Web Filtering

Web filtering is an ideal solution to prevent Internet users from visiting unsafe website that potentially harbor viruses and malware. A web filter works by comparing a request to visit a website against a list of predetermined parameters. If the request fails to pass the criteria defined by the parameters, the request is denied.

This process prevents Internet users from accessing websites they have been invited to visit in a phishing email or when clicking on an advertising link. Web filtering can also be configured to prevent cyberslacking, to block certain types of files from being downloaded or bandwidth-hogging web applications from being used.

To find out more about how your organization can strengthen its online defenses, enhance productivity and limit bandwidth loss, speak with one of our team today about web filtering.

What is Cloud Web Filtering Software?

Cloud web filtering software is now an important cybersecurity measure used by businesses of all sizes, but what exactly is it and why is it important? In this post we will explain exactly what cloud web filtering is, what it is used for, and why most businesses need to use it.

What is Cloud Web Filtering?

Cloud web filtering is a software-as-a-service (SaaS) solution that acts as a semi-permeable barrier between an individual and the Internet. For much of the time, users will not know this solution is in place, as there is no noticeable delay when browsing the Internet. Websites can be accessed as if the solution was not in place.

Cloud web filtering software is only noticed by a user when they attempt to visit a website that violates their organization’s acceptable internet use policy. When a request is made to access a website that falls into a category that an employer does not permit – pornography for example – rather than connect to the website, the user will be directed to a local block page and will discover that particular website cannot be accessed due to a content policy violation.

Cloud web filtering software acts as a form of internet content control which is used to reduce productivity losses due to personal Internet use, prevent HR issues, and reduce legal liability, but a cloud web filter it is not just used for restricting access to NSFW websites. It also has an important security function.

Why is Cloud Web Filtering Important?

The Internet can be a dangerous place. There are many threats lurking online that could compromise a business’s systems and lead to a costly data breach or catastrophic data loss. Malware and ransomware are often downloaded from websites, even from legitimate sites that hackers have been able to compromise. A visit to one of those malicious sites by an employee could easily result in a malware infection, and once installed on one device it could easily spread across the network.

Phishing is also a major risk for businesses. Phishing forms are loaded onto websites to harvest sensitive data such as login credentials to Office 365. Links to these sites are often sent to business email accounts.

A web filter acts as an additional layer of protection against these attacks, but in contrast to antivirus software that identifies malware that has been downloaded, cloud web filter software blocks the malware at source, preventing it from being downloaded in the first place. It also works in conjunction with anti-spam software to prevent visits to phishing websites when phishing emails sneak past the spam filter.

With cloud web filter software, all filtering takes place in the cloud (on the service provider’s server), which is important for a distributed workforce. Regardless of where an employee accesses the internet – office, home, airport, coffee shop – the cloud web filter will be active and providing protection.

How Much Does Cloud Web Filtering Software Cost?

Cloud web filtering software is a low-cost solution that can pay for itself by preventing costly malware infections and phishing attacks and stopping productivity losses by blocking access to certain types of web content.

The cost of a cloud web filter can vary considerably from provider to provider with the price starting at around $1 per user, per month.

WebTitan: Web Filtering for SMBs, ISPs, and MSPs

TitanHQ developed WebTitan Cloud web filtering software to help SMBs and MSPs serving the SMB market control what users can access online and to protect business networks from web-based cyberattacks. The solution is quick and easy to implement, as being cloud-based, there are no software downloads. Simply point your DNS to WebTitan Cloud and you can be filtering the Internet in minutes.

Administrators can use an easy-to-use interface to configure the solution, which can be accessed through any web browser. Log in, navigate to the content control section, and you can use the checkboxes to block access to any of 53 pre-defined categories of website (and create your own categories if you so wish).

Integration with LDAP and Active Directory makes it easy to set controls for individual users, user groups, departments, or different offices. You can set time-based controls to limit bandwidth usage or ease up on restrictions at certain times of the day. Cloud keys can be generated to bypass standard controls temporarily, should you ever need access to otherwise prohibited sites.

