Despite the high profile given to Internet privacy on mainstream media, there still appears to be naivety among certain Internet users about keeping their personal information safe. Thousands of data breaches affecting millions of individuals are reported each year, yet one still hears the same stories about Internet users having the same passwords for multiple sites.
Whether a password is used for a social media account, an online shopping portal or an online banking website, it should be a) unique, b) difficult to guess, and c) changed frequently. To maintain your Internet privacy, only ever provide the minimum amount of information necessary and only if you have complete confidence in the website you are providing it to.
Cybercriminals are constantly developing new tactics to trick individuals into divulging sensitive information or installing malware. One of the latest tactics to be observed is the use of QR codes to direct people to malicious websites where sensitive information is harvested or to sites hosting malware.
A QR code is a machine-readable matrix barcode that is often used for tracking products in a supply chain, but in recent years has been adopted as a convenient way to direct people to web resources without them having to enter a URL or click a link. QR codes have been widely adopted during the COVID-19 pandemic for carrying out contactless operations, such as registering attendance at a venue and for viewing menus in restaurants to help prevent the spread of COVID-19.
Many smartphones have in-built QR code readers and apps can be downloaded for free to allow QR codes to be read. When a smartphone camera picks up a QR code, the user will be directed to whatever web resource has been programmed into the code. While QR codes have many important uses, QR codes can be easily tampered with to direct individuals to malicious websites.
Phishing emails often contain links to malicious websites that have been masked by changing the text in the hyperlink. Hovering a mouse arrow over the hyperlink on a computer will display the URL to which the user will be directed; however, with a QR code the user may be instantly directed to the website and could be prompted to enter their banking credentials, Microsoft 365 credentials, or other sensitive information.
Since QR codes are often used to direct individuals to hosted files, such as PDF restaurant menus, it would be easy to trick people into downloading malicious files through QR codes. The malware could provide a cybercriminal with access to the victim’s mobile device, allowing them to steal sensitive information such as passwords or bank account information.
Many businesses use QR codes to direct customers to websites where payments can be processed, and the use of QR codes for this purpose has increased significantly during the pandemic to avoid contact with Point-of-Sale card readers. QR codes could be abused to direct customers to malicious websites that mimic those used by the business in order to steal payment card information.
The Federal Bureau of Investigation (FBI) has recently issued a warning about the increase in the use of QR codes for conducting malicious activities. The FBI emphasized that QR codes are not malicious in nature but can be abused, so precautions should be taken when using QR codes and not to assume that QR codes are secure.
A study conducted by Ivanti in 2021 revealed 87% of people felt secure conducting financial transactions using QR codes. Given the rise in abuse of QR codes, that confidence is worrying. As with embedded hyperlinks in emails, it is important to exercise caution and to check the URL of the resource that the user is directed to before taking any actions. The domain should be checked to ensure it is correct, and care should be taken to look for any typos or misplaced or substituted letters.
The FBI recommends checking a QR code before scanning to make sure it has not been doctored with, such as by overlaying a sticker on the original QR code. If prompted to download a file after using a QR code, be aware that the file may be malicious. If prompted to download an app, it is more secure to visit an official app store. It is also not necessary to download a QR scanner on most mobile phones, as this increases risk. The apps may be malicious, and many automatically direct users to a resource without requiring confirmation or providing information about the URL that the user will be directed to.
Businesses can protect their corporate-owned devices against QR code scams by installing a web filter. A web filter such as WebTitan can be used to prevent mobile devices from being used to visit malicious websites or web pages that violate acceptable internet usage policies. WebTitan will protect against any redirect to a malicious website, whether via a link in a phishing email or QR code and will also block malware downloads and potentially malicious files.
Cloud web filtering software is now an important cybersecurity measure used by businesses of all sizes, but what exactly is it and why is it important? In this post we will explain exactly what cloud web filtering is, what it is used for, and why most businesses need to use it.
What is Cloud Web Filtering?
Cloud web filtering is a software-as-a-service (SaaS) solution that acts as a semi-permeable barrier between an individual and the Internet. For much of the time, users will not know this solution is in place, as there is no noticeable delay when browsing the Internet. Websites can be accessed as if the solution was not in place.
Cloud web filtering software is only noticed by a user when they attempt to visit a website that violates their organization’s acceptable internet use policy. When a request is made to access a website that falls into a category that an employer does not permit – pornography for example – rather than connect to the website, the user will be directed to a local block page and will discover that particular website cannot be accessed due to a content policy violation.
Cloud web filtering software acts as a form of internet content control which is used to reduce productivity losses due to personal Internet use, prevent HR issues, and reduce legal liability, but a cloud web filter it is not just used for restricting access to NSFW websites. It also has an important security function.
Why is Cloud Web Filtering Important?
The Internet can be a dangerous place. There are many threats lurking online that could compromise a business’s systems and lead to a costly data breach or catastrophic data loss. Malware and ransomware are often downloaded from websites, even from legitimate sites that hackers have been able to compromise. A visit to one of those malicious sites by an employee could easily result in a malware infection, and once installed on one device it could easily spread across the network.
Phishing is also a major risk for businesses. Phishing forms are loaded onto websites to harvest sensitive data such as login credentials to Office 365. Links to these sites are often sent to business email accounts.
A web filter acts as an additional layer of protection against these attacks, but in contrast to antivirus software that identifies malware that has been downloaded, cloud web filter software blocks the malware at source, preventing it from being downloaded in the first place. It also works in conjunction with anti-spam software to prevent visits to phishing websites when phishing emails sneak past the spam filter.
With cloud web filter software, all filtering takes place in the cloud (on the service provider’s server), which is important for a distributed workforce. Regardless of where an employee accesses the internet – office, home, airport, coffee shop – the cloud web filter will be active and providing protection.
How Much Does Cloud Web Filtering Software Cost?
Cloud web filtering software is a low-cost solution that can pay for itself by preventing costly malware infections and phishing attacks and stopping productivity losses by blocking access to certain types of web content.
The cost of a cloud web filter can vary considerably from provider to provider with the price starting at around $1 per user, per month.
WebTitan: Web Filtering for SMBs, ISPs, and MSPs
TitanHQ developed WebTitan Cloud web filtering software to help SMBs and MSPs serving the SMB market control what users can access online and to protect business networks from web-based cyberattacks. The solution is quick and easy to implement, as being cloud-based, there are no software downloads. Simply point your DNS to WebTitan Cloud and you can be filtering the Internet in minutes.
Administrators can use an easy-to-use interface to configure the solution, which can be accessed through any web browser. Log in, navigate to the content control section, and you can use the checkboxes to block access to any of 53 pre-defined categories of website (and create your own categories if you so wish).
Integration with LDAP and Active Directory makes it easy to set controls for individual users, user groups, departments, or different offices. You can set time-based controls to limit bandwidth usage or ease up on restrictions at certain times of the day. Cloud keys can be generated to bypass standard controls temporarily, should you ever need access to otherwise prohibited sites.
Whitelist and blacklists are supported, you can block downloads of certain file types, and access to websites known to be used for malicious purposes will be automatically blocked. A full suite of reports gives administrators full visibility into web access, including real-time views and automatic alerts.
