Our Internet security news features the latest press releases from the world´s largest online security companies with details of the latest threats to be aware of and, unfortunately, Internet security news relating to significant data breaches. While some organizations will be grateful for the advanced warning of an online threat – and details of how to protect themselves against it – for some the warnings will come too late.
Consequently it is recommended to be protected against all manner of online threats with an email filter and web filter from TitanHQ. Our Internet security solutions prevent users from accessing unsafe sites via phishing emails and malvertising, and from visiting websites that are vulnerable to exploit kits and malware. As many organizations already using TitanHQ solutions would agree, it is better to be safe than sorry.
A Google Calendar phishing campaign is being conducted that abuses trust in the app to get users to click malicious hyperlinks.
Cybercriminals are constantly developing new phishing tactics to convince end users to click links in emails or open email attachments. These campaigns are often conducted on organizations using Office 365. Campaigns are tested on dummy Office 365 accounts to make sure messages bypass Office 365 spam defenses.
Messages are carefully crafted to maximize the probability of an individual clicking the link and the sender name is spoofed to make the message appear to have been sent from a known and trusted individual.
Businesses that implement email security solutions that incorporate DMARC authentication can block the vast majority of these email spoofing attacks. Office 365 users that use a third-party anti-phishing solution for their Office 365 accounts can make sure malicious messages are blocked. Along with end user training, it is possible to mount a solid defense against phishing and email impersonation attacks.
A new phishing tactic is being used in an active campaign targeting businesses which achieves the same aim as an email-based campaign but uses a personal calendar app to do so.
Phishing campaigns have one of two main aims – To steal credentials for use in a further attack or to convince the user to install some form of malware or malicious code. This is most commonly achieved using an embedded hyperlink in the email that the user is urged to click.
In the Google Calendar phishing attacks, events are added into app users’ calendars along with hyperlinks to the phishing websites. This is possible because the app adds invites to the calendar agenda, even if the invite has not been accepted by the user. All the attacker needs to do is send the invite. As the day of the fictitious event approaches, the user may click the link to find out more. To increase the likelihood of the link being clicked, the attacker sets event reminders so the link is presented to the user on multiple occasions.
This attack method is only possible with Google Calendar in its default setting. Unfortunately, many users will not have updated their settings after installation and will be vulnerable to Google Calendar phishing attacks.
To prevent these attacks, on the desktop application settings menu click on:
Event Settings > Automatically Add Invitations
Select the option, “No, only show invitations to which I’ve responded.”
Navigate to “View Options”and ensure that “Show declined events” is not checked.
The FBI’s Internet Crime Complaint Center (IC3) has issued a warning about the increasing number of phishing websites using HTTPS.
The green padlock next to a URL once gave an impression of security. Now it is a false sense of security for many internet users.
HTTPS or Hyper Text Transfer Protocol Secure to give it its full name, indicates the website holds a valid certificate from a trusted third-party. That certificate confirms that the website is secure and any data transmitted between the browser and the website will be encrypted to prevent interception in transit.
The public has been taught to look for the green padlock and HTTPS before entering card details or other sensitive information. However, the padlock does not mean that the website being visited is genuine. It only means any information transmitted is secured in transit between the browser and the website.
If you are buying a pair of shoes from Amazon, all well and good. If you are on a website controlled by a cybercriminal, HTTPS only means that the cybercriminal will be the only person stealing your data.
Cybercriminals create realistic phishing webpages that imitate well-known brands such as Microsoft and Google to obtain login credentials or banks to obtain banking information. These phishing pages can be set up on dedicated phishing websites or phishing kits can be added to previously compromised websites. Traffic is then generated to those webpages with an email phishing campaign.
If one of the links in the email is clicked, a user will be directed to a website that requests some information. If the website starts with HTTPS and displays the green padlock, the user may mistakenly believe the site is genuine and that it is safe to disclose sensitive information.
The IC3 alert was intended to raise awareness of the threat from HTTPS phishing and make the public aware of the true meaning of the green padlock and never to trust a website because it starts with HTTPS.
Businesses should take note and make sure they include HTTPS phishing in their security awareness training programs to raise awareness of the threat with employees.
A web filter can greatly reduce the risk of HTTPS phishing attacks, provided the web filter has the capability to decrypt, scan, and re-encrypt HTTPS traffic.
WebTitan provides real-time protection against web-based attacks and uses a constantly updated database of 3 million known malicious sites to block attempts to visit phishing websites. WebTitan is capable of SSL inspection and can inspect HTTPS traffic, block specific applications within a webpage, and display alerts or block sites with fake https certificates.
If you want to improve protection against web-based attacks, contact the TitanHQ team today for more information about WebTitan.
While it is good news the GandCrab ransomware operation has been shut down, ransomware attacks are on the rise and a new threat has been detected: Buran ransomware.
Buran ransomware lacks some of the common features of more successful ransomware strains. The ransomware does not make any attempt to hide its activity and it doesn’t attempt to hamper recover by deleting Windows shadow copies. However, it is capable of encrypting a wide range of file types and there is currently no free decryptor available to unlock encrypted files.
Buran ransomware is being spread via the RIG exploit kit, with traffic to that exploit kit generated using a malvertising campaign. Malicious adverts have been injected into legitimate ad networks and are being displayed on a range of different websites. The malvertising campaign was identified by security researcher nao_sec.
The malvertising campaign directs web browsers to a domain hosting RIG, which attempts to exploit several vulnerabilities in Internet Explorer. If an unpatched vulnerability exists, Buran ransomware will be downloaded and executed.
An analysis of the malware suggests it is a new variant of Vega ransomware that was previously used in a campaign in Russia.
While Buran ransomware may not be a long-term successor to GandCrab ransomware, there are many threat actors moving to fill the void. Sodinokibi ransomware attacks are increasing and the ransomware developers are also using a malvertising campaign on the PopCash ad network to deliver traffic to domains hosting the RIG exploit kit.
Exploit kits can only download malware if they have been loaded with an exploit for a vulnerability that has not been patched on a visitor’s computer. The primary defense against these attacks is to ensure that all Windows security updates are applied promptly, along with updates and patches for plugins and other browsers.
There is invariably a delay between a patch being issued and all devices being updated. To provide protection until patches are applied, and to protect against zero-day exploits, a web filtering solution is recommended. A web filter can be used to control the websites that can be visited by employees and can block access to known malicious websites to prevent attacks on vulnerable computers.
TitanHQ is a leading provider of email security, web security, and email archiving solutions to SMBs and managed service providers (MSPs) serving the SMB market. Over the past five years, TitanHQ has significantly expanded its customer base and its solutions now protect over 7,500 businesses and are offered by more than 1,500 MSPs around the world.
TitanHQ works closely with European partners and businesses and has been expanding its footprint throughout the EU. TitanHQ is working towards becoming the leading email and web security solution provider in Europe and as part of that process, the company has recently entered into a new partnership with the French Value Added Distributor Exer.
Exer is one of the leading VADs in France and works with more than 600 value added resellers and integrators in the country. The company specializes in network security, mobile security, Wi-Fi and managed cybersecurity services and helps French VARs better serve their clients.
Under the new partnership agreement, Exer will start offering TitanHQ’s three cloud-based solutions to French VARs: SpamTitan, WebTitan, and ArcTitan.