Whitelist and blacklists are supported, you can block downloads of certain file types, and access to websites known to be used for malicious purposes will be automatically blocked. A full suite of reports gives administrators full visibility into web access, including real-time views and automatic alerts.

AI-powered protection is provided against active and emerging Phishing URLs and zero-minute threats, allowing you to sanitize Internet access and provide your employees, customers, and guest users with clean, filtered internet access.

If you have yet to start using cloud web filtering software or you are unhappy with your current provider, give the TitanHQ team a call. You can also take advantage of a 30-day free trial to try out the solution for yourself before deciding on a purchase. Product demonstrations can also be arranged on request.

WastedLocker Ransomware Delivered Using Fake Software Updates

The notorious cybercriminal organization Evil Corp, which was responsible for the Dridex and Zeus banking Trojans and BitPaymer ransomware, have started using a brand new ransomware called Wastedlocker, so named due to the .wasted extension which is used on encrypted files.

Evil Corp has been relatively quiet in recent months following the indictment of two high-profile members of the group by the U.S. Department of Justice in December 2019 for their role in the creation and distribution of Dridex and Zeus. The group bounced back with relatively low-level campaigns in January, but there has been little activity since. It appears that the time has been spent developing WastedLocker ransomware, which appears to have been mostly written from scratch.

WastedLocker ransomware was first used in May 2020 and is believed to be a replacement for BitPaymer ransomware. In the short space of time that the new ransomware has been in use, attacks have been conducted on at least 31 organizations, according to data from Symantec. Most of the victims are located in the United States, eight of which are Fortune 500 companies and 11 are publicly listed. Attacks have been conducted on companies operating in a wide range of industry sectors, with the manufacturing, information technology, and media and telecommunications sectors experiencing the highest number of attacks.

Evil Corp appears to be targeting large organizations with deep enough pockets to pay the sizeable ransom demand, which has ranged from $500,000 to $10 million in some cases. In contrast to many other ransomware operators, Evil Corp does not steal data prior to file encryption, although that could well change in the future. The group certainly has the technical skill to adopt that tactic, but it appears that they have refrained from doing so to stay under the radar.

WastedLocker ransomware is downloaded using the JavaScript framework SocGholish under the guise of a browser update. Symantec has identified more than 150 websites that have been compromised that are being used as part of the campaign to deliver the ransomware payload. Once a network has been compromised, the attackers use living-off-the-land tactics to move laterally and gain access to as many endpoints as possible, including tools such as PsExec and PowerShell. The gang has been observed using the penetration testing tool Cobalt Strike to log keystrokes and obtain credentials and escalate privileges, before the WastedLocker ransomware is executed and files across the network are encrypted.

In addition to encrypting endpoints, the group is targeting database services, file servers, virtual machines and cloud environments to cause maximum disruption to maximize the probability of the ransom being paid. The group is careful and patient, often waiting several months before their ransomware encryption routine is triggered.

Evil Corp is one of many threat actors to have adopted ransomware, with attacks on businesses having increased over the past few months. Around 15 groups are now conducting manual ransomware attacks in which data is stolen prior to file encryption and threats are issued to publish or sell the stolen data if the ransom is not paid. This tactic has been effective, with around half of businesses paying the ransom.

The University of California San Francisco is one of the latest victims that has been forced to pay the ransom to recover data encrypted in the attack. That ransomware attack involved NetWalker ransomware, and data was stolen in that attack prior to encryption. Without access to essential research data, the university had little option other than paying the $1.14 million ransom.

Organizations are attacked in a variety of ways, often using brute force tactics on RDP or exploiting vulnerabilities in VPNs, but there has also been an increase in email-delivered ransomware and drive-by malware downloads, highlighting the need for advanced email and web security solutions, which is an area where TitanHQ can help.

Web Filtering Myths and the Truth About DNS Filtering

There are several common web filtering myths that have led businesses to believe that it is not worth their while implementing a web filtering solution. It is important to bust these myths as they are preventing businesses from adding an essential extra layer of security that can prevent downloads of malware, ransomware infections, and block phishing attacks. The failure to filter the internet is often a costly mistake.