AI-powered protection is provided against active and emerging Phishing URLs and zero-minute threats, allowing you to sanitize Internet access and provide your employees, customers, and guest users with clean, filtered internet access.
If you have yet to start using cloud web filtering software or you are unhappy with your current provider, give the TitanHQ team a call. You can also take advantage of a 14-day free trial to try out the solution for yourself before deciding on a purchase. Product demonstrations can also be arranged on request.
The FBI’s Internet Crime Complaint Center (IC3) has issued a warning about the increasing number of phishing websites using HTTPS.
The green padlock next to a URL once gave an impression of security. Now it is a false sense of security for many internet users.
HTTPS or Hyper Text Transfer Protocol Secure to give it its full name, indicates the website holds a valid certificate from a trusted third-party. That certificate confirms that the website is secure and any data transmitted between the browser and the website will be encrypted to prevent interception in transit.
The public has been taught to look for the green padlock and HTTPS before entering card details or other sensitive information. However, the padlock does not mean that the website being visited is genuine. It only means any information transmitted is secured in transit between the browser and the website.
If you are buying a pair of shoes from Amazon, all well and good. If you are on a website controlled by a cybercriminal, HTTPS only means that the cybercriminal will be the only person stealing your data.
Cybercriminals create realistic phishing webpages that imitate well-known brands such as Microsoft and Google to obtain login credentials or banks to obtain banking information. These phishing pages can be set up on dedicated phishing websites or phishing kits can be added to previously compromised websites. Traffic is then generated to those webpages with an email phishing campaign.
If one of the links in the email is clicked, a user will be directed to a website that requests some information. If the website starts with HTTPS and displays the green padlock, the user may mistakenly believe the site is genuine and that it is safe to disclose sensitive information.
The IC3 alert was intended to raise awareness of the threat from HTTPS phishing and make the public aware of the true meaning of the green padlock and never to trust a website because it starts with HTTPS.
Businesses should take note and make sure they include HTTPS phishing in their security awareness training programs to raise awareness of the threat with employees.
A web filter can greatly reduce the risk of HTTPS phishing attacks, provided the web filter has the capability to decrypt, scan, and re-encrypt HTTPS traffic.
WebTitan provides real-time protection against web-based attacks and uses a constantly updated database of 3 million known malicious sites to block attempts to visit phishing websites. WebTitan is capable of SSL inspection and can inspect HTTPS traffic, block specific applications within a webpage, and display alerts or block sites with fake https certificates.
If you want to improve protection against web-based attacks, contact the TitanHQ team today for more information about WebTitan.
Web filtering is important for protecting users from web-based threats and for controlling what users can do online. There are many choices of web filtering solutions, including Cisco Umbrella. While Cisco Umbrella is a highly accomplished product that is popular with businesses, many businesses and MSPs are now changing from Cisco Umbrella to WebTitan.
In this post we explain some of the main benefits of changing from Cisco Umbrella to WebTitan and illustrate this with an example from the education sector.
Web Filtering for Schools and Libraries and CIPA Compliance
Web filters are a requirement of the Children’s Internet Protection Act (CIPA). CIPA was enact by congress in 2000 and is concerned with protecting minors from harmful website content such as pornography. CIPA requires schools and libraries to implement an Internet safety policy that addresses the safety and security of minors online.
To comply with CIPA, measures must be introduced to block access to obscene content, child pornography, and other web content that is considered to be harmful to minors. Additionally, schools must educate minors about appropriate online behavior and monitor the online activities of minors.
While there are many choices of web filters for schools that can help them comply with CIPA, not all solutions are created equal. While it is usually easy to block access to harmful content, with some solutions monitoring user activity can be difficult and time consuming, and solutions as feature-rich and complex as Cisco Umbrella may be considered overfill for schools and libraries only looking to block access to obscene images.
Why Did Saint Joseph Seminary College Change from Cisco Umbrella to WebTitan?
There is no doubt that Cisco has developed a powerful web filtering solution in Umbrella that can offer protection from web-based threats and allow content control, but the solution is not without its drawbacks.
One of the main downsides is usability, especially monitoring the online activities of users, something that is particularly important for CIPA compliance. It was proving to be particularly difficult for Saint Joseph Seminary College, which needed to quickly identify attempts by students to access restricted content.
“I don’t need rounded corners and elegant fonts when I am trying to see who has been visiting dangerous websites. I need to clearly see domain names and internal IPs,” explained Saint Joseph Seminary College IT Director Todd Russell. “In my opinion, after Cisco bought OpenDNS, they made some major changes to the UI which made it virtually useless for quickly looking through blocked traffic for signs of particular types of usage.” The complexity of the user interface made the solution unpopular with IT staff and the complexity was jeopardizing security.
Ease of use was a major problem, but the troubles didn’t end there. There was also the issue of cost. “We found that once Cisco bought OpenDNS, they began upping the Umbrella pricing every year at renewal time. Despite the repeated price increases, the service was not improving and there was no additional value offered,” explained Russell.
Cost and usability issues prompted Russell to look for a Cisco Umbrella alternative. After assessing various Cisco Umbrella alternatives, the decision was taken to switch from Cisco Umbrella to WebTitan. “It didn’t take long to realize that WebTitan was the best alternative for an efficient, cost-effective, and easy to use filtering solution to replace Cisco Umbrella,” explained Russell.
“I am able to quickly scan an entire previous day of blocked traffic and take a closer look at the full traffic on any users that raise a concern in a matter of minutes. This has saved me an enormous amount of time when I need to examine a user’s traffic, but it has also made it possible for me to keep close tabs on our traffic.” All the information required was accessible with just two clicks.
In terms of time savings gained from using WebTitan and the lower cost of running the solution, the college has been able to make significant cost savings as well as identify and remediate issues immediately, which means greater safety and security for students.
Cisco Umbrella Licensing
In August 2019, Cisco Umbrella licensing was updated when major changes were made to the different Cisco Umbrella packages. Previously, Cisco Umbrella licensing was based on three packages called “Professional”, “Insights” and “Platform.”
The features available under each have been rejigged and new features have been incorporated into each of the new packages. They have also been renamed as Cisco Umbrella “DNS Security Essentials”, “DNS Security Advantage”, and “DNS Secure Internet Gateway”. Each tier includes all the features of the lower tiers with the range of features increasing with each package tier. The Cisco Umbrella licensing cost also increased to reflect the more comprehensive nature of the packages. As with many other DNS filtering solutions, licensing is based on the number of users and is purchased for a minimum term of one year.
Cisco Umbrella Pricing
Cisco Umbrella pricing is not provided on its website, so contact has to be made with the company to find out the Cisco Umbrella cost for each business. The cost is dependent on many different factors, including which of the three versions of Cisco Umbrella is required. Cisco Umbrella Pricing is also changeable depending how many users need to be protected, the length of term of the contract, and any add-ons that are required. For instance, the packages only include basic email support and comprehensive support comes at an additional cost. There is also no option for monthly billing to spread out the cost over the duration of the contract term.
We cannot provide up to date Cisco Umbrella pricing for each of the packages; however, to give you an idea of the Cisco Umbrella cost for comparison purposes, we have provided a price comparison below for 2020. Cisco Umbrella pricing for the more comprehensive packages will be significantly more.