SpamTitan is an award-winning spam filtering solution that keeps inboxes free from spam emails and malicious messages. The solution is regularly updated to incorporate further controls to ensure that it continues to provide superior protection against an ever-changing email threat landscape. The solution now blocks more than 7 billion spam and malicious messages every month and helps to keep businesses protected from phishing and malware attacks.
WebTitan is a cloud-based DNS filtering solution that protects businesses from a wide range of malicious web content. The solution can also be used to carefully control the types of web content that users can access through company wired and wireless networks. The solution now blocks more than 60 million malicious websites every month and prevents malware downloads, controls bandwidth use, and enforces acceptable internet usage policies, .
ArcTitan is a cloud-based email archiving solution that helps businesses securely store emails to ensure compliance with government and EU regulations. The solution now archives and stores more than 10 million emails each month.
With these solutions, French VARs can provide their clients with even greater value and ensure they are well protected against rapidly evolving cyberthreats.
“Collaboration with TitanHQ is an opportunity to represent a brand internationally recognized on 3 key technologies: Web Content Filtering, Anti-Spam, and Email Archiving. We are eager to propose these security solutions to ours VARs,” explained Exer CEO, Michel Grunspan. “Our regional presence and our expertise will be our strength for asserting the presence of TitanHQ in the French market”
“We are pleased to be offering the Exer partner community choice, enhanced functionality and greater overall value,” explained TitanHQ Executive VP, Rocco Donnino.
A new version of WebTitan Cloud has been released by TitanHQ. WebTitan Cloud 4.12 offers existing and new customers the opportunity to set filtering controls by location, in addition to setting organization-wide policies and role and departmental policies via links to Active Directory/LDAP.
The new feature will be especially useful to MSPs and companies with remote workers, satellite offices, bases in multiple locations, and operations in overseas countries. Organization-wide web filtering policies can be set to prevent users from accessing illegal web content and pornography, but oftentimes, the one size fits all approach does not work for web filtering. The new location filter helps solve this.
MSPs can use this new feature to set web filtering controls for customers in different locations while businesses using WebTitan Cloud can easily set a range of different policies for all users from a specific location, whether those users are accessing the Internet on or off the network.
There will naturally be times when policies need to be bypassed to enable specific tasks to be completed. Rather than making temporary changes to location or other policies, WebTitan Cloud uses cloud keys which allow policy-based controls to be temporarily bypassed.
Accompanying the location-based controls are new reporting options which allow administrators to quickly access information about web views and blocked access attempts in real time. While reports can be useful, oftentimes information needs to be accessed quickly. To help administrators find the information they need, search functionality has been enhanced.
Administrators can use the search filter on the history page to search by location name. For MSPs this allows a specific customer to be selected and for traffic information at a specific location to be quickly viewed in real time, without having to generate a report.
Location-based when filtering policies can be set and viewed for all locations through the same user interface, giving administers full visibility into traffic and settings of all customers through a single pane of glass.
It is hoped that these updates will make WebTitan even more useful for businesses and MSPs and will further improve the user experience.
TitanHQ has formed a strategic partnership with the GRIDHEART, which will see TitanHQ’s leading cloud-based email security, web security, and email archiving solutions made available to users of the Cloudmore Cloud Commerce platform.
GRIDHEART is a privately-owned Swedish company that delivers the world’s leading cloud-based solutions through its Cloud Commerce platform, Cloudmore.
For the past 10 years, GRIDHEART has been offering leading cloud solutions to its customers and resellers and now deals with more than 1,000 cloud partners. The Cloudmore platform makes selling cloud services easy and brings a wide range of cloud services together in a single unified platform.
The platform gives users complete centralized control over their cloud solutions and allows them to easily provision new customers, bill for services, automate processes, and obtain pre-and post-sales support. The platform provides a host of management tools to make control of SaaS and cloud computing simple.
The partnership with TitanHQ will see the Galway, Ireland-based cybersecurity firm add its leading cybersecurity solutions to the platform, through which users can manage the solutions for free.
GRIDHEART’s customers will be able to offer their clients the SpamTitan Cloud email security solution, the WebTitan web filtering solution, and the ArcTitan email security solution and provide multi-layered security to protect against email, web, and modern blended threats.
“By offering additional layers of cloud-based security through Cloudmore’ s unique Cloud Commerce platform, MSPs can procure and deploy IT services for their customers and quickly maximize their IT investment, enhance their security stack and lower operational costs for their customers,” said Rocco Donnino, Executive VP of Strategic Alliances at TitanHQ. “This agreement highlights the importance of delivering comprehensive security solutions to the MSP community through a single and powerful platform”
“TitanHQ fits the bill as a perfect partner with their razor focus on advanced threat protection via email and the web. We’ve very happy to have them on board,” said Stefan Jacobson, Sales Director of GRIDHEART.
The Fallout exploit kit, a toolkit used to silently deliver ransomware and malware to vulnerable devices, was first identified in September 2018. Between September and December, the toolkit was used to exploit vulnerabilities and deliver GandCrab ransomware and other malicious payloads. Towards the end of the year, the vulnerabilities most commonly exploited were a remote code execution vulnerability in the Windows VBScript engine (CVE-2018-8174) and the use-after-free vulnerability in Adobe Flash Player (CVE-2018-4878).
Around December 27, 2018, Fallout exploit kit activity stopped, but only for a few days. Now the exploit kit is back, and several updates have been made including the addition of HTTPS support, a new landing page format, and PowerShell-based malware downloads. A new exploit has also been added for a zero-day use-after-free Adobe Flash player vulnerability (CVE-2018-15982) which was patched on December 5, 2018: A vulnerability also exploited by the Underminer exploit kit.
The Fallout exploit kit is primarily delivered via malvertising campaigns – malicious adverts on third-party ad networks that are served on a variety of legitimate websites. The adverts redirect users to the exploit kit, which probes for vulnerabilities and exploits them to silently deliver malware or ransomware. The updated version of the Fallout exploit kit is delivering the latest version of GandCrab ransomware, for which there is no free decryptor. In addition to GandCrab ransomware, the Fallout exploit kit is delivering ServHelper, AZORult, TinyNuke, Dridex and Smokebot malware.
The malvertising campaigns used to generate traffic to the exploit kit include TrafficShop, Popcash, RevenueHits, and HookAds. The latter is primarily used on high-traffic adult websites that are visited millions of times a month. Users are redirected to a decoy adult site that contains the exploit kit and would be unaware that anything untoward has happened. If there is an unpatched vulnerability for which fallout has an exploit, the ransomware or malware payload will be silently downloaded.
Exploit kit activity is now much lower than in 2016 when EKs were extensively used to deliver malware, but the latest updates show EKs are still a threat and that they are regularly being updated with the latest exploits.
Exploit kits can only deliver malware if unpatched vulnerabilities are present, so prompt patching is strongly recommended. Users also need to visit the sites hosting the exploit kit. Businesses can prevent users from visiting malicious websites using a web filter.
Web filters use blacklists of websites known to host exploit kits are capable of scanning websites for malicious content. They can also prevent third-party ads from being displayed, thus preventing redirects. Since certain categories of website are often used in malvertising campaigns, adult sites and torrents sites for instance, blocking access to those categories of content with a web filter is also recommended.
For further information on web filtering and how it can protect against web-based attacks, contact the TitanHQ team today.
Web filtering is important for protecting users from web-based threats and for controlling what users can do online. There are many choices of web filtering solutions, including Cisco Umbrella. While the latter is popular, many businesses and organizations are now changing from Cisco Umbrella to WebTitan.
