Security Awareness Training
Jan 31, 2023 | Cybersecurity Advice, Security Awareness Training, Web Filtering
There has been an increase in the use of information-stealing malware by cybercriminals. Info stealers are typically installed to steal a range of sensitive data from a user’s device, such as system information, usernames and passwords, and cryptocurrency wallets. Infostealers typically have keystroke logging capabilities, allowing usernames and passwords to be obtained, which are then exfiltrated to the attacker’s command and control server, allowing the user’s accounts to be accessed.
In 2022, cybercriminals increasingly used these types of malware in their attacks on businesses. The latest information stealers have been developed specifically for this purpose and instead of targeting individual accounts, they are being used for much more extensive attacks on businesses, and steal system information and session cookies that allow multifactor authentication controls to be bypassed.
If the malware is installed, changing passwords will have little effect, as the attacker will already be in the system. Multifactor authentication can prevent stolen credentials from being used to access accounts, but modern malware is capable of stealing session cookies allowing accounts to be accessed. While multifactor authentication is important, it is not effective if the system has already been compromised. Further, phishing kits are now used that are capable of obtaining session cookies and bypassing multifactor authentication.
Phishing attacks have also become more sophisticated and it is now common for a wide range of malicious attachments to be used for distributing malware and directing users to malicious websites. While Office documents are commonly used, now compressed files, ISO files, ZIP files, OneNote files, image files, HTML files, and more are used for malware distribution, many of which are not blocked by email security solutions. To protect against these new malware variants and multifactor authentication-bypassing phishing attacks, businesses need to rethink their protections.
An email security solution is required to block malware delivery via email and identify and block the phishing emails that are used for credential theft. Email security solutions will block previously seen phishing emails, and are regularly updated with the latest threat intelligence; however, many are not effective at detecting zero-day threats. An email security solution with machine-learning capabilities is required to block more of these new threats, and for malware protection, sandboxing is required in addition to standard antivirus protection. Any attachments that pass AV inspection – which looks for signatures of known malware – are sent to the sandbox for behavioral analysis. This allows zero-day malware threats to be identified and blocked. SpamTitan has AI/machine learning capabilities and provides AV protection and sandboxing.
Even advanced email security solutions such as SpamTitan should not be used in isolation, as no email security solution will block every threat. Email security solutions will massively reduce the number of malicious emails that are delivered to inboxes, but will not block SMS-based phishing attacks and web-based attacks. One way of improving protection is to use a web filter. A web filter is used to carefully control access to the Internet and can restrict access to websites that serve no work purpose. Web filters are updated with the latest threat intelligence and will block access to known malicious websites, and can be configured to block downloads of risky files from the Internet. They will also significantly improve protection against malicious hyperlinks in emails, providing time-of-click protection. WebTitan Cloud is one of the easiest web filters to implement, and can be set up in just a few minutes and will protect against cyberattacks over the Internet.
Multifactor authentication is important and will protect against the majority of automated attacks on accounts, but not all MFA is the same. The latest phishing kits can steal session cookies and bypass multifactor authentication controls. Businesses should consider implementing phishing-resistant MFA based on FIDO standards, as this will provide a much higher degree of protection.
An often neglected layer of security is security awareness training. Businesses are increasingly realizing the importance of security awareness training and more businesses now provide training to their employees, but providing once-a-year training sessions is not enough. Security awareness training needs to be regular if it is to be effective, so training courses should run continuously throughout the year. A modular course that delivers training every month in short sessions will be far more effective than a once-a-year training session. Businesses should also provide targeted training, with training courses developed based on an individual’s role and the threats they are likely to encounter. Phishing simulations should also be conducted to identify areas where training is not proving to be effective and to allow targeted training to be provided to individuals who fail to recognize threats. TitanHQ can help in this area through the SafeTitan security awareness training and phishing simulation platform.
With cyberattacks increasing in number and sophistication, there is no better time to revise your defenses than now. For more information on how you can improve your defenses against phishing, malware, business email compromise, and other cyberattacks, give the TitanHQ team a call.
Dec 30, 2022 | Cybersecurity News, Security Awareness Training
A phishing campaign has been detected that is being used to deliver QBot malware, one of the oldest malware families still in use. QBot malware has been around since at least 2009 and is known by many different names, including QakBot, QuackBot and Pinkslipbot. One of the primary functions of the malware is to steal passwords, although the latest variants also serve as a backdoor into victims’ systems. As is the case with many other Trojan malware variants, the group operating the malware works as an initial access broker for ransomware gangs. After the gang has achieved its aims, access to compromised devices is sold to ransomware gangs.