There is no denying Cisco Umbrella is a comprehensive Internet security product – in particular the top-level Secure Internet Gateway package – but it is priced accordingly and will be surplus to requirements for many businesses. For general business use, a DNS filtering solution that provides an equivalent level of protection from Internet-based threats and can be used to control access to Internet content can be obtained at less less than half the price of Cisco Umbrella.
Are You Looking for an Alternative to Cisco Umbrella?
If you are currently using Cisco Umbrella and are frustrated with the interface and are unable to easily get the information you need, or if you are looking for a lower-cost alternative to Cisco Umbrella that will not jeopardize security, you have nothing to lose by evaluating WebTitan.
Contact the TitanHQ team today and you can arrange a product demonstration and set up a free trial of the full solution to see for yourself the difference it makes. In the words of Todd Russell, “That brief demo was all I needed to know that WebTitan would serve my needs much better than Umbrella and I have been thrilled with the improvements to my workflow since switching over.”
Russell is certainly not alone. The independent business software review site, G2 Crowd, has compared web filtering solutions based on reviews from verified users of the solution. WebTitan is consistently rated highly buy genuine users of the product on this, and other software review platforms. Across the 6 categories assessed on the G2 platform, WebTitan outperformed Cisco Umbrella.
There are many reasons why businesses should implement a WiFi filtering solution, but one of the most important aspects of WiFi filtering is protecting your brand.
The Importance of Brand Protection
It takes a lot of hard work to create a strong brand that customers trust, but trust can easily be lost if a company’s reputation is damaged. If that happens, rebuilding the reputation of your company can be a major challenge.
Brand reputation can be damaged in many ways and it is even easier now thanks to the Internet and the popularity of social media sites. Bad feedback about a company can spread like wildfire and negative reviews are wont to go viral.
Smart business owners are proactive and take steps to protect their digital image. They are quick to detect and enforce online copyright infringements and other forms of brand abuse. They monitor social media websites and online forums to discover what people are saying about their company and how customers feel about their products and services. They also actively manage their online reputation and take steps to reinforce their brand image at every opportunity.
Cyberattacks Can Seriously Damage a Company’s Reputation
One aspect of brand protection that should not be underestimated is cybersecurity. There are few things that can have such a devastating impact on the reputation of a company as a cyberattack and data breach. A company that fails to secure its POS systems, websites, and network and experiences a breach that results in the theft of sensitive customer data can see their reputation seriously tarnished. When that happens, customers can be driven to competitors.
How likely are customers to abandon a previously trusted brand following a data breach? A lot more than you may think! In late 2017, the specialist insurance services provider Beazley conducted a survey to find out more about the impact of a data breach on customer behavior. The survey was conducted on 10,000 consumers and 70% said that if a company experienced a data breach that exposed their sensitive information they would no longer do business with the brand.
WiFi Filtering and Protecting Your Brand
The use of Wi-Fi filtering for protecting your brand may not be the first thing that comes to mind when you think about brand protection, but it should be part of your brand protection strategy if you offer WiFi access to your customers or provide your employees with wireless Internet access.
It is essential for businesses to take steps to ensure their customers are protected and are not exposed to malware or phishing websites. If a customer experiences a malware infection or phishing attack on your WiFi network the fallout could be considerable. If your employees download malware, they could give hackers access to your network, POS system, and sensitive customer data. If you offer free Wi-Fi to your customers, you need to make sure your Wi-Fi network is secured and that you protect your customers from malicious website content.
One of the most important aspects of WiFi filtering for protecting your brand is preventing your WiFi access points from being used for illegal activities. Internet Service Providers can shut down Internet access over illegal activities that take place over the Internet. That will not only mean loss of WiFi for customers but could see Internet access lost for the whole company. Your company could also face legal action and fines.
If WiFi users can access pornography and other unacceptable content, a brand can be seriously tarnished. Imagine a parent discovers their child has seen pornography via your WiFi network – The failure to prevent such actions could be extremely damaging. WiFi filters allow businesses to carefully control the content that can be accessed on their network and prevents customers from viewing harmful web content.
WebTitan Cloud for WiFi – The Easy Way to Secure Your WiFi Access Points
Implementing a WiFi filter to protect your brand and provide safe and secure Internet access for your employees and customers is a quick and easy process with WebTitan Cloud for WiFi.
WebTitan Cloud for WiFi is a powerful, yet easy to use web filtering solution for WiFi hotspots that requires no hardware purchases or software downloads. WebTitan Cloud for WiFi can be implemented and configured in just a few minutes. No technical skill required.
WebTitan Cloud for WiFi is highly scalable and can protect any number of access points, no matter where they are located. If you have business premises in multiple locations, or in different countries, WebTitan Cloud for WiFi will protect all of your access points via an intuitive web-based user interface.
WebTitan Cloud for WiFi protects against online threats, allows businesses to carefully control the types of content that WiFi users can access, allows businesses to control bandwidth use, and gives them full visibility into network usage.
If you have yet to implement a WiFi filter on your hotspots, give TitanHQ a call today for details of pricing, to book a product demonstration, and register for a free trial.
Many businesses want to block websites at work and exercise greater control over employee internet access. Acceptable internet usage policies can be developed and employees told what content they are allowed to access at work, but there are always some employees that will ignore the rules.
In some cases, policy violations may warrant instant dismissal or other disciplinary action, which takes HR staff away from other important duties. If staff are fired, replacements must be found, trained, and brought up to speed, and the productivity losses that result can be considerable.
The Dangers of Unfettered Internet Access
Before explaining how to block websites at work, it is worthwhile explaining the problems that can arise from the failure to exert control over the content that can be accessed through wired and wireless networks.
While extreme cases of internet abuse need to be tackled through HR, low level internet abuse can also be a problem. Any time an employee accesses a website for personal reasons, it is time that is not being spent on work duties. Checking emails or quickly visiting a social media website is unlikely to have a major impact on productivity, but when cyber-slacking increases its effect can certainly be felt. If all employees spent 30 minutes a day on personal internet use, the productivity losses would be be considerable – A business with 100 workers would lose 50 hours of working time a day, or 1,100 hours a month!
In addition to lost opportunities, internet use carries a risk. Casual surfing of the internet by employees increases the probability of users encountering malware. The accessing of personal webmail at work could easily result in a malware infection on a work device, as personal mail accounts are not protected by the filtering controls of an organization’s email security gateway. If illegal activities are taking place at work, the legal ramifications can be considerable. It will be the business that is liable in many cases, rather than the individual employee.
The easiest solution is for businesses to enforce their acceptable internet usage policies and simply block websites at work that are not required for normal working duties. Preventing end users from visiting certain categories of web content – social media websites, gaming and gambling websites, dating sites, adult content, and other NSFW web content – is the easiest solution.
Even legitimate use of the internet for work purposes carries risks. There has been a major increase in phishing attacks on businesses in recent years and mitigating attacks can prove incredibly costly. Technical solutions that are used to block websites at work to prevent cyber-slacking can also be configured to block access to phishing websites and prevent malware and ransomware downloads.