In this post we explain some of the main benefits of changing from Cisco Umbrella to WebTitan and illustrate this with an example from the education sector.
Web Filtering for Schools and Libraries and CIPA Compliance
Web filters are a requirement of the Children’s Internet Protection Act (CIPA). CIPA was enact by congress in 2000 and is concerned with protecting minors from harmful website content such as pornography. CIPA requires schools and libraries to implement an Internet safety policy that addresses the safety and security of minors online.
To comply with CIPA, measures must be introduced to block access to obscene content, child pornography, and other web content that is considered to be harmful to minors. Additionally, schools must educate minors about appropriate online behavior and monitor the online activities of minors.
While there are many choices of web filters for schools that can help them comply with CIPA, not all solutions are created equal. While it is usually easy to block access to harmful content, with some solutions monitoring user activity can be difficult and time consuming.
Why Did Saint Joseph Seminary College Change from Cisco Umbrella to WebTitan?
There is no doubt that Cisco has developed a powerful web filtering solution in Umbrella that can offer protection from web-based threats and allow content control, but the solution is not without its drawbacks.
One of the main downsides is usability, especially monitoring the online activities of users, something that is particularly important for CIPA compliance. It was proving to be particularly difficult for Saint Joseph Seminary College, which needed to quickly identify attempts by students to access restricted content.
“I don’t need rounded corners and elegant fonts when I am trying to see who has been visiting dangerous websites. I need to clearly see domain names and internal IPs,” explained Saint Joseph Seminary College IT Director Todd Russell. “In my opinion, after Cisco bought OpenDNS, they made some major changes to the UI which made it virtually useless for quickly looking through blocked traffic for signs of particular types of usage.” The complexity of the user interface made the solution unpopular with IT staff and the complexity was jeopardizing security.
Ease of use was a major problem, but the troubles didn’t end there. There was also the issue of cost. “We found that once Cisco bought OpenDNS, they began upping the Umbrella pricing every year at renewal time. Despite the repeated price increases, the service was not improving and there was no additional value offered,” explained Russell.
Cost and usability issues prompted Russell to look for a Cisco Umbrella alternative. After assessing various Cisco Umbrella alternatives, the decision was taken to switch from Cisco Umbrella to WebTitan. “It didn’t take long to realize that WebTitan was the best alternative for an efficient, cost-effective, and easy to use filtering solution to replace Cisco Umbrella,” explained Russell.
“I am able to quickly scan an entire previous day of blocked traffic and take a closer look at the full traffic on any users that raise a concern in a matter of minutes. This has saved me an enormous amount of time when I need to examine a user’s traffic, but it has also made it possible for me to keep close tabs on our traffic.” All the information required was accessible with just two clicks.
In terms of time savings gained from using WebTitan and the lower cost of running the solution, the college has been able to make significant cost savings as well as identify and remediate issues immediately, which means greater safety and security for students.
Are You Looking for an Alternative to Cisco Umbrella?
If you are currently using Cisco Umbrella and are frustrated with the interface and are unable to easily get the information you need, or if you are looking for a lower-cost alternative to Cisco Umbrella that will not jeopardize security, you have nothing to lose by evaluating WebTitan.
Contact the TitanHQ team today and you can arrange a product demonstration and set up a free trial of the full solution to see for yourself the difference it makes.
In the words of Todd Russell, “That brief demo was all I needed to know that WebTitan would serve my needs much better than Umbrella and I have been thrilled with the improvements to my workflow since switching over.”
It is straightforward to implement security controls to protect wired networks, but many businesses fail to apply the same controls to improve WiFi security, often due to a lack of understanding about how to improve wireless access point security. In this post we cover some of the main threats associated with WiFi networks and explain how easy it can be to improve wireless access point security.
Wireless Access Points are a Security Risk
Most businesses now apply web filters to control the types of content that can be accessed by employees on their wired networks but securing wireless networks can be more of a challenge. It is harder to control and monitor access and block content on WiFi networks.
Anyone within range of the access point can launch an attack, especially on public WiFi hotspots which have one set of credentials for all guest users. It is therefore essential that controls are implemented to improve wireless access point security and protect users of the WiFi network.
WiFi Security Threats
A single set of credentials means cybercriminals are afforded a high degree of anonymity. That allows them to use WiFi networks to identify local network vulnerabilities virtually undetected. They could conduct brute force attacks on routers, for example, or use WiFi access to inject malware on servers that lack appropriate security. If access is gained to the router, attacks can be launched on connected devices, and malware can be installed on multiple end points or even POS systems to steal customers’ credit/debit card information.
The cyberattack on Dyn is a good example of how malware can be installed and used for malicious purposes. The DNS service provider was attacked which resulted in large sections of the Internet being made inaccessible. A botnet of more than 100,000 compromised routers and IoT devices was used in the attack.
Man-in-the-Middle attacks are also common on Wi-Fi networks. Any unencrypted content can be intercepted, such as if information is exchanged between a user and a HTTP site, rather than HTTPS, if a VPN is not used.
Public WiFi networks are often used for all manner of nefarious purposes due to the anonymity provided. If users take advantage of that anonymity to access illegal content and download child pornography or perform copyright infringing downloads of music, films, and TV shows from P2P file sharing sites, an investigation would center on the hotspot provider. Questions would likely be asked about the lack of security controls to prevent illegal website access.
The Easy Way to Improve Wireless Access Point Security
The easy way to improve wireless access point security is a web filtering solution. Web filtering solutions are usually implemented by businesses to secure wired networks, but solutions also exist to improve wireless access point security.
A web filter forms a barrier between the users of the network and the Internet. Controls can be applied to stop users from accessing dangerous, illegal, or inappropriate website content. Even if each user has their own access controls, without a web filter, users will still be vulnerable to malware attacks and phishing attempts and the hotspot provider may be liable for illegal activities over the WiFi network.
There are two ways of implementing WiFi web filtering to improve wireless access point security. One is to rely on a list of categorized domain names and use that to control content. The other is DNS-layer web filtering, which uses the DNS lookup process that is required before any user is directed to a website after entering the domain name into their browser. The DNS server turns the domain name into an IP address to allow the web page to be found.
Why DNS Filtering is Best Way to Improve Wireless Access Point Security
The main difference between the two types of web filtering is the point at which access is blocked. With a traditional web filter, content is first downloaded before it is blocked, which is a risk. With DNS-layer filtering, content is blocked during the lookup process before content is downloaded.
If content is downloaded before being blocked, this will naturally have an impact on available bandwidth. DNS-layer filtering has no impact on bandwidth, since the content is blocked before it is downloaded.
DNS filtering does not need to be integrated with other systems and it works across all devices and operating systems, since they all use DNS servers to access websites.
DNS filtering is also quick and easy to implement. No appliances need to be purchased, hardware doesn’t need to be upgraded, and no software downloads are required. A simple change to the DNS is all that is required to point it to the provider’s DNS server. It is also much easier to maintain. No software updates are necessary and, in contrast to other security solutions, no patching is required. It is all handled by the service provider.
WebTitan Cloud for WiFi – The Leading Wireless Access Point Security Solution
TitanHQ has set the standard for WiFi security with WebTitan Cloud for WiFi. WebTitan Cloud for WiFi gives businesses the opportunity to implement bulletproof WiFi security to protect end users from online threats, block malware downloads, and carefully control the content that can be accessed by wireless network users.