The threat actors behind QBot malware have previously worked with the operators of the Emotet botnet, and used the Emotet malware for delivering QBot; however, the law enforcement takedown of the Emotet botnet in January 2021 forced the group to switch attack vectors, and since then QBot malware has been primarily distributed using phishing emails. Now the group has been observed using a new tactic in its phishing campaigns that use Scalable Vector Graphics (SVG) files.
One of the ways that these campaigns can be identified and avoided is through security awareness training for the workforce to educate employees about the risks of opening files sent via email. One of the standard tenets of security awareness training has been to tell employees not to open files in unsolicited emails or from unknown individuals. That advice is not particularly helpful, as employees are often required to open emails from unknown individuals or unsolicited messages as part of their jobs, and in this case, that advice would not be effective.
QBot, like Emotet, is capable of hijacking message threads on infected devices and inserting its malicious content. In this campaign, a previous email correspondence is hijacked and text is inserted and the message is sent. That text is simple, yet effective “Good afternoon, Take a look at the attached file. Thanks.” The email will have been sent from a genuine email address, the individual is known to the recipient, and the email is not unsolicited as there has been a previous conversation. The only clue that the message is not a genuine reply is the email conversation is old. In this case, from two years ago.
It is important to provide security awareness training to the workforce but in order to be effective, the training needs to be ongoing and should include examples of the latest phishing techniques, such as this technique for distributing QBot.
Nov 30, 2022 | Cybersecurity Advice, Security Awareness Training
Cybersecurity experts agree that security awareness training is an important part of any cybersecurity strategy. You can implement next-generation technology to repel malicious actors and prevent and rapidly detect cyberattacks, but it is important not to forget about the human element. According to the Verizon 2022 Data Breach Investigations report, 82% of all data breaches involve the human element. Through training, you can teach cybersecurity best practices and reduce risky behaviors that open the door to hackers, and you can train employees how to identify phishing.
The percentage of companies providing security awareness training to their employees is increasing as the importance of training is now better understood, but one aspect of the training process that is often neglected is conducting phishing simulations on the workforce. Phishing simulations are fake but realistic phishing emails that businesses send internally to employees. You may wonder why you should do such a thing. Well, there are clear benefits that come from doing so. Here we provide five reasons why conducting phishing simulations on employees is beneficial.
1. Create a Baseline to Measure the Effectiveness of your Training
Many companies provide security awareness training but are unable to measure its effectiveness, other than a reduction in data breaches and phishing incidents. Phishing simulations are a great way to monitor the effectiveness of training over time and clearly show the return on investment. Conduct phishing simulations before you start your training program and you have a baseline against which you can measure the effectiveness of training over time and see the ROI.
2. Test the Effectiveness of Training in a Work Setting
You can show an employee the signs of phishing that they need to look out for, and you can test to make sure they have understood the training at the end of the training course, but that does not mean the training will be remembered nor that it will be applied when they are at work. Phishing is often successful because the emails arrive in inboxes when employees are busy, and that is why mistakes are made. Phishing simulations allow you to test whether training is being applied and whether it is proving to be effective.
3. Identify Weak Links
While most employees will take the training on board, will take greater care, and will follow the security best practices they have learned, there will always be employees who do not. Phishing simulations allow you to identify the weak links and take proactive action to address the problem before the employee falls for a real phishing email. A failed phishing simulation is an opportunity for intervention training. You can deliver training instantly in response to the problem, and provide a specific training course relevant to the mistake that was made. Providing relevant training at the point when the error is made is the most effective way of eradicating risky behaviors.
4. Practice Makes Perfect
You should not expect every employee to become a security Titan the second they complete their training course. They will not be able to instantly identify every phishing threat. It takes time to build up security awareness and create a security culture. Phishing simulations are a great way to do this. They give employees practice at identifying phishing threats in a safe setting. When a real threat arrives in their inbox, they will be much more likely to be able to identify the malicious message.