Selectively block websites at work and take control over the content that your employees can access. See how with a FREE WebTitan demo. Book Free Demo
The Easy Way to Block Websites at Work
The easiest way to block websites in the workplace is to use a web filtering solution. This could be a physical appliance through which all internet traffic is routed, a virtual appliance installed on your existing hardware, or a cloud-based solution. The latter is a popular solution for SMBs as the cost of implementation is minimal and the web filter can be set up in a matter of minutes. All that is required is to make a simple change to point the DNS to the cloud web-filter and all traffic will be routed though the solution.
Not all businesses need to exercise the same controls over internet content, so granular controls are essential. With a cloud-based web filter such as WebTitan, it is easy to block websites at work. The administrator simply logs into the administration panel using a web browser and clicks on the checkboxes of content that they want the filter to block. Blocking adult entertainment, gambling, gaming, dating, and social media by category is common. WebTitan also allows controls to implemented by keyword, through the use of blacklists, or through keyword scoring.
It is not practical to apply the same settings across the board for all employees. The marketing department, for instance, will need access to social media networks when other employees may not. With WebTitan, filtering controls can easily be set at the organization level, by user group, or for individuals. Time-based filters can also be applied to allow controls to be eased outside of standard working hours, if required.
With WebTitan Cloud you can control the internet and block threats no matter where your users access the internet. WebTitan Cloud works for users both on and off the network, so you can protect office workers and employees working remotely using the same solution.
Further Information on Blocking Websites in the Workplace
If you would like further information on how you can selectively block websites at work and take control over the content that your employees can access, speak to TitanHQ today.
Our friendly and knowledgeable sales team will be able to answer all your questions, explain in detail how WebTitan works, and suggest the best deployment option to suit your needs.
After learning about the best setup to suit your business, you can schedule a product demonstration and/or start a free trial to see WebTitan in action.
In 20 minutes your content control issues could be solved and you could be filtering the internet and blocking access to unsuitable, unsavory, and harmful web content.
The Easy Way to Block Websites at Work and Control Employee Internet Access FAQ
What is DNS Filtering?
DNS content filtering takes place at the DNS lookup stage of a web request when the URL is checked to find its corresponding IP address. The request is processed via the web filtering service provider and the IP address will only be returned if the web resource does not violate administrator-defined policies. Filtering takes place without any content being downloaded and there is no latency.
Can I block Facebook Messenger without blocking access to Facebook?
With WebTitan it is easy to prevent employees from using Facebook Messenger at work without blocking access to the entire Facebook website. The process takes just a few seconds. Just open the WebTitan Cloud administration panel, select Filtering URL keywords, and add in two blacklisted keywords, as detailed on this page.
Is it difficult to block websites in the workplace?
Category-based web filtering makes content control simple. You simply access your cloud administration panel, navigate to category controls, and you can restrict access to 53 different categories of website using the checkbox options. Apply those changes and all websites in those categories will be blocked. You can also create your own custom categories.
Can web filters be bypassed by employees?
It is possible to set up controls to make it difficult to bypass web filtering controls, such as blocking proxies and access to anonymizer websites. These controls will be sufficient to prevent users from bypassing filtering controls. However, you should also lockdown your DNS settings to prevent users from manually changing the DNS settings to bypass the filtering controls.
Can I view user internet activity in real time?
You may want to retrospectively investigate employee internet activity or check the URLs that are actively being viewed. With WebTitan you can do both with a few clicks of the mouse. All information is easily accessible and can be viewed and exported with the click of a mouse.
Selectively block websites at work and take control over the content that your employees can access. See how with a FREE WebTitan demo. Book Free Demo
Why should businesses use a web filtering solution? Listed below are three key benefits of web filtering for businesses.
Protection Against Exploit Kits
Email spam is the most common attack vector used to deliver malware, and while the threat from exploit kits is nowhere near the level in 2015 and 2016, they still pose a problem for businesses. Exploit kits are web-based apps that are loaded onto websites controlled by cybercriminals – either their own sites or sites that have been hijacked.
Exploit kits contain code that exploits vulnerabilities in web browsers, plugins and browser extensions. When a user with a vulnerable browser visits a malicious URL containing an exploit kit, the vulnerability is exploited and malware is downloaded.
With browsers becoming more secure, and Flash being phased out, it has become much harder to infect computers with malware via exploit kits and many threat actors have moved on to other methods of attack. However, some exploit kits remain active and still pose a threat.
The exploit kits currently in use – RIG for example – contain multiple exploits for known vulnerabilities. Most of the vulnerabilities are old and patches have been available for months or years, although zero-day vulnerabilities are occasionally uploaded. Exploit kits are also updated with recently disclosed proof-of-concept code. Exploit code for two recently discovered vulnerabilities: one in Internet Explorer (CVE-2018-8174) and one in Adobe Flash (CVE-2018-4878) have been added to EKs already.
Keeping browsers and plugins up to date and using a top antivirus solution will provide a good level of protection, although businesses can further enhance security by using a web filter. Web filtering for businesses ensures that any attempt to access a website known to host an exploit kit will be blocked.
Blocking Phishing Attacks
Phishing is one of the biggest threats faced by businesses. Phishing is a method of obtaining sensitive information by deception, such as impersonating a company in an attempt to obtain login credentials or to fool employees into making wire transfers to bank accounts controlled by criminals.
A spam filter can prevent the majority of malicious messages from reaching inboxes, although some phishing emails will make it past the perimeter defenses, especially emails containing links to malicious websites. A web filter provides an additional level of protection against phishing by preventing users from visiting malicious websites sent via email and social media posts. When an attempt is made to visit a known malicious website, access will be blocked, and the user will be directed to a block screen.
A web filter can also be used to enforce safe search on search engines such as Google, Yahoo, and Bing. This will help to prevent inappropriate website content from being accessed through search and image search results.
Monitoring Internet Access and Blocking Inappropriate Websites
Employees can waste an extraordinary amount of time on the Internet. Allowing unfettered access to all website content can result in a considerable reduction in productivity. If every employee wastes an hour a day on the Internet instead of working, a company with 100 employees would lose 100 hours a day, 500 hours a week, and 26,000 hours a year. A sizeable loss.
A web filter can be used to block access to websites such as gambling, gaming, and social media sites – all major drains on productivity. Web filters can also be used to monitor Internet activity. When employees are told that the company monitors Internet use, employees will be less likely to spend time surfing the Internet instead of working.
Web filters can also be used to block not-suitable-for-work (NSFW) content such as pornography and will limit company liability by blocking illegal online activities at work, such as the downloading of copyright-protected content via P2P file sharing sites. Web filters can also limit bandwidth hogging activities such as the streaming of audio and video.
WebTitan Cloud – DNS-Based Web Filtering for Businesses
DNS-based web filtering for businesses is easy with WebTitan Cloud. WebTitan Cloud will help improve security posture, reduce company liability, and improve the productivity of the workforce. Being 100% cloud-based, the solution requires no hardware purchases, no software downloads, and can be implemented in a matter of minutes.
The solution filters websites into 53 pre-defined categories, making it easy for businesses to block specific types of content. More than half a billion URLs are categorized in the database and combined with cloud-based lookup, it is possible to ensure highly accurate content filtering without overblocking valuable content. The solution can inspect all web traffic, including encrypted sites.
