Our cybersecurity advice section provides comprehensive information about the latest online security threats – not only the threats from unfiltered spam emails, but also the risks present on the Internet from malvertising and vulnerable websites onto which malware exploit kits may have been loaded by cybercriminals.
We also provide advice on the precautions that can be taken to heighten cybersecurity defenses and mitigate the risk of inadvertently downloading an infection. The message throughout all of our cybersecurity advice is to protect your network and WiFi systems with an email spam filter and web content control solution.
Today there is an increasingly mobile workforce. Workers are able to travel and stay connected to the office and many employees are allowed to work remotely for at least some part of the week. While workers are in the office, security is not a problem for IT departments. Workers connect to the internal network, be that a wired or wireless network, and thanks to the protection of the firewall, their devices and the network are protected. The problem comes when workers move outside the protection of that firewall. Here IT departments struggle to ensure the same level of protection.
When workers are travelling for work or are between the home and the office, they often connect to public Wi-Fi hotspots. Connecting to those hotspots introduces risks. While connected, sensitive information could potentially be disclosed which could be intercepted. Malware could also be inadvertently downloaded. When a connection is made to the work network, that malware could easily be transferred.
Connecting to untrusted Wi-Fi networks is a major risk. These could be legitimate Wi-Fi services provided on public transport, in coffee shops, or city-wide Wi-Fi networks. While these networks may be safe, there is no telling who may be connected to that network. These Wi-Fi networks are often not monitored, and cybersecurity protections may be poor.
There are several possible attack scenarios where an individual could perform malicious acts on users of the Wi-Fi network. One of the biggest risks is a man-in-the-middle attack. In this scenario, a Wi-Fi user will be connected to the network and will believe that they are securely accessing the internet, their email, or even the work network, when the reality is that their connection is anything but secure.
A hacker could be listening in and could obtain information from that connection. Through ARP poisoning, a hacker could trick the Wi-Fi gateway and the user’s device into connecting, and traffic would be routed through the hacker’s device where it is intercepted. An attacker could also create an evil twin hotspot. Here a rogue hotspot is created that closely mimics the genuine hotspot. A Wi-Fi user may mistakenly connect to the evil twin thinking they are connected to the legitimate hotspot. Since the evil twin is operated by the attacker, any information disclosed while connected can be intercepted.
Remote workers must be told never to connect to a Wi-Fi network unless they do so through a VPN than encrypts their data. Employees may forget to connect to their VPN, and if weak passwords are used, even if they are encrypted they could be cracked relatively easily, but with a VPN and password policies, risk will be reduced to a reasonable level.
Wi-Fi networks tend not to have the same protections as corporate networks, so there may be little restrictions on the types of website that can be accessed while connected. To protect remote workers, a DNS filter such as WebTitan should be used.
A DNS filter performs content control at the DNS lookup stage when a user attempts to access the internet. When a web address is entered in the browser, the DNS server looks up the fully qualified domain name (FQDN) and matches it with the IP address of the website. The browser is provided with the IP address and the server is contacted and the content is downloaded. With a DNS filter, before any content is downloaded, it is subject to certain rules. For instance, category-based filtering could be used to prevent adult content from being accessed. An attempt would be blocked before any content is downloaded. Importantly for security, the DNS filter would prevent the user from visiting any known malicious website. A phishing site for instance or a site known to harbor malware. With a cloud-based DNS filtering service, all filtering takes place in the cloud and there is no latency regardless of where the individual is located. DNS filtering protects workers on corporate networks as well as remote workers.
A further control that is useful is an email filtering solution, such as SpamTitan, that incorporates Domain-Based Message Authentication, Reporting, and Conformance (DMARC).
In the event of a user’s email credentials being obtained in a man-in-the-middle attack via a rogue Wi-Fi hotspot, their email account could be accessed by the attacker. Since legitimate credentials are being used, this would not generate any alerts and the attacker could peruse the email account in their own time. If the account is used to send phishing messages, as they often are, DMARC will prevent those messages from being delivered and will alert the company to the issue.
The DMARC element of the spam filter checks the sender’s IP address to make sure it matches the IP on the DNS servers for the sender’s organization to make sure they match. If the IP is not authorized to send messages from that domain, the messages will be rejected or quarantined, and the company would be alerted to the phishing attack. The same is true for spoofing of email addresses.
SpamTitan also includes dual anti-virus engines to identify malware sent via email and sandboxing to help catch previously unknown malware variants that have yet to have their signatures uploaded to AV engines. Any malware sent via email will also be quarantined to keep inboxes free of threats.
If you run a business and allow workers to connect remotely, speak to TitanHQ today to find out more about how you can better protect your remote workers, and your business, from cyberattacks conducted via email and the web.
Our team of highly experienced staff will walk you through the benefits of DNS and spam filtering, can schedule a personalized product demonstration, and will help you get set up for a free trial of SpamTitan and WebTitan. You can then evaluate both solutions in your own environment. Both solutions can be set up and protecting you in a matter of minutes.
The increase in cyberattacks on law firms has highlighted a need for greater security protections, especially to protect against phishing, malware, and ransomware.
According to a recent Law.com report, more than 100 law firms are known to have experienced cyberattacks in the past five years: Cyberattacks that have resulted in hackers gaining access to sensitive information and, in many cases, employee, attorney, and client information.
Investigations such as this are likely to uncover just a small percentage of successful cyberattacks, as many are resolved quietly and are not reported. Many law firms will be keen to keep a cyberattack private due to the potential damage it could do to a firm’s reputation. The reputation of a law firm is everything.
As Law.com explained, there are different data breach reporting requirements in different states. If there is no legal requirement to report the data breaches, they will not be reported. That means that only if reportable information has potentially been compromised will the breach be reported to regulators or made public. It is therefore not possible to tell how many successful cyberattacks on law firms have occurred. However, there has been a steady rise in reported cyberattacks on law firms, as is the case with attacks on other industry sectors. Law.com’s figures are likely to be just the tip of the iceberg.
From the perspective of cybercriminals, law firms are a very attractive target. The types of information stored on clients is incredibly valuable and can be used for extortion. Information on mergers and takeovers and other sensitive corporate data can be used to gain a competitive advantage. Cybercriminals are also well aware that if they can deploy ransomware and encrypt client files, there is a higher than average probability that the ransom will be quietly paid.
Based on the information that has been made public about law firm data breaches, one of the main ways that law firms are attacked is via email. Many of the data breaches started with a response to a phishing or spear phishing email. Phishing allows cybercriminals to bypass even sophisticated cybersecurity protections as it targets a well-known weakness: Employees.
Employees can be trained to be more security aware and be taught how to recognize potential phishing emails, but phishers are conducting ever more sophisticated campaigns and every employee will make a mistake from time to time. That mistake could be all that it takes to compromise a computer, server, or a large part of a network.
One firm contacted for the report explained that it had implemented advanced cybersecurity protections that were undone with a phishing email. The digital security measures it had in place greatly restricted the harm caused, and there was no evidence that the attacker had accessed sensitive information, but the attack did succeed.
In response, the law firm implemented more advanced security protocols, implemented a more aggressive spam filter, multi-factor authentication was used more widely, and it revised its policies and procedures and training. Had those measures been implemented in advance, it may have been possible to block the attack.
The response was to implement more layered defenses, which are critical for blocking modern cyberattacks. Overlapping layers of security ensure that if one measure fails, others are in place to prevent an attack from succeeding.
This is an area where TitanHQ can help. TitanHQ has developed cybersecurity solutions that can fit seamlessly into existing security stacks and provide extra layers of security to block the most common attack vectors. TitanHQ’s email and web security solutions – SpamTitan and WebTitan – provide advanced protection without compromising usability.
Since many clients prefer to communicate via email, it is important for all incoming attachments to be analyzed for malicious code. Extensive checks are performed on all incoming (and outgoing) emails, with SpamTitan able to block not only known malware but also zero-day threats. SpamTitan also includes DMARC email authentication to block email impersonation attacks and sandbox to analyze suspicious files and identify malicious or suspicious activity.
WebTitan provides protection from web-based threats. Most malware is now delivered via the internet, so a web security solution is essential. WebTitan is a DNS filtering solution that protects against all known malicious sites. It is constantly updated in real time through threat intelligence services to ensure maximum protection. The solution provides advanced protection against drive-by downloads and malicious redirects to exploit kits and other malicious sites and provides and important additional layer of security to protect against phishing attacks.
Law firms will no doubt prefer to host their cybersecurity solutions within their own environments or private clouds, which TitanHQ will happily accommodate.
For further information on TitanHQ’s cybersecurity solutions for law firms, contact the TitanHQ team today. Managed Services Providers serving the legal industry should contact TitanHQ’s channel team to find out more about the TitanShield program and discover why TitanHQ is the leading provider of cloud-based email and web security solutions to MSPs serving the SMB market.
Ransomware attacks slowed in 2018 but the malicious file-encrypting malware is back with a vengeance. Ransomware attacks on educational institutions have soared this year, and as the attackers are well aware, these attacks can be extremely profitable.
There have been 182 reported ransomware attacks so far this year and 26.9% of those attacks have been on school districts and higher education institutions. The increase has seen education become the second most targeted sector behind municipalities (38.5%) but well ahead of healthcare organizations (14.8%).