Businesses that run WiFi hotspots can quickly and easily implement the solution and let TitanHQ secure their WiFi networks and provide the massive processing power to fight current and emerging web-based threats. With WebTitan Cloud for WiFi, businesses can instead concentrate on profit-generating areas of the business.
If you want to improve wireless access point security, contact TitanHQ for further information on WebTitan cloud for WiFi. Our security experts will be happy to schedule a product demonstration and set up for a free trial.
A credential stuffing attack has led to a Dunkin Donuts data breach which has seen some customer data compromised. While the breach was limited and most attempts to access customers’ DD Perks accounts were blocked, the incident does highlight the risks of password reuse.
It is unclear exactly how many customers have been affected, but for certain customers, the attackers may have gained access to their DD perks accounts – The loyalty program run by the donut company. The Dunkin Donuts data breach was limited to first and last names, email addresses, DD Perks account numbers, and QR codes.
The method used to gain access to customers DD perks accounts was unsophisticated, cheap to conduct, and in the most part can be conducted automatically. Low cost and little effort makes for a winning combination for hackers.
The Dunkin Donuts data breach did not involve internal systems and no credentials were stolen from the donut giant. Customers’ usernames (email addresses) and passwords were obtained from security breaches at other companies. Those usernames and passwords were then utilized in an automated attack on Dunkin Donuts customers’ DD Perks accounts. Dunkin Donuts has performed a password reset and affected users will be required to choose a new password. New DD Perks account numbers will be given to affected customers and their card balances will be transferred to the new account.
Since Dunkin Donuts did not expose any passwords and its systems remained secure, the only individuals that will have been affected are those that have used the same password for their DD Perks account that they have used on other online platforms.
The Risks of Password Reuse
Hackers obtain credentials from multiple data breaches, compile the data to create a list of passwords that have previously been used with a specific email address, then conduct what is known as a credential stuffing attack. Multiple login attempts are made using the different passwords associated with an email address.
The Dunkin Donuts data breach demonstrates the importance of good password hygiene and the risks of password reuse. Every user account must be secured with a strong, unique password – One that has not been used with a particular email address or username in the past and is not shared across multiple platforms.
If any online platform experiences a data breach and credentials are obtained, only the account at the breached entity will be compromised.
Naturally, using different passwords for each account means users are required to have scores of unique passwords for their work and personal accounts and remembering strong passwords can be difficult. That is why so many people reuse passwords on multiple accounts or recycle old passwords.
To avoid having to remember so many passwords it is advisable to use a password manager to generate strong passwords and store them. Of course, the password manager account must be secured with a very strong password or long pass phrase as if that account is breached, al passwords will be compromised.
There are many reasons why businesses should implement a WiFi filtering solution, but one of the most important aspects of WiFi filtering is protecting your brand.
The Importance of Brand Protection
It takes a lot of hard work to create a strong brand that customers trust, but trust can easily be lost if a company’s reputation is damaged. If that happens, rebuilding the reputation of your company can be a major challenge.
Brand reputation can be damaged in many ways and it is even easier now thanks to the Internet and the popularity of social media sites. Bad feedback about a company can spread like wildfire and negative reviews are wont to go viral.
Smart business owners are proactive and take steps to protect their digital image. They are quick to detect and enforce online copyright infringements and other forms of brand abuse. They monitor social media websites and online forums to discover what people are saying about their company and how customers feel about their products and services. They also actively manage their online reputation and take steps to reinforce their brand image at every opportunity.
Cyberattacks Can Seriously Damage a Company’s Reputation
One aspect of brand protection that should not be underestimated is cybersecurity. There are few things that can have such a devastating impact on the reputation of a company as a cyberattack and data breach. A company that fails to secure its POS systems, websites, and network and experiences a breach that results in the theft of sensitive customer data can see their reputation seriously tarnished. When that happens, customers can be driven to competitors.
How likely are customers to abandon a previously trusted brand following a data breach? A lot more than you may think! In late 2017, the specialist insurance services provider Beazley conducted a survey to find out more about the impact of a data breach on customer behavior. The survey was conducted on 10,000 consumers and 70% said that if a company experienced a data breach that exposed their sensitive information they would no longer do business with the brand.
WiFi Filtering and Protecting Your Brand
The use of Wi-Fi filtering for protecting your brand may not be the first thing that comes to mind when you think about brand protection, but it should be part of your brand protection strategy if you offer WiFi access to your customers or provide your employees with wireless Internet access.
It is essential for businesses to take steps to ensure their customers are protected and are not exposed to malware or phishing websites. If a customer experiences a malware infection or phishing attack on your WiFi network the fallout could be considerable. If your employees download malware, they could give hackers access to your network, POS system, and sensitive customer data. If you offer free Wi-Fi to your customers, you need to make sure your Wi-Fi network is secured and that you protect your customers from malicious website content.
One of the most important aspects of WiFi filtering for protecting your brand is preventing your WiFi access points from being used for illegal activities. Internet Service Providers can shut down Internet access over illegal activities that take place over the Internet. That will not only mean loss of WiFi for customers but could see Internet access lost for the whole company. Your company could also face legal action and fines.
If WiFi users can access pornography and other unacceptable content, a brand can be seriously tarnished. Imagine a parent discovers their child has seen pornography via your WiFi network – The failure to prevent such actions could be extremely damaging. WiFi filters allow businesses to carefully control the content that can be accessed on their network and prevents customers from viewing harmful web content.
WebTitan Cloud for WiFi – The Easy Way to Secure Your WiFi Access Points
Implementing a WiFi filter to protect your brand and provide safe and secure Internet access for your employees and customers is a quick and easy process with WebTitan Cloud for WiFi.
WebTitan Cloud for WiFi is a powerful, yet easy to use web filtering solution for WiFi hotspots that requires no hardware purchases or software downloads. WebTitan Cloud for WiFi can be implemented and configured in just a few minutes. No technical skill required.
WebTitan Cloud for WiFi is highly scalable and can protect any number of access points, no matter where they are located. If you have business premises in multiple locations, or in different countries, WebTitan Cloud for WiFi will protect all of your access points via an intuitive web-based user interface.
WebTitan Cloud for WiFi protects against online threats, allows businesses to carefully control the types of content that WiFi users can access, allows businesses to control bandwidth use, and gives them full visibility into network usage.
If you have yet to implement a WiFi filter on your hotspots, give TitanHQ a call today for details of pricing, to book a product demonstration, and register for a free trial.
A Starbucks porn filter will finally be introduced in 2019 to prevent adult content from being accessed by customers hooked up to the coffee shop chain’s free WiFi network.
It has taken some time for the Starbucks porn filter to be applied. In 2016, the coffee shop chain agreed to implement a WiFi filtering solution following a campaign from the internet safety advocacy group Enough is Enough, but two years on and a Starbucks porn filter has only been applied in the UK.
Businesses Pressured to Implement WiFi Filters to Block Porn
Enough is Enough launched its Porn Free WiFi campaign – now renamed the SAFE WiFi campaign – to pressure businesses that offer free WiFi to customers to apply WiFi filters to restrict access to adult content. In 2016, more than 50,000 petitions were sent to the CEO’s of Starbucks and McDonalds urging them to apply WiFi filters and take the lead in restricting access to pornography and child porn on their WiFi networks.
After petitioning McDonald’s, the global restaurant chain took prompt action and rolled out a WiFi filter across its 14,000 restaurants. However, Starbucks has been slow to take action. Following the McDonalds announcement in 2016, Starbucks agreed to roll out a WiFi filter once it had determined how to restrict access to unacceptable content without involuntarily blocking unintended content. Until the Starbucks porn filter was applied, the coffee shop chain said it would reserve the right to stop any behavior that negatively affected the customer experience, including activities on its free WiFi network.