The solution allows policies to be created for the entire workforce, groups, or individuals and protects employees who on and off the network. When employees use multiple devices, the content filtering controls can be applied across the board and will work whether the user is on-site or roaming.
Administrators benefit from a comprehensive reporting suite, with 55 preconfigured reports and scope for customization, with report scheduling options and the ability to view browsing in real-time.
If you want to improve your security posture, save bandwidth, reduce legal liability, block NSFW content, and improve productivity, give TitanHQ a call today and find out more about how WebTitan Cloud can benefit your business.
How easy to implement is web filtering for business?
DNS-based web filtering is very simple to operate. Deployment consists of redirecting the organization´s Domain Name Server (30 seconds) and logging into a web-based administrative portal (another 30 seconds). Thereafter system administrators can synchronize the filtering service with an existing directory in order to apply role-based filtering policies within minutes.
How does web filtering for businesses block phishing attacks?
Strictly speaking, web filtering for businesses does not block phishing attacks - it mitigates the consequences of a phishing email avoiding detection by an email filter, and the recipient of the email clicking on a link to a malicious website. If the destination website is known to be malicious, web filtering for businesses blocks the recipient from visiting the malicious website.
How does monitoring Internet access work?
Organizations can configure web filtering solutions to monitor which websites users visit and which websites they are refused access to. While some may consider the monitoring of Internet access at work a form of employee surveillance, the information collected from Internet monitoring reports can be used to fine-tune Internet filters to create a more welcoming environment for everyone.
How do I find out what websites the web filter solution has blocked access to?
WebTitan Cloud´s monitoring logs are used to compile reports that reveal not only which websites were blocked, but the reasons why access was blocked (i.e. malicious website, contravened category policy, etc.). These reports help identify if your employees are exposing the organization to risk by attempting to visit unsafe websites, or whether they need to be reminded of acceptable Internet use policies.
What if I need to block Internet content for some people but not for others?
WebTitan Cloud has granular controls that enables system administrators to apply Internet policies by user, team, department, etc. as required. Therefore, if - for example - your marketing team requires access to social media platforms, but you want to avoid giving everybody in your organization access to Facebook and Twitter, you simply whitelist the marketing team from the social media category.
A massive Equifax data breach was announced yesterday, which ranks as one of the largest data breaches of 2017. Approximately 143 million consumers have been impacted and had their sensitive data exposed and potentially stolen.
A data breach at any company can cause considerable fallout, although this incident is particularly bad news for a credit reporting agency. Equifax aggregates and stores vast quantities of highly sensitive consumer data that are used by financial firms to make decisions about the creditworthiness of consumers. The data breach is sure to damage trust in the company.
Ironically, Equifax offers credit monitoring and identity theft protection services to companies that experience data breaches to help them protect breach victims. Naturally, all Americans affected by the Equifax data breach will be offered those services free of charge. In fact, Equifax has gone further by agreeing to offer those services free of charge to all U.S. consumers for a period of one year, even if they were not directed affected by the breach.
Chairman and Chief Executive Officer, Richard F. Smith, said “This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes.”
The Equifax data breach may not be the largest data breach of 2017, but the nature of the datya exposed make it one of the most serious. Highly sensitive data were exposed, including personal information, Social Security numbers, birthdates, driver’s license numbers, and 209,000 consumers had their credit card numbers exposed.
These are the exact types of information used by cybercriminals to commit identity theft and fraud. Dispute documents were also stored on the compromised system. Those documents contained a range of personal information of 182,000 consumers. The bulk of the data related to U.S citizens, although some consumers in Canada and the United Kingdom have also been affected by the Equifax data breach.
The hacker(s) responsible for the attack had access to Equifax’s systems for a considerable period of time before the breach was discovered. Access was first gained to systems in mid-May and continued until July 29, 2017 when the breach was discovered.
According to a statement released by Equifax yesterday, hackers gained access to its systems by exploiting a website vulnerability. While sensitive data were exposed and potentially stolen, Equifax reports that its core databases that are used for credit referencing purposes, were not compromised at any point.
The data breach is still being investigated and a third-party cybersecurity firm has been hired to assist with the investigation. Smith said, “I’ve told our entire team that our goal can’t be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will.”
Breach notification letters are being sent to some, but not all, breach victims. Only the 391,000 individuals whose credit card numbers or dispute documents were exposed will receive notifications by mail. All other individuals will have to check an online tool to find out if their information was exposed in the breach.
India’s Central Board of Secondary Education is urging all CBSE affiliated schools to take action to improve safety for students, including implementing school web filtering technology to keep students safe online.
The Internet is home to an extensive range of potentially harmful material that can have a major impact on young developing minds. Parents can take action to keep their children safe at home by using parental control filters. However, students must receive similar or greater levels of protection while at school.
School web filtering technology can prevent students from deliberately or accidentally viewing obscene material such as pornography, child pornography or images of child abuse and other categories of potentially harmful website content. CBSE has warned school boards that when students access this material it is “detrimental to themselves, their peers and the value system.” School web filtering technology should also be implemented to prevent students from engaging in illegal activities online via school IT devices.
CBSE affiliates schools have been advised to develop guidelines for safe Internet use and make this information available to students and display the rules prominently. However, without school web filtering technology, these policies would be easy to ignore. A technological solution ensures students wishing to engage in illegal activities online, or view harmful website content, will be prevented from doing so.
Prevention is only one aspect of Internet control. Schools should also set up a monitoring system to discover when individuals are attempting to bypass Internet usage policies. A web filtering solution should therefore have the capability to generate reports of attempted accessing of prohibited material to allow schools to take action. Schools have also been advised to sensitize parents about safety norms and even go as far as suggesting disciplinary action be taken when children are discovered to have attempted to access inappropriate material.
While many school systems around the world have implemented school web filtering technology, CBSE is advising affiliated schools in India to go one step further and restrict Internet content by age groups. Schools should set filtering controls by user groups and restrict access to age-inappropriate websites. Web filtering solutions such as WebTitan allows controls to be easily set for different user groups. The solution can be used to set separate filtering controls for staff and students of differing ages with ease.
Other Internet controls that have been suggested include the rapid blocking usernames/passwords when children leave school, using antivirus solutions to reduce the risk of malware infections, using firewalls to prevent cyberattacks and the theft of children’s sensitive information, and for staff to avoid posting images and videos of their students online.
School Web Filtering Technology from TitanHQ
The benefits of implementing school web filtering technology are clear, but choosing the most cost-effective controls can be a challenge. Appliance based web filters involve a significant initial cost, there is ongoing maintenance to consider, the need for on-site IT support in many cases, and as the number of Internet users increases, hardware upgrades may be necessary.
TitanHQ offers a more cost-effective and easy to manage solution – The 100% cloud-based web filter, WebTitan. WebTitan Cloud and WebTitan Cloud for WiFi make filtering the Internet a quick and easy process. To start filtering the Internet and protecting students from harmful web content, all that is required is to point your DNS to WebTitan. Once that simple change has been made you can be filtering the Internet in minutes.
Both solutions can be easily configured to block different categories of website content, such as pornography, file sharing websites, gambling and gaming websites and other undesirable website content. The solutions support blacklists, allowing phishing and malware-infected sites to be easily blocked along with all webpages identified by the Internet Watch Foundation as containing images of child abuse and child pornography.