The reason why the number of ransomware attacks on educational institutions, healthcare, and municipalities is so high compared to other sectors is because attacks are relatively easy to perform and there is a higher than average chance that the ransoms will be paid.
Attacks on municipalities mean they can’t access computer systems, and essential services grind to a halt. Police departments can’t access criminal records, courts have to be shut down, and payments for utilities cannot be taken. If hospitals can’t access patient data, appointments have to be cancelled out of safety concerns. In education, teachers cannot record grades and student records cannot be accessed. Administration functions grind to a halt and a huge backlog of work builds up.
Some of the recent ransomware attacks on school districts have seen schools forced to send students home. Monroe-Woodbury Central School District in New York had to delay the start of the school year due to its ransomware attack. If students need to be sent home, there is often backlash from parents – Not only because their children are not getting their education, but childcare then needs to be arranged.
The costs of these attacks are considerable for all concerned. Each day without access to systems costs schools, universities, municipalities, and hospitals a considerable amount of money. Downtime is by far the biggest cost of these attacks. Far greater than any ransom payment.
It is no surprise that even when ransom demands are for tens or hundreds of thousands of dollars, they are often paid. The cost of continued losses as a result of the attacks makes paying the ransom the most logical solution from a financial perspective. However, paying the ransom sends a message to other cybercriminals that these attacks can be extremely profitable, and the attacks increase.
The huge cost of attacks has seen educational institutions take out insurance policies, which typically pay the ransom in the event of an attack. While this is preferable financially for the schools, it ensures that the attackers get their pay day. Some studies have suggested that attackers are choosing targets based on whether they hold insurance, although the jury is out on the extent to which that is the case.
In total, 49 school districts and around 500 K-12 schools have been affected by ransomware attacks this year. While the ransomware attacks on school districts have been spread across the United States, schools in Connecticut have been hit particularly hard. 7 districts have been attacked, in which there are 104 schools.
Prevention of these attacks is key but securing systems and ensuring all vulnerabilities are identified and corrected can be a challenge, especially with the limited budgets and resources of most schools. Cybersecurity solutions need to be chosen wisely to get the maximum protection for the least cost.
A good place to start is by addressing the most common attack vectors, which for ransomware is Remote Desktop Protocol and email-based attacks.
Remote Desktop Protocol should be disabled if it is not required. If that is not possible, connection should only be possible through a VPN. Rate limiting should also be set to block access after a number of failed login attempts to protect against brute force password-guessing attacks.
Email security also needs to be improved. Massive spam campaigns are being conducted to distribute the Emotet banking Trojan, which serves as a downloader for Ryuk ransomware and others. Embedded hyperlinks in emails direct end users to sites where they are encouraged to download files that harbor malware, or to exploit kits where ransomware is silently downloaded.
Advanced spam filters should be deployed that incorporate sandboxing. This allows potentially suspicious email attachments to be checked for malicious activity in a safe environment. DMARC email authentication is also important as it is one of the best defenses against email impersonation attacks. SpamTitan now incorporates both of these measures.
A DNS based content filtering solution is also beneficial as an additional protection against malware downloads and phishing attacks. Not only can the content filter be used to ensure compliance with CIPA, it will prevent end users from visiting malicious websites where ransomware is downloaded.
Email attacks usually require some user interaction, which provides another opportunity to block the attacks. By educating all staff and students on the risks, they can be prepared for when malicious emails arrive in their inboxes and will be conditioned how to respond.
It is often the case that breached entities only implement these measures after an attack has occurred to prevent any further attacks from succeeding. By taking a more proactive approach and implementing these additional security measures now, costly, disruptive attacks can be avoided.
For more information on ransomware defenses such as email and DNS filters for educational institutions, give the TitanHQ team a call today. You are likely to find out that these security measures are far cheaper than you think… and naturally a great deal less expensive than having to deal with an attack.
Venture online and you will be faced with a wide range of threats, some of which could result in your bank account being emptied, others could result in sensitive information being exposed and your accounts being hijacked. Then there is ransomware, which could be used to stop you from accessing your data (unless you have backups or pay the ransom payment).
More malicious websites are now being created than legitimate sites, so how can you stay safe online? One solution used by businesses and ISPs is the use of a web filter. A web filter can be configured to restrict access to certain categories of Internet content and block the majority of malicious websites.
While it is possible for businesses or ISPs to purchase appliances that sit between end users and the Internet, DNS filters allow the Internet to be filtered without having to purchase any hardware or install any software. So how does DNS filtering work?
How Does DNS Filtering Work?
DNS filtering – or Domain Name System filtering to give it its full title – is a technique of blocking access to certain websites, webpages, or IP addresses. DNS is what allows easy to remember domain names to be used – such as Wikipedia.com – rather than typing in very difficult to remember IP addresses – such as 18.104.22.168. DNS maps IP addresses to domain names.
When a domain is purchased from a domain register and that domain is hosted, it is assigned a unique IP address that allows the site to be located. When you attempt to access a website, a DNS query will be performed. Your DNS server will look up the IP address of the domain/webpage, which will allow a connection to be made between the browser and the server where the website is hosted. The webpage will then be loaded.
So how does DNS web filtering work? With DNS filtering in place, rather than the DNS server returning the IP address if the website exists, the request will be subjected to certain controls. DNS blocking occurs if a particular webpage or IP address is known to be malicious via blacklists or is determined to be potentially malicious by the web filter. Instead of being connected to the website the user was attempting to access, the user is instead directed to a local IP address that displays a block page explaining why the site cannot be accessed.
This control could be applied at the router level, via your ISP, or a third party – a web filtering service provider. In the case of the latter, the user – a business for instance – would point their DNS to the service provider. That service provider maintains a blacklist of malicious webpages/IP addresses. If a site is known to be malicious, access to malicious sites will be blocked.
Since the service provider will also categorize webpages, the DNS filter can also be used to block access to certain categories of webpages – pornography, child pornography, file sharing websites, gambling, and gaming sites for instance. Provided a business creates an acceptable usage policy (AUP)and sets that policy with the service provider, the AUP will be enforced. Since DNS filtering is low-latency, there will be next to no delay in accessing safe websites that do not breach an organization’s acceptable Internet usage policies.
Will a DNS Filter Block All Malicious Websites?
Unfortunately, no DNS filtering solution will block all malicious websites, as in order to do so, a webpage must first be determined to be malicious. If a cybercriminal sets up a brand-new phishing webpage, there will be a delay between the page being created and it being checked and added to a blocklist. However, a DNS web filter will block the majority of malicious websites.
Can DNS Filtering be Bypassed?
The short answer is yes. Proxy servers and anonymizer sites could be used to mask traffic and bypass the DNS filter unless the chosen solution also blocks access to these anonymizer sites. An end user could also manually change their DNS settings locally unless they have been locked down. Determined individuals may be able to find a way to bypass DNS filtering, but for most end users, a DNS filter will block any attempt to access forbidden or harmful website content.
No single cybersecurity solution will allow you to block 100% of malicious websites or all NSFW websites, but DNS filtering should certainly be part of your cybersecurity defences as it will allow the majority of malicious sites and malware to be blocked.
If you have yet to implement a web filtering solution, are unhappy with your current DNS filtering service, or you have questions about DNS content filtering, contact the TitanHQ team today and ask about WebTitan Cloud.
WebTitan provides a simple and easy DNS filtering solution to protect your company and employees.
2017 was a bad year for ransomware attacks, but as 2018 progressed it was starting to look like the file-encrypting malware was being abandoned by cybercriminals in favor of more lucrative forms of attack. Between 2017 and 2018 there was a 30% fall in the number of people who encountered ransomware compared to the previous year, and the number of new ransomware variants continued to decline throughout 2018; however, now, that trend has been reversed.
2019 has seen a sharp increase in attacks. Figures from Malwarebytes indicate there was a 195% increase in ransomware attacks in Q1, 2019 and that increase has continued in Q2. A new report from Kaspersky Lab has shown that not only are attacks continuing to increase, the number of new ransomware variants being used in these attacks is also increasing sharply.
Kaspersky Lab identified 16,017 new ransomware modifications in Q2, 2019, which is more than twice the number of new ransomware modifications detected in Q2, 2018. In addition to updates to existing ransomware variants, Q2, 2019 saw 8 brand new malware families detected.
Kaspersky Lab tracked 230,000 ransomware attacks in Q2, which represents a 46% increase from this time last year. Far from ransomware dying a slow death, as some reports in 2018 suggested, ransomware is back and is unlikely to go away any time soon.
Not only are attacks increasing in frequency, ransom demands have increased sharply. Ransom demands of hundreds of thousands of dollars are now the norm. Two Florida cities paid a combined total of $1 million for the keys to unlock files encrypted by ransomware. Jackson County in Georgia paid $400,000 for the keys to unlock the encryption that crippled its court system, and recently, a massive ransomware attack that impacted 22 towns and cities in Texas saw a ransom demand of $2.5 million issued.
Earlier this year, the developers of GandCrab ransomware shut down their popular ransomware-as-a service offering. They claimed to have made so much money from attacks that they have now taken early retirement. Despite GandCrab ransomware being one of the most widely used ransomware variants for the past 18 months, the shut down has not been accompanied with a reduction in attacks. They continue to increase, as other ransomware-as-a-service offerings such as Sodinokibi have taken its place.
