and conduct phishing attacks, spread malware and, if a corporate email account is compromised, communicate with your customers, partners and suppliers.

Email security is therefore essential, but there is no single solution that will protect the email channel. A spam filtering solution will stop the majority of spam and malicious email from reaching inboxes, but it will not block 100% of unwanted emails, no matter what solution you implement. The key to robust email security is layered defenses. If one defensive measure fails, others are in place that will provide protection.

You need a combination of technical, physical, and administrative safeguards to secure your email. Unfortunately, there is no one-size-fits-all approach that can be adopted to secure the email channel but there are email security best practices that you can adopt that will improve your security posture and make it much harder for cybercriminals to succeed.

With this in mind, we have outlined some of the most important email security best practices for your business and your employees to adopt.

Email Security Best Practices to Implement Immediately

Cybercriminals will attempt to send malware and ransomware via email, and phishing tactics will be used to steal sensitive information such as login credentials, so it is important to be prepared. Listed below are 8 email security best practices that will help you keep your email system secure. If you have not yet implemented any of these best practices, or have only done so partially, now is the time to make some changes.

Develop a Cybersecurity Plan for Your Business

We have included this as the first best practice because it is so important. It is essential for you to develop a comprehensive cybersecurity plan for your entire organization as not all threats arrive via email. Attacks come from all angles and improving email security is only one of the steps you need to take to improve your overall cybersecurity posture.

There are many resources available to help you develop a cybersecurity plan that addresses all cyber risks. The Federal Communications Commission has developed a Cyberplanner to help with the creation of a custom cybersecurity plan and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has recently issued a Cyber Essentials Guide for Small Businesses and Governments. Take advantage of these and other resources to develop an effective cybersecurity plan.

Implement an Advanced Spam Filtering Solution

A spam filter serves as a semi-permeable membrane that prevents email threats from being delivered to inboxes and lets genuine emails pass through unimpeded. This is the single most important security measure to implement to protect against email threats and productivity-draining spam.

If you use Office 365 you will already have some protection, as Office 365 includes a spam filter and anti-virus software, but it falls short on phishing protection and will not block zero-day malware threats. You need layered defenses to secure email which means a third-party spam filter should be used on top of Office 365. Research from Avanan showed 25% of phishing emails bypass Office 365 defenses.

There are many spam filtering services for SMBs, but for all round protection against known and zero-day threats, ease of implementation, ease of use, and price, SpamTitan is the best choice for SMBs.

Ensure Your Anti-Virus Solution Scans Incoming Emails

You will no doubt have anti-virus software in place, but does it scan incoming emails? Email is one of the main ways that malware is delivered, so anti-virus software for email is a must. This does not necessarily mean you need a different antivirus solution. Your existing solution may have that functionality. Your spam filter is also likely to include AV protection. For example, SpamTitan incorporates dual anti-virus engines for greater protection and a sandbox where email attachments are analyzed for malicious actions. The sandbox his used to detect and block zero-day malware – New, never-before seen malware variants that have yet to have their signatures incorporated into AV engines.

Create and Enforce Password Policies

Another obvious email security best practice is to create a password policy that requires strong passwords to be set. There is no point creating a password policy if it is not enforced. Make sure you implement a control measure to prevent weak passwords from being set. Weak passwords (password, 123456, or dictionary words for example) are easy to remember but also easy to guess. Consider that cybercriminals are not sitting at a computer guessing passwords one at a time. Automation tools are used that make thousands of password guesses a minute. It doesn’t take long to guess a weak password! You should also make sure rate limiting is applied to block an IP from logging in after a set number of failed login attempts.

It is a good best practice to require a password of at least 8 characters to be set, with a combination of upper- and lower-case letters, numbers, and symbols and to block the use of dictionary words. Consider allowing long passphrases to be used as these are easier for employees to remember. Check National Institute of Science and Technology (NIST) advice on secure password practices if you are unsure about creating a password policy.

Implement DMARC to Stop Email Impersonation Attacks and Domain Abuse

DMARC, or Domain-based Message Authentication, Reporting & Conformance to give it its full name, is an email protocol that uses Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to determine whether an email is authentic.

By creating a DMARC record you are preventing unauthorized individuals from sending messages from your domain. DMARC also lets you know who is sending messages from your domain, and it lets you set a policy to determine what happens to messages that are not authenticated, I.e. quarantine them or reject them. Some email security solutions, such as SpamTitan, incorporate DMARC authentication.

Not only DMARC help you block email impersonation attacks, it also prevents abuse of your domain. Your DMARC record tells receiving email servers not to accept messages sent from authenticated users, thus helping protect your brand.

Implement Multi-Factor Authentication

Multi-factor authentication is yet another layer you can add to your anti-phishing defenses. Multi-factor authentication, as the name suggests, means more than one method is used to authenticate a user. The first factor is usually a password. A second factor is also required, which is something a person knows or possesses. This could be a mobile phone, to which a one-time PIN code is sent, or a token on a trusted device.

This safeguard is vital. If a password is obtained, in a phishing attack for example, the password alone will not grant access to the email account without an additional factor being provided. A combination of a password, token, and one-time PIN is a good combination.

Train Your Employees and Train Them Again

No matter how tech savvy your employees appear to be, assume they known nothing about cybersecurity. They will certainly not routinely stick to email security best practices unless you train them to do so and then hammer the message home.

Before letting any employee have access to email, you should provide security awareness training. Your training should cover email security best practices such as never opening email attachments from unknown senders, never enabling content in documents unless the document has been verified as legitimate, and never to click hyperlinks in emails or send highly sensitive information such as passwords via email.

You must also train your employees how to recognize phishing emails and other malicious messages and tell them what to do when suspicious emails are received. Anyone with access to email or a computer must be provided with security awareness training, from the CEO down.

One training session is not enough. Even an annual training session is no longer sufficient. You should be providing regular training, be sending cybersecurity newsletters warning about the latest threats, and using other tools to help create a security culture in your organization.

Conduct Phishing Awareness Simulation Exercises

You have provided training, but how do you know if it has been effective? The only way to tell is to conduct tests and that is easiest with phishing simulation exercises. These are dummy phishing emails that are sent to employees when they are not expecting them to see how they respond. You maybe surprised at how many employees respond and disclose sensitive information, open attachments, or click links in the emails.

The aim of these emails is to identify people that have not taken their training on board. The idea is not to punish those employees, but to tell you who needs further training. There are several companies that can assist you with these exercises. Some even offer free phishing simulation emails for SMBs.

TitanHQ is Here to Help!

TitanHQ has developed SpamTitan to be easy for SMBs to implement, use, and maintain. It requires no hardware, no software, and all filtering takes place in the cloud. Not only does SpamTitan offer excellent protection against the full range of email-based threats, it is also one of the lowest cost solutions for SMBs to implement.

Give the TitanHQ team a call today for more information on SpamTitan and to find out about how you can also protect your business from web-based threats and meet your compliance requirements for email.

VadeSecure Vs SpamTitan Email Security

SMBs and Managed Service Providers (MSPs) that serve the SMB market have many spam filtering services to choose from. In this post perform a VadeSecure vs SpamTitan Email Security comparison to help you decide on the best solution to meet the needs of your business.

Who are VadeSecure?

VadeSecure is a French company that was founded in 2009. The company has developed a predictive email defense solution to protect businesses from email-based threats and spam email, and also consumers through their ISPs. The company has yet to make great inroads in the MSP market, although that is part of the company’s plan, having recently raised $79 million in venture capital to help them achieve this aim.

SpamTitan Email Security from TitanHQ

TitanHQ is the leading provider of cloud-based email and web security solutions for MSPs that serve the SMB market. TitanHQ has more than 2 decades of experience in email and web security and has developed two award winning solutions for MSPs – WebTitan (Web Security) and SpamTitan Email Security. Here we will focus on SpamTitan Email Security.

VadeSecure vs SpamTitan Email Security

Take a quick look at VadeSecure and SpamTitan Email Security and you may think that both solutions are very similar, and in some respects they are. Both are cloud-based email security solutions that have been designed to block email threats and keep inboxes free from spam and malicious messages and attachments. Both solutions have been developed to provide an additional security layer for Office365 to block the many spam and malicious messages that bypass O365 security controls.

However, there are some very important differences between the solutions as far as MSPs are concerned. VadeSecure has been developed solely for the Telco market, but MSPs have unique requirements that are not well catered to. A deeper dive into the products and a more thorough comparison of VadeSecure vs SpamTitan Email Security from an MSP perspective reveals the two solutions are very different products.

SpamTitan is very much MSP focused. Over time, with the increased investment, VadeSecure may become a more MSP friendly solution, but as it stands VadeSecure and SpamTitan Email Security are not equivalent solutions.

Comparison of VadeSecure and SpamTitan Email Security for MSPs

SpamTitan Email Security has been developed by MSPs for MSPs. SpamTitan Email Security is therefore a very MSP-focused product, which incorporates many MSP-friendly features. SpamTitan is a true multi-tenant solution. With SpamTitan Email Security, MSPs are given a multi-tenancy view of all customers with multiple management roles. This allows MSPs to easily monitor all customer deployments and the trial-base, assess the health of those deployments, view activity volumes across your entire customer base, and quickly identify any issues that need to be addressed. VadeSecure lacks this customer-wide view of the system and does not integrate with RMMs or PSAs.

Configurability and Customization Potential

Configurability is also a key consideration. VadeSecure is not easily configurable to meet your needs. For instance, it does not support custom rules, so you have to use Office 365 Exchange admin functionality for configuration. In a similar vein, the potential for customization is limited with VadeSecure. With SpamTitan Email Security, there is plenty of scope for customization. You can create custom rules to meet the needs of your customer base thanks to highly granular controls that can be applied to domains, groups, or individual users. This level of granularity is important, as it allows you to carefully configure the solution to meet the needs of each client. You can tailor the solution to suit the risk tolerance of each individual client and adopt a more aggressive or more permissive approach on a per client basis and minimize false positives and false negatives. VadeSecure lacks the granularity to allow this for each customer.

Management and Reporting

You are implementing email security to provide your customers with greater security, but you need to make sure the solution remains effective over time. You will therefore need to identify issues as they arise and perform tweaks to continue to protect your clients to the highest degree. To achieve this, you need highly granular reports. Without them you will not have the visibility you need. SpamTitan’s suite of pre-configured and customizable reports give you full visibility into your deployments to allow you to quickly identify and correct any issues.

You can also generate reports (manually or automatically) that you can send to your clients to show them how effective the solution is, the threats that are being blocked, and why continued protection is essential. With VadeSecure you lack this visibility and cannot find out what has been blocked for end users or obtain detailed information on spam emails and threats.  Client management is also more difficult with VadeSecure. MSPs need to login to each client’s Office 365 environment for management, which makes reporting much more time consuming.

Revenue Potential and Margins

Because SpamTitan allows MSPs to customize their deployments, MSPs have superior management capabilities and can offer clients greater value, which means greater margin potential for MSPs. It also makes it harder for clients to switch providers as their MSP is more of a strategic partner rather than just an IT service provider.

With TitanHQ there is also greater potential to make more margin by cross selling other services. MSPs that sign up with TitanHQ and join the TitanShield program have access to two other revenue generating solutions: WebTitan DNS filtering and ArcTitan Email Archiving. These allow you to maximize monthly recurring revenue with each client. Additional revenue-generating solutions are not available with VadeSecure.

VadeSecure Vs SpamTitan Email Security Pricing

Currently, pricing with VadeSecure is complex and the solution is expensive for MSPs. VadeSecure is charged on a per module basis, which means you need to factor in a lot of additional costs, such as anti-virus protection and GreyMail which are not included as standard. With SpamTitan there is one flat fee that includes all features of the solution. TitanHQ pricing is totally transparent and there are no hidden extras.

After speaking with customers that have tried VadeSecure, we have learned that the total number of users are not aggregated into the MSP discount with VadeSecure. You could have 100 x 10-seat licenses (1,000 users), but VadeSecure pays at 10 seats each and not the 1,000 seats overall. In contrast, TitanHQ’s appreciates how MSPs work and has developed a flexible pricing policy accordingly.

Quick Comparison of Features

In the image below we have compared the basic features of both SpamTitan and VadeSecure as a quick reference to show you some of the key differences between VadeSecure and SpamTitan Email Security.

VadeSecure Vs SpamTitan

MSPs that serve customers with Office 365 environments should adopt a layered approach to security and should not rely on the anti-spam and anti-phishing defenses incorporated into Office 365. Additional layers are required to better protect clients, which will mean you spend less time on support and remediating phishing attacks.

TitanHQ can provide two additional layers to your security stack: SpamTitan and WebTitan, both of which work seamlessly together to protect against all email and web-based threats.

To find out more about these solutions, how you can reduce the cost of email security and web security for your customers while earning a profitable margin, contact the TitanHQ team today and ask to speak to the channel team.

Top 10 Cybersecurity Threats SMBs Must Address

Cybercriminals are inventive and their attacks are becoming increasingly sophisticated. To help ensure you are prepared and can defend your business against these attacks, we have listed the top 10 cybersecurity threats your business is likely to face, along with some tips to help you prevent a costly data breach.