These powerful web filtering solutions require no software updates or patching. All updates are handled by TitanHQ. Once acceptable Internet usage policies have been set via the intuitive web-based control panel, maintenance only requires occasional updates such as adding legitimate webpages to whitelists. Even blacklists are updated automatically.
WebTitan also supports remote learning. All students’ devices can be protected while connected to a school’s wired or wireless network. To extend protection beyond the school gates, a WebTitan On-The-Go (OTG) roaming agent can be installed on devices. This will ensure that the content filtering policy will apply no matter where that device connects to the Internet.
If you are keen to implement school web filtering technology for the first time or are unhappy with your current provider, contact the TitanHQ team today and register for your no-obligation Free Trial and see the benefits of WebTitan for yourself before making a decision about a purchase.
UK porn filtering controls are expected to be introduced next year to make it harder for minors to access – accidentally or deliberately – pornographic material over the Internet. The government has proposed a new requirement that will make it mandatory for all sites hosting adult or pornographic content to conduct age verification checks before adult content is displayed.
From April next year, a yet to be decided regulator – most likely the British Board of Film Classification – will be able to block websites hosting pornography if they do not conduct checks to ensure visitors are over the age of 18. Blocks are likely to be applied at the ISP level and the sites could be barred from taking credit card payments from the UK if they do not comply.
The change to UK porn filtering controls would mean minors would be prevented from accessing pornographic material. Digital minister, Matt Hancock, explained the move would mean “UK will have the most robust internet child protection measures of any country in the world.”
While many adult websites ask the user if they are over 18 before content is displayed to prevent accidental access, further controls would be required to verify age. One of the easiest ways to do that is by forcing the visitor to submit their credit card details. In the UK, it is not possible for individuals under the age of 18 to be issued with a credit card.
The new UK porn filtering controls have been welcomed by some groups – the National Society for the Prevention of Cruelty to Children (NSPCC) for example – but the move has raised many concerns.
Age verification checks are likely to result in the operators of the websites maintaining a database of site users, even individuals who do not pay for access. The database is likely not only to include details supplied in the verification checks, but include profiling and viewing histories. It is possible that large volumes of highly sensitive data could be collected on millions of users.
Any website that collects sensitive consumer data is a target for hackers. The databases that could be built by adult content providers would be an even bigger target. Not only could information be used for fraud, the data could be used for blackmail and extortion. One only needs to look back to the Ashley Madison data breach in 2015 to see the damage that can be caused when the databases of adult websites are hacked.
That breach resulted in personal information being exposed along with details of sexual preferences and other highly sensitive information. The fact that a user was registered on a website that is used to hook up for extramarital affairs made even the exposure of personal information even worse. The stolen information was subsequently used by criminals to blackmail users and led to many public shaming incidents. In some cases, exposed users of the site committed suicide as a direct result of the breach.
The Open Rights Group has spoken out about the proposed changes to UK porn filtering controls. Jim Killock, director of the Open Rights Group, said “The Government has repeatedly refused to ensure that there is a legal duty for age verification providers to protect the privacy of web users.” Now, the change “could lead to porn companies building databases of the UK’s porn habits, which could be vulnerable to Ashley Madison style hacks.”
Killock also pointed out, “There is also nothing to ensure a free and fair market for age verification. We are concerned that the porn company MindGeek will become the Facebook of age verification, dominating the UK market.” Were that to happen, the company would be able to decide the level of profiling that takes place, the level of controls it sees fit to introduce to protect data and what privacy risks UK citizens would face.
Browsing the Internet can result in malware and spyware downloads, malicious software can arrive via spam email, but a fresh-out-of-the-box laptop computer should be totally malware free. But not always. A pre-installed keylogger on HP laptops has recently been identified by Swedish security firm Modzero.
Potentially unwanted programs can be found on many new devices. Some serve a purpose but pose a security threat. For instance, in 2014, Lenovo laptop computers were shipped with ‘malware’ already installed that made the devices vulnerable to man-in-the-middle attacks. The program was Superfish.
The pre-installed keylogger on HP laptops does not appear to be used for any malicious purposes, although there is considerable potential for the program to be abused. The spyware records all keystrokes on the laptops after a user logs in and stores that information in a local drive. In some situations, the keystrokes will be passed to an API on the laptop.
The keylogger was discovered in an audio driver package – Conexant HD Audio Driver Package 126.96.36.199 and earlier versions. The offending file is MicTray64.exe, located in the C:\windows\system32\ folder.
Each time a user logs in, the program is scheduled to run. The file monitors all keystrokes on the device in order to monitor for special keystrokes. The program was developed by, Conexant, the audio chip manufacturer. The program has been included on HP laptops since December 2015.
While the software itself does not exactly pose a threat, the way the program logs the keystrokes allows the recorded keystrokes to be easily accessed. The log file created by the software is stored in the public folder (C:\users\public\MicTray.log) and can therefore be accessed by anyone.
The file is overwritten each time a user logs in, but any keystrokes recorded during that session could be accessed by anyone with access to the device. Additionally, if the registry key with the filepath is missing or corrupted, the keystrokes will be passed to a local API called OutputDebugString API.
Malware installed on the device could potentially allow the log file to be copied, and along with it, all keystrokes from the session. It would also be possible for keystrokes to be obtained in real-time.
The inclusion of the keylogger on HP laptops was an error according to HP. It was used as a debugging tool and should have been removed in the final version of the product.
HP has responded to the discovery by releasing a patch to fix the issue, which is available from the HP website or via Microsoft Update. All owners of HP laptops purchased since December 2015 should download the patch to mitigate the issue.
Models found to contain the pre-installed spyware include the following 28 models of HP laptops:
Security researcher Chris Vickery has discovered a Schoolzilla AWS misconfiguration that resulted in the records of 1.3 million students being accidentally left unprotected.
Schoolzilla is a student warehouse platform used by K12 schools to track and analyze student data. While data on the platform were protected and access by unauthorized individuals was not possible, that was not the case for a backup file on the platform.
Vickery had been conducting scans to identify unprotected Amazon Web Services installations when he noticed a number of unsecured buckets on the Tableau data visualization platform. Further investigation revealed an unprotected ‘sz tableau’ bucket named sz-backups, which was a data repository for backups of the Schoolzilla database.
The Amazon S3 bucket had been accidentally configured to allow public access, leaving 1.3 million student records exposed. The records contained sensitive information such as the names and addresses of students, along with test scores, grades, birthdates and some Social Security numbers.
Vickery notified Schoolzilla of the error and the company worked quickly to secure the backups. Schoolzilla has now implemented a number of additional technical safeguards to ensure all student data is protected and all affected schools have been contacted and notified of the data exposure. It is unclear exactly how many schools were affected.
The Schoolzilla AWS misconfiguration shows just how easy it is for sensitive data to be exposed online. This time it was a security researcher that discovered the exposed data, but cybercriminals are also performing scans for unprotected data. In this case, Schoolzilla was able to confirm that no unauthorized individuals had accessed the file except Vickery. Other companies may not be so fortunate.