Ransomware attacks are increasing because they are profitable, and as long as that remains the case, ransomware is here to stay. Businesses are getting better at backing up their data but recovering files from backups and restoring entire systems is a difficult, time-consuming, and expensive task. When major attacks are experienced, such as those in Texas, recovering systems and files from backups is a gargantuan task.
Attackers realize this and set their ransom demands accordingly. A $400,000 ransom demand represents a sizable loss, but it is a fraction of the cost of recovering files from backups. Consequently, these sizable ransoms are often paid, which only encourage further attacks. It is for this reason that the FBI recommends never paying a ransom, but for many businesses it is the only option they have.
Businesses naturally need to develop plans for recovering from an attack to avert disaster in the event of ransomware being installed on their network, but they must also invest in new tools to thwart attacks. At the current rate that attacks are increasing, those tools need to be implemented soon, and that is an area where TitanHQ can help.
To find out more about email and web security solutions that can block ransomware and protect your network, give the TitanHQ team a call.
A Google Calendar phishing campaign is being conducted that abuses trust in the app to get users to click malicious hyperlinks.
Cybercriminals are constantly developing new phishing tactics to convince end users to click links in emails or open email attachments. These campaigns are often conducted on organizations using Office 365. Campaigns are tested on dummy Office 365 accounts to make sure messages bypass Office 365 spam defenses.
Messages are carefully crafted to maximize the probability of an individual clicking the link and the sender name is spoofed to make the message appear to have been sent from a known and trusted individual.
Businesses that implement email security solutions that incorporate DMARC authentication can block the vast majority of these email spoofing attacks. Office 365 users that use a third-party anti-phishing solution for their Office 365 accounts can make sure malicious messages are blocked. Along with end user training, it is possible to mount a solid defense against phishing and email impersonation attacks.
A new phishing tactic is being used in an active campaign targeting businesses which achieves the same aim as an email-based campaign but uses a personal calendar app to do so.
Phishing campaigns have one of two main aims – To steal credentials for use in a further attack or to convince the user to install some form of malware or malicious code. This is most commonly achieved using an embedded hyperlink in the email that the user is urged to click.
In the Google Calendar phishing attacks, events are added into app users’ calendars along with hyperlinks to the phishing websites. This is possible because the app adds invites to the calendar agenda, even if the invite has not been accepted by the user. All the attacker needs to do is send the invite. As the day of the fictitious event approaches, the user may click the link to find out more. To increase the likelihood of the link being clicked, the attacker sets event reminders so the link is presented to the user on multiple occasions.
This attack method is only possible with Google Calendar in its default setting. Unfortunately, many users will not have updated their settings after installation and will be vulnerable to Google Calendar phishing attacks.
To prevent these attacks, on the desktop application settings menu click on:
Event Settings > Automatically Add Invitations
Select the option, “No, only show invitations to which I’ve responded.”
Navigate to “View Options”and ensure that “Show declined events” is not checked.
The FBI’s Internet Crime Complaint Center (IC3) has issued a warning about the increasing number of phishing websites using HTTPS.
The green padlock next to a URL once gave an impression of security. Now it is a false sense of security for many internet users.
HTTPS or Hyper Text Transfer Protocol Secure to give it its full name, indicates the website holds a valid certificate from a trusted third-party. That certificate confirms that the website is secure and any data transmitted between the browser and the website will be encrypted to prevent interception in transit.
The public has been taught to look for the green padlock and HTTPS before entering card details or other sensitive information. However, the padlock does not mean that the website being visited is genuine. It only means any information transmitted is secured in transit between the browser and the website.
If you are buying a pair of shoes from Amazon, all well and good. If you are on a website controlled by a cybercriminal, HTTPS only means that the cybercriminal will be the only person stealing your data.
Cybercriminals create realistic phishing webpages that imitate well-known brands such as Microsoft and Google to obtain login credentials or banks to obtain banking information. These phishing pages can be set up on dedicated phishing websites or phishing kits can be added to previously compromised websites. Traffic is then generated to those webpages with an email phishing campaign.
If one of the links in the email is clicked, a user will be directed to a website that requests some information. If the website starts with HTTPS and displays the green padlock, the user may mistakenly believe the site is genuine and that it is safe to disclose sensitive information.
The IC3 alert was intended to raise awareness of the threat from HTTPS phishing and make the public aware of the true meaning of the green padlock and never to trust a website because it starts with HTTPS.
Businesses should take note and make sure they include HTTPS phishing in their security awareness training programs to raise awareness of the threat with employees.
A web filter can greatly reduce the risk of HTTPS phishing attacks, provided the web filter has the capability to decrypt, scan, and re-encrypt HTTPS traffic.
WebTitan provides real-time protection against web-based attacks and uses a constantly updated database of 3 million known malicious sites to block attempts to visit phishing websites. WebTitan is capable of SSL inspection and can inspect HTTPS traffic, block specific applications within a webpage, and display alerts or block sites with fake https certificates.
If you want to improve protection against web-based attacks, contact the TitanHQ team today for more information about WebTitan.
Phishing is the number one threat faced by businesses and attacks are increasing across all industry sectors. Businesses of all sizes are being targeted by hackers. The risk of phishing attacks should not be underestimated.
The High Cost of a Data Breach
A successful phishing attack that results in a data breach can be incredibly costly to resolve. A 2019 Radware survey suggests the cost of a successful cyberattack has increased to $1.1 million, while the Ponemon Institute’s Cost of a Data Breach Study in 2018 placed the average cost at $3.86 million.
The Anthem Inc. data breach of 2015, that resulted in the theft of 78.8 million health plan members’ personal information, started with a phishing email. The attack resulted in losses well over $100 million.
In 2017, a phishing email sent to a MacEwan University employee resulted in a fraudulent wire transfer of $11.8 million to the attacker’s bank account.
Essential Anti-Phishing Controls for Businesses
For most businesses there are two essential elements to anti-phishing defenses. A spam filtering solution to identify phishing emails and block them before they are delivered to employees’ inboxes and training for staff to ensure that if a malicious email makes it past the perimeter defenses, it can be identified as such before any harm is caused.
A spam filter is quick and easy to implement, although care must be taken to choose the correct solution. Not all spam filtering and anti-phishing solutions are created equal.
The Danger of Relying on Office 365 Anti-Phishing Controls
Many businesses now use Office 365 for email. 155 million business (and growing) are now using Office 365. That makes Office 365 a major target for hackers.
Microsoft does provide anti-phishing and anti-spam protection through its Advanced Threat Protection (APT) offering for Office 365. APT is an optional extra and comes at an additional cost.
APT provides a reasonable level of protection against phishing, but ‘reasonable’ is not sufficient for many businesses. APT is certainly better than nothing, but it does not provide the same level of protection as a third-party spam filtering solution from a dedicated cybersecurity solution provider.
Hackers use Office 365 accounts protected by APT to test their phishing campaigns to make sure they can bypass Office 365 controls. Hackers can easily tell which businesses are using Office 365 as it is broadcasted through public DNS MX records, so finding targets is easy.
With a third-party solution implemented, businesses will be much better protected. Hackers can tell that a business is using Office 365, but they will not know that it has advanced spam defenses from a third-party solution provider. This multi-layer approach is essential if you want to ensure you are well protected against phishing attacks.
SpamTitan is a leading spam filtering solution for businesses that is highly effective at blocking phishing and other malicious emails. Independent tests confirm the solution blocks more than 99.9% of spam and malicious emails and 100% of known malware through its two AV engines. It is a perfect addition to Office 365 to provide even greater protection against phishing threats.
Don’t Underestimate the Importance of Security Awareness Training
No technical anti-phishing solution will be 100% effective, 100% of the time. Hackers are constantly developing new techniques to bypass organizations’ defenses and occasionally messages may be delivered. Employees must therefore be trained how to identify malicious messages and conditioned to be alert to the threat of attack. Employees are the last line of defense in an organization and that defensive line will be tested.
A once a year training session may have been sufficient in the past, but the increased threat of attack means far more frequent training is required. To develop a security culture, it is necessary to have regular training sessions and use a variety of different methods to reinforce that training.
Twice a year formal training sessions should be accompanied by more frequent CBT mini-training sessions, cybersecurity newsletters, posters, and phishing email simulations to identify weaknesses.
SMBs are Being Targeted by Hackers
Many SMB owners think that their business is too small to be targeted by hackers. While large organizations are attacked more frequently, SMB cyberattacks are far from uncommon.
The 2018 State of Cybersecurity in Small and Medium Size Businesses study conducted by the Ponemon Institute showed that 67% of SMBs had experienced a cyberattack in the past 12 months and 58% had experienced a data breach.
Due to the high risk of cyberattacks, the increased number of phishing attacks on SMBs, defenses need to be improved. Businesses that fail to implement appropriate cybersecurity solutions and train staff how to identify phishing emails are a data breach waiting to happen.
Fortunately help is at hand. If you want to improve your defenses against phishing, contact TitanHQ to chat about your options.
OpenDNS used to be a free DNS-based web filtering service, although it has since been acquired by Cisco and rebranded as Cisco Umbrella. Cisco Umbrella is a popular web filter for businesses, although many firms are now abandoning the product and making the switch to WebTitan Cloud. In this WebTitan Cloud v Cisco Umbrella post, we cover some of the key reasons behind this switch.