5. Identify Weaknesses in the Training Course
Phishing simulations identify human weaknesses to allow further training to be provided, but they also identify problems with the training course. If you send a phishing simulation that a large number of employees fail, that is likely to indicate a problem with the training course – A type of threat that you have not covered sufficiently well. You can then update your training course to ensure that specific threat is properly explained.
SafeTitan from TitanHQ
TitanHQ has developed a comprehensive security awareness training solution for businesses called SafeTitan. The platform includes an extensive library of training content on all aspects of security, with the courses divided into short computer-based training modules of no more than 10 minutes, which makes them easy to fit into busy workflows.
The training content is fun, gamified, and engaging, and is proven to help eradicate risky security practices and reduce susceptibility to phishing attempts. The platform includes a phishing simulator for testing whether employees can recognize phishing attempts – the most common way that cybercriminals attack businesses. Phishing simulation data shows susceptibility to phishing attacks can be reduced by up to 80% with SafeTitan.
If you have yet to provide security awareness training to your workforce and are not conducting phishing simulations, the ideal time to start is now. Contact TitanHQ today for more information or sign up for a free trial of the solution and put it to the test before deciding on a purchase.
Jul 30, 2022 | Internet Security News, Network Security, Security Awareness Training
Most people are aware of the importance of cybersecurity and the need to take care when opening emails, browsing the internet or downloading apps on their mobile phones. If you ask anyone whether they are knowledgeable about cybersecurity and if they can recognize a malicious website or email, there’s a high chance that they will say yes.
A recent survey conducted by AT&T on 2,000 U.S. adults confirms that. 70% of the respondents to the survey said they were knowledgeable about cybersecurity, two-thirds of people said they know how hackers gain access to sensitive information on devices, and 69% of people said they were able to recognize suspicious websites at a glance.
However, despite being aware of the importance of cybersecurity, cybersecurity best practices are not always followed. People take considerable risks with email and the Internet, and the survey suggests that the confidence in the ability to recognize scams, malicious websites, and suspicious emails is misplaced.
While most people claim to be able to recognize a suspicious website, only 45% of respondents said they knew those sites carried a risk of identity theft. 46% of respondents were unaware of the difference between active and passive cybersecurity threats. Passive cybersecurity threats are those where a threat actor simply monitors communications and gathers sensitive information, whereas an active attack involves some action or modification of communications. An example of a passive attack is a malicious actor eavesdropping on a connection to a website via an evil twin Wi-Fi access point. An example of an active attack would be a malware attack.
The average person lands on 6.5 malicious websites or suspicious social media accounts every day and in many cases, those sites are accessed deliberately. Suspicious websites include those that start with HTTP rather than HTTPS, which means the connection between the web browser and the website is not encrypted. Suspicious sites include those with lots of pop-ups, or unverified sites and social media accounts.
39% of respondents said they accessed suspicious streaming websites to view major sporting events, 37% would download files from suspicious websites if they wanted to find a song or video game that they couldn’t find elsewhere, and these sites would be used to make purchases if they were offering a big discount. Considering that 70% of people said they were knowledgeable about cybersecurity, it is alarming that less than 40% of people consider common security risks when accessing the Internet. Only 32% of people considered the possibility of a network intrusion and just 31% of people considered whether an app or software could be malicious. The survey also revealed people take big security risks with passwords. 42% of people reuse passwords on multiple websites and alarmingly, 31% of people use a birthday as a password.
Businesses should take note of this survey. The survey was conducted on a sufficiently large number of people that it should be considered representative of the population as a whole and makes it clear that there is a need for cybersecurity awareness training to be provided by employers to bring the level of knowledge about cybersecurity up to scratch and be taught the importance of following cybersecurity best practices. Even people who are aware of the risks will take shortcuts for convenience, so businesses should also consider restricting access to certain websites.
If you want to improve cybersecurity, you should start with the human element and try to eradicate risky behaviors. TitanHQ offers businesses a comprehensive cybersecurity awareness training platform – SafeTitan – that covers all aspects of security and cybersecurity in the workplace. The platform can be used to improve understanding of risks and teach the best practices that should be followed at all times. The training content is gamified, interactive, and fun, and has been shown to be highly effective at eradicating risky behaviors. SafeTitan is the only behavior-driven security awareness training platform that delivers intervention training in real-time in response to risky behaviors by employees. When a risky action is taken, the platform automates the intervention and delivers the relevant snippet of the company policy and training content specific to that risk or threat.