Schools and other educational institutions are increasingly using AWS and other cloud storage platforms to house student data. Data can be securely stored in the cloud; however, human error can all too easily result in sensitive data being exposed.
The incident highlights just how important it is for organizations to conduct security scans and perform penetration tests to ensure that vulnerabilities and errors are rapidly discovered and corrected.
A recent insider threat intelligence report from Dtex has revealed the vast majority of firms have employees bypassing security controls put in place to limit Internet activity. Those controls may simply be policies that prohibit employees from accessing certain websites during working hours, or in some cases, Internet filtering controls such as web filtering solutions.
Dtex discovered during its risk assessments on organizations that 95% of companies had employees that were using virtual private networks (VPNs) to access the Internet anonymously, with many installing the TOR browser or researching ways to bypass security controls online. The researchers discovered that in some cases, employees were going as far as installing vulnerability testing tools to bypass security controls.
Why Are Employees Bypassing Security Controls?
Employees bypassing security controls is a major problem, but why is it happening?
The report indicates 60% of attacks involve insiders, with 22% of those attacks malicious in nature. During the first week of employment and the final week before an employee leaves, there is the greatest chance of data theft. 56% of organizations said they had discovered potential data theft during those two weeks. During these times there is the greatest risk of employees attempting to bypass security controls for malicious reasons.
In many cases, VPNs and anonymizers are used to allow employees to access websites without being tracked. Many companies have policies in place that prohibit employees from accessing pornography in the workplace. Similar policies may cover gaming and gambling websites and other categories of website that serve no work purpose. Some employees choose to ignore those rules and use anonymizers to prevent their organization from having any visibility into their online activities.
The report indicates 59% or organizations had discovered employees were accessing pornographic websites at work. There are many reasons why companies prohibit the accessing of pornography at work. It is a drain of productivity, it can lead to the development of a hostile working environment, and from a security standpoint, it is a high-risk activity. Pornographic websites are often targeted by cybercriminals and used to host malware. Visiting those sites increases the risk of silent malware downloads. 43% of companies said they had found out some employees had been using gambling sites at work, another high-risk category of website and a major drain of productivity.
While employees are provided with email accounts, many are choosing to access web-based accounts such as Gmail. Dtex found that 87% of employees were using web-based email programs on work computers. Not only does this present a security risk by increasing the probability of malware being downloaded, it makes it harder for employers to identify data theft. Dtex says “By completely removing data and activity from the control of corporate security teams, insiders are giving attackers direct access to corporate assets.”
Lack of Control and Visibility
Many companies are unaware that they have employees bypassing security controls because they lack visibility into what is happening on end points. Shadow IT can be installed without the organization’s knowledge, including VPN’s and hacking tools, but what can be done to stop employees bypassing security controls?
Security software can be installed to allow organizations to closely monitor the types of activities that are taking place on work computers. This can allow action to be taken to reduce insider threats. Organizations should also block the use of VPN’s and anonymizers to ensure they have more visibility into employee’s online activities.
One of the easiest ways to block the use of VPNs and anonymizers is to use a web filtering solution. Web filters are increasingly used as a way of preventing productivity losses during the working day. Web filtering solutions can be configured to block specific sites or categories of website.
A web filter, such as WebTitan, can be configured to block access to anonymizer websites, along with other websites that are prohibited under organization’s acceptable use policies.
Some employees find the controls overly restrictive and search for ways to bypass those controls. Organizations should carefully consider what websites and types of websites are blocked. Excessively restrictive controls over personal Internet access can prompt employees to try to bypass security controls. Allowing some personal use may be preferable.
One solution, possible with WebTitan, is to ease restrictions on Internet access by using time controls. To prevent falls in productivity, web filters can be applied during working hours, yet relaxed at other times such as lunch breaks. By allowing some personal Internet use, there is less incentive for employees to attempt to bypass security controls.
WebTitan also produces access logs to allow organizations to carefully monitor online user activity and take action against the individuals discovered to be violating company policies. Automatic reports can also be generated to allow organizations to take more timely action.
Monitoring employee Internet access and installing solutions to provide visibility into end point activity allows organizations to reduce the risk of insider threats and stop employees from engaging in risky behavior.
Opposition to pornography filtering in libraries has seen the American Library Association placed on the National Center for Sexual Exploitation (NCOSE) naughty list.
Each year, NCOSE publishes a list of the top twelve companies and organizations that it believes are either profiting from pornography or facilitating access. The aim of the list, referred to as the Dirty Dozen, is to name and shame the companies and organizations that are failing to do enough to tackle the growing problem of online pornography.
Pornography is only the tip of the iceberg. Hidden underneath is a world of sexual exploitation, prostitution, and sex trafficking. NCOSE sees companies and organizations that fail to take action as being part of the problem, inadvertently – or in some cases deliberately – contributing to the considerable harm that is caused by pornography.
This year’s list includes technology and telecoms companies (Amazon, Comcast, Roku) the American Library Association (ALA) and EBSCO, a provider of library resources to schools, colleges, higher education establishments and libraries). Four websites make the list (YouTube, Twitter, Snapchat, and Backpage.com), along with Cosmopolitan Magazine, HBO, and Amnesty International.
The ALA is almost a permanent fixture on the NCOSE Dirty Dozen list, having been present for the past five years. It is the ALA’s opposition to the use of pornography filtering in libraries that sees it included year after year. NCOSE says “the ALA zealously encourages public libraries not to install internet filters on public access computers.” By taking such a stance, the ALA is providing patrons – including children – with the means to access sexually explicit and obscene material. ALA told CBN news that “Librarians encourage parents and children to talk with one another. Families have a right to set their own boundaries and values. They do not have the right to impose them on others.”
NCOSE doesn’t hold back, saying the ALA stance on pornography filtering in libraries “has turned the once safe community setting of the public library into a XXX space that fosters child sexual abuse, sexual assault, exhibitionism, stalking, and lewd behavior in libraries across the country.”
Only this month, NCOSE responded to the ALA’s continued opposition to pornography filtering in libraries on the grounds of free speech, saying there is no constitutional requirement for libraries to provide access to hardcore pornography to patrons.
EBSCO made the list as its databases “provide easy access to hardcore pornography sites and extremely graphic sexual content,” pointing out that its system allows schoolchildren to easily circumvent web filters in schools. In response to its inclusion on the list, EBSCO says it is working on enhancing its web filtering systems and will implement better algorithms to filter pornographic content.
Amazon made the list, even though it has a policy prohibiting the sale of pornography, because of its pornography-related items on its site, including hardcore pornographic films and sex dolls with childlike features.
Amnesty International made the list for its stance on the decriminalization of prostitution and for creating “a de facto right for men to buy people.” Cosmopolitan was included for its hypersexualized imagery and glamorization of violent, public, and group sex. Roku, Comcast, Snapchat, Twitter, YouTube and HBO were included for peddling pornography, pushing the boundaries of what is acceptable, and making it too easy for pornographic content to be accessed.
On May 12, the microblogging website Tumblr notified users of a data breach that occurred in 2013. The company had kept quiet about the number of site users that were affected, although it has since emerged that 65 million account credentials were stolen in the Tumblr data breach. Stolen email addresses and passwords were recently offered for sale on a Darknet marketplace called TheRealDeal.