Cybercriminals are not just trying to attack large enterprises. Sure, a cyberattack on a large healthcare system or blue-chip company can be incredibly rewarding, but the defenses they have in place make attacks very difficult. SMBs on the other hand have far fewer resources to devote to cybersecurity and as a result they are easier to attack. The potential rewards may not be as great, but attacks are more likely to succeed which means a better return on effort. That is why so many SMBs are now being attacked.

There is a myriad of ways that a company can be attacked, and the tactics, techniques and procedures used by cybercriminals are constantly changing. The top 10 cybersecurity threats listed below include the main attack vectors that need to be blocked and will serve as a good starting point on which you can build a robust cybersecurity program.

Top 10 Cybersecurity Threats Faced by SMBs

We have listed the top 10 cybersecurity threats that SMBs need to defend against. All the threats listed below need to be addressed as any one of them could easily result in a costly data breach, data loss, or could cripple your business. Some of the threats listed below will be harder to address than others, and it will take time for your cybersecurity defenses to mature. The important thing is to start the ball rolling and address as many of these areas as soon as possible.

Human Error and Insider Threats

We have listed human error first, as it doesn’t matter what hardware and software solutions you implement, human error can easily undo much of your good work. Mistakes will be made by employees on occasion. What you need to do is reduce the potential for errors and limit the harm that can be caused.

Developing robust policies and procedures and providing training will help to ensure that your employees know how to act and more importantly, how not to.

Mistakes are not the only thing you need to take steps to try to prevent. There may also be individuals on your payroll who will take advantage of poor security for personal gain. You will also need to tackle the problem of insider threats and make it harder for rogue employees to cause harm and steal data. The measures listed below will help address threats from within and reduce risk.

  • Passwords
    • Enforce the use of strong passwords but make it easier for your employees to remember them so they don’t try to circumvent your password policy or, heaven forbid, write their passwords down. Implement a password manager to store their passwords so they only have one password or pass phrase to remember.
  • Rule of Least Privilege
    • It is obvious, but often overlooked. Don’t give employees access to resources they do not need for their day-to-day work duties. If their credentials are compromised, this will limit the harm caused. It will also limit the harm that can be caused by rogue employees.
  • Block the Use of USB Devices
    • USB devices make it easy for rogue employees to steal data and for malware to be accidentally or deliberately be introduced. Implement technical controls to prevent USB devices from being connected, and if they are required for work purposes only give permission to certain individuals to use them. Ideally, use more secure methods of transferring or storing data.
  • Monitor Employee Activity
    • If rogue employees are stealing data, you are only likely to find out if you are monitoring their computer activity. Similarly, if credentials are compromised, system logs will highlight any suspicious activity. Make sure logs are created and monitored. Consider using a security information and event management (SIEM) solution to automate this as much as possible.
  • Terminate Access at Point of Termination
    • Terminating an employee? Terminate their access to your systems at the point of termination. It is surprising how often employee access rights are not terminated for days, weeks, or even months after an employee has left the company.

We will cover some more important safeguards to implement to protect against user error in the following 9 SMB cybersecurity threats.

Phishing and Social Engineering Attacks

Phishing is arguably the biggest cybersecurity threat faced by SMBs. Phishing is the use of social engineering techniques to persuade people to divulge sensitive information or take an action such as installing malware or ransomware. This is most commonly achieved via email, but can also occur via text messages, social media websites, or over the telephone.

Do not assume that your employees have common sense and know not to open email attachments from unknown individuals or respond to enticing offers from legal representatives of Nigerian princes. You must train your employees and teach cybersecurity best practices and show them how to identify phishing emails. Refresher training should be provided at regular intervals and you should conduct phishing simulation exercises (which can largely be automated) to find out who has taken the training on board and who is a liability that needs further training.

Employees are the last line of defense. You need a layer of security above your employees to make sure their security awareness training is never required. That means an advanced anti-spam/anti-phishing solution needs to be in place to block threats before they reach inboxes. If you use Office 365, you should still implement an antispam solution. A recent study by Avanan revealed 25% of phishing emails bypass Office 365 antispam defenses.

Another layer of protection should also be implemented to protect against phishing: Multi-factor authentication. This is the use of an additional authentication factor that will kick into action if an attempt is made to use credentials from an untrusted device or location. If credentials are compromised in a phishing attack, multi-factor authentication should stop them from being used to gain access to email accounts, computers, or network resources.

Malware and Ransomware

Malware, viruses, ransomware, spyware, Trojans, worms, botnets, and cryptocurrency miners are all serious threats that you must take steps to block. It goes without saying, but we will say it none the less, you need to have antivirus software installed on all endpoints and your servers.

Malware can be installed in many ways. As previously mentioned, blocking USB devices is important and spam filtering software with sandboxing will protect you from email-based attacks. Most malware infections now occur via the internet, so a web filtering solution is also important. This will also add an extra layer to your phishing defenses. A web filter will block drive-by malware downloads, prevent employees from visiting malicious sites (including phishing websites) and also allows you to enforce your internet usage policies. A DNS filtering solution is the best choice. All filtering takes place in the cloud before any content is downloaded and it will not add to your patching burden.

Shadow IT

Shadow IT – The term given for any hardware or software in use that has not been authorized by your IT department. This could be a portable storage device such as a zip drive, a VPN client to bypass your web filter, an application to help with work tasks, or all manner of other software. It is surprising to find exactly how many of these programs are installed on users’ devices when IT support staff are called upon to sort out a problem!

So, what is the problem? Anything installed without authorization is a potential security and compliance risk. Your security team has no control over patching, and vulnerabilities in those applications could easily go addressed for months and give hackers an easy entry point into your network. Fake applications could be downloaded that are really malware, software packages often include a host of potentially unwanted programs and spyware, and any data stored in these applications could be transmitted to unsecure locations. Those applications and data contained therein are also unlikely to be backed up by the IT department. If anything happens, data can easily be lost.

Unpatched Software

The importance of prompt patching cannot be understated. Vulnerabilities exist in all software solutions. Sooner or later those vulnerabilities will be found, and exploits will be developed to take advantage. Security researchers are constantly looking for flaws that could potentially be exploited by threat actors to gain access to sensitive information, install malware, or remotely execute code. When these flaws are identified and patches are released, they need to be applied promptly. Oftentimes, vulnerabilities are being actively exploited by the time a patch is released. It is essential for these vulnerabilities to be addressed as soon as possible and for all software to be kept up to date.

When software or operating systems are approaching end of life, you must upgrade. When patches stop being issued and software is unsupported, any vulnerabilities will remain unaddressed and can easily be exploited.

Out of Date Hardware

Not all vulnerabilities come from out of date software. The hardware you use can also introduce risks. You must keep an inventory of all your hardware, so nothing slips through the cracks. Firmware updates should be applied as soon as it is made available and you should monitor for any devices that are approaching end of life. If your devices do not support the latest operating systems, then it is time to replace your hardware. This will naturally come at a cost, but so do cyberattacks and data breaches.

Unsecured IoT Devices

The Internet-of-Things offers convenience but IoT devices are a potential liability. IoT devices can send, store or transmit data so they must be be secured.

Unfortunately, in the hurry to connect everything to the internet device manufacturers often overlook security as do users of these devices. Take security cameras for instance. You may be able to access your cameras remotely, but you may not be the only person who can. If your security cameras are hacked, thieves could see what you have, where it is located, and where and when security is lax. There have been cases of security cameras being hacked due to the failure to change default credentials for remote management.

Ensure you change the default credentials on the devices and use strong passwords. Keep the devices up to date, and if the devices need to connect the network, make sure they are isolated from other resources. Cybercriminals can also take advantage of flaws in the applications to which these IoT devices connect. They must also be kept up to date.

Man-in-the-Middle Attacks and Public Wi-Fi

A man-in-the-middle (MITM) attack is an attack scenario where communications between two individuals (or one individual and a website or network) are intercepted and potentially altered. An employee may believe they are communicating securely, when everything they are saying or doing is being seen or recorded. An attacker could even control the conversation between two people and be communicating with each separately while both individuals believe they are communicating with each other. This method of attack most commonly occurs through unsecured Wi-Fi hotspots or evil twin hotspots – Fake Wi-Fi hotspots set up in coffee shops, airports, and any other location where free Wi-Fi is offered.

If you have remote workers, you need to take steps to ensure that all communications are kept private. This can be achieved in two main ways. By making sure employees use a secure VPN that encrypts their communications over public or unsecured Wi-Fi networks and also by implementing a DNS filtering solution. The DNS filtering solution provides the same protection for remote workers as it does for on-premises workers and will prevent malware downloads and employees from accessing malicious websites.

Mobile Security Threats

There is no denying the convenience of mobile devices (laptops, tablets, smartphones). They allow workers to be instantly contacted and lets them work from any location. Mobile devices improve employee mobility, can lead to greater employee satisfaction, and will help you to boost productivity. However, the devices also introduce new risks. Whether you supply these devices or operate a BYOD policy, you need to implement a range of security controls to ensure those risks are managed.

You need to make sure you know of every device that you allow to connect to the network. A mobile device security solution can help you gain visibility into mobile device use and allow you to control your applications and data.

You should ensure the devices have security controls applied, can only access your network via secure channels (VPN), ensure the devices are covered by a DNS filtering solution, and any work data stored on the devices needs to be encrypted.

Remote Desktop Protocol

Remote desktop protocol (RDP) allows employees remotely connect to your computers and servers when they are not in the office and lets your managed service provider quickly sort out your problems and maintain your systems without having to pay a visit. RDP also gives hackers an easy way to gain access your computers, servers, and steal data or install malware. Do you need RDP enabled? If not, disable it. Does it need to be used internally only? Make sure that RDP is not exposed to the internet.

If you do need RDP, then you need to exercise extreme caution. Make sure that users can only connect via a VPN or set firewall rules. Limit the individuals who have permissions to use RDP, ensure strong passwords are set, and that rate limiting is implemented to protect against brute force attacks. Also use multi-factor authentication.

Stolen RDP credentials are often used by hackers to gain access to systems, brute force attempts are often conducted, and vulnerabilities in RDP that have not been patched are frequently exploited. This is one of the main ways that ransomware is installed.

These are just the top 10 cybersecurity threats faced by SMBs. There are many more risks that need to be identified and mitigated to ensure you are protected. However, by addressing the above issues you will have already made it much harder for hackers and cybercriminals to do your business harm.

TitanHQ is Here to Help!

TitanHQ can assist by providing you with advanced cybersecurity solutions to protect against several of the above listed top 10 cybersecurity threats and will the two most commonly used attack vectors – email and the web-based attacks. These solutions – SpamTitan and WebTitan – are 100% cloud based, easy to implement and maintain, and will provide superior protection against malware, ransomware, viruses, botnets, and phishing attacks.

Further, these powerful solutions are affordable for SMBs. You are likely to be surprised to find out how little these enterprise-grade security solutions will cost. If you are a managed service provider that services the SMB market, you should also get in touch. SpamTitan and WebTitan have been developed by MSPs for MSPs. There is a host of reasons why TitanHQ is the leading provider of cloud-based email and web security solutions to MSPs that service the SMB market!

Contact our friendly (and non-pushy) sales team today to find out more, book a product demo, and register for a free trial.

TitanHQ Releases SpamTitan 7.06 with New RESTapi

TitanHQ has announced that a new version of its award-winning cloud-based anti-spam service and anti-spam software has been released. SpamTitan v7.06 incorporates a new RESTapi to allow clients and partners to seamlessly integrate SpamTitan into their own systems.

The new version was released on November 12, 2019 and has automatically been applied to the cloud-based offering. Users of SpamTitan software will have had the latest version downloaded, although they will need to login to their UI to apply the update.

As part of the regular patching cycle, SpamTitan patches have been released to address reporting engine issues and patches and ISO/OVA images are now available. These have been released for several packages including OpenSSL, OpenSSH, PHP, ClamAV and sudo. The patches must also be applied manually by administrators on their appliance(s).

TitanHQ has had a busy 2019. The company has experienced 30% growth in 2019 and has just had its busiest ever quarter for MSP growth. The growth has been driven by demand from MSPs for easy to use email security and web security solutions to protect their SMB clients from the growing number of cybersecurity threats.

TitanHQ now has more than 2,200 MSP partners using its platform and the strong Q3 growth has continued in Q4 helped by the new “Margin Maker for MSPs” Q4 initiative.

“Implementing the RESTapi and encouraging API adoption are vital steps in our partnership expansion plans,” explained TitanHQ CEO, Ronan Kavanagh. “We have enjoyed a record-breaking growth and the latest enhancements and new features that have been added to SpamTitan will help to ensure growth in 2020 will continue at record levels.”

Full technical information on the new RESTapi can be found on this link.

TitanHQ Launches New ‘Margin Maker for MSPs’ Initiative Following Record-Breaking MSP Growth

Q3, 2019 has seen TitanHQ register record-breaking growth in the MSP market with its busiest ever quarter for MSP sales. TitanHQ now has more than 2,200 MSP partners and its cloud-based email security, web security, and email archiving platforms are now used by more than 8,200 businesses around the world.