WebTitan Cloud v Cisco Umbrella
If you are currently a Cisco Umbrella customer and are considering a replacement DNS-based web filtering service, or if you have yet to make a decision on the best web filtering solution to match the needs of your business, we hope this quick WebTitan Cloud v Cisco Umbrella comparison is useful.
WebTitan Cloud v Cisco Umbrella: Key Differences
Cost and pricing
One of the main reasons why businesses switch from Cisco Umbrella to WebTitan is cost. Cisco Umbrella is a powerful web filtering solution, but generally speaking, WebTitan Cloud offers similar features and is a direct swap out. Businesses that make the switch can continue to filter the Internet to protect against web-based threats and exercise content control while making savings of up to 50%.
TitanHQ offers a simple and transparent pricing model with monthly billing. All features are included in the price, rather than the multi-tiered system of Cisco Umbrella that only provides the advanced features in the upper product tiers.
User Interface and Reporting
One of the main complaints about Cisco Umbrella is an overly complicated user interface which can make configuration, maintenance, and generating reports time consuming and difficult. If the staff doesn’t like using a product, they may avoid it, which will have an impact on security. WebTitan Cloud has a highly intuitive user interface with all information placed at your fingertips. That makes for simple configuration and management without the need for user training. It also means problems can be quickly identified and remediated, improving security.
Cisco has a vast and diverse product range and is a massive IT provider. While its products have been developed to meet the needs of businesses, the options available are somewhat rigid. TitanHQ is much smaller by comparison, but as an independent entity, has the flexibility to work more closely with customers and better meet the needs of small to medium sized businesses. Commercial arrangements can be made to suit both parties.
TitanHQ customers benefit from industry-leading customer support, with full support provided to all customers at no additional cost. That includes support during the free trial of the product. With Cisco Umbrella, phone support is only provided to customers on the platinum, gold, or silver plans.
In order to protect the entire enterprise network, WebTitan Cloud applies security rules across the entire organization, in addition to AD/LDAP integration to allow rules to be applied for groups and individuals. Sometimes, individuals may require access to content that violates enterprise-wide rules. WebTitan Cloud allows cloud keys to be generated, which allows filtering controls to be bypassed without the need to change policies. They can be configured to expire after a set time or number of uses.
Ability to Host Locally
Some businesses will have no qualms about using a web filter that is hosted on the service provider’s servers, although this is far from ideal for some businesses such as Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs). Businesses that do not want to direct users to an external cloud service can host WebTitan Cloud in a private cloud or host the solution locally. With Cisco Umbrella, local hosting is not an option.
Ability to Rebrand the Solution
Another bugbear of MSPs and MSSPs is the inability to fully rebrand Cisco Umbrella. WebTitan Cloud on the other hand is fully rebrandable and customizable. This includes a full white label and customizable user interface and block page ready for rebranding. This allows service providers to offer the solution to their customers while reinforcing their own brand image.
Further Information on WebTitan Cloud
Our WebTitan Cloud v Cisco Umbrella comparison includes just a few of the reasons why businesses are switching from Cisco Umbrella to WebTitan Cloud. For further information on WebTitan Cloud, to schedule a product demonstration, to register for a free trial to find out how WebTitan Cloud works in your environment, contact the TitanHQ team today.
Web filtering is important for protecting users from web-based threats and for controlling what users can do online. There are many choices of web filtering solutions, including Cisco Umbrella. While the latter is popular, many businesses and organizations are now changing from Cisco Umbrella to WebTitan.
In this post we explain some of the main benefits of changing from Cisco Umbrella to WebTitan and illustrate this with an example from the education sector.
Web Filtering for Schools and Libraries and CIPA Compliance
Web filters are a requirement of the Children’s Internet Protection Act (CIPA). CIPA was enact by congress in 2000 and is concerned with protecting minors from harmful website content such as pornography. CIPA requires schools and libraries to implement an Internet safety policy that addresses the safety and security of minors online.
To comply with CIPA, measures must be introduced to block access to obscene content, child pornography, and other web content that is considered to be harmful to minors. Additionally, schools must educate minors about appropriate online behavior and monitor the online activities of minors.
While there are many choices of web filters for schools that can help them comply with CIPA, not all solutions are created equal. While it is usually easy to block access to harmful content, with some solutions monitoring user activity can be difficult and time consuming.
Why Did Saint Joseph Seminary College Change from Cisco Umbrella to WebTitan?
There is no doubt that Cisco has developed a powerful web filtering solution in Umbrella that can offer protection from web-based threats and allow content control, but the solution is not without its drawbacks.
One of the main downsides is usability, especially monitoring the online activities of users, something that is particularly important for CIPA compliance. It was proving to be particularly difficult for Saint Joseph Seminary College, which needed to quickly identify attempts by students to access restricted content.
“I don’t need rounded corners and elegant fonts when I am trying to see who has been visiting dangerous websites. I need to clearly see domain names and internal IPs,” explained Saint Joseph Seminary College IT Director Todd Russell. “In my opinion, after Cisco bought OpenDNS, they made some major changes to the UI which made it virtually useless for quickly looking through blocked traffic for signs of particular types of usage.” The complexity of the user interface made the solution unpopular with IT staff and the complexity was jeopardizing security.
Ease of use was a major problem, but the troubles didn’t end there. There was also the issue of cost. “We found that once Cisco bought OpenDNS, they began upping the Umbrella pricing every year at renewal time. Despite the repeated price increases, the service was not improving and there was no additional value offered,” explained Russell.
Cost and usability issues prompted Russell to look for a Cisco Umbrella alternative. After assessing various Cisco Umbrella alternatives, the decision was taken to switch from Cisco Umbrella to WebTitan. “It didn’t take long to realize that WebTitan was the best alternative for an efficient, cost-effective, and easy to use filtering solution to replace Cisco Umbrella,” explained Russell.
“I am able to quickly scan an entire previous day of blocked traffic and take a closer look at the full traffic on any users that raise a concern in a matter of minutes. This has saved me an enormous amount of time when I need to examine a user’s traffic, but it has also made it possible for me to keep close tabs on our traffic.” All the information required was accessible with just two clicks.
In terms of time savings gained from using WebTitan and the lower cost of running the solution, the college has been able to make significant cost savings as well as identify and remediate issues immediately, which means greater safety and security for students.
Are You Looking for an Alternative to Cisco Umbrella?
If you are currently using Cisco Umbrella and are frustrated with the interface and are unable to easily get the information you need, or if you are looking for a lower-cost alternative to Cisco Umbrella that will not jeopardize security, you have nothing to lose by evaluating WebTitan.
Contact the TitanHQ team today and you can arrange a product demonstration and set up a free trial of the full solution to see for yourself the difference it makes.
In the words of Todd Russell, “That brief demo was all I needed to know that WebTitan would serve my needs much better than Umbrella and I have been thrilled with the improvements to my workflow since switching over.”
It is straightforward to implement security controls to protect wired networks, but many businesses fail to apply the same controls to improve WiFi security, often due to a lack of understanding about how to improve wireless access point security. In this post we cover some of the main threats associated with WiFi networks and explain how easy it can be to improve wireless access point security.
Wireless Access Points are a Security Risk
Most businesses now apply web filters to control the types of content that can be accessed by employees on their wired networks but securing wireless networks can be more of a challenge. It is harder to control and monitor access and block content on WiFi networks.
Anyone within range of the access point can launch an attack, especially on public WiFi hotspots which have one set of credentials for all guest users. It is therefore essential that controls are implemented to improve wireless access point security and protect users of the WiFi network.
WiFi Security Threats
A single set of credentials means cybercriminals are afforded a high degree of anonymity. That allows them to use WiFi networks to identify local network vulnerabilities virtually undetected. They could conduct brute force attacks on routers, for example, or use WiFi access to inject malware on servers that lack appropriate security. If access is gained to the router, attacks can be launched on connected devices, and malware can be installed on multiple end points or even POS systems to steal customers’ credit/debit card information.
The cyberattack on Dyn is a good example of how malware can be installed and used for malicious purposes. The DNS service provider was attacked which resulted in large sections of the Internet being made inaccessible. A botnet of more than 100,000 compromised routers and IoT devices was used in the attack.
Man-in-the-Middle attacks are also common on Wi-Fi networks. Any unencrypted content can be intercepted, such as if information is exchanged between a user and a HTTP site, rather than HTTPS, if a VPN is not used.
Public WiFi networks are often used for all manner of nefarious purposes due to the anonymity provided. If users take advantage of that anonymity to access illegal content and download child pornography or perform copyright infringing downloads of music, films, and TV shows from P2P file sharing sites, an investigation would center on the hotspot provider. Questions would likely be asked about the lack of security controls to prevent illegal website access.
The Easy Way to Improve Wireless Access Point Security
The easy way to improve wireless access point security is a web filtering solution. Web filtering solutions are usually implemented by businesses to secure wired networks, but solutions also exist to improve wireless access point security.
A web filter forms a barrier between the users of the network and the Internet. Controls can be applied to stop users from accessing dangerous, illegal, or inappropriate website content. Even if each user has their own access controls, without a web filter, users will still be vulnerable to malware attacks and phishing attempts and the hotspot provider may be liable for illegal activities over the WiFi network.