The apparent lack of action prompted Enough is Enough to turn up the heat on Starbucks. On November 26, 2018, Enough is Enough president and CEO, Donna Rice Hughes, issued a fresh call for a Starbucks porn filter to be implemented and for the coffee chain to follow through in its 2016 promise. Rice Hughes also called for the public to sign a new petition calling for the Starbucks porn filter to finally be put in place.
Starbucks Porn Filter to Be Applied in All Locations in 2019
Starbucks has responded to Enough is Enough, via Business Insider, confirming that it has been testing a variety of WiFi filtering solutions and has identified one that meets its needs. The Starbucks porn filter will be rolled out across all its cafes in 2019.
All businesses that offer free WiFi to their customers have a responsibility to ensure that their networks cannot be abused and are kept ‘family-friendly.’ It is inevitable that some individuals will abuse the free access and flaunt policies on acceptable use. A technical solution is therefore required to enforce those policies.
While Enough is Enough is focused on ensuring adult content is blocked, there are other benefits of WiFi filtering. A WiFi filter protects customers from malware downloads and can stop them accessing phishing websites. All manner of egregious and illegal content can be blocked.
WiFi filters can also help businesses conserve bandwidth to make sure that all customers can access the Internet and enjoy reasonable speeds.
WebTitan Cloud for WiFi – The Easy Way to Start Filtering Content on WiFi Networks
TitanHQ has long been an advocate of WiFi filtering for public WiFi hotspots and has developed WebTitan Cloud for WiFi to allow businesses to easily block access to unacceptable and illegal web content on WiFi networks.
WebTitan Cloud for WiFi allows businesses to carefully control the content that can be accessed over WiFi without involuntarily blocking unintended content. Being 100% cloud based, no hardware purchases are required and no software downloads are necessary.
The solution offers businesses advanced web filtering capabilities through an easy to use intuitive user interface. No IT consultants are required to implement and run the solution. It can be set up and operated by individuals that have little to no technical knowhow.
The solution is highly scalable and can be used to protect thousands of users, at multiple locations around the globe, all controlled through a single user interface.
If you run a business that offers free WiFi to customers and you have not yet started controlling the activities that can take place over your WiFi network, contact TitanHQ today for further information on WebTitan Cloud for WiFi.
Managed Service Providers (MSPs) that want to start offering WiFi filtering to their clients can join the TitanHQ Alliance. All TitanHQ solutions have been developed to meet the needs of MSPs and make it easy for them to add new security capabilities to their service stacks.
The biggest cyber threat to SMBs is ransomware, according to Dato’s State of the Channel Report. While other forms of malware pose a serious risk and the threat from phishing is ever present, ransomware was considered to be the biggest cyber threat to SMBs by the 2,400 managed service providers that were polled for the study.
Many SMB owners underestimate the cost of mitigating a ransomware attack and think the cost of cybersecurity solutions to prevent attacks, while relatively low, are not justified. After all, according to Datto, the average ransom demand is just $4,300 per attack.
However, the ransom payment is only a small part of the total cost of mitigating an attack. The final cost is likely to be ten times the cost of any ransom payment. Datto points out that the average total cost of an attack on an SMB is $46,800, although there have been many cases where the cost has been far in excess of that amount.
One of the most common mistakes made by SMBs is assuming that attacks will not occur and that hackers are likely to target larger businesses with deeper pockets. The reality is SMBs are being targeted by hackers, as attacks are easier to pull off. SMBs tend not to invest heavily in cybersecurity solutions as larger businesses.
Anti-Virus Software is Not Effective at Preventing Ransomware Attacks
Many SMB owners mistakenly believe they will be protected by anti-virus software. However, the survey revealed that 85% of MSPs said clients that experienced a ransomware attack had anti-virus solutions installed. Anti-virus software may be able to detect and block some ransomware variants, but since new forms of ransomware are constantly being developed, signature-based cybersecurity solutions alone will not offer a sufficient level of protection.
Many SMBs will be surprised to hear just how frequently SMBs are attacked with ransomware. More than 55% of surveyed MSPs said their clients had experienced a ransomware attack in the first six months of this year and 35% experienced multiple attacks on the same day.
Some cybersecurity firms have reported there has been a slowdown in ransomware attacks as cybercriminals are increasingly turning to cryptocurrency mining. While that may be true for some cybercriminal gangs, the ease of conducting attacks using ransomware-as-a-service means many small players have started attacking SMBs. That is unlikely to change.
92% of surveyed MSPs said they thought ransomware attacks would continue at current levels or even increase throughout this year and next.
Ransomware attacks are even being conducted on Apple operating systems. In the past year, there has been a five-fold increase in the number of MSPs who have reported ransomware attacks on macOS and iOS operating systems.
“Not only have ransomware attacks increased in recent years, but the problem may even be bigger than we know, as many attacks go unreported,” explained Jeff Howard, Founder and Owner, of the Texas MSP Networking Results. Datto suggests that only one in four attacks are reported to law enforcement.
How to Protect Against SMB Ransomware Attacks
To protect against ransomware attacks, businesses need to implement a range of solutions to block the most common attack vectors. To block email-based attacks, advanced spam filtering technology is required, and end user security awareness training is essential. To block ransomware downloads from malicious websites, web filtering software should be implemented.
Business continuity and disaster recovery technology should be implemented to ensure that a quick recovery is possible in the event of an attack, and naturally intelligent backing up is required to ensure files can be recovered without paying a ransom.
MSPs need to explain the risks to SMBs, along with the solutions that need to be installed to prevent attacks and the likely cost of recovery. Many businesses are shocked to discover the true cost of a ransomware attack.
How TitanHQ Can Help Improve Defenses Against SMB Ransomware Attacks
TitanHQ has developed two innovative cybersecurity solutions that work in tandem to block the two most common attack vectors: Email and Internet attacks. SpamTitan is a powerful spam filtering solution that combines two AV engines with intelligent scanning of incoming mail using a variety of techniques to identify malicious messages and new ransomware variants and block them at source.
WebTitan is a powerful web filtering solution that can block malvertising attacks, drive-by ransomware downloads, and prevent employees from visiting malicious websites. Both solutions should be part of an SMBs arsenal to protect against ransomware and malware attacks and both solutions should be part of an MSPs security stack.
For further information on SpamTitan and WebTitan and details of TitanHQ’s MSP offerings, contact the TitanHQ today.
Most businesses are aware of the importance of securing their Wi-Fi networks; however, in some industry sectors Wi-Fi security has not been given the importance it requires. Wi-Fi security for hotels, for instance, is often lacking, even though the hospitality sector is being actively being targeted by cybercriminals who see hotel Wi-Fi as a rich picking ground.
Hotel Chains are Under Attack
Hotels are an attractive target for cybercriminals. They satisfy the two most important criteria for cybercriminals when selecting targets. Valuable data that can be quickly turned into profit and relatively poor cybersecurity which makes conducting attacks more straightforward.
In 2018, there have been several major cyberattacks on hotel groups. In November 2018, Federal Group, which runs luxury hotels in Tasmania, experienced an email security incident that exposed the personal data of some of its members. A cyberattack on the Radisson Hotel Group was also reported. In that case it resulted in the exposure of the personal information of its loyalty program members.