Many great success stories start from humble beginnings, and TitanHQ is no exception. The company started life as Copperfasten Technologies in 1999 and sold anti-spam appliances to local businesses from its Galway, Ireland base. The company then developed its own cybersecurity solutions, starting with the anti-spam and anti-phishing solution, SpamTitan.

The product portfolio grew to include WebTitan web filtering, a powerful DNS-based web security solution to protect businesses from the full range of internet threats. That was followed by the launch of ArcTitan, a cloud-based email archiving solution for businesses that eases their email storage and compliance burden.

That trio of core TitanHQ products has proven to be a massive hit with managed service providers, although not by accident. Many companies have developed innovative solutions for SMBs but have only realized the importance of the MSP market later on. Additional features are then added to appeal to MSPs. TitanHQ took a different approach. Its solutions were developed by MSPs for MSPs and MSPs were considered at every stage of product development. The result is a suite of security solutions tailor-made for MSPs.

This approach, along with cutting-edge technology and industry-leading customer support, has seen the company go from strength to strength and become the gold standard in email and web security and the leading global provider of cloud-based security solutions for MSPs servicing the SMB market.

Phishing attacks on businesses are soaring, new malware variants are being released at record levels, and the current ransomware epidemic is threatening to derail businesses. Many SMBs lack the internal resources to block these threats and turn to MSPs to provide the security they need.

To cope with the increased demand, MSPs need solutions with 100% cloud-based architecture that seamlessly integrate into their existing centralized management systems and are easy to implement, use, and maintain. Ideally, those solutions need to be flexible, have a range of hosting options, be available in white-label form to take MSP branding, and also include generous margins. That is a big ask, and many solutions only tick a few of those boxes. However, TitanHQ’s suite of solutions include all those features and more.

TitanHQ also offers extensive sales enablement and marketing support, world-class customer service, and each MSP has a dedicated account manager, engineers, and a support team to help them maximize their sales opportunities and really grow their businesses.

As part of the celebration of the Q3, 2019 MSP growth, TitanHQ has launched a new initiative to ensure Q4 will be an even bigger success.

On October 22, TitanHQ announced a new disruptive price package for a SpamTitan Email Security and WebTitan DNS filtering bundle at an exclusive once-in-a-lifetime price. The initiative has been called Margin Maker for MSPs and is intended to ensure MSPs build profitability instantly in Q4, 2019.

The two solutions are provided in two private clouds, customized to meet MSPs email and web security needs, and secure the most common attack vectors – email and the web. The package includes advanced protection for email, including Office 365 environments, complimented by WebTitan DNS filtering to block web-based threats and implement content control for on-premises and remote workers. These solutions are naturally provided with extensive sales enablement and marketing support.

The aim is to make TitanHQ’s email and web security platforms even more appealing to MSPs and to encourage MSPs to offer both SpamTitan email security and WebTitan web filtering to their clients and maximize revenues.

One MSP that is already boosting its profits and achieving increased, reliable recurring monthly revenues is UK-based OpalIT. The MSP has bases in Newcastle and Edinburgh and a 6,000+ customer base. Prior to joining the TitanShield program, OpalIT was offering its clients firewall filtering and email filtering with Barracuda and Vade. The company has now switched to TitanHQ’s cybersecurity bundle and is pushing SpamTitan Email Security, WebTitan DNS filtering, and ArcTitan email archiving to its clients and is reaping the rewards.

“Opal IT moved to TitanHQ because of our MSP focused solutions, ease of deployments, extensive APIs functionality and the increased margin they’re now making.  Our cybersecurity bundle solutions allow MSPs to provide their downstream customers with a layered defense approach” said Rocco Donnino, EVP Strategic Alliances, TitanHQ.

If you are a managed service provider, now is the perfect time to sign up with TitanHQ. Come and meet the TitanHQ channel team at the following MSP events to find out more about the TitanShield program for MSPs, OEMs, and service providers, and take advantage of the amazing new MSP package.

 

If you are unable to attend any of these events, be sure to give the TitanHQ team a call to find out more and take advantage of this exciting new and exclusive offer.

New Stripe Phishing Campaign Masks URL to Get Credentials and Bank Account information

A new Stripe phishing campaign has been detected that uses fake warnings advising users about an invalid account to lure people into divulging their credentials and bank account information.

Stripe is an online payment processor used by many online firms on their e-commerce websites to accept payments from their customers. As such, the company is perfect for spoofing as many people will be aware that the company processes payments and will think it reasonable that they need to provide credentials and bank account information to ensure payments are processed.

The scam starts with a phishing email supposedly from the Stripe Support department. The email advises the customer that the information associated with their account is currently invalid. The message is sent as a courtesy notice warning the user that their account will be placed on hold until the matter is corrected. The user is asked to review their details to correct the issue. A button is included in the email for users to click to do this.

The emails contain spelling mistakes and questionable grammar, so are likely to be identified as suspect by vigilant individuals. Security awareness training often teaches employees to hover their mouse arrow over a hyperlink to find out the true URL, but in this campaign it will not work. The attackers have added a title to the HTML tag of the embedded hyperlink so when the mouse arrow is hovered over the “Review your Details” button, that text will be displayed instead of the URL.

If that button is clicked, the user will be directed to a seemingly legitimate Stripe login page. The login box is a clone of the real login page and a series of boxes will be displayed, each requiring different information to be entered, including bank account and contact information.

When the user is required to enter their password, regardless of what is typed, the user will be advised that they have entered an incorrect password and will be asked to enter the password again. The user is then directed to the legitimate Stripe login page to make it appear they have been on the correct Stripe website all along.

Similar tactics are used in countless other phishing campaigns targeting other well-known companies. The presence of spelling mistakes and grammatical errors in messages should tip off end users that the email is a phishing attempt, but all too often end users fail to notice these errors and click and divulge sensitive information.

One issue is a lack of cybersecurity training in the workplace. If employees are not trained how to identify phishing emails, it is inevitable that some will end up falling for these scams and will divulge their credentials. Those credentials can be used to gain access to bank accounts or email accounts, with the latter often used to conduct further phishing attacks on the organization. One email account breach can easily lead to dozens of breached accounts.

For example, a phishing attack on a U.S. healthcare provider started with a single phishing email and led to 73 email accounts being compromised. As for cybersecurity awareness training, this is often nonexistent. One recent study on 2,000 employees in the United Kingdom revealed three quarters had received no workplace cybersecurity training whatsoever.

Protected by Microsoft Office 365 Anti-Phishing Controls? Are You Sure?

One in every 99 emails is a phishing email, so it is important to ensure your defenses are capable of blocking those messages. Many businesses mistakenly believe they are protected against these emails by Microsoft’s Office 365 anti-phishing controls. While those measures do block spam email and some phishing messages, one recent study by Avanan has shown 25% of phishing attacks sneak past Office 365 defenses and are delivered to inboxes. For an average firm that means several phishing emails will reach end users’ inboxes every day. To ensure your business is protected against phishing attacks, additional anti-phishing controls are required on top of Office 365.

Businesses can protect their Office 365 accounts against phishing by layering SpamTitan on top of Office 365. SpamTitan is an advanced anti-phishing and anti-malware solution that provides superior protection against phishing, malware, spear phishing, and zero-day attacks.

Heuristics rules are used to analyze message headers and these rules are constantly updated to include the latest threats. Bayesian analysis and heuristics are used to check message content, and along with machine learning techniques, new threats are blocked and prevented from reaching inboxes. Sandboxing is also used to assess email attachments for malicious code used to install malware in addition to dual-AV engines that scan for known malware.

These advanced measures ensure that Office 365 inboxes are kept free from malware and phishing emails. These advanced capabilities along with the ease of implementation and use and industry-leading customer support are why SpamTitan is the leading provider of anti-spam and anti-phishing solutions for SMBs and managed service providers that serve the SMB market.

For further information on SpamTitan, to book a product demonstration or set up a free trial, contact the TitanHQ team today.

Meet the TitanHQ Team at IT Nation Connect 2019, Orlando

IT Nation Connect 2019, the ConnectWise conference for the IT professional community, will be taking place on October 30, 31, and November 1 at the Hyatt Regency in Orlando, Florida.

The event is the leading conference for companies that sell, support, and service technology and is focused on helping attendees build a strong business and achieve long-term success. Attendees will gain practical advice from experts in the IT Nation community and will have the opportunity to build meaningful business connections and learn how to work on their businesses.

This year’s topics for the session tracks are mergers & acquisitions, growth & scalability, talent development & leadership, service delivery & customer success, sales & marketing, and security.

Security is a key focus of IT Nation Connect 2019. The event will provide opportunities to discover how security frameworks and IT solutions can help you bulletproof your business and protect your clients’ networks from cyberattacks. Attendees will also gain deep insights into the current state of security in the MSP space.

Leading security experts will be discussing the steps that the government is taking to combat cyber threats, the lessons the government and private firms have learned, and how security experts see the threat landscape evolving over the coming year.

Founders and CEOs of the most successful MSPs and IT firms will explain what it is like to be a trailblazer, how they achieved their successes, the mistakes they made on the way, and what the future holds for the IT Nation community.

More than 80 thought leaders, ConnectWise partners, and ConnectWise colleagues will taking over 130 educational, networking and panel sessions and will be sharing success stories, best practices, and the lessons they have learned to help attendees succeed and grow their businesses.

The conference offers an exceptional opportunity for learning, networking, and discovering technology solutions that can save you time, money, and boost the profitability of your business. Such an important event for the IT community is not to be missed.

TitanHQ will be attending the event to explain why TitanHQ is the global leader in cloud-based email and web security solutions for MSPs servicing the SMB market, the advantages of doing business with TitanHQ, and how TitanHQ solutions can help you better protect your environment and those of your clients from increasingly sophisticated cyber threats.

TitanHQ Marketing Director Dryden Geary, Sales Director Conor Madden, and Inside Sales Executive Peter Cooke will explain the benefits of the TitanShield program for MSPs, OEMs, technology partners, and Wi-Fi providers and show you just how easy it is to incorporate SpamTitan email security, WebTitan DNS filtering, and ArcTitan email archiving into your security stacks.

If you are attending the event, be sure to make time to meet with TitanHQ and feel free to reach out in advance of the event if you have any questions.

Meet TitanHQ at the 2019 Canalys Cybersecurity Forum

The 2019 Canalys Cybersecurity Forum will be taking place in Barcelona on October 16-17, 2019. The event is the only independent conference dedicated to the cybersecurity channel and is one of the most important events of the year for managed service providers (MSPs).

The event provides an incredible opportunity for MSPs looking to enhance their security stacks, provide greater value, and better protect their clients from increasingly sophisticated security threats. Attendees will have the opportunity to have 1:1 meetings with more than 700 established and new partners and discover best practices to adopt to get the most out of their cybersecurity solutions.

The event is also a must for MSPs who have yet to start offering managed security services as it will allow them to form new partnerships with Europe’s best cybersecurity solution partners who will help them grow their businesses significantly over the coming year.

Leading cybersecurity vendors will be taking thought-crunching sessions and sharing their knowledge to help partners succeed. Attendees will be able to engage in intense debates and interact with some of the brightest minds in the field of cybersecurity. Questions can be posed in multi-vendor theatre panels to get the answers from the leading cybersecurity solution providers in the EMEA region.

Highlights of this year’s event include panels, theatre and keynotes exploring the re-imaging of the idea of solutions, generalist vs. specialist in the cybersecurity channel, the next catalyst that will drive security sales, and how the role of the CSO is evolving in the hybrid IT world.

Canalys analysts will also be providing keynote speeches and sharing their insights into the current threat landscape and some of the burning issues of the moment. The event will also see Canalys name the new Threat Fighter and MSSP winners in the Canalys Channel Partner Awards.

TitanHQ Sales Director, Conor Madden

The event provides an amazing opportunity for networking with more than 200 channel partner delegates in attendance. New alliances can be formed and along with the knowledge gained, attendees will be able to make important decisions that will have a major positive impact on growth for the coming year.

TitanHQ is a proud sponsor of the 2019 Canalys Cybersecurity Forum and the team will be on hand to answer questions and explain why TitanHQ is the global leader in cloud-based email and web security solutions for the MSP that services the SMB market.

TitanHQ Strategic Alliance Manager, Marc Ludden

At the event you will be able to discover the considerable benefits of using SpamTItan email security, WebTitan DNS filtering, and ArcTitan email archiving to solve your clients security issues, better protect them from cybersecurity threats, and help them achieve their compliance objectives… and how easy TitanHQ makes this for MSPs.

TitanHQ Sales Director Conor Madden will be a panelist at the event and will be answering questions from attendees on email security, web security, email archiving and how to get the most out of TitanHQ’s cybersecurity solutions for MSPS and SMBs.

Marc Ludden, TitanHQ’s Strategic Alliance Manager, will also be attending and meeting with enterprise-level clients and major MSPs and ISPs to help them push TitanHQ products downstream to their customers, grow their businesses, and improve their bottom lines.