There are two ways of implementing WiFi web filtering to improve wireless access point security. One is to rely on a list of categorized domain names and use that to control content. The other is DNS-layer web filtering, which uses the DNS lookup process that is required before any user is directed to a website after entering the domain name into their browser. The DNS server turns the domain name into an IP address to allow the web page to be found.
Why DNS Filtering is Best Way to Improve Wireless Access Point Security
The main difference between the two types of web filtering is the point at which access is blocked. With a traditional web filter, content is first downloaded before it is blocked, which is a risk. With DNS-layer filtering, content is blocked during the lookup process before content is downloaded.
If content is downloaded before being blocked, this will naturally have an impact on available bandwidth. DNS-layer filtering has no impact on bandwidth, since the content is blocked before it is downloaded.
DNS filtering does not need to be integrated with other systems and it works across all devices and operating systems, since they all use DNS servers to access websites.
DNS filtering is also quick and easy to implement. No appliances need to be purchased, hardware doesn’t need to be upgraded, and no software downloads are required. A simple change to the DNS is all that is required to point it to the provider’s DNS server. It is also much easier to maintain. No software updates are necessary and, in contrast to other security solutions, no patching is required. It is all handled by the service provider.
WebTitan Cloud for WiFi – The Leading Wireless Access Point Security Solution
TitanHQ has set the standard for WiFi security with WebTitan Cloud for WiFi. WebTitan Cloud for WiFi gives businesses the opportunity to implement bulletproof WiFi security to protect end users from online threats, block malware downloads, and carefully control the content that can be accessed by wireless network users.
Businesses that run WiFi hotspots can quickly and easily implement the solution and let TitanHQ secure their WiFi networks and provide the massive processing power to fight current and emerging web-based threats. With WebTitan Cloud for WiFi, businesses can instead concentrate on profit-generating areas of the business.
If you want to improve wireless access point security, contact TitanHQ for further information on WebTitan cloud for WiFi. Our security experts will be happy to schedule a product demonstration and set up for a free trial.
In this post we explore the use of Internet filtering to improve employee productivity, including statistics from recent surveys that show how many companies are now choosing to control employee Internet access more carefully.
Employee Productivity Falls on Black Friday and Cyber Monday
The staffing firm Robert Half Technology recently conducted a survey on 2,500 chief information officers (CIOs) across 25 metropolitan areas in the United States and more than 1,000 U.S. officer workers over 18 years of age to determine how Black Friday and Cyber Monday affect employee productivity.
The results of the survey provide an indication on what goes on throughout the year, but Black Friday and Cyber Monday were studied as they are the two busiest days for online shopping. The survey results show that three quarters of employees spent at least some of Cyber Monday shopping online on a work device. Four out of 10 workers said they spent more than an hour looking for bargains online on Cyber Monday while they were at work. 23% said they were expecting to spend even longer than that this year.
46% of workers said they would be online shopping on their work computers during their lunch hour and breaks, but 29% said they would be shopping throughout the day and would be keeping browser tabs open. 20% of workers said they would do online shopping at work in the morning.
While policies on accessing pornography may have been made crystal clear, online shopping is something of a gray area. 31% of employees were not aware of their company’s stance on online shopping on work devices. 43% said their employers permit it and 26% said it is not permitted.
The survey of CIOs shows 49% of companies allow online shopping within reason but that they monitor employee Internet use. 22% said they allow totally unrestricted Internet access while 29% have implemented solutions to block access to online shopping sites.
In June 2018, Spiceworks published the results of a survey that showed 58% of organizations actively monitor employee Internet activity and 89% of organizations use Internet filters to block at least one category of Internet content.
Most surveyed companies use Internet filtering to improve employee productivity. While only 13% block online shopping sites, many companies block other productivity-draining sites such as social media, gaming, gambling and dating sites.
Internet filtering to improve employee productivity is important, but the majority of companies are flexible when it comes to employee Internet use for personal shopping, provided employees keep it to a reasonable level.
Monitoring Employee Internet Access to Prevent Abuse
Many businesses use Internet filtering to improve employee productivity and enforce acceptable usage policies. Some control Internet access with an iron fist, others are much more permissive.
Regardless of the controls that are put in place, Internet filters also allow employers to keep close tabs on their employees’ Internet activity. An internet filter is a useful tool for monitoring employees, not just enforcing company policies.
Internet filters allow employers to easily check employee Internet use while maintaining a relatively permissive controls. This allows them to take action when individuals are abusing Internet access. Monitoring is easy as reports can be generated on user, group, or organization-wide activity while providing information on browsing activity in real time. Reports can also be automatically generated and sent to department heads or IT security teams.
Different controls can be applied to different user groups and time-based controls can be set, for instance, only permitting online shopping during lunch hours or other scheduled breaks. Such controls would be useful for stopping the 20% of workers that do their online shopping at work in the morning which, in many businesses, is the most important part of the day when productivity needs to be high.
Since controls can be applied for different types of Internet content, security can be maintained by blocking access to high risk sites and illegal or totally unacceptable content all of the time, while restrictions on other categories of content can be eased during relatively quiet periods.
In short, Internet filters should not be viewed just as a way of restricting employee Internet access, but as a tool for the management of Internet use to improve security and enjoy productivity gains while giving employees some flexibility.
How TitanHQ Can Help
Not all Internet filters offer businesses the highly granular controls that are necessary to carefully control Internet content. Many lack flexibility and have difficult to use interfaces.
Applying and managing Internet filters should be an easy process, which is why TitanHQ developed the WebTitan suite of products. WebTitan Gateway, WebTitan Cloud, and WebTitan Cloud for WiFi have been developed to make Internet filtering a simple process, while giving businesses the ability to precisely control employee Internet access to achieve productivity gains and improve security.
What Makes WebTitan the Ideal Choice for Businesses
Listed below are some of the key features of WebTitan that are often found lacking in other business Internet filtering solutions.
No hardware purchases necessary
No software downloads required
Quick and easy set up and application of Internet policies
Highly granular controls allow flexible policies to be applied
Links with Active Directory and LDAP allowing easy application of organization, department, group, or user-level Internet controls
Easily block content through 53 pre-defined categories and 10 customizable categories
Keyword-based filtering controls
Dual anti-virus engines provide leading AV protection
Excellent protection from phishing websites
An intuitive web-based user interface places all information and controls at your fingertips
Protect wired and wireless networks, including protection/content controls for off-site workers
Provides full visibility of network usage
Full reporting suite, including group and user activity, real time browsing activity, report scheduling, and real-time alerts
If you want to use Internet filtering to improve employee productivity, enforce acceptable usage policies, and improve security by blocking web-based threats, WebTitan is the ideal solution.
For more information on WebTitan and advice on the best option to suit the needs of your business, contact the TitanHQ team today. Our experts will be happy to book a product demonstration and help you take advantage of a free trial of the full product to see the solution in action and discover the difference it makes.
A credential stuffing attack has led to a Dunkin Donuts data breach which has seen some customer data compromised. While the breach was limited and most attempts to access customers’ DD Perks accounts were blocked, the incident does highlight the risks of password reuse.
It is unclear exactly how many customers have been affected, but for certain customers, the attackers may have gained access to their DD perks accounts – The loyalty program run by the donut company. The Dunkin Donuts data breach was limited to first and last names, email addresses, DD Perks account numbers, and QR codes.
The method used to gain access to customers DD perks accounts was unsophisticated, cheap to conduct, and in the most part can be conducted automatically. Low cost and little effort makes for a winning combination for hackers.
The Dunkin Donuts data breach did not involve internal systems and no credentials were stolen from the donut giant. Customers’ usernames (email addresses) and passwords were obtained from security breaches at other companies. Those usernames and passwords were then utilized in an automated attack on Dunkin Donuts customers’ DD Perks accounts. Dunkin Donuts has performed a password reset and affected users will be required to choose a new password. New DD Perks account numbers will be given to affected customers and their card balances will be transferred to the new account.
Since Dunkin Donuts did not expose any passwords and its systems remained secure, the only individuals that will have been affected are those that have used the same password for their DD Perks account that they have used on other online platforms.
The Risks of Password Reuse
Hackers obtain credentials from multiple data breaches, compile the data to create a list of passwords that have previously been used with a specific email address, then conduct what is known as a credential stuffing attack. Multiple login attempts are made using the different passwords associated with an email address.
The Dunkin Donuts data breach demonstrates the importance of good password hygiene and the risks of password reuse. Every user account must be secured with a strong, unique password – One that has not been used with a particular email address or username in the past and is not shared across multiple platforms.
If any online platform experiences a data breach and credentials are obtained, only the account at the breached entity will be compromised.
Naturally, using different passwords for each account means users are required to have scores of unique passwords for their work and personal accounts and remembering strong passwords can be difficult. That is why so many people reuse passwords on multiple accounts or recycle old passwords.
To avoid having to remember so many passwords it is advisable to use a password manager to generate strong passwords and store them. Of course, the password manager account must be secured with a very strong password or long pass phrase as if that account is breached, al passwords will be compromised.
There are many reasons why businesses should implement a WiFi filtering solution, but one of the most important aspects of WiFi filtering is protecting your brand.