In August one of China’s largest chains of hotels – Huazhu Hotels Group Ltd – which operates 13 hotel brands – suffered a cyberattack that affected an estimated 130 million people. In June one of Japan’s largest hotel groups, Prince Hotels & Resorts, experienced a cyberattack that impacted almost 125,000 customers. In 2017 there were major data breaches at Hilton, Hyatt Hotels Corporation, Trump Hotels, Four Seasons Hotels, Loews Hotels, Sabre Hospitality Solutions, and InterContinental Hotels Group to name but a few.
The Cost of a Hotel Data Breach
When a data breach occurs the costs quickly mount. Access to data and networks must be blocked rapidly, the breach must be investigated, the cause must be found, and security must be improved to address the vulnerabilities that were exploited. That invariably requires consultants, forensic investigators and other third-party contractors. Affected individuals must be notified and credit monitoring and identity theft protection services may need to be offered.
The direct costs of a hotel data breach are considerable. The Ponemon Institute calculated the average cost of a data breach in 2018 had risen to $3.86 million. That was for a breach of up to 100,000 records. Larger breaches cost considerably more.
Then there is GDPR. Fines of up to €20 million or 4% of global annual turnover (whichever is higher) can be issued for GDPR compliance failures, which includes data breaches that resulted from poor security.
What is much harder to calculate is the cost of reputation damage and the customer churn rate after a breach. Damage to a hotel chain’s reputation can be long lasting and in the highly competitive hospitality industry, it could even be disastrous.
The security firm Ping Identity recently published the results from its 2018 Consumer Survey: Attitudes and Behavior in a Post-Breach Era. 3,000 people from the USA, UK, France, and Germany were surveyed for the study, which investigated the expectations of customers and the fallout from data breaches. 78% of respondents said they would stop engaging with a brand online after a breach and 36% would stop engaging with a brand altogether. Could your hotel group weather a 78% drop in online bookings or a loss of more than a third of your customer base?
Wi-Fi Security for Hotels
Cybersecurity solutions should be implemented to protect hotel networks from cyberattacks and prevent customer’s personal information from being accessed by cybercriminals. Perimeter cybersecurity solutions such as firewalls are essential, but Wi-Fi security for hotels should not be underestimated.
Guests use the Wi-Fi network to conduct business while at the hotel, for entertainment, and communication. Guests typically bring three devices that they connect to hotel Wi-Fi networks. A hotel with 100 guests potentially means 300 devices connecting to Wi-Fi. There is a high probability that at least some of those devices will be infected with malware, which could be transferred to other guests.
Hotel guests often access types of content that they do not access at home – sites that carry a higher risk of resulting in a malware download. Hackers often exploit poor hotel Wi-Fi security to attack guests. The DarkHotel threat group is a classic example. The group targets high profile hotel guests and has been doing so for more than a decade. If Wi-Fi security for hotels is substandard, successful attacks are inevitable.
Naturally guest and business Wi-Fi networks should be separated to ensure that one does not pose a threat to the other. A VLAN should be set up for the wired network, with a separate VLAN for internal wireless access points and those used by guests.
Wi-Fi security should include WPA2 encryption to prevent the interception of data and a web filtering solution should be implemented to protect guests from phishing websites and sites hosting malware. A web filter will also allow hotels to control the types of content that can be accessed by guests and restrictions can be put in place to create family-friendly Wi-Fi access and prevent guests from accessing illegal web content.
TitanHQ Email and Wi-Fi Security for Hotels
TitanHQ is a leading provider of advanced cybersecurity solutions for hotels to protect against email-based cyberattacks and improve Wi-Fi security for hotels.
WebTitan is a powerful web filtering solution for wired and wireless networks that blocks malware downloads and prevents employees and guest Wi-Fi users from accessing malicious websites. WebTitan also allows hotels to carefully control the content that can be accessed via their Wi-Fi networks, ensuring a business-friendly and family-friendly Internet service is provided.
Key Benefits of WebTitan
WebTitan Cloud and WebTitan Cloud for Wi-Fi are 100% cloud-based web filters for hotels that require no software downloads or hardware purchases. They can be implemented in minutes and are easy to configure and maintain. They are ideal for improving Wi-Fi security for hotels and securing wired hotel networks.
WebTitan web filters allow hotels to:
Control the content that can be accessed by guests without slowing Internet speeds
Block access to pornography to create family-friendly Wi-Fi zones in communal areas
Prevent guests from engaging in illegal online activities
Prevent guests from accessing phishing websites
Block the downloading of viruses, malware, and ransomware
Create custom policies for different user groups – management, employees, guests, or individuals
Create custom controls for different wireless access points
Restrict bandwidth-draining online activities to ensure good Internet speeds for all users
Manage web filtering controls for multiple locations from a single web-based control panel
WebTitan is ideal for use in the hospitality sector to protect internal networks from attack and to block web-based threats that could otherwise lead to a data breach.
To find out more about improving Wi-Fi security for hotels, contact TitanHQ today. The team will be happy to provide details of the products, advise you on the best deployment options, and schedule a product demonstration. You can also sign up for a free trial to evaluate the effectiveness of TitanHQ’s web filters for hotels in your own environment.
This year has seen several ransomware attacks on cities and municipal targets, clearly demonstrating that the threat from ransomware has not abated, despite several analyses from cybersecurity firms that suggest hackers are moving away from ransomware and concentrating on cryptomining malware attacks.
Cryptocurrency miners have certainly become more popular and their use has increased substantially in recent months, but there is still a significant threat from ransomware.
Ransomware development may have slowed, but ransomware attacks on cities and other high value targets have not. In fact, October has seen two new ransomware attacks on cities in the United States, along with several attacks on municipal targets. In the past few months. It is clear that the threat is not going away any time soon.
$2,000 Ransom Paid to Resolve City of West Haven Ransomware Attack
The city of West Haven ransomware attack started on the morning of October 16, 2018, and by the time the attack had been contained, 23 servers had been encrypted and taken out of action. Prompt action limited the scope of the attack, although it did cause major disruption as computers on the affected network had to all be shut down.
The attack affected a critical system, and after an assessment of the situation, the decision was taken to pay the ransom. Considering the number of servers affected, the ransom demand was relatively low. The city paid $2,000 in Bitcoin for the keys to decrypt its files.
Art House, Connecticut’s chief of cybersecurity, explained that this was one of several targeted ransomware attacks on cities and municipal services in the state in recent weeks. In February, around 160 computers were affected by ransomware in more than a dozen agencies in the state according to the Department of Administrative Services, and a month later the state’s Judicial Branch was attacked and had more than 100 servers encrypted.
City of Muscatine Ransomware Attack
The West Haven ransomware attack was shortly followed by a ransomware attack on the city of Muscatine in Ohio, which saw files on several government servers encrypted. The attack is understood to have started on October 17 and caused considerable disruption especially to services at City Hall.
Few details about the attack have been made public, although it is understood that the ransom demand was not paid. Instead, IT teams have had to painstakingly rebuild affected servers and workstations and restore files from backups.
Ransomware Attack on City of Atlanta
In August one of the most serious ransomware attacks on cities occurred. The City of Atlanta was attacked with SamSam ransomware, which was manually deployed on multiple computers after access had been gained to the network. The attack occurred in March and took down computers used for many city services, causing major disruption for weeks. A ransom demand of around $50,000 was issued, although the decision was taken not to pay. Initially the cost of recovery was expected to reach $6 million. Later estimates in the summer suggest that the final cost may exceed $17 million, highlighting just how costly ransomware attacks on cities can be.