You can find out more about this one in a year opportunity here – Canalys Cybersecurity Forum 2019 – and feel free to reach out to TitanHQ in advance of the event.

If you are unable to attend this year’s Canalys event, TitanHQ will be on the road throughout October and November. Be sure to connect at one of the other fall 2019 events below:

G2 Crowd Names SpamTitan Leading Cloud Email Security Solution for Third Consecutive Quarter

G2 Crowd, the independent peer-to-peer business software review site, has published its G2 Crowd Grid® Summer 2019 Report for Cloud Email Security. For the third consecutive quarter, SpamTitan has been named the leading cloud email security provider having been awarded the highest score for customer satisfaction.

G2 Crowd is the largest tech marketplace for businesses. The site attracts more than 3 million visitors and contains more than 843,500 reviews from verified software users. The reviews and Grid Reports are relied upon by countless businesses to help them make better software buying decisions.

Each quarter, G2 Crowd produces Grid reports that highlight the key players in different software categories. The G2 Crowd Grids are used to rank software solutions based on market presence and user satisfaction and categorize each as wither a niche player, contender, high performer, or leader. To be named a leader, a product must have a strong market presence and high user satisfaction level.

Market presence is determined by the size of the company, its social impact, and market share. The user satisfaction score is calculated from amalgamated reviews from verified users of the software.

User reviews are important when choosing a software solution. If the software is difficult to use, fails to live up to expectations, or does not provide the required functionality, staff will avoid using it as much as possible. For a security solution that is particularly bad news.

The Summer 2019 report includes 9 email security solutions. SpamTitan achieved the highest overall customer satisfaction score – 97% – of all nine solutions by some distance. The next highest customer satisfaction scores were for Proofpoint Email Security & Protection (75%), Area 1 Security (69%), and Barracuda Email Security Gateway (61%).

In addition to the Grid reports, amalgamated scores are included for six different customer satisfaction criteria: Ease of setup, ease of use, ease of admin, ease of doing business, quality of support, and meets requirements.  Once again, SpamTitan topped the list with the highest score for ease of setup (92%) and ease of use (92%) and was one of only two solutions that achieved scores of over 90% in each of the six categories.

“The overwhelmingly positive feedback on G2 Crowd from users of SpamTitan is indicative of our commitment to ensuring the highest levels of customer success,” said Ronan Kavanagh, CEO, TitanHQ. “That’s an incredible achievement for a product that is significantly more affordable than the market leaders.”

TitanHQ is on the Road Again: Fall 2019 MSP Trade Show Schedule

This fall, TitanHQ will be attending several Managed Service Provider (MSP) events and trade shows throughout Europe and the United States.

TitanHQ has been developing innovative cybersecurity solutions for MSPs for more than two decades and all solutions have been created with MSPs firmly in mind. By involving MSPs in the design process, TitanHQ has been able to ensure that its products incorporate features to make life easier for MSPs, such as easy integration into MSPs management systems through the use of APIs to features rarely found in cybersecurity products – such as full white label versions ready for MSP branding and the ability to host the solutions within MSPs own environments.

Trade shows give the TitanHQ team the opportunity to meet face to face with prospective clients to discuss their email and web security needs and get face to face feedback from current customers that have already integrated TitanHQ products into their technology stacks.

The TitanHQ team kicked off the fall schedule of trade shows on September 12 at the Taylor Business Group BIG 2019 Conference at the Westin Hotel in Chicago, where members got to meet the TitanHQ team to discuss the new TitanShield program and discover how TitanHQ products can improve security for their clients while saving MSPs time and money.

At the same time, TitanHQ was at the CloudSec Europe 2019 Conference in London demonstrating WebTitan Cloud, SpamTitan Cloud, and ArcTitan to MSPs and cloud service providers.

If you were unable to attend either of these two events or did not get the chance to meet with the team, all is not lost. The fall schedule has only just commenced and there are still plenty of opportunities to meet the team to discuss your requirements and find out how TitanHQ products can meet and exceed your expectations.

Trade Events Attended by TitanHQ – Autumn, 2019

Date Event Location
September 17, 2019 Datto Dublin Dublin, Ireland
September 18, 2019 MSH Summit London, UK
October 6-10, 2019 Gitex Dubai, UAE
October 7-8, 2019 CompTIA EMEA Show London, UK
October 16-17, 2019 Canalys Cybersecurity Forum Barcelona, Spain
October 21-23, 2019 DattoCon Paris Paris, France
October 30, 2019 MSH Summit North Manchester, UK
October 30, 2019 IT Nation Evolve (HTG 4) Florida, USA
October 30, 2019 IT Nation Connect Florida, USA
November 5-7, 2019 Kaseya Connect Amsterdam, Netherlands

If you plan on attending any of the above events this fall, be sure to come and visit the TitanHQ team and feel free to reach out ahead of the events for further information.

Rocco Donnino, Executive Vice President-Strategic Alliances, LinkedIn
Eddie Monaghan, MSP Alliance Manager, LinkedIn
Marc Ludden, MSP Alliance Manager, LinkedIn
Dryden Geary, Marketing Director

New CAPTCHA Phishing Scam Targets Android Users and Steals SMS Security Codes

A new CAPTCHA phishing scam has been detected which is being used to trick users into downloading a malicious file that intercepts multi-factor authentication codes on a user’s smartphone. With the codes, hackers can perform a more extensive attack and gain access to a much wider range of resources such as email and bank accounts.

When a visitor lands on the phishing page, a check is performed to determine what device is being used. If the user is on an Android device, a malicious APK file is downloaded to their device. Any other platform will receive a zip file containing malware.

A fake version of the familiar Google reCAPTCHA is displayed on the phishing page. It closely resembles the legitimate version, although it does not support sound and the images do not change when they are clicked. The fake reCAPTCHA is housed on a PHP webpage and any clicks on the images are submitted to the PHP page, which triggers the download of the malicious file. This campaign appears to be focused on mobile users.

On an Android device, the malicious APK intercepts PIN codes from two-factor authentication messages, which allow the attackers to gain access to the user’s bank account.  With these PIN codes, an email account can also be compromised, which would allow further accounts to be compromised by requesting password resets.

A successful attack could see several accounts used by an individual subjected to unauthorized access. Businesses are also attacked in a similar manner. Successful attacks on businesses could give the attackers access to huge volumes of sensitive company data and even infrastructure resources.

This method of delivering malware is nothing new and has been around since 2009. A CAPTCHA phishing campaign was detected in February 2018 attempting to download a malicious file, and a similar campaign was run in 2016.

A method of attack is adopted for a while then dropped. While it is possible to prepare the workforce for phishing attacks such as this through training, security awareness training alone is not enough as tactics frequently change, and new methods of attack are frequently developed.

As this attack shows, two-factor authentication is far from infallible. In addition to this method of obtaining 2FA codes, the SS7 protocol used to send SMS messages has flaws that can be exploited to intercept messages.

Security awareness training and 2FA are important, but what is required on top of these protections is a powerful anti-spam and anti-phishing solution. Such a solution will block phishing emails at the gateway and make sure they are not delivered to inboxes.

It is important to choose a solution that provides protection against impersonation attacks. Many phishing campaigns spoof a familiar brand or known individual. A solution that incorporates Domain-based Message Authentication, Reporting & Conformance (DMARC) will help to ensure that the sender of the message is genuine, by performing checks to make sure that the sender of the message is authorized to send messages from that domain.

Most anti-phishing solutions incorporate an anti-virus component that scans all incoming attachments for malware and malicious code, but cybercriminals are using sophisticated methods to evade detection by AV solutions. Files may include malicious code that is hard to detect. A sandbox is therefore required to execute suspicious attachments in a safe environment where they can be monitored for malicious activity. By testing attachments in the sandbox, malicious files can be identified and more genuine emails and attachments will arrive in inboxes.

SpamTitan incorporates these features and more. Together they help to ensure a catch rate in excess of 99.9%, with a low false positive rate of 0.03%. With SpamTitan in place, you will be well protected against phishing attacks such as the latest CAPTCHA scam.

An Easy Way to Block Email Impersonation Attacks on Businesses

Ransomware attacks are soaring and phishing and email impersonation attacks are being conducted at unprecedented levels. Cybersecurity defenses are being tested like never before.

Large enterprises are big targets as they store vast quantities of personal data which can be used for identity theft. Retailers are being attacked to obtain credit/debit card information and attacks on hospitals provide sensitive health data that can be used for medical identity theft.

Small businesses are not such an attractive target, but they do store reasonable amounts of customer data and attacks can still be profitable. A successful attack on Walmart would be preferable, but attacks on SMBs are far easier to pull off. SMBs typically do not have the budgets to invest in cybersecurity and often leave gaps that can be easily exploited by cybercriminals.

One of the most common methods of attacking SMBs is phishing. If a phishing email makes it to an inbox, there is a reasonable chance that the message will be opened, the requested action taken and, as a result, credentials will be compromised or malware will be installed.

The 2018 KnowBe4 Phishing Industry Benchmarking Report shows that on average, the probability of an employee clicking on a malicious hyperlink or taking another fraudulent request is 27%. That means one in four employees will click a link in a phishing email or obey a fraudulent request.

Email impersonation attacks are often successful. They involve sending an email to an individual or small group in an organization with a plausible request. The sender of the message is spoofed so the email appears to have been sent from a known individual or company. The email will use a genuine email address on a known business domain. Without appropriate security controls in place, that message will arrive in inboxes and several employees are likely to click and disclose their credentials or open an infected email attachment and install malware. Most likely, they will not realize they have been scammed.

One method that can be used to prevent these spoofed messages from being delivered is to apply Domain-based Message Authentication, Reporting and Conformance (DMARC) rules. In a nutshell, DMARC consists of two technologies – Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM).

SPF is a DNS-based filtering control that helps to identify spoofed messages. SPF sets authorized sender IP addresses on DNS servers. Recipient servers perform lookups on the SPF records to make sure that the sender IP matches one of the authorized vendors on the organization’s DNS servers. If there is a match the message is delivered. If the check fails, the message is rejected or quarantined.

DKIM involves the use of an encrypted signature to verify the sender’s identity. That signature is created using the organization’s public key and is decrypted using the private key available to the email server. DMARC rules are then applied to either reject or quarantine messages that fail authentication checks. Quarantining messages is useful as it allows administrators to check to make sure the genuine emails have not been flagged incorrectly.

Reports can be generated to monitor email activity and administrators can see the number of messages that are being rejected or dropped. A sudden increase in the number of rejected messages indicates an attack is in progress.

DMARC is not a silver bullet that will stop all email impersonation and phishing attacks. It is an extra layer of security that can greatly reduce the number of threats that arrive in inboxes.

TitanHQ’s anti-phishing and anti-spam solution – SpamTitan – incorporates DMARC to protect against email impersonation attacks along with advanced anti-malware features, including a Bitdefender-powered sandbox.

For further information securing your email channel and blocking email-based threats, contact TitanHQ today.

Customers Seek Alternative Email Security Solution as Unexplained OnlyMyEmail Outage Continues

A serious outage has affected the spam filtering service, OnlyMyEmail, leaving customers without spam protection for several days.

The spam filtering service, also known as MXDefender, suddenly stopped working on Thursday and customers have been left in the dark about what has happened. Many have taken to online forums and social media to find answers but have only found hundreds of other customers asking the same questions. Customers have not been able to submit support tickets, the website is down, and the phone lines have been jammed.

MSPs know all too well that their clients are vulnerable to attack while their spam filtering service is down. Without the filter in place, spam, phishing, and malware-laced emails can flood into inboxes. All it takes is for one employee to respond to one of those messages for a costly breach to occur.

Several MSPs on forum such as Spiceworks have expressed their frustration about the prolonged outage and have already had to move their clients to alternative service providers to ensure they are protected until the issues are resolved. Two large MSPs have already switched to SpamTitan as a result of the OnlyMyEmail outage.

TitanHQ has received many enquiries about SpamTitan since the OnlyMyEmail service went down, as customers seek an alternative solution to protect their inboxes from email threats and spam. Many have given up waiting for an answer from OnlyMyEmail.

If you are a managed service provider or business that has been affected by the outage, it is important to implement a replacement spam filtering solution as soon as possible. The failure to do so will leave you extremely vulnerable to attack.

TitanHQ has developed an award-winning anti-spam and anti-phishing solution that has been shown to block more than 99.9% of spam in independent tests.

The 2019 G2 Crowd Report on Email Security Gateways named SpamTitan the leader for customer satisfaction. 97% of users awarded the product 4 or 5 stars and 92% of users would recommend the product to others.

TitanHQ ranked top for quality of support with an overall score of 94% – 10% more than the average score for support. SpamTitan clearly outperformed products from likes of Cisco, Barracuda, Mimecast, and SolarWinds.

SpamTitan is available as a cloud-based solution or gateway solution running on a virtual machine on your own hardware. MSPs have a range of hosting options and the solution can be easily integrated into existing MSP systems using TitanHQ’s APIs.