The Importance of Brand Protection
It takes a lot of hard work to create a strong brand that customers trust, but trust can easily be lost if a company’s reputation is damaged. If that happens, rebuilding the reputation of your company can be a major challenge.
Brand reputation can be damaged in many ways and it is even easier now thanks to the Internet and the popularity of social media sites. Bad feedback about a company can spread like wildfire and negative reviews are wont to go viral.
Smart business owners are proactive and take steps to protect their digital image. They are quick to detect and enforce online copyright infringements and other forms of brand abuse. They monitor social media websites and online forums to discover what people are saying about their company and how customers feel about their products and services. They also actively manage their online reputation and take steps to reinforce their brand image at every opportunity.
Cyberattacks Can Seriously Damage a Company’s Reputation
One aspect of brand protection that should not be underestimated is cybersecurity. There are few things that can have such a devastating impact on the reputation of a company as a cyberattack and data breach. A company that fails to secure its POS systems, websites, and network and experiences a breach that results in the theft of sensitive customer data can see their reputation seriously tarnished. When that happens, customers can be driven to competitors.
How likely are customers to abandon a previously trusted brand following a data breach? A lot more than you may think! In late 2017, the specialist insurance services provider Beazley conducted a survey to find out more about the impact of a data breach on customer behavior. The survey was conducted on 10,000 consumers and 70% said that if a company experienced a data breach that exposed their sensitive information they would no longer do business with the brand.
WiFi Filtering and Protecting Your Brand
The use of Wi-Fi filtering for protecting your brand may not be the first thing that comes to mind when you think about brand protection, but it should be part of your brand protection strategy if you offer WiFi access to your customers or provide your employees with wireless Internet access.
It is essential for businesses to take steps to ensure their customers are protected and are not exposed to malware or phishing websites. If a customer experiences a malware infection or phishing attack on your WiFi network the fallout could be considerable. If your employees download malware, they could give hackers access to your network, POS system, and sensitive customer data. If you offer free Wi-Fi to your customers, you need to make sure your Wi-Fi network is secured and that you protect your customers from malicious website content.
One of the most important aspects of WiFi filtering for protecting your brand is preventing your WiFi access points from being used for illegal activities. Internet Service Providers can shut down Internet access over illegal activities that take place over the Internet. That will not only mean loss of WiFi for customers but could see Internet access lost for the whole company. Your company could also face legal action and fines.
If WiFi users can access pornography and other unacceptable content, a brand can be seriously tarnished. Imagine a parent discovers their child has seen pornography via your WiFi network – The failure to prevent such actions could be extremely damaging. WiFi filters allow businesses to carefully control the content that can be accessed on their network and prevents customers from viewing harmful web content.
WebTitan Cloud for WiFi – The Easy Way to Secure Your WiFi Access Points
Implementing a WiFi filter to protect your brand and provide safe and secure Internet access for your employees and customers is a quick and easy process with WebTitan Cloud for WiFi.
WebTitan Cloud for WiFi is a powerful, yet easy to use web filtering solution for WiFi hotspots that requires no hardware purchases or software downloads. WebTitan Cloud for WiFi can be implemented and configured in just a few minutes. No technical skill required.
WebTitan Cloud for WiFi is highly scalable and can protect any number of access points, no matter where they are located. If you have business premises in multiple locations, or in different countries, WebTitan Cloud for WiFi will protect all of your access points via an intuitive web-based user interface.
WebTitan Cloud for WiFi protects against online threats, allows businesses to carefully control the types of content that WiFi users can access, allows businesses to control bandwidth use, and gives them full visibility into network usage.
If you have yet to implement a WiFi filter on your hotspots, give TitanHQ a call today for details of pricing, to book a product demonstration, and register for a free trial.
DNS web filtering for MSPs is an easy way to improve security for your clients, save them money, and boost your profits. This post explains the benefits of a DNS-level web filter for MSPs and their clients.
DNS web filtering is a great way for MSPs to boost profits, save clients money, and better protect them from cyber threats. Web filtering is an essential cybersecurity measure that businesses of all sizes should be using as part of their arsenal against malware, ransomware, botnets and phishing attacks. However, many MSPs fail to include web filtering in their security offerings and consequently miss out on an important income stream: One that requires little effort and generates regular monthly income.
What Are the Benefits of Web Filtering?
There are two main benefits of web filtering: Enforcing Internet usage policies and cybersecurity. Employees need to be able to access the Internet for work purposes, but many employees spend a considerable percentage of their working day accessing websites that have no work purpose. Cyberslacking costs businesses dearly. Businesses that do not filter the Internet will be paying their employees to check personal mail, view YouTube videos, visit dating websites, and more. A web filter will help to curb these non-productive activities and will also prevent employees from accessing inappropriate or illegal web content and avoid legal and compliance issues.
A recent study by Spiceworks revealed the extent of the problem. 28% of employees at large companies (more than 1,000 employees) spend more than four hours a week on personal Internet use and the percentages increase to 45% for mid-sized businesses and 51% for small businesses. The difference in those figures reflects the fact that more large businesses have implemented web filters. 89% of large companies have implemented a web filter to curb or prevent personal Internet usage and, as a result, benefit from an increase in productivity of the workforce.
Web filtering is essential in terms of cybersecurity. The Spiceworks study revealed 90% of large companies use a web filter to block malware and ransomware infections. A web filter prevents employees from accessing websites known to be used for phishing and those that host malware.
The Spiceworks study showed just how important a web filter is in this regard. 38% of companies had experienced at least one security incident in the past year as a result of employees visiting web pages for personal use, most commonly webmail services and social media channels.
Additional benefits of web filtering include improving network performance and ensuring sufficient bandwidth is available for all users – by blocking access to bandwidth-heavy online activities such as gaming and video streaming.
From the productivity gains alone, a web filter will pay for itself. Add in the costs that are saved by preventing malware and phishing attacks and use of a web filter really is a no brainer.
Why DNS Web Filtering for MSPs is the Way Forward
MSPs have three main web filtering options open to them. An appliance-based web filter, a virtual appliance or software solution, or a DNS filter. DNS web filtering for MSPs is usually the best choice.
DNS web filtering for MSPs avoids the need for hardware purchases so there is not an initial high cost for clients or for the MSP, since a powerful appliance does not need to be installed in an MSP’s own data center. DNS web filtering for MSPs means no site visits are necessary to install the solution as no hardware is required and no software downloads are necessary. DNS web filtering is not restricted by operating systems and is hardware independent, and since there are no clients to install, there will not be any installation issues. A DNS web filter also doesn’t have any impact on Internet speed.
A SaaS DNS web filtering solution, such as WebTitan Cloud, allows MSPs to deploy the web filter for their clients in a few minutes. All that is required is to direct clients’ DNS the cloud-based filter.
DNS web filtering for MSPs is easy to implement, simple to use, requires little management, and with WebTitan Cloud, MSPs benefit from generous margins. Improving clients’ security posture and helping them make important productivity gains could not be easier.
Why WebTitan Cloud is the Best Choice for MSPs
WebTitan Cloud has been developed to meet the needs of the SMB marketplace but with MSPs firmly in mind. WebTitan includes a full suite of pre-configured reports (with scope for customization) to allow MSPs to show their clients the sites that have been blocked and what employees have been up to online. The reports give MSP clients total visibility into their web traffic and highlight problem areas and show trends affecting network performance. The reports can be automated and sent directly to clients with no MSP involvement.
Some of the key benefits of TitanHQ’s DNS web filtering for MSPs are detailed below:
WebTitan Cloud can be hosted by TitanHQ or by MSPs in a private cloud
WebTitan Cloud includes APIs to integrate with auto-provisioning, billing, and monitoring systems
MSPs do not need to become an ISP to use the service
WebTitan Cloud is scalable to hundreds of thousands of users
WebTitan Cloud includes multiple management roles
New customers can be added and configured in minutes
WebTitan Cloud can be supplied in white-label form ready for an MSP’s logos and UI color schemes
MSPs benefit from industry-leading customer service
Highly competitive pricing and aligned monthly billing
If you have yet to start offering web filtering to your clients or if you are unhappy with the usability or cost of your current solution, contact TitanHQ’s Alliance team today for full product details, details of pricing, to book a product demonstration and register for a free trial.
The biggest cyber threat to SMBs is ransomware, according to Dato’s State of the Channel Report. While other forms of malware pose a serious risk and the threat from phishing is ever present, ransomware was considered to be the biggest cyber threat to SMBs by the 2,400 managed service providers that were polled for the study.
Many SMB owners underestimate the cost of mitigating a ransomware attack and think the cost of cybersecurity solutions to prevent attacks, while relatively low, are not justified. After all, according to Datto, the average ransom demand is just $4,300 per attack.
However, the ransom payment is only a small part of the total cost of mitigating an attack. The final cost is likely to be ten times the cost of any ransom payment. Datto points out that the average total cost of an attack on an SMB is $46,800, although there have been many cases where the cost has been far in excess of that amount.
One of the most common mistakes made by SMBs is assuming that attacks will not occur and that hackers are likely to target larger businesses with deeper pockets. The reality is SMBs are being targeted by hackers, as attacks are easier to pull off. SMBs tend not to invest heavily in cybersecurity solutions as larger businesses.