Ransomware Attacks on Municipal Services Becoming More Common
Ransomware attacks on cities are becoming more common, as are attacks on municipal targets. In October, the Onslow Water and Sewer Authority in Jacksonville, North Carolina was attacked with ransomware resulting in most systems being taken out of action. In that case, a dual attack occurred, which started with the Emotet Trojan followed by the deployment of Ryuk ransomware two weeks later. The attack is expected to disrupt services for several weeks. The Indiana National Guard also suffered a ransomware attack in October. In both cases, the ransom was not paid.
Prevention and Incident Response
One of the reasons behind the rise in ransomware attacks on cities is underinvestment in cybersecurity defenses. Too little has been spent on protecting systems and updating aging hardware and software. With many vulnerabilities left unaddressed, staff receiving insufficient training, and even basic cybersecurity defenses often found lacking, it is no surprise that the attacks are increasing.
The only way that the attacks will be stopped is by spending more on cybersecurity defenses and training to make it much harder for attacks to occur. It can certainly be hard to find the money to commit to cybersecurity, but as the City of Atlanta found out, the cost of prevention is far lower than the cost of recovery from a ransomware attack.
Many businesses want to block websites at work and exercise greater control over employee Internet access. Acceptable Internet usage policies can be developed and employees told what content they are allowed to access at work, but there are always some employees that will ignore the rules.
In some cases, policy violations may warrant instant dismissal or other disciplinary action, but that takes HR staff away from other important duties. If staff are fired, replacements must be found, trained, and brought up to speed, and the productivity losses that result can be considerable.
The Dangers of Unfettered Internet Access
Before explaining how to block websites at work, it is worthwhile explaining the problems that can arise from the failure to exert control over the content that can be accessed through wired and wireless networks.
While extreme cases of internet abuse need to be tackled through HR, low level Internet abuse can also be a problem. Any time an employee accesses a website for personal reasons, it is time that is not being spent on work duties. Checking emails or quickly visiting a social media website is unlikely to have a major impact on productivity, but when cyber-slacking increases its effect can certainly be felt. If all employees spend 30 minutes a day on personal Internet use, the productivity losses can be considerable – A business with 100 workers would lose 50 hours of working time a day, or 1,100 hours a month!
In addition to lost opportunities, Internet use carries a risk. Casual surfing of the Internet by employees increases the probability of users encountering malware. The accessing of personal webmail at work could easily result in a malware infection on a work device, as personal mail accounts are not protected by the filtering controls of an organization’s email gateway. If illegal activities are taking place at work, the legal ramifications can be considerable. It will be the business that will be liable in many cases, rather than the individual employee.
The easiest solution is for businesses to enforce their acceptable internet usage policies and simply block websites at work that are not required for normal working duties. Preventing end users from visiting certain categories of web content – social media websites, gaming and gambling websites, dating sites, adult content, and other NSFW web content – is the easiest solution.
Even legitimate use of the Internet for work purposes carries risks. There has been a major increase in phishing attacks on businesses in recent years and mitigating attacks can prove incredibly costly. Technical solutions that are used to block websites at work to prevent cyber-slacking can also be configured to block access to phishing websites and prevent malware downloads.
The Easy Way to Block Websites at Work
The easiest way to block websites at work is to use a web filtering solution. This could be a physical appliance through which all Internet traffic is routed, a virtual appliance installed on your existing hardware, or a cloud-based solution. The latter is a popular solution for SMBs as the cost of implementation is minimal and the web filter can be set up in a matter of minutes. All that is required is to make a simple change to point the DNS to the cloud web-filter and all traffic will be routed though the solution.
Not all businesses need to exercise the same controls over Internet content so granular controls are essential. With a cloud-based web filter such as WebTitan, it is easy to block websites at work. The administrator simply logs into the administration panel through a web browser and clicks on the checkboxes of content that they want the filter to block. Blocking adult entertainment, gambling, gaming, dating, and social media by category is common. WebTitan also allows controls to implemented by keyword, through the use of blacklists, or through keyword scoring.
It is not practical to apply the same settings across the board for all employees. The marketing department, for instance, will need access to social media networks when other employees may not. With WebTitan, filtering controls can easily be set at the organization level, by user group, or for individuals. Time-based filters can also be applied to allow controls to be eased outside of standard working hours, if required.
Further Information on Blocking Websites at Work
If you would like further information on how you can selectively block websites at work and take control over the content that your employees can access, speak to TitanHQ today.
Our friendly and knowledgeable sales team will be able to answer all your questions, explain in detail how WebTitan works, and suggest the best option to suit your needs.
After learning about the best setup to suit your business, you can schedule a product demonstration and/or start a free trial to see WebTitan in action.
In 20 minutes your content control issues could be solved and you could be filtering the internet and blocking access to unsuitable, unsavory, and harmful web content.
TitanHQ, the leading provider of web filtering, spam filtering, and email archiving solutions for managed service providers (MSPs) recently partnered with Datto Networking, the leading provider of IT solutions to SMBs delivered through MSPs.
Datto Networking has now incorporated TitanHQ’s advanced web filtering technology into the Datto Networking Appliance to provide superior protection to users on the network.
Datto and TitanHQ will be hosting a webinar on October 18, 2018 to explain how the new technology provides enhanced protection from web-based threats, and how MSPs can easily deliver content filtering to their customers.
During the webinar, MSPs will find out about the enhanced functionality of the Datto Networking Appliance.
Webinar: Datto Networking & Titan HQ Deliver Enhanced Web Content Filtering
Date: Thursday, October 18th
Time: 11AM ET | 8AM PT | 4PM GMT/BST
John Tippett, VP, Datto Networking
Andy Katz, Network Solutions Engineer
Rocco Donnino, EVP of Strategic Alliances, TitanHQ
The CloudFlare IPFS gateway has only recently been launched, but it is already being used by phishers to host malicious content.Cloudflare IPFS gateway phishing attacks are likely to have a high success rate, as some of the checks performed by end users to confirm the legitimacy of domains will not raise red flags.
The IPFS gateway is a P2P system that allows files to be shared easily throughout an organization and accessed through a web browser. Content is distributed to different nodes throughout the networked systems. The system can be used for creating distributed websites, and CloudFlare has made this process easier by offering free SSL certificates and allowing domains to be easily connected to IPFS.
If phishers host their phishing forms on CloudFlare IPFS, they benefit from CloudFlare’s SSL certificate. Since the phishing page will start with cloudflare-ipfs.com, this adds legitimacy. The CloudFlare-owned domain is more likely to be trusted than domains owned by phishers.
When CloudFlare IPFS Gateway phishing forms are encountered, visitors will be advised that the webpage is secure, the site starts with HTTPS, and a green padlock will be displayed. If the visitor takes the time to check certificate information of the web page, they will find it has been issued to CloudFlare-IPFS.com by CloudFlare Inc., and the certificate is valid. The browser will not display any warning and CloudFlare IPFS Gateway phishing content will therefore seem legitimate.
At least one threat actor is using the CloudFlare IPFS Gateway for phishing and is hosting forms that claim to be standard login pages for Office 365, DocuSign, Azure AD, and other cloud-based services, complete with appropriate logos.
If a visitor completes the form information, their credentials will be forwarded to the operator of a known phishing domain – searchurl.bid – and the user will be displayed a document about business models, strategy and innovation. This may also not raise a red flag.