Businesses can also take advantage of WebTitan Cloud – a DNS-based web filtering solution that prevents employees from accessing known malicious websites. When an attempt to visit a malicious website is made, the connection to the site will not be made and the user will be informed that the site has been blocked. Businesses can also use the category-based filters in WebTitan Cloud to prevent employees from accessing certain types of websites, such as those that carry a risk of malware infections. Peer-to-peer file sharing networks for example.
By educating the workforce on cybersecurity and implementing controls to restrict access to risky websites, businesses will be able to prevent more costly cyberattacks and data breaches. For more information on cybersecurity awareness training and web filtering, give the TitanHQ team a call.
Apr 30, 2022 | Network Security, Security Awareness Training
Technical defenses need to be implemented to protect against cyber threats, but it is also important to provide security training to the workforce. Security awareness training involves teaching users how to identify and avoid cyber threats, and training users to follow the security best practices that are necessary for protecting devices, networks, and data.
When businesses analyze security incidents, they often find that the threat could have easily been identified and avoided. A ransomware attack, for example, could have been prevented had an employee recognized the phishing email that gave the attackers the credentials they needed to access the network. Employees are commonly thought of as a weak link in the security chain, but employees can actually be security assets. Through training, they can become important sensors that help to protect the company.
Security awareness training is necessary for all members of the workforce, from the CEO down. Security awareness training needs to be provided to all individuals when they join the company, and then periodically thereafter. 20% of businesses provide security awareness training once a year or less, but something so important needs to be provided more frequently as employees cannot be expected to retain all of the information from a single, annual training session and then apply that information to real-life situations continuously throughout the year.
Many businesses need to change their thinking on security awareness training from it being a checkbox item that needs to be completed for compliance or to take out cyber insurance. Effective training is required, and that means it needs to be provided continuously. If you don’t exercise, your muscles will become weak. The same applies to security awareness training.
Classroom or computer-based training should be provided, which should be augmented with presentations, quizzes, infographics, and videos. Regular refresher training sessions should be provided in bite-sized chunks that are easy to take on board and remember. The aim of security awareness training is to create a security culture where everyone knows to be constantly alert.
Businesses need to develop an incident response plan to ensure the business can continue to operate in the event of a disaster. Backups need to be made of critical data to ensure that no data is lost in the event of computer failure or a ransomware attack. If you don’t test those plans and backups, it is impossible to know if they work. The same is true for security awareness training. It is necessary to test to see if the knowledge from training has been retained by the staff, if that knowledge is being applied in real-world situations, and whether security awareness training is actually influencing behavior.
One of the best ways to do this is with phishing simulations. Phishing simulations are exercises that are conducted to determine how effective training has been and to identify any areas where training needs to be improved. If a large number of employees have fallen for a particular phishing simulation, it is clear that the training has not covered that particular threat in sufficient detail. Training can then be adapted to help employees understand. If an employee falls for a simulation, there should be consequences, but the consequences should not be punitive. The purpose is to improve security not to punish employees, so the threat needs to be explained to the employee at the time to make sure that if it is encountered again, they will recognize it for what it is and act appropriately.
TitanHQ can help businesses with security awareness training and phishing simulations. SafeTitan is the only behavior-driven security training solution that delivers contextual training in real-time. With SafeTitan, alerts are generated when users take actions they shouldn’t, and those alerts are used to trigger timely training content with context. Since that training is delivered with context, the content provided is always relevant. SafeTitan also allows businesses to monitor how effective training is over time and how training is actually reducing risk.
“Every time an alert is triggered and comes into us, we map that alert or behavior in our database. This allows us to see the frequency of that behavior and monitor how it changes over time. You can measure this by user, by department, by country, by office, by business unit, and by organization,” says Stephen Burke, Product Director of SafeTitan, and founder and CEO of Cyber Risk Aware, which was recently acquired by TitanHQ. “And the beautiful side of it is, unlike most enterprise-grade software, it doesn’t just give mid to large enterprises the ability to demonstrate how effective their training is. MSPs can also offer this technology to their SMB clients, who maybe don’t initially know to seek that information.”
If you want to find out more about security awareness training, this interview with Stephen Burke with Expert Insights is a good place to start. We also recommend starting training with SafeTitan – You can get started today at zero cost by taking advantage of the SafeTitan free trial!