Anti-Virus Software is Not Effective at Preventing Ransomware Attacks
Many SMB owners mistakenly believe they will be protected by anti-virus software. However, the survey revealed that 85% of MSPs said clients that experienced a ransomware attack had anti-virus solutions installed. Anti-virus software may be able to detect and block some ransomware variants, but since new forms of ransomware are constantly being developed, signature-based cybersecurity solutions alone will not offer a sufficient level of protection.
Many SMBs will be surprised to hear just how frequently SMBs are attacked with ransomware. More than 55% of surveyed MSPs said their clients had experienced a ransomware attack in the first six months of this year and 35% experienced multiple attacks on the same day.
Some cybersecurity firms have reported there has been a slowdown in ransomware attacks as cybercriminals are increasingly turning to cryptocurrency mining. While that may be true for some cybercriminal gangs, the ease of conducting attacks using ransomware-as-a-service means many small players have started attacking SMBs. That is unlikely to change.
92% of surveyed MSPs said they thought ransomware attacks would continue at current levels or even increase throughout this year and next.
Ransomware attacks are even being conducted on Apple operating systems. In the past year, there has been a five-fold increase in the number of MSPs who have reported ransomware attacks on macOS and iOS operating systems.
“Not only have ransomware attacks increased in recent years, but the problem may even be bigger than we know, as many attacks go unreported,” explained Jeff Howard, Founder and Owner, of the Texas MSP Networking Results. Datto suggests that only one in four attacks are reported to law enforcement.
How to Protect Against SMB Ransomware Attacks
To protect against ransomware attacks, businesses need to implement a range of solutions to block the most common attack vectors. To block email-based attacks, advanced spam filtering technology is required, and end user security awareness training is essential. To block ransomware downloads from malicious websites, web filtering software should be implemented.
Business continuity and disaster recovery technology should be implemented to ensure that a quick recovery is possible in the event of an attack, and naturally intelligent backing up is required to ensure files can be recovered without paying a ransom.
MSPs need to explain the risks to SMBs, along with the solutions that need to be installed to prevent attacks and the likely cost of recovery. Many businesses are shocked to discover the true cost of a ransomware attack.
How TitanHQ Can Help Improve Defenses Against SMB Ransomware Attacks
TitanHQ has developed two innovative cybersecurity solutions that work in tandem to block the two most common attack vectors: Email and Internet attacks. SpamTitan is a powerful spam filtering solution that combines two AV engines with intelligent scanning of incoming mail using a variety of techniques to identify malicious messages and new ransomware variants and block them at source.
WebTitan is a powerful web filtering solution that can block malvertising attacks, drive-by ransomware downloads, and prevent employees from visiting malicious websites. Both solutions should be part of an SMBs arsenal to protect against ransomware and malware attacks and both solutions should be part of an MSPs security stack.
For further information on SpamTitan and WebTitan and details of TitanHQ’s MSP offerings, contact the TitanHQ today.
Most businesses are aware of the importance of securing their Wi-Fi networks; however, in some industry sectors Wi-Fi security has not been given the importance it requires. Wi-Fi security for hotels, for instance, is often lacking, even though the hospitality sector is being actively being targeted by cybercriminals who see hotel Wi-Fi as a rich picking ground.
Hotel Chains are Under Attack
Hotels are an attractive target for cybercriminals. They satisfy the two most important criteria for cybercriminals when selecting targets. Valuable data that can be quickly turned into profit and relatively poor cybersecurity which makes conducting attacks more straightforward.
In 2018, there have been several major cyberattacks on hotel groups. In November 2018, Federal Group, which runs luxury hotels in Tasmania, experienced an email security incident that exposed the personal data of some of its members. A cyberattack on the Radisson Hotel Group was also reported. In that case it resulted in the exposure of the personal information of its loyalty program members.
In August one of China’s largest chains of hotels – Huazhu Hotels Group Ltd – which operates 13 hotel brands – suffered a cyberattack that affected an estimated 130 million people. In June one of Japan’s largest hotel groups, Prince Hotels & Resorts, experienced a cyberattack that impacted almost 125,000 customers. In 2017 there were major data breaches at Hilton, Hyatt Hotels Corporation, Trump Hotels, Four Seasons Hotels, Loews Hotels, Sabre Hospitality Solutions, and InterContinental Hotels Group to name but a few.
The Cost of a Hotel Data Breach
When a data breach occurs the costs quickly mount. Access to data and networks must be blocked rapidly, the breach must be investigated, the cause must be found, and security must be improved to address the vulnerabilities that were exploited. That invariably requires consultants, forensic investigators and other third-party contractors. Affected individuals must be notified and credit monitoring and identity theft protection services may need to be offered.
The direct costs of a hotel data breach are considerable. The Ponemon Institute calculated the average cost of a data breach in 2018 had risen to $3.86 million. That was for a breach of up to 100,000 records. Larger breaches cost considerably more.
Then there is GDPR. Fines of up to €20 million or 4% of global annual turnover (whichever is higher) can be issued for GDPR compliance failures, which includes data breaches that resulted from poor security.
What is much harder to calculate is the cost of reputation damage and the customer churn rate after a breach. Damage to a hotel chain’s reputation can be long lasting and in the highly competitive hospitality industry, it could even be disastrous.
The security firm Ping Identity recently published the results from its 2018 Consumer Survey: Attitudes and Behavior in a Post-Breach Era. 3,000 people from the USA, UK, France, and Germany were surveyed for the study, which investigated the expectations of customers and the fallout from data breaches. 78% of respondents said they would stop engaging with a brand online after a breach and 36% would stop engaging with a brand altogether. Could your hotel group weather a 78% drop in online bookings or a loss of more than a third of your customer base?
Wi-Fi Security for Hotels
Cybersecurity solutions should be implemented to protect hotel networks from cyberattacks and prevent customer’s personal information from being accessed by cybercriminals. Perimeter cybersecurity solutions such as firewalls are essential, but Wi-Fi security for hotels should not be underestimated.
Guests use the Wi-Fi network to conduct business while at the hotel, for entertainment, and communication. Guests typically bring three devices that they connect to hotel Wi-Fi networks. A hotel with 100 guests potentially means 300 devices connecting to Wi-Fi. There is a high probability that at least some of those devices will be infected with malware, which could be transferred to other guests.
Hotel guests often access types of content that they do not access at home – sites that carry a higher risk of resulting in a malware download. Hackers often exploit poor hotel Wi-Fi security to attack guests. The DarkHotel threat group is a classic example. The group targets high profile hotel guests and has been doing so for more than a decade. If Wi-Fi security for hotels is substandard, successful attacks are inevitable.
Naturally guest and business Wi-Fi networks should be separated to ensure that one does not pose a threat to the other. A VLAN should be set up for the wired network, with a separate VLAN for internal wireless access points and those used by guests.
Wi-Fi security should include WPA2 encryption to prevent the interception of data and a web filtering solution should be implemented to protect guests from phishing websites and sites hosting malware. A web filter will also allow hotels to control the types of content that can be accessed by guests and restrictions can be put in place to create family-friendly Wi-Fi access and prevent guests from accessing illegal web content.
TitanHQ Email and Wi-Fi Security for Hotels
TitanHQ is a leading provider of advanced cybersecurity solutions for hotels to protect against email-based cyberattacks and improve Wi-Fi security for hotels.
WebTitan is a powerful web filtering solution for wired and wireless networks that blocks malware downloads and prevents employees and guest Wi-Fi users from accessing malicious websites. WebTitan also allows hotels to carefully control the content that can be accessed via their Wi-Fi networks, ensuring a business-friendly and family-friendly Internet service is provided.
Key Benefits of WebTitan
WebTitan Cloud and WebTitan Cloud for Wi-Fi are 100% cloud-based web filters for hotels that require no software downloads or hardware purchases. They can be implemented in minutes and are easy to configure and maintain. They are ideal for improving Wi-Fi security for hotels and securing wired hotel networks.
WebTitan web filters allow hotels to:
Control the content that can be accessed by guests without slowing Internet speeds
Block access to pornography to create family-friendly Wi-Fi zones in communal areas
Prevent guests from engaging in illegal online activities
Prevent guests from accessing phishing websites
Block the downloading of viruses, malware, and ransomware
Create custom policies for different user groups – management, employees, guests, or individuals
Create custom controls for different wireless access points
Restrict bandwidth-draining online activities to ensure good Internet speeds for all users
Manage web filtering controls for multiple locations from a single web-based control panel
WebTitan is ideal for use in the hospitality sector to protect internal networks from attack and to block web-based threats that could otherwise lead to a data breach.
To find out more about improving Wi-Fi security for hotels, contact TitanHQ today. The team will be happy to provide details of the products, advise you on the best deployment options, and schedule a product demonstration. You can also sign up for a free trial to evaluate the effectiveness of TitanHQ’s web filters for hotels in your own environment.
Many businesses want to block websites at work and exercise greater control over employee Internet access. Acceptable Internet usage policies can be developed and employees told what content they are allowed to access at work, but there are always some employees that will ignore the rules.
In some cases, policy violations may warrant instant dismissal or other disciplinary action, but that takes HR staff away from other important duties. If staff are fired, replacements must be found, trained, and brought up to speed, and the productivity losses that result can be considerable.
The Dangers of Unfettered Internet Access
Before explaining how to block websites at work, it is worthwhile explaining the problems that can arise from the failure to exert control over the content that can be accessed through wired and wireless networks.