If you want an easy to implement anti-spam solution that provides enterprise-class protection at an affordable SMB price, SpamTitan is the ideal choice.

Sign up for the free trial and you can be protected in minutes. To ensure no time is wasted, contact the TitanHQ team today by telephone.

LooCipher Ransomware Campaign Detected

A new strain of ransomware has been identified which has been used in multiple attacks over the past few weeks.

All of the attack vectors used to distribute the ransomware are not yet known, but samples of the ransomware have been distributed via a spam email campaign.

The spam email campaign uses a tried and test format to deliver the ransomware payload. A Word document called Info_BSV_2019.docm is attached to emails with requests that the recipient open the document. In order for the contents to be displayed, the user is told they must enable macros. Enabling macros will launch code that downloads an executable file, which is renamed LooCipher.exe and is executed.

The ransomware will encrypt a standard range of file types, but instead of deleting the original files, they are retained as zero-byte files. Encrypted files are given the extension .lcphr.

The ransomware creates a file on the Windows Desktop called c2056.ini, which includes the unique ID number of the computer, the time limit for paying the ransom, and the Bitcoin wallet address for payment. The ransom note warns that deletion of the ini file will prevent file recovery.

Users are given 5 days to pay the ransom or the key to unlock files will be permanently deleted. The ransom is €300 ($330) in Bitcoin per device. No option is provided to test to see whether a file can be decrypted.

LooCipher ransomware may not be particularly polished, but it has already claimed several victims. Recovery will depend on an organization’s ability to restore files from backups. It is not clear whether the attackers hold valid keys to decrypt encrypted files.

Ransomware attacks have been increasing following a decline in popularity of ransomware with hackers in 2018. There have been high profile attacks on U.S. cities and ransoms and hundreds of thousands of dollars have been paid in ransoms. Ransomware attacks on healthcare organizations have increased, and several new strains of ransomware have emerged.

Recently the Department of Homeland Security warned of the risk of wiper malware attacks by Iranian threat actors, as tensions between the United States and Iran continue to increase.

These malware threats may be delivered by a variety of different methods, but spam email is the delivery vector of choice. Protecting against these malware threats requires an advanced spam filtering solution capable of precision control over incoming email and the ability to scan messages and analyze attachments for malicious code.

SpamTitan uses twin AV engines to identify known malware and a sandbox to analyze suspicious attachments to identify malicious actions and provides superior protection against malware, ransomware, viruses, botnets, and phishing attacks.

To find out more about how you can improve email security with SpamTitan, contact the TitanHQ team today.

U.S. Cybersecurity Agency Warns of Wiper Malware Attacks

Tension is rising between the United States and Iran following the downing of a U.S. Global Hawk surveillance drone close to the Strait of Hormuz and the recent mine attacks.

Less visual are the attacks on IT systems. The Washington post recently reported that the United States had conducted a successful cyberattack on the Islamic Revolutionary Guard Corps, part of the Iranian military, which is believed to have been involved in the mine attacks.

Iranian-affiliated hacking groups have conducted cyberattacks on U.S. industries and government agencies and those attacks are increasing in frequency. So much so that the Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Chris Krebs, sent out a warning on Twitter about the increased risk of attack.

“CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies,” said Krebs.

Threat actors affiliated with Iran have been using wiper malware in targeted attacks on businesses, government agencies, industries, and infrastructure. Whereas ransomware encrypts files with the aim of receiving a ransom payment, the purpose of wiper malware is to permanently destroy data and wipe systems clean.

Wiper malware has previously been used in major attacks, some targeted, others less so. In 2012, Saudi Aramco, a Saudi Arabian oil firm, was attacked with a wiper malware variant called Shamoon. The malware wiped tens of thousands of computers.

More recently were the NotPetya attacks. While initially thought to be ransomware, it was later discovered there was no mechanism for file recovery and the malware was a wiper. Some companies were hit hard.  The shipping firm Maersk suffered losses of around $300 million due to NotPetya. Global losses are estimated to be between $4-8 billion.

Hackers working for the Iranian regime commonly gain access to computers and servers through the use of phishing, spear phishing, credential stuffing, and password spraying.

“What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network,” warned Krebs.

As with ransomware, recovery from a wiper malware attack is reliant on backups, except there is no safety net as a ransom cannot be paid to recover data. It is therefore essential that a working copy of all data is maintained, with one copy stored securely off-site on a non-networked, non-internet exposed device.

Even with a working copy of data, recovery can be time consuming and costly. It is therefore important to ensure that solutions are in place to block the main attack vectors.

A spam filtering solution with advanced anti-malware capabilities is therefore required to block email-based attacks. A web filtering solution can prevent users from visiting malicious websites or inadvertently downloading malware and employees should be provided with security awareness training to help them recognize potential threats.

Standard cybersecurity best practices should be adopted such as ensuring strong password policies are implemented and enforced, multi-factor authentication is implemented, all software is kept up to date and patched are applied promptly. IT departments should also ensure permissions are set to the rule of least privilege.

U.S Universities Targeted in Widespread Phishing Campaign

A phishing campaign targeting university employees has already claimed several victims and has seen many email accounts compromised.

Emails are tailored to the institution and use a range of social engineering tricks to convince employees to click a link in the email and enter their Office 365 login credentials to access online content. The credentials are captured and used to gain access to university email accounts.

Once credentials have been obtained, a treasure trove of sensitive data can be plundered. Emails and email attachments contain personally identifiable information of staff, students, and parents, which can be used to commit identity theft and other fraudulent acts. Proprietary information can be obtained, along with details of contacts. The compromised accounts can also be used to conduct further phishing attacks on the university and externally on business contacts and other educational institutions.

Campaigns convincing users to install malware can give the attackers full control of university computers and a foothold to move laterally throughout the network. Access to university email accounts and backdoors in university computers are sold on the dark web, along with a range of stolen and forged university documents.

The healthcare industry is heavily targeted by cybercriminals due to the high value of health data. Health data is versatile and can be used for a multitude of fraudulent purposes. It also has a long-life span and can be used for much longer than financial information.  Cybercriminals are also now realizing the potential rewards from attacks on universities. Student data is similarly versatile, and the wealth of data stored in university email accounts provides plenty of opportunities for profit.

Oregon State University is the latest university to announce it is the victim of a phishing attack. The Office 365 email account of an employee was compromised, through which the attacker had access to the records of 636 students. The account was used to send phishing emails to other entities throughout the United States.

Graceland University in Iowa and Southern Missouri State University recently announced that several email accounts had been compromised in recent phishing attacks, which would have allowed access to be gained to sensitive information.

It is unclear whether this is a single campaign or part of a wave of separate attacks on universities. What is clear is the attacks are increasing, so universities should take steps to improve email and web security.

Employees are being targeted so it is important to ensure that staff members are taught email security best practices and are shown how to identify phishing emails.

Technological defenses can also be improved to prevent malicious messages from arriving in Office 365 inboxes. As an additional protection, a DNS filter can be used to prevent users from accessing phishing websites and other known malicious web pages.

TitanHQ has developed powerful anti-phishing and anti-malware solutions for universities that help them protect against email and web-based attacks.

SpamTitan is a powerful anti-spam solution that incorporates DMARC authentication and sandboxing to provide superior protection against impersonation and malware attacks for Office 365 users.

WebTitan is a DNS filtering solution that prevents users from accessing known malicious websites, such as those used for phishing and distributing malware.

To improve Office 365 phishing defenses and better protect your email accounts and networks from malware attacks, contact TitanHQ for further information on these two powerful cybersecurity solutions for educational institutions.

Invaluable Advice for MSPs at DattoCon19 in San Diego from Event Sponsor TitanHQ

The largest managed service provider conference of 2019 will be taking place in San Diego on 17-19 June.

DattoCon is the premier conference for MSPs, bringing together a plethora of vendors and industry experts to help MSPs learn business building secrets, gain invaluable product insights, and learn technical best practices. The networking and learning opportunities at DattoCon are second to none. DattoCon19 is certainly an event not to be missed.

TitanHQ is a Datto Select Vendor and a proud sponsor of DattoCon19. TitanHQ has developed cybersecurity solutions to exactly meet the needs of MSPs. All solutions area easy to implement and maintain and can be integrated into MSP’s existing systems via a suite of APIs. TitanHQ provides the web security layer to Datto DNA and D200 boxes and is the only third-party security company trusted to work with Datto.

The TitanHQ team will be on hand at the conference to discuss your email and web security needs and will offer practical advice to help you better serve the needs of your customers and get the very most out of TitanHQ solutions.

Visitors to the TitanHQ stand (booth 23) will have the opportunity to learn about TitanHQ’s exclusive TitanShield Program for MSPs. Through the TitanShield program, members have access to SpamTitan email security and phishing protection; the WebTitan DNS filter; and the ArcTitan email archiving solution. Around 2,000 MSPs have already signed up to the program and are using TitanHQ solutions to protect their clients.

If you currently use Cisco Umbrella to provide web and malware protection, you may be paying far more for security than is necessary and could well be struggling with product support. Be sure to speak to the team about the savings from switching and the support provided by TitanHQ. A visit will also be useful for MSPs that are currently supporting Office 365, as the team will explain how spam, phishing and malware protection can be enhanced.

TitanHQ Executive Vice President-Strategic Alliances, Rocco Donnino, will be on the panel for the new, Datto Select Avendors event on Monday. The event runs from 3PM to 4PM and brings together experts from several select companies who will help solve some of the epic problems faced by MSPs today.

Additional Benefits at DattoCon19

  • New TitanHQ customers benefit from special show pricing.
  • A daily raffle for a free bottle of vintage Irish whiskey.
  • Two DattoCon19 parties: TitanHQ and BVOIP are sponsoring a GasLamp District Takeover on Monday 6/17 and Wed, 6/19.

DattoCon Details

DattoCon19 will be taking place in San Diego, California on June 17-19, 2019
If you are not yet registered for the event you can do so here.
TitanHQ will be at booth 23

Contact the TitanHQ team in advance:

  • Rocco Donnino, Executive Vice President-Strategic Alliances, LinkedIn
  • Eddie Monaghan, MSP Alliance Manager, LinkedIn
  • Marc Ludden, MSP Alliance Manager, LinkedIn

Ransomware Attacks on the Rise Once More and Cities are in Attackers’ Crosshairs

The use of ransomware to attack businesses continued to decline throughout 2018 after extensive use of the file-encrypting malware by cybercriminals in 2016 and 2017. In 2018, ransomware fell out of favor with cybercriminals, who turned to other forms of cybercrime to make money.

However, ransomware is seeing something of a resurgence in 2019. The latest Breach Insights Report from Beazley Breach Response Services shows ransomware attacks are increasing once again. In the first quarter of 2019, ransomware attack notifications from its clients increased by 105% from Q1, 2018. Ransom demands are also increasing.

The rise in attacks has continued in Q2. Attacks using MegaCortex ransomware surged in late April. The ransomware variant was first identified in January and was only used in a handful of attacks in the following three months, but in the last week in April, 47 confirmed attacks were reported.

Dharma ransomware attacks have similarly increased. According to Malwarebytes, the past two months have seen a 148% increase in attacks. The threat actors behind Dharma ransomware are now using a variety of methods to distribute their ransomware payload.

The most common method of distribution is phishing emails. Emails contain embedded hyperlinks that direct users to a malicious website where the ransomware payload is downloaded. Email attachments containing malicious scripts are also used to download the ransomware payload.

Attacks are also taking place via remote desktop protocol over TCP port 3389. Brute force attacks are conducted to gain access to a device then ransomware is deployed. Dharma ransomware has also been identified in fake antivirus software programs which are pushed via a variety of websites. Users are tricked into downloading fake AV software after receiving a fake alert about a malware infection that has been detected on the user’s device.

Ransomware has also been used in conjunction with other malware such as Emotet. Emotet was once a banking Trojan but has since morphed into a botnet, capable of stealing login credentials, propagating itself via email on an infected device, and is capable of downloading other malware payloads. Emotet has been used to distribute Ryuk ransomware.

There have been upticks in attacks using other ransomware variants and the popularity of ransomware continues to grow, with some industries targeted more than others. Healthcare organizations are an attractive target as access to patient data is critical for providing medical services. There is a higher probability of ransom demands being paid due to reliance on patient data.

A recent report from Recorded Future has confirmed that attacks on towns, cities, and local government systems are soaring. Its study confirmed that there were 169 attacks on county, city, or state government systems and police and sheriffs’ offices since 2013. There were 38 ransomware attacks in 2017, 53 in 2018, and 22 attacks have already occurred in 2019 and the year is not yet halfway through.

Akron, OH; Albany, NY; Jackson County and Cartersville, GA; and Lynn, MA, have all been attacked this year and the city of Baltimore, MA, has been struggling to recover from its attack for the past two weeks with many city services still disrupted.

The rise in attacks is understandable. The potential rewards from a successful attack are high, many victims have no alternative but to pay, and thanks to ransomware-as-a-service, attacks are easy to pull off and require little in the way of skill.