The CloudFlare IPFS Gateway phishing strategy is similar to that used on Azure Blob storage, which also take advantage of legitimate SSL certificates. In that case the certificate is issued by Microsoft.
It is becoming increasingly important for phishers to use HTTPS for hosting phishing content. As more businesses transition from HTTP to HTTPS, and browsers such as Chrome now display warnings to users about insecure sites, phishers have similarly had to make the change to HTTPS. Both CloudFlare IPFS Gateway and Azure Blog storage offer an easy way to do this.
In both cases, links to the malicious forms are distributed through spam email. One of the most common ways to do this is to include an email attachment that contains a button which must be clicked in order to download content. The user is advised that the content of the file is secured, and that professional email login credentials must be entered in order to view the content. The document may be an invoice, purchase order, or a scanned document that needs to be reviewed.
The increase in use of cloud platforms to host phishing content makes it more important than ever for organizations to implement advanced phishing defenses. A powerful spam filter such as SpamTitan should be used to block the initial emails and prevent them from being delivered to end users’ inboxes. These phishing tactics should also be covered in security awareness training to raise awareness of the threat and to alert users that SSL certificates do not necessarily mean the content of a web page is legitimate. Web filtering solutions are also essential for blocking access to known malicious web pages, should a user visit a malicious link.
Windows Remote Desktop Protocol attacks are one of the most common ways cybercriminals gain access to business networks to install backdoors, gain access to sensitive data, and install ransomware and other forms of malware.
This attack method has been increasing in popularity over the past two years and there has also been a notable rise in darknet marketplaces selling exposed RDP services and RDP login credentials. The high number of Remote Desktop Protocol attacks has prompted the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) and the Department of Homeland Security to issue an alert to businesses in the United States to raise awareness of the threat.
Remote Desktop Protocol is a proprietary Windows network protocol that allows individuals to remotely access computers and servers over the Internet and gain full control of resources and data. RDP is often used for legitimate purposes, such as allowing managed security service providers (MSSPs) and managed service providers (MSPs) to remotely access devices to provide computer support without having to make a site visit. Through RDP, input such as mouse movements and keystrokes can be transmitted over the Internet with a graphical user interface sent back.
In order to gain access to a machine using RDP, a user must be authenticated by supplying a username and password. Once a user is authenticated, the resources on that device can be accessed. While authorized individuals can use RDP connections, so too can cybercriminals if they have access to login credentials or are able to guess usernames and passwords. As with any software, RDP can contain flaws. For instance, flaws in the CredSSP encryption mechanism could be exploited to perform man-in-the-middle attacks.
Cybercriminals are identifying vulnerable RDP sessions over the Internet and are exploiting them to gain access to sensitive information and conduct extortion attacks. The threat actors behind SamSam ransomware, which has been used in many attacks on U.S. businesses, educational institutions, and healthcare providers, often gain access to networks through brute force attempts to guess weak passwords. The threat actors behind CrySiS and CryptON ransomware attack businesses through open RDP ports and similarly use brute force and dictionary attacks to guess passwords.
How to Prevent Windows Remote Desktop Protocol Attacks
There are four main vulnerabilities that can be exploited to gain access to Windows devices that have RDP enabled:
Exploitation of weak passwords
Use of outdated versions of RDP
Failure to restrict access to the default RDP port – TCP 3389
Failure to block users after a set number of unsuccessful login attempts
Strong passwords should be used to make it harder for cybercriminals to use brute force tactics to guess login credentials. Dictionary words should be avoided. Default passwords must be changed and passwords should be at least 8 characters and include a mix of upper/lower case letters, numbers, and special characters. Rate limiting is also essential. A user should be blocked after a set number of failed login attempts have been made and, if possible, two-factor authentication controls should be implemented. External to internal RDP connections should be limited and software should be kept up to date.
An audit should be conducted to identify all systems that have RDP enabled, including cloud-based virtual machines with public IP addresses. If RDP is not required, it should be disabled. A list of systems with RDP enabled should be maintained and available patches should be applied promptly. All open RDP ports should be located behind a firewall and access should only be possible by using a VPN.
Logging mechanisms should be applied, and successful and unsuccessful login attempts should be regularly monitored to identify systems that have been attacked.
To ensure that recovery from a ransomware or sabotage attack is possible, all data must be regularly backed up and a good backup strategy adopted.
By regulating, monitoring, and controlling the use of RDP and addressing vulnerabilities, it is possible to reduce risk and prevent Remote Desktop Protocol attacks.
Recent research has shown that the United States is the main distributor of exploit kits and hosts the most malicious domains and cyberattacks on websites have increased sharply.
United States Hosts the Most Malicious Domains and Exploit Kits
The United States hosts the most malicious domains and is the number one source for exploit kits, according to new research conducted by Palo Alto Networks. Further, the number of malicious domains increased between Q1 and Q2 in the United States. In all countries, apart from the Netherlands, the number of malicious domains remained constant or declined.
Exploit activity is only at a fraction of the level of 2016, although the web-based kits still pose a major threat to businesses with poor patching processes and a lack of protections against web-based attacks.
Three exploit kits have been extensively used throughout Q1 and Q2, 2018: Sundown, Rig, and KaiXin. The United States is the number one source for the Sundown and Rig EKs and is number two behind China for the KaiXin exploit kit. Further, a new exploit kit was detected in Q2: Grandsoft. The United States is also the number one source for this new exploit kit.
More than twice the number of exploit kits are hosted in the United States than in Russia in second place. 495 malicious URLs were detected in the United States compared to 147 in Russia. 296 malicious URLs hosting exploit kits were detected in the United States, with Russia in second place with 139.
The Microsoft VBScript vulnerability, CVE-2018-8174, is being extensively exploited via these exploit kits. Microsoft released a patch in May 2018 to fix the flaw, but many companies have yet to install the update and are vulnerable to attack. Exploit kits are still using old vulnerabilities to install their malicious payloads. According to Palo Alto Networks’ Unit 42, two vulnerabilities are extensively used – The IE7 vulnerability – CVE-2009-0075 – and the Internet Explorer 5 vulnerability – CVE-2008-4844 – even though patches were released to fix the flaws more than 9 years ago.
The Jscript vulnerability in Internet Explorer 9 through 11 – CVE-2016-0189 – and the OleAut32.dll vulnerability – CVE-2014-6332 – have also been used in many attacks. One vulnerability known to be used in zero-day attacks was also detected.
Website Attacks on the Rise
Research conducted by SiteLock has revealed there has been a significant rise in attacks on websites in Q2, 2018. According to its study of more than 6 million websites, each website is attacked, on average, 58 times a day with one attack occurring every 25 minutes. That represents a 16% increase in website attacks since Q1, 2018.
Many search engines now alert users when websites have been discovered to contain malware, and Google sends warnings to site owners when malicious software is discovered. However, relatively few sites are being detected as malicious. SiteLock notes that out of 19.2 million sites that it has discovered to be hosting malicious files, only 3 million had been detected as malicious by the search engines.
The threat of exploit kit attacks and the rise in sites hosting malicious code highlights the need for businesses to deploy a web filtering solution to prevent employees from visiting these malicious sites and giving cybercriminals an opportunity to install malware on their networks.
Companies that take no action and fail to implement software solutions to restrict access to malicious sites face a high risk of their employees inadvertently installing malware. With the cost of a data breach now $3.86 million (Ponemon/IBM), the decision not to implement a web filter could prove incredibly costly.