While extreme cases of internet abuse need to be tackled through HR, low level Internet abuse can also be a problem. Any time an employee accesses a website for personal reasons, it is time that is not being spent on work duties. Checking emails or quickly visiting a social media website is unlikely to have a major impact on productivity, but when cyber-slacking increases its effect can certainly be felt. If all employees spend 30 minutes a day on personal Internet use, the productivity losses can be considerable – A business with 100 workers would lose 50 hours of working time a day, or 1,100 hours a month!
In addition to lost opportunities, Internet use carries a risk. Casual surfing of the Internet by employees increases the probability of users encountering malware. The accessing of personal webmail at work could easily result in a malware infection on a work device, as personal mail accounts are not protected by the filtering controls of an organization’s email gateway. If illegal activities are taking place at work, the legal ramifications can be considerable. It will be the business that will be liable in many cases, rather than the individual employee.
The easiest solution is for businesses to enforce their acceptable internet usage policies and simply block websites at work that are not required for normal working duties. Preventing end users from visiting certain categories of web content – social media websites, gaming and gambling websites, dating sites, adult content, and other NSFW web content – is the easiest solution.
Even legitimate use of the Internet for work purposes carries risks. There has been a major increase in phishing attacks on businesses in recent years and mitigating attacks can prove incredibly costly. Technical solutions that are used to block websites at work to prevent cyber-slacking can also be configured to block access to phishing websites and prevent malware downloads.
The Easy Way to Block Websites at Work
The easiest way to block websites at work is to use a web filtering solution. This could be a physical appliance through which all Internet traffic is routed, a virtual appliance installed on your existing hardware, or a cloud-based solution. The latter is a popular solution for SMBs as the cost of implementation is minimal and the web filter can be set up in a matter of minutes. All that is required is to make a simple change to point the DNS to the cloud web-filter and all traffic will be routed though the solution.
Not all businesses need to exercise the same controls over Internet content so granular controls are essential. With a cloud-based web filter such as WebTitan, it is easy to block websites at work. The administrator simply logs into the administration panel through a web browser and clicks on the checkboxes of content that they want the filter to block. Blocking adult entertainment, gambling, gaming, dating, and social media by category is common. WebTitan also allows controls to implemented by keyword, through the use of blacklists, or through keyword scoring.
It is not practical to apply the same settings across the board for all employees. The marketing department, for instance, will need access to social media networks when other employees may not. With WebTitan, filtering controls can easily be set at the organization level, by user group, or for individuals. Time-based filters can also be applied to allow controls to be eased outside of standard working hours, if required.
Further Information on Blocking Websites at Work
If you would like further information on how you can selectively block websites at work and take control over the content that your employees can access, speak to TitanHQ today.
Our friendly and knowledgeable sales team will be able to answer all your questions, explain in detail how WebTitan works, and suggest the best option to suit your needs.
After learning about the best setup to suit your business, you can schedule a product demonstration and/or start a free trial to see WebTitan in action.
In 20 minutes your content control issues could be solved and you could be filtering the internet and blocking access to unsuitable, unsavory, and harmful web content.
Windows Remote Desktop Protocol attacks are one of the most common ways cybercriminals gain access to business networks to install backdoors, gain access to sensitive data, and install ransomware and other forms of malware.
This attack method has been increasing in popularity over the past two years and there has also been a notable rise in darknet marketplaces selling exposed RDP services and RDP login credentials. The high number of Remote Desktop Protocol attacks has prompted the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) and the Department of Homeland Security to issue an alert to businesses in the United States to raise awareness of the threat.
Remote Desktop Protocol is a proprietary Windows network protocol that allows individuals to remotely access computers and servers over the Internet and gain full control of resources and data. RDP is often used for legitimate purposes, such as allowing managed security service providers (MSSPs) and managed service providers (MSPs) to remotely access devices to provide computer support without having to make a site visit. Through RDP, input such as mouse movements and keystrokes can be transmitted over the Internet with a graphical user interface sent back.
In order to gain access to a machine using RDP, a user must be authenticated by supplying a username and password. Once a user is authenticated, the resources on that device can be accessed. While authorized individuals can use RDP connections, so too can cybercriminals if they have access to login credentials or are able to guess usernames and passwords. As with any software, RDP can contain flaws. For instance, flaws in the CredSSP encryption mechanism could be exploited to perform man-in-the-middle attacks.
Cybercriminals are identifying vulnerable RDP sessions over the Internet and are exploiting them to gain access to sensitive information and conduct extortion attacks. The threat actors behind SamSam ransomware, which has been used in many attacks on U.S. businesses, educational institutions, and healthcare providers, often gain access to networks through brute force attempts to guess weak passwords. The threat actors behind CrySiS and CryptON ransomware attack businesses through open RDP ports and similarly use brute force and dictionary attacks to guess passwords.
How to Prevent Windows Remote Desktop Protocol Attacks
There are four main vulnerabilities that can be exploited to gain access to Windows devices that have RDP enabled:
Exploitation of weak passwords
Use of outdated versions of RDP
Failure to restrict access to the default RDP port – TCP 3389
Failure to block users after a set number of unsuccessful login attempts
Strong passwords should be used to make it harder for cybercriminals to use brute force tactics to guess login credentials. Dictionary words should be avoided. Default passwords must be changed and passwords should be at least 8 characters and include a mix of upper/lower case letters, numbers, and special characters. Rate limiting is also essential. A user should be blocked after a set number of failed login attempts have been made and, if possible, two-factor authentication controls should be implemented. External to internal RDP connections should be limited and software should be kept up to date.
An audit should be conducted to identify all systems that have RDP enabled, including cloud-based virtual machines with public IP addresses. If RDP is not required, it should be disabled. A list of systems with RDP enabled should be maintained and available patches should be applied promptly. All open RDP ports should be located behind a firewall and access should only be possible by using a VPN.
Logging mechanisms should be applied, and successful and unsuccessful login attempts should be regularly monitored to identify systems that have been attacked.
To ensure that recovery from a ransomware or sabotage attack is possible, all data must be regularly backed up and a good backup strategy adopted.
By regulating, monitoring, and controlling the use of RDP and addressing vulnerabilities, it is possible to reduce risk and prevent Remote Desktop Protocol attacks.
Princess Locker ransomware has now morphed into Princess Evolution ransomware. The latest variant is one of several cryptoransomware threats that maximize the number of infections by using an affiliate distribution model – termed Ransomware-as-a-Service or RaaS.
RaaS sees affiliates given a percentage of the ransom payments they generate, while the author of the ransomware also takes a cut of the profits. Under this business model, the author can generate a much higher number of infections, which means more ransom payments. The affiliates get to conduct ransomware campaigns without having to develop their own ransomware and the author can concentrate on providing support and developing the ransomware further. For Princess Evolution ransomware, the split is 60/40 in favor of the affiliate. The RaaS is being promoted on underground web forums and prospective affiliates.
Ransomware attacks involving RaaS use a variety of methods to distribute the malicious payload as multiple actors conduct campaigns. Spam email is usually the main delivery mechanism for RaaS affiliates as it is easy to purchase large quantities of email addresses on darkweb sites to conduct campaigns. Brute force attacks are also commonly conducted.
Princess Evolution ransomware has also been loaded into the RIG exploit kit and is being distributed via web-based attacks. These web-based attacks take advantage of vulnerabilities in browsers and browser plug-ins. Exploits for these vulnerabilities are loaded into the kit which is installed on attacker-controlled web domains. Often legitimate sites are compromised have the exploit kit loaded without the knowledge of the site owner.
Traffic is generated to the websites through search engine poisoning, malvertising, and spam emails containing hyperlinks to the websites. If a user visits the website and has an exploitable vulnerability, the Princess Evolution ransomware will be silently downloaded.
At this stage, there is no free decryptor for Princess Evolution ransomware. If this ransomware variant is downloaded and succeeds in encrypting files, recovery is only possible by paying the ransom for the keys to unlock the encryption or rebuilding systems and recovering files from backups. The ransom demand is currently 0.12 Bitcoin – Approximately $750 per infected device.
Protecting against Princess Evolution ransomware attacks requires a combination of cybersecurity solutions, security awareness training, and robust backup policies. Multiple backups of files should be created, stored on at least two different media, with one copy stored securely off site. Infected devices may need to be re-imaged, so plans should exist to ensure the process can be completed as quickly as possible.
Cybersecurity solutions should focus on prevention and rapid detection of threats. A spam filtering solution – such as SpamTitan – will help to ensure that emailed copies of the ransomware or downloaders are not delivered to inboxes.
Care should be taken with any email sent from an unknown individual. If that email contains an attachment, it should not be opened, but if this is unavoidable, the attachment should be scanned with anti-virus software prior to opening. For greater protection, save the attachment to disk and upload it to VirusTotal for scanning using multiple AV engines.
A web filter such as WebTitan can block web-based attacks through general web browsing and by preventing end users from visiting malicious websites via hyperlinks in spam emails.
To reduce the risk of brute force attacks, strong, unique passwords should be used to secure all accounts and remote desktop protocol should be disabled if it is not required. If RDP is required, it should be configured to only allow connection through a VPN.
You should also ensure that all software, including browsers, browser extensions and plugins, and operating systems are kept patched and fully up to date.