As long as the attacks continue to be profitable, they will continue. What businesses need to do is to make it much harder for the attacks to succeed and to ensure that if disaster does strike, recovery is possible without having to pay a ransom.

Recovery depends on viable backups of all critical files being available. That means regular backups must be made, those backups need to be tested to make sure files can be restored, and copies need to be stored securely where they cannot also be encrypted.

Remote Desktop Protocol is a weak point that is commonly exploited. If RDP is not required, it should be disabled. If disabling RDP is not an option, strong, complex passwords should be used and access should only be possible using a VPN.

To block web-based attacks, consider implementing a web filtering solution such as WebTitan which prevents users from visiting known malicious websites and downloading executable files types.

One of the primary methods of delivering ransomware is spam and phishing emails. An advanced spam filtering solution should be implemented to block malicious emails and ensure they are not delivered to end users’ inboxes. SpamTitan now incorporates a sandbox, which allows suspicious files to be executed in a secure environment where activities of the files can be safely analyzed for malicious actions. SpamTitan also scans outgoing mail for signs of infection with Emotet.

While these technical controls are important, you should not forget end users. By providing security awareness training and teaching end users how to recognize potential threats, they can be turned into a strong last line of defense.

Fortunately, with layered defenses you can make it much harder for ransomware attacks to succeed and can avoid becoming yet another ransomware statistic.

New TitanShield Partner Program Launched by TitanHQ

New TitanShield Partner Program Launched by TitanHQ

TitanHQ, the leading provider of spam filtering, web filtering, and email archiving solutions to SMBs and managed service providers (MSPs) has announced a new partner program has been launched: TitanShield.

The aim of the TitanShield Partner Program is to provide MSPs, cloud distributors, OEM partners, Wi-Fi providers, and Technology Alliance partners with all the tools and support they need to start offering TitanHQ solutions to their clients and to provide continued support.

The launch of the new program coincides with TitanHQ’s 20-year anniversary. For the past two decades, TitanHQ has been developing innovative cybersecurity solutions for SMBs and MSPs that serve the SMB market. The company started by developing anti-spam technologies for businesses in Ireland and has since grown into an award-winning global provider of cybersecurity solutions.

Over the course of the past year, TitanHQ has been working closely with partners to make it as easy as possible for them to sell, onboard, deliver, and managed advanced network security solutions directly to their client base. In fact, in the past 9 months, as a result of those efforts, TitanHQ has increased its partner base by 40%.

In addition to providing cutting edge cybersecurity solutions to protect against email and web-based attacks and meet compliance requirements, TitanHQ offers partners flexible pricing models, competitive margins, and a wealth of sales and technical resources to drive revenue growth.

Under the new partner program, all qualified partners will be assigned a dedicated account manager, a support team, and engineers. Partners also benefit from a full range of APIs that will enable them to incorporate TitanHQ products into their backend provisioning and management systems and will be provided with extensive sales enablement and marketing support, including lead generation resources.

“Our new TitanShield partner program allows us to separate partners into their specific areas so that we can make sure they are receiving best practices, simple pricing models and focused information for the markets and customers they serve,” explained TitanHQ Executive VP of Strategic Alliances, Rocco Donnino “Our program takes a unique and strategic approach for our partners and can be customized to fit all business models.”

MSPs and cloud providers who have not yet started offering TitanHQ solutions to their clients can find out more about the TitanShield program by emailing the team at partners@titanhq.com

Email Campaign Uses CDC Flu Pandemic Warning to Fool Users into Installing GandCrab Ransomware

Cybercriminals are constantly coming up with new scams to convince people to part with their login credentials or install botnets, viruses, malware, or ransomware.

Email is one of the easiest ways to get these scams out to the masses, accompanied with a good hook to get the user to open the message. Various tactics are used to achieve the latter, one of the most common being fear. Scaring people into taking action is very effective. A recently identified campaign is a good example. It uses fear of a flu pandemic to get users to take action.

According to the U.S. Centers for Disease Control and Prevention, flu killed about 80,000 in the 2017 to 2018 season, which was a record year for flu deaths. The previous record in the past three decades was beaten by 24,000.

For any phishing email to stand a good chance of fooling large numbers of people, the emails must be credible. This campaign provides that credibility by spoofing the CDC. The subject lines used in the campaign warn of a flu pandemic, and the email addresses used and the logos in the message body make the messages appear to have genuinely been sent by the CDC.

The message included an attachment – named Flu Pandemic Warning – provides important information that users need to know to prevent infection and stop the disease from spreading. The fear of contracting flu combined with the realistic looking emails make it likely that this campaign will fool many individuals.

That document contains malicious code that downloads and runs GandCrab ransomware v5.2, for which there is currently no free decryptor. Once downloaded, GandCrab ransomware will encrypt files on the infected computer preventing them from being accessed. The average ransom demand is $800 per infected computer.

In order for the malicious code to download the ransomware, the content must be enabled. In the message body, recipients are told that in order to view all the information in the document they must enable content. This prior instruction is intended to get the user to click ‘enable content’ quickly when the document is opened, rather than to stop and think.

All users should be alert to these kind of email scams. Caution should be exercised before opening any email attachment, no matter how urgent the message appears to be. Any unsolicited email should be carefully checked as there will usually be signs that indicates all is not what it seems.

Businesses are particularly at risk and can suffer major losses as a result of ransomware attacks, especially when several employees are fooled by these email scams.

Signature-based email defenses were once effective at blocking malware, but malware developers are constantly releasing new versions that have never before been seen. Signature-based AV software struggles to maintain pace and is not effective against zero-day malware variants and malicious code that downloads the malware.

End user training certainly goes a long way and can help to prevent mass infections, but what is really needed is an advanced anti-phishing solution that blocks phishing emails and email scams at source before they are delivered to inboxes. That is an area where TitanHQ can help.

To protect against email-based attacks, TitanHQ developed SpamTitan – A highly effective anti-phishing and anti-spam solution with advanced features that provide superior protection against phishing and malware attacks.

In addition to dual anti-virus engines, SpamTitan incorporates a wide range of checks to distinguish malicious emails from genuine messages. Recently, Spamtitan has had two new features incorporated: DMARC email authentication and sandboxing. DMARC helps to ensure that spoofed email messages, such as those that appear to have been sent by the CDC, are identified as scams and are blocked. Sandboxing is important for protecting against zero-day malware threats and malicious downloaders.

Potentially malicious attachments are executed and analyzed in a Bitdefender-powered sandbox, where the actions performed by malware and malicious code can be assessed without causing harm. When malicious code is detected it is blocked across all users’ inboxes.

With SpamTitan in place, businesses will be well protected against campaigns such as this. For further information on TitanHQ’s award-winning anti-spam solution, for a product demonstration, or to register for a free trial, contact the TitanHQ team today and take the first step toward making your email channel much more secure.

SpamTitan Named Leading Secure Email Gateway Solution

SpamTitan, TitanHQ’s business email security solution, has been named leader in the Spring G2 Crowd Grid Report for Email Security Gateways.

G2 Crowd is a peer-to-peer review platform for business solutions. G2 Crowd aggregates user reviews of business software and the company’s quarterly G2 Crowd Grid Reports provide a definitive ranking of business software solutions.

The amalgamated reviews are read by more than 1.5 million site visitors each month, who use the reviews to inform software purchases. To ensure that only genuine reviews are included, each individual review is subjected to manual review.

The latest G2 Crowd Grid Report covers email security gateway solutions. Gateway solutions are comprehensive email security platforms that protect against email-based attacks such as phishing and malware. The email gateway is a weak point for many businesses and it is one that is often exploited by cybercriminals to gain access to business networks. A powerful and effective email gateway solution will prevent the vast majority of threats from reaching end users and will keep businesses protected.

To qualify for inclusion in the report, email gateway solutions needed to scan incoming mail to identify spam, malware, and viruses, securely encrypt communications, identify and block potentially malicious content, offer compliant storage through archiving capabilities, and allow whitelisting and blacklisting to control suspicious accounts.

For the report, 10 popular email security gateway solutions were assessed from Cisco, Barracuda, Barracuda Essentials, Proofpoint, Mimecast, Symantec, McAfee, Solarwinds MSP, MobileIron, and TitanHQ. Customers of all solutions were required to give the product a rating in four areas: Quality of support, ease of use, meets requirements and ease of administration.

TitanHQ the leader in business email security, today announced it has been recognized as a leader in the G2 Crowd Grid? Spring 2019 Report for Email Security.

TitanHQ’s SpamTitan was named leader based on consistently high scores for customer satisfaction and market presence. 97% of users of SpamTitan awarded the solution 4 or 5 stars out of 5 and 92% said they would recommend SpamTitan to others.

SpamTitan scored 94% for quality of support and meeting requirements. The industry average in these two areas was 84% and 88% respectively. The solution scored 92% for ease of use against an industry average of 82%, and 90% for ease of admin against an average value of 83%.

“TitanHQ are honored that our flagship email security solution SpamTitan has been named a leader in the email security gateway category,” said Ronan Kavanagh, CEO, TitanHQ. “Our customers value the uncompromised security and real-time threat detection. The overwhelmingly positive feedback from SpamTitan users on G2 Crowd is indicative of our commitment to ensuring the highest levels of customer success.”

If you want to improve email security without breaking the bank and want a solution that your IT staff will like using, SpamTitan is the ideal choice.

SpamTitan is available on a 100% free trial to allow you to try before committing to a purchase; however, if you have any questions about the solution, contact the TitanHQ team who will be happy to help and can schedule a product demonstration.

Webinar: Discover the Exciting New Features of SpamTitan

Current users of the SpamTitan email security solution and SMBs and MSPs that are considering implementing SpamTitan or offering it to their clients are invited to join a webinar in which TitanHQ will explains the exciting new features that have recently been incorporated into the anti-phishing and anti-spam solution.

SpamTitan has recently received a major update that has seen the incorporation of DMARC email authentication to better protect users from email impersonation attacks and the addition of a new Bitdefender-powered sandbox. The sandbox allows users to safely assess email attachments for malicious actions, to better protect them against zero-day malware and other malicious software delivered via email.

The webinar will explain these and other features of SpamTitan in detail and the benefits they offer to customers, including how they better protect SMBs and SMEs from phishing, spear phishing, spoofing, ransomware, malware, and zero-day attacks.

The webinar will also explain why SpamTitan is the leading email security solution for managed service providers serving the SMB and SME market and how the solution can help to enhance security for their clients and can easily be slotted into their service stacks.

The webinar will be taking place on Thursday April 4, 2019 at 12pm, EST and will last approximately 30 minutes.

Advance registration is necessary. You can sign up for the webinar on this link.

Sandboxing and DMARC Authentication Added to SpamTitan Email Security Solution

Sandboxing and DMARC Authentication Added to SpamTitan Email Security Solution

This week, TitanHQ has rolled out two new features for its award-winning email security solution SpamTitan: Sandboxing and DMARC email authentication.

TitanHQ developed the technology behind its email security solution more than 20 years ago and over the past two decades SpamTitan has received many updates to improve features for end users and increase detection rates.

SpamTitan already blocks more than 99.9% of spam and malicious emails to prevent threats from reaching end users’ inboxes. The level of protection SpamTitan provides against email attacks has made it the gold standard in email security for the SMB market and managed service providers serving SMBs.

In order to provide even greater protection against increasingly sophisticated email threats, TitanHQ added a new sandboxing feature. The next-generation sandboxing feature, powered by Bitdefender, provides SpamTitan customers with a safe environment to run in-depth analyses of suspicious programs and files that have been delivered via email.

New SpamTitan Sandboxing Service

The sandbox is a powerful virtual environment totally separate from other systems. When programs are run in the sandbox, they behave as they would on an ordinary endpoint and can be assessed for suspicious behavior and malicious actions without causing harm.

Prior to being sent to the sandbox, files are first analyzed using SpamTitan’s anti-malware technologies. Only files that require further analysis make it to the sandbox where they are safely detonated. Tactics used by malware to evade detection and avoid analysis are logged and flagged. Purpose-built, advanced machine learning algorithms they assess the files and check their actions against an extensive array of known threats from a range on online repositories in a matter of minutes.

If the file is confirmed as benign, it can be released. If the file is determined to be malicious, the sandboxing service automatically sends a report to the Bitdefender’s Global Protective Network and all further instances of the threat will then be blocked globally to ensure the file does not need to be analysed again.

The sandbox provides advanced protection against zero-day exploits, polymorphic threats, APTs, malicious URLs, new malware samples that have yet to be identified as malicious, and new threats that have been developed for undetectable targeted attacks.

Incorporation of this feature into SpamTitan gives customers advanced emulation-based malware analysis capabilities without having to purchase a separate sandboxing solution and ensures customers are protected against rapidly evolving advanced threats.

DMARC Email Authentication Added to SpamTitan

Email spoofing is the term given to the use of a forged sender address. Email spoofing is used to increase the likelihood of an email being delivered and opened by an end user. The email address of a known contact, well known company, or government organization is usually spoofed to abuse trust in that individual, brand, or organization.