Tumblr Data Breach Ranks as One of the 5 Biggest Data Breaches of All Time
The massive Tumblr data breach may not be the largest ever discovered, but it certainly ranks as one of the biggest, behind the breach of 360 million MySpace account details, the theft of 164-million LinkedIn account credentials, and the 152 million-record Adobe breach. All of these huge data breaches occurred in 2013 with the exception of the LinkedIn breach, which happened a year earlier.
These breaches have something else in common. They were all discovered recently and the stolen data from all four data breaches have been listed for sale on illegal Darknet marketplaces by the same individual: A Russian hacker with the account “peace_of_mind” – more commonly known as “Peace”. It is not clear whether this individual is responsible for all four of these data breaches, but he/she appears to have now obtained all of the data.
The person responsible for the theft appears to have been sitting on the data for some time as according to Tumblr, as the login credentials do not appear to have been used.
Fortunately, the passwords were salted and hashed. Unfortunately, it would appear that the SHA1 hashing algorithm was used, which is not as secure as the latest algorithms. This means that hackers could potentially crack the passwords. The passwords were also salted so this offers more protection for individuals affected by the Tumblr data breach. However, as a precaution, site users who joined the website in 2013 or earlier should login and change their passwords.
Do You Reuse Passwords on Multiple Sites?
Even if victims of the Tumblr data breach have changed their password on the site before 2013, they may still be at risk of having their online accounts compromised if their password has been used for multiple online accounts.
If you have been affected by the Adobe, LinkedIn, MySpace, or Tumblr data breach, and there is a possibility that you have reused passwords on any on other platforms it is strongly advisable to change all of your passwords.
Peace may not be the only individual currently in possession of the data, and it is highly unlikely that the data will only be sold to one individual.
If you are unsure if your login credentials have been compromised, you can check by entering your email address or username on haveibeenpwned.com
A new phishing activity report published by the Anti-Phishing Working Group (APWG) shows that the threat from phishing websites is greater than any other time in the history of the Internet. The latest phishing activity report shows that in the past six months, the number of phishing websites has increased by a staggering 250%. Most of the new websites were detected in March 2016.
The Rising Threat from Phishing Websites Should Not Be Ignored
APWG was founded in 2003 in response to the rise in cybercrime and the use of phishing to attack consumers. The purpose of the organization is to unify the global response to cybercriminal activity, monitor the latest threats, and share data to better protect businesses and consumers.
In 2004, APWG started tracking phishing and reporting on the growing threat from phishing websites. During the past 12 years, the number of phishing websites being created by cybercriminals has grown steadily; however, the past six months has seen a massive rise in new websites that trick users into revealing sensitive data.
APWG reports that there is an increase in new malicious websites around the holiday season. In the run up to the holiday period when online shopping increases and Internet traffic spikes, there are more opportunities to relieve online shoppers of their credit card details, login credentials, and other sensitive data.
In late 2015, cybercriminals increased their efforts and there was the usual spike in the number of new phishing websites. However, after the holiday period ended APWG expected activity to reduce. That didn’t happen. New sites were still being created at elevated levels.
In the first quarter of 2016, APWG detected 289,371 new phishing websites were created. However, almost half of the new websites – 123,555 of them – were detected in March 2016. Aside from a slight dip in February, the number of new websites created has increased each month. March saw almost twice the number of new sites than were created in December. The figures for Q1 and for March were the highest ever seen.
Retail and Financial Sectors Most Frequently Targeted by Phishers
Phishers tend to favor well-known brands. The phishing activity report indicates little has changed in this regard. Between 406 and 431 brands are targeted each month. Most of the new sites target the retail industry which accounts for 42.71% of the new phishing websites detected in the first quarter of 2016. The financial sector was second with 18.67% of new sites, followed by the payment service industry with 14,74% and the ISP industry with 12.01%. The remaining 11.87% of new sites targeted a wide range of industries. The United States is the most targeted country and hosts the most phishing websites.
While phishing websites are now favored by cybercriminals, emails continue to be used to send malicious links and malware-infected attachments to consumers and businesses. In January, 99,384 phishing email reports were sent to APWG. The number increased to over 229,000 in February and stayed at that level in March.
APWG also tracked malware infections. In the first quarter of the year, 20 million malware samples were intercepted – an average of 6.67 million malware samples a month.
The report shows how critical it is for business to take action to prevent end users from visiting malicious websites and the seriousness of the threat from phishing websites.
One of the best ways that businesses can reduce the risk of employees visiting phishing websites is to use a web filtering solution. By controlling the sites that can be accessed by employees, the risk of phishing, malware infections, and ransomware attacks can be greatly reduced.
Five ISP trade groups have put pen to paper questioning the need for the recently proposed FCC rules for broadband providers, saying they are against regulations specifically aimed at ISPs. They believe that consumer information should be protected based on the sensitivity of the data collected, rather than introducing new regulations specifically for the businesses that collect, store, or use those data.
Extensive Set of FCC Rules for ISPs Proposed
An extensive set of rules for ISPs have been proposed following the reclassification of broadband as a regulated, common carrier service. The FCC wants to give broadband customers greater choice and control over how their personal data are used. If the proposed FCC rules for broadband providers are passed they would severely limit how ISPs could use consumer data without first obtaining permission from their customers.
FCC Chairman Tom Wheeler has proposed that consumers should opt-in to the use of their personal data by their ISPs. Currently, ISPs are not required to obtain permission from their customers before they use or share their personal data. The proposed FCC rules for broadband providers would change this, and require consumers to opt-in before ISPs would be permitted to use or share their data for certain purposes.
Under the proposed regulations, data could still be used by ISPs to help them deliver a broadband service that consumers signed up for, for billing purposes, to market improvements to their services, or for other internal reasons on an opt-out basis. However, the new rules would require an opt-in from customers for data use for all other purposes.
Proposed FCC Rules for Broadband Providers Would Require Data Breach Notifications to be Sent to Customers
The proposed FCC rules for broadband providers would also require ISPs to notify consumers about breaches of their personal data. Wheeler has proposed that broadband providers notify consumers of a breach of personal data within 10 days of the discovery of a breach, far faster than is required by laws in the 40 states that have introduced legislation covering breaches of personal information.
Telecoms companies are extensively regulated and their ability to use data collected on consumers is limited. They are not permitted to repurpose or sell data collected from phone activity for example. However, the same rules do not currently apply to broadband providers, even though the data collected from Internet searches and online activity can reveal a great deal about individuals.
The new rules would improve consumer privacy, although trade groups such as USTelecom and CTIA have questioned the need for stricter regulations. They argue that consumers are able to protect their privacy by using VPNs or encryption if they are concerned about their privacy and the sharing of their data. The FCC has said that consumers should not have to rely on those services in order to protect their privacy.
However, privacy groups are calling for change, as under current regulations, American consumers do not have any privacy when they go online. An extensive amount of data is being collected on them via their online activity by their ISP. Those data are being used by ISPs in marketing strategies and as part of advertising partnerships and broadband providers are extensively tracking and profiling users. They argue that consumers need to have a greater say in how their data are being used.
The new proposed FCC rules for broadband providers will be debated during the next meeting on March 31. If approved the rules would be open for a period of public comment.