DMARC authentication is now essential for all businesses and is a powerful control to prevent spoofing attacks. DMARC is used to check email headers to provide further information about the true sender of an email. Through DMARC, the message is authenticated as having been sent from the organization that owns the domain. If authentication fails, the message is rejected.

While SPF provides a certain degree of protection against email spoofing, DMARC is far more dependable. SpamTitan now incorporates DMARC authentication to provide even greater protection against email spoofing attacks.

Both of these new features have been added in the latest update to SpamTitan and are available to users at no extra cost.

“We have listened to requests from customers to have new features added to SpamTitan, and by far the most requested improvements are anti-spoofing technology and sandboxing,” said Ronan Kavanagh, CEO, TitanHQ. “I’m delighted to say that both of these new features have now been added to provide enhanced security for customers at no extra cost.”

IRS Issues Warning About Tax Phishing Scams

During tax season, tax phishing scams are rife. If cybercriminals can steal personal information such as the information contained on W2 forms, they can use the information to file fraudulent tax returns. Each set of credentials can net cybercriminals thousands of dollars. Attacks on businesses can be even more profitable. If an attack results in the theft of the tax credentials of a company’s entire workforce, hundreds of fraudulent tax returns can be filed.

The IRS works hard to combat fraud, but even so, many of these attacks are successful and fraudulent tax refunds are issued. This week, as part of its efforts to combat tax fraud, the IRS has launched its 2019 Dirty Dozen campaign. The campaign raises awareness of the threat of tax fraud and encourages taxpayers, businesses, and tax professionals to be vigilant.

The campaign features 12 common tax scams that attempt to obtain personal information or access to systems that contain such information. The campaign will see a different scam highlighted for 12 consecutive days. The campaign was launched on March 4 with the biggest threat in tax season: Tax phishing scams.

Common Tax Phishing Scams

Tax phishing scams are constantly evolving and each year several new tax phishing scams are identified. The most common scams and attacks are:

  • Business Email Compromise (BEC) attacks
  • Business Email Spoofing (BES) attacks
  • Email impersonation attacks
  • Malware

BEC attacks involve the use of a genuine business email account to send messages to employees requesting the W2 form information of employees, changes to business account information, requests to reroute direct deposits and make fraudulent wire transfers. The attackers often gain access to a high-level executive’s email account through a spear phishing campaign. BEC is one of the most common business tax phishing scams.

BES attacks are similar, except that no email account has been compromised. The email address of an executive or other employee is spoofed so that emails appears to have been sent from within an organization.

Email impersonation attacks are common during tax season. Scammers impersonate the IRS and use a variety of lures to obtain personal information. Common lures are threats of legal action or fines for outstanding taxes and offers of tax refunds. They often direct users to a website where they are required to enter their personal information. These phishing webpages are also linked to on social media websites. The clients of tax professionals may also be impersonated. Emails often request changes be made to direct deposit accounts or contain requests for sensitive information.

Malware is often used to gain access to the computers of tax professionals, and employees in the payroll and HR departments. Keyloggers are commonly used as they allow the attackers to steal login credentials. Malware can also transfer files containing sensitive information to the attackers’ servers. Malware is often installed via scripts in email attachments – malicious macros for instance – or via drive-by downloads from malicious websites.

New Phishing Scam Targeting Tax Professionals

One of the new tax phishing scams to emerge this year targets tax professionals. First the attackers gain access to tax professionals’ computers, either through spear phishing campaigns or by installing malware. Client tax information is then stolen and fraudulent tax returns are files in the clients’ names. When the IRS processes the refunds, payments are sent to taxpayers’ bank accounts. Those taxpayers then receive a call or an email demanding the return of the funds which have been paid in error. The attackers claim to be from a debt collection agency used by the IRS or the IRS itself.

Don’t Become a Victim of a Tax Phishing Scam

Many taxpayers and businesses fall victim to tax phishing scams each year, especially during tax season when attacks increase; however, by taking some simple steps and being vigilant it is possible to identify scams and keep financial and personal data secure.

Any email, text, or telephone call that requests personal/tax information should be treated as a potential scam. If an email or text message is received that claims to be from the IRS demanding payment of outstanding taxes, an offer of a tax refund, or a threat of legal action, bear in mind that the IRS does not initiate contact via email or text message asking for personal information. If such a message is received, forward the email to phishing@irs.gov and contact the IRS or check your online tax account to find out if there is a genuine problem. Never use the contact information or links in an email and do not open an email attachment in an email that appears to have been sent by the IRS.

Businesses can include information about tax phishing scams in their security awareness training sessions, but departments that are likely to be targeted by cybercriminals – payroll, human resources, finance and accounting Etc.) should receive specific training ahead off the start of tax season. Sending monthly reminders about phishing attacks and other tax scams each month via email is also a good best practice.

Since most attacks start with a phishing email, businesses should ensure that they have an advanced spam filtering solution in place to block phishing and other emails at the gateway before they can be delivered to end users. SpamTitan is an ideal anti-spam solution for businesses and tax professionals to protect against tax phishing scams. The solution blocks more than 99.9% of spam and phishing emails and includes outbound email scanning to ensure that compromised email accounts cannot be used for spamming.

To protect against internet phishing scams, a web filtering solution is ideal. WebTitan prevents end users from visiting phishing websites, including blocking visits to malicious websites via hyperlinks in scam emails. The solution also blocks drive-by malware downloads and other web-based threats.

If you are a tax professional or you run a business and are unhappy with your current anti-spam or web filtering solution provider, or you have yet to implement either of these solutions, give the TitanHQ team a call today for further information on how these solutions can protect your business, details of pricing, and to book a product demonstration.

How to Protect Against Spoofed Email Phishing Scams

Spoofed email phishing scams can be hard for end users to identify. The scams involve sending a phishing email to a user and making the email appear as if it has been sent by a known individual. This could be a known contact such as a supplier, a work colleague, a friend or family member, or a well-known company.

These phishing campaigns abuse trust in the sender and they are highly effective. Many end users are warned never to click on links in emails or open email attachments in messages from unknown senders, but when the sender is known, many users feel that the email is safe.

One of the most effective spoofed email phishing scams involves impersonation of the CEO or a high-level executive such as the CFO. This type of scam is often referred to as a business email compromise scam or BEC attack. A message is sent to an employee in the accounts department requesting an urgent wire transfer be made along with the account details. The attacker may first start an email conversation with the target before the request is made. No employee wants to refuse a direct request from the CEO, so the requested action is often taken.

Over the past few months, sextortion scams have grown in popularity with cybercriminals. Sextortion scams are those which threaten to oust the victim unless a payment is made. This could be disclosing the user’s internet browsing habits (dating sites, adult sites) to a spouse, work colleagues, and family members. There were many of these scams launched following the hacking of the Ashley Madison website when details of users of the site were dumped online.

Several sextortion scams have been detected in the past few months which claim that the sender (a hacker) has gained access to the user’s computer and installed malware that provided access to the webcam, microphone, and internet browsing history. The email message informs the recipient that they have been recorded while viewing adult websites and a video of them has been spliced with the content they were viewing at the time. The attacker threatens to send the video to every one of the user’s contacts on email and social media accounts.

Two recent sextortion campaigns have been detected that spoof the users own email address, so the email appears to have been sent from their own email account. This tactic backs up the claim that the attacker has full control of the user’s device and access to their email contacts. The reality is the email header has just been spoofed. Additionally, the user’s password is included in the message, which has been obtained from a past data breach. The password may not be current, but it may be recognized.

A check of the bitcoin wallet address included in the emails for the blackmail payment shows these scam emails have been highly effective and several victims have paid up to avoid being outed. One campaign netted the attacker $100,000 in one week, another saw payments made totaling $250,000.

These spoofed email phishing scams are not difficult to block, yet many businesses are vulnerable to these types of attacks. Security awareness training for employees is a must. If employees are not taught how to check for spoofed email phishing scams, they are unlikely to recognize threats for what they are. Even so, it is difficult for an average employee to identify every possible phishing attempt, as phishing email simulations show.

What is needed is an advanced spam filtering solution that can detect spoofed email phishing attacks and block the malicious emails at source to prevent messages from being delivered to inboxes. SpamTitan Cloud, for instance, blocks more than 99.9% of spam and phishing emails to keep businesses protected.

If you want to keep your business protected and prevent these all to common spoofed email phishing attacks, give the TitanHQ team a call. A member of the team will be happy to talk about the product, the best set up for your organization, and can arrange to give you a full product demonstration and set you up for a free trial.

 

Recently Disclosed WinRAR Vulnerability Being Actively Exploited in Malspam Campaign

It doesn’t take long after the release of a patch for hackers to take advantage, especially when the vulnerability potentially impacts 500 million users. It is therefore not surprising that at least one hacker is taking advantage of a recently disclosed WinRAR vulnerability.

Oftentimes, vulnerabilities are found in certain versions of software, but this vulnerability affects all WinRAR users and dates back 19 years. The WinRAR vulnerability was identified by researchers at Check Point. WinRAR was alerted and confirmed the vulnerability existed, and promptly issued an updated version of the file compression tool with the vulnerability removed. Details of the vulnerability were disclosed in a Check Point blog post on February 20, 2019.

The WinRAR vulnerability in question was present in a third-party DLL file which was included in WinRAR to allow ACE archive files to be uncompressed. The researchers found that by renaming a .rar archive to make it appear that the compressed file was an ACE archive, it was possible to extract a malicious file into the startup folder unbeknown to the user. That file would then run on boot, potentially giving an attacker full control of the device. The malicious file would continue to load on startup until discovered and removed.

All an attacker would need to do to exploit the WinRAR vulnerability is to convince a user to open a specially crafted .rar archive file attached to an email. Compressed files are often used in malspam campaigns to hide malicious executable files. Since .rar and .zip files are commonly used by businesses to send large files via email, they are likely to be recognized and may be opened by end users.

In this case, if the archive contents are extracted, the user would likely be unaware that anything untoward had happened, as the executable is loaded into the startup folder without giving any indication the file has been extracted. Due to the location of extraction, no further actions are required by the user.

In this case, the executable installs a backdoor, although only if the user has User Account Control (UAC) disabled. That said, this is unlikely to be the only campaign exploiting the WinRAR vulnerability. Other threat actors may develop a way to exploit the vulnerability for all users that have yet to update to the latest WinRAR version.

Many users will have WinRAR installed on their computer but will rarely use the program, so may not be aware that there is an update available. It is possible that a large percentage of users with the program installed have yet to update to the latest version and are vulnerable to attack.

This campaign illustrates just how important it is to patch promptly. As soon as a patch is released for a popular software program it is only a matter of time before that vulnerability is exploited, even just a few days.

Patching all devices in use in an organization can take time. It is therefore important to make sure that all employees receive security awareness training and are taught email security best practices and how to identify potentially malicious emails.

Unfortunately, social engineering techniques can be highly convincing, and many users may be fooled into opening email attachments, especially when the attacker spoofs the sender’s email address and the email appears to come from a known individual. It is therefore essential to have an advanced spam filtering solution in place that is capable of detecting malicious attachments at source, including malicious files hidden inside compressed files, and stop the messages from being delivered to inboxes.

TitanHQ Launches 2019 MSP Roadshow Campaign in London and Tampa

TitanHQ is on the road again and has kick started a busy 2019 schedule of conferences with events on both sides of the Atlantic.

On February 14, 2019, TitanHQ Alliance Manager Patrick Regan attended the TitanHQ-sponsored Datto Roadshow in Tampa, Florida, and has been meeting with MSP partners from the region to help them with their existing and new email security, DNS filtering, and email archiving projects. TitanHQ has been working very closely with Datto MSP partners to ensure they get the most out of TitanHQ products to better support their clients.

On the other side to the pond, TitanHQ Alliance Manager Eddie Monaghan kicked off a week at the IT Nation Q1 EMEA Meeting in London and has been meeting MSP clients and finding what is going in in their world.

TitanHQ Alliance Manager, Eddie Monaghan 

At both locations and in the upcoming roadshow events the TitanHQ team is available to meet with prospective MSP partners to explain about TitanHQ’s award-winning email security (SpamTitan), web security (WebTitan) and email archiving (ArcTitan) solutions and how they can easily be slotted into MSPs security stacks to better help and protect their clients. Current MSP partners will be given tips to help them get the very most out of the products.

Partner with TitanHQ

TitanHQ is the leading provider of email and web security products for MSPs serving the SMB market and now provides its products to more than 1,500 MSP partners serving clients in more than 200 countries. The combination of SpamTitan and WebTitan allows MSPs to provide their clients with superior protection against malware, ransomware, phishing and other cyber threats.

All TitanHQ products have been developed to specifically meet the needs of MSPs and save them support and engineering time by blocking cyber threats at source.

TitanHQ has developed it’s TitanShield Program to help partners in a wide range of industry sectors take advantage of TitanHQ’s suite of products. The TitanShield Program consists of four elements which meet the needs of MSP, ISP, and technology partners:

The MSP Program: Allows MSPs and resellers adopt the TitanHQ platform and security solutions to provide TitanHQ products direct to their clients.

The OEM program: TitanHQ’s entire suite of products is supplied in white-label form ready to take your company’s branding.

The Technology Alliance Program: Allows tech companies to partner with TitanHQ to offer spam filtering, web filtering, and email archiving solutions to clients alongside their own products.

The Wi-Fi Program: A program for Wi-Fi providers allowing the incorporation of TitanHQ’s cloud-based WiFi content filtering solution partners’ WiFi services.

Over the coming few months, TitanHQ will be visiting Dublin, heading across the channel to the Netherlands, and will be travelling through the UK and United States. If you are a current MSP partner or are interested in finding out how TitanHQ products could benefit your clients and be slotted into your technology stack, be sure to come and meet the team at one the following events.

We look forward to seeing you at one of the roadshow events in 2019.

TitanHQ 2019 MSP Roadshow Dates

February 2019

Date Event Location
February 14, 2019 IT Nation (HTG) Q1 EMEA Meeting London, UK
February 14, 2019 Datto Roadshow Tampa, FL, USA

March 2019

Date Event Location
March 5, 2019 CompTIA UK Channel Community Manchester, UK
March 7, 2019 Datto Roadshow EMEA Dublin, IE
March 11, 2019 CompTIA Community Forum Chicago, IL, USA
March 12, 2019 Datto Roadshow NA Norwalk, CT, USA
March 19, 2019 Datto Roadshow EMEA London, UK
March 26, 2019 Datto Roadshow EMEA Houten, Netherlands
March 26, 2019 Datto Roadshow NA Toronto, Canada

April 2019

Date Event Location
April 25, 2019 Datto Roadshow Long Island, NY, USA
April 29, 2019 IT Nation Evolve (HTG 2) Dallas, TX, USA

May 2019

Date Event Location
May 6, 2019 Connect IT Global (Kaseya Connect) Las Vegas, NV, USA
May 13, 2019 IT Nation (HTG) Q1 EMEA Meeting Birmingham, UK
May 14, 2019 Wifi Now Washington DC, USA

June 2019

Date Event Location
June 17, 2019 DattoCon San Diego, CA, USA

Survey Highlights Healthcare Email Security Weaknesses

The 2019 Cybersecurity Survey conducted by the Healthcare Information and Management Systems Society (HIMSS) has highlighted healthcare email security weaknesses and the seriousness of the threat of phishing attacks.

HIMSS conducts the survey each year to identify attack trends, security weaknesses, and areas where healthcare organizations need to improve their cybersecurity defenses. This year’s survey confirmed that phishing remains the number one threat faced by healthcare organizations and the extent that email is involved in healthcare data breaches.

This year’s study was conducted on 166 healthcare IT leaders between November and December 2018. Respondents were asked questions about data breaches and security incidents they had experienced in the past 12 months, the causes of those breaches, and other cybersecurity matters.

Phishing attacks are pervasive in healthcare and a universal problem for healthcare providers and health plans of all sizes. 69% of significant security incidents at hospitals in the past 12 months used email as the initial point of compromise. Overall, across all healthcare organizations, email was involved in 59% of significant security incidents.

The email incidents include phishing attacks, spear phishing, whaling, business email compromise, and other email impersonation attacks. Those attacks resulted in network breaches, data theft, email account compromises, malware infections, and fraudulent wire transfers.

When asked about the categories of threat actors behind the attacks, 28% named ‘online scam artists’ and 20% negligence by insiders. Online scam artists include phishers who send hyperlinks to malicious websites via email. It was a similar story the previous year when the survey was last conducted.

Given the number of email-related breaches it is clear that anti-phishing defenses in healthcare need to be improved. HIPAA requires all healthcare employees to receive security awareness training, part of which should include training on how to identify phishing attacks. While this is a requirement for compliance, a significant percentage (18%) of healthcare organizations do not take this further and are not conducting phishing simulations, even though they have been shown to improve resilience against phishing attacks by reinforcing training and identifying weaknesses in training programs.

The continued use of out of date and unsupported software was also a major concern. Software such as Windows Server and Windows XP are still extensively used in healthcare, despite the number of vulnerabilities they contain. 69% of respondents admitted still using legacy software on at least some machines. When end users visit websites containing exploit kits, vulnerabilities on those devices can easily be exploited to download malware.

It may take some time to phase out those legacy systems, but improving healthcare email security is a quick and easy win. HIMSS recommends improving training for all employees on the threat from phishing with the aim of decreasing click rates on phishing emails. That is best achieved through training, phishing simulations, and better monitoring of responses to phishing emails to identify repeat offenders.

At TitanHQ, we can offer two further solutions to improve healthcare email security. The first is an advanced spam filtering solution that blocks phishing emails and prevents them from being delivered to inboxes. The second is a solution that prevents employees from visiting phishing and other malicious websites such as online scams.

SpamTitan is an advanced anti-phishing solution that scans all incoming emails using a wide range of methods to identify malicious messages. The solution has a catch rate in excess of 99.9% with a false positive rate of just 0.03%. The solution also scans outbound messages for spam signatures to help identify compromised email accounts.

WebTitan Cloud is a cloud-based web filtering solution that blocks attempts by employees to visit malicious websites, either through web surfing or responses to phishing emails. Should an employee click on a link to a known malicious site, the action will be blocked before any harm is caused. WebTitan also scans websites for malicious content to identify and block previously known phishing websites and other online scams. Alongside robust security awareness training programs, these two solutions can help to significantly improve healthcare email security.

For further information on TitanHQ’s healthcare email security and anti-phishing solutions, contact TitanHQ today.

Office 365 Phishing Scam Uses SharePoint Lure

A new Office 365 phishing scam has been detected that attempts to get users to part with their Office 365 credentials with a request for collaboration via SharePoint.

The campaign was first detected in the summer of 2018 by researchers at cybersecurity firm Avanan. The Office 365 phishing scam is ongoing and has proven to be highly effective. According to Kaspersky Lab, the phishing campaign has been used in targeted attacks on at least 10% of companies that use Office 365.

This Office 365 phishing scam abuses trust in SharePoint services that are often used by employees. An email is sent to an Office 365 user that contains a link to a document stored in OneDrive for Business. In contrast to many phishing campaigns that spoof links and fool users into visiting a website other than the one indicated by the link text, this link actually does direct the user to an access request document on OneDrive.

A link in the document then directs users to a third-party website where they are presented with a Microsoft Office 365 login page that is a perfect copy of the official Office 365 login page. If login credentials are entered, they are given to the scammers. Once obtained, it is possible for the scammers to gain access to the Office 365 account of the user, including email and cloud storage.

The email accounts can be used for further phishing campaigns on the user’s contacts. Since those messages come from within the organization, they are more likely to be trusted. Email accounts can also contain a wealth of sensitive information which is of great value to competitors. In healthcare, email accounts can contain patient information, including data that can be used to steal identities. The attackers can also use the compromised credentials to spread malware. Employees may know not to open attachments from unknown individuals, but when they are sent from a colleague, they are more likely to be opened.

Businesses that use Microsoft’s Advanced Threat Protection (APT) service may mistakenly believe they are protected from phishing attacks such as this. However, since the links in the email are genuine OneDrive links, they are not identified as malicious. It is only the link in those documents that is malicious, but once the document is opened, Microsoft’s APT protection has already been bypassed.

Finding Office 365 users is not difficult. According to a 2017 Spiceworks survey, 83% of enterprises use Office 365 and figures from 2018 suggest 56% of organizations globally have adopted Office 365. However, a basic check can easily identify Office 365 users as it is broadcast on public DNS MX records. If one user can be found in an organization, it is highly likely that every other user will be using Office 365.

Businesses can take steps to avoid Office 365 phishing scams such as this.

  1. Ensure that all employees are made aware of the threat from phishing, and specifically this Office 365 phishing scam. They should be told to exercise caution with offers to collaborate that have not been preceded by a conversation.
  2. Conduct phishing email simulations to test defenses against phishing and identify individuals that require further security awareness training.
  3. Activate multifactor authentication to prevent stolen credentials from being used to access Office 365 accounts from unknown locations/devices.
  4. Change from APT anti-phishing controls to a third-party spam filter such as SpamTitan. This will not only improve catch rates, it will also not broadcast that the organization uses Office 365.
  5. Use an endpoint protection solution that is capable of detecting phishing attacks.
  6. Implement a web filter to prevent users from visiting known phishing websites and other malicious web pages.

LockerGoga Ransomware Suspected in Altran Cyberattack

The French engineering firm Altran Technologies has been grappling with a malware infection that hit the firm on January 24, 2019.

Immediately following the malware attack, Altran shut down its network and applications to prevent the spread of the infection and to protect its clients. Technical and computer forensics experts are now assisting with the investigation. The Altran cyberattack has affected operations in some European countries and the firm is currently working through its recovery plan.

A public announcement has been made about the attack although the malware involved has not been officially confirmed. Some cybersecurity experts believe the attack involved a new ransomware variant named LockerGoga which emerged in the past few days.

LockerGoga ransomware was first identified on January 24 in Romania and subsequently in the Netherlands. It was named by MalwareHunterTeam, based on the path used for compiling the source code into an executable.

LockerGoga ransomware does not appear to be a particularly sophisticated malware variant. Security researcher Valthek, who analyzed the malware, claimed the code was ‘sloppy’, the encryption process was slow, and little effort appears to have been made to evade detection. The ransomware appends encrypted files with the .locked file extension.

The ransomware note suggests that companies are being targeted although it is currently unclear how the ransomware is being distributed.

LockerGoga ransomware encrypts a wide range of file types and, depending on the command line argument, may target all files. Since the encryption process is slow, fast detection and remediation will limit the damage caused. Failure to detect the ransomware and take prompt action to mitigate the attack could prove costly. The ransomware can spread laterally through network connections and network shares, resulting in widespread file encryption.

The ransomware had a valid certificate that was issued to a UK firm by Comodo Certificate Authority. The certificate has since been revoked.

LockerGoga ransomware is currently being detected as malicious by 46/69 AV engines on VirusTotal, including Bitdefender, the primary AV engine used by SpamTitan.

Latest Ursnif Trojan Campaign Highlights Need to Improve Anti-Phishing Defenses

A new Ursnif Trojan campaign has been detected that uses a new variant of the malware which uses fileless techniques to avoid detection. In addition to the banking Trojan, GandCrab ransomware is also downloaded.

Increase in Banking Trojan and Ransomware Combination Attacks

Ransomware attacks can cause considerable disruption to businesses, although a good backup strategy can allow businesses to recover quickly in the event of a successful attack without having to pay the ransom demand.

However, there has been a significant increase in phishing attacks that deliver not one but two malware variants – ransomware to extort money from companies but also an information stealer to obtain sensitive information such as login and banking credentials. Malware variants used in these attacks also have the capability to download other malware variants and gather system data and process information for use in further attacks.

These phishing campaigns allow hackers to maximize the profitability of attacks and make the attack profitable even if the business does not pay the ransom.

There have been several examples of these attacks in recent months. Earlier in January, warnings were issued about the combination of Ryuk ransomware with the Trickbot and Emotet Trojans – Two malware variants that are used in wire fraud attacks. Ryuk ransomware has been extensively used in attacks on U.S. healthcare providers. The combination with the banking Trojans makes the attacks far more damaging.

Now another campaign has been detected using different malware variants – The Ursnif Trojan and the latest version of GandCrab ransomware.

What Does the Ursnif Trojan Do?

The Ursnif Trojan is one of the most active banking Trojans currently in use. The main functions of the malware is to steal system information and bank account credentials from browsers. The latest variants of the Ursnif Trojan have also been used to deploy other malware variants such as GandCrab ransomware.

According to security researchers at Carbon Black, who identified the latest campaign, the Ursnif Trojan now uses fileless execution mechanisms to make detection more difficult. Instead of downloading and writing files to the hard drive – which can be detected – a PowerShell script downloads a payload and executes it in the memory. That payload then downloads a further file and injects it into the PowerShell process, ultimately resulting in the downloading of the ransomware.

When code is loaded in the memory, it often does not survive a reboot, although the latest variant of Ursnif has persistence. This is achieved by storing an encoded PowerShell command inside a registry key and subsequently launching the command via the Windows Management Instrumentation Command-line (WMIC).

Once information has been collected from an infected system, it is packaged inside a CAB file and sent back to the attackers C2 via encrypted HTTPS. This makes data exfiltration difficult to detect.

The Ursnif Trojan campaign uses email as the attack vector with infection occurring via a Word document attachment that contains a VBA macro. If the attachment is opened and macros are enabled (automatically or manually), the infection process will be triggered.

How Businesses can Protect Against Attacks

Due to the difficulty detecting the malware attack once it has started, the best way to protect against this attack is by improving anti-phishing defenses. It is important to prevent the malicious emails from being delivered to inboxes and to ensure that employees are trained how to identify the messages if they make it past email defenses. The former can be achieved with a powerful spam filtering solution such as SpamTitan.

Along with security awareness training for employees to condition them not to open emails from unknown senders or open attachments and enable macros, businesses can mount an effective defense against the attack.