Once upon a time, having a firewall, antivirus solution, and spam filter would ensure your business was well protected, but the sophisticated nature of today’s cyber threats and the massive increase in cyberattacks has meant that these solutions alone are no longer sufficient to block cyber threats and prevent data breaches. The key to blocking these threats is to implement layered defenses. If the outer layer fails to block a threat, other layers exist to provide protection. A web filter should be one of those layers.

Why Web Filtering is Now Essential

Finding vulnerabilities and exploiting them is a difficult and labor-intensive way of attacking a business. Attacks on employees are much easier and require far less skill. All that is needed is a carefully written email to direct an employee to a malicious website and credentials can be easily harvested and malware downloaded. You don’t need to be a skilled hacker to conduct a phishing attack or set up a website for distributing malware.

Email security solutions are great for blocking phishing attacks, but many malicious emails bypass email security defenses. Phishing emails usually have a web-based component and various tactics are used to hide malicious URLs in emails. A web filter provides protection against the web-based component of phishing attacks by providing time-of-click protection. When an attempt is made to visit a malicious website linked in an email, the web filter blocks that request. A web filter will also prevent users from visiting malicious website through web browsing and also block visits to malicious websites through malvertising redirects. Without a web filter in place, there is nothing to stop an employee from visiting a malicious website.

Pervasive Web Filtering Myths

There are some pervasive web filtering myths that need to be busted, the most common of which are detailed below.

Web Filtering is Expensive

OK, so we are not going to tell you that a web filter is a zero cost solution as you will need to pay for this extra level of protection, but the cost is actually low, no hardware needs to be purchased, and what you spend will pay for itself in terms of the data breaches you will prevent and the productivity gains that can be made. In terms of the real cost, less than $1 per user per month is all that needs to be spent to protect your users with WebTitan.

Web Filtering is Complicated

A DNS-based web filter is not complicated to set up, configure, or maintain. In fact, web filtering could not be any simpler. All you need to do is point your DNS to WebTitan. Even during the COVID-19 lockdown, making this change for all of your remote users is a simple process, and one that we can easily talk you through.

Once that small change has been made, here is what happens:

  • A user enters a web address into their browser and a DNS query is made to locate that web resource
  • A DNS lookup is performed through WebTitan to find the IP address associated with the domain
  • If the resource exists, WebTitan will provide the IP address to the browser. If the domain or web page is malicious or violates your organization’s policies, no IP address will be provided, a connection to the site will not be made, and the user will be presented with a local block page telling them why that resource cannot be accessed.

Your standard DNS request will go through all of those steps aside from applying filtering controls. All that changes with a web filter is filtering controls are applied.

Web Filters are Easy to Bypass

Once you set up your DNS to point to WebTitan, all internet traffic will be subject to filtering controls. For most businesses that will be sufficient, however, web filters can be bypassed by using an anonymizer/proxy website. Connect to the anonymizer site, and through that site any other website can be accessed, thus bypassing the filter. The solution? Click the checkbox in WebTitan to block access to anonymizer sites.

A web filter can be used to block the use of shadow IT by preventing downloads of unauthorized software, including unauthorized VPNs, to prevent this method of web filter bypass.

Maybe, one of your employees will try to change the DNS settings on their laptop to access the unfiltered internet. This is why you need to lockdown your laptops to make sure that is not possible. You should also block DNS requests to anything other than your approved DNS service. If you use an external DNS server, only allow port 53/UDP to access the IP addresses of your chosen DNS filtering service servers. If you host your DNS server internally, ensure that local computers query your local DNS server, and only your DNS server queries the web filtering DNS service on the Internet.

No web filter is infallible, but by taking these steps it will be much harder to bypass the filter and it will be beyond the ability of most employees.

Internet Speeds will be Greatly Reduced

One of the web filtering myths that is based in fact is the slowing of internet speed. Filtering the internet can result in latency and a slowing of internet speed. If you require your users to login remotely using a VPN, then connect to your secure web gateway appliance, this will naturally result in latency. Backhauling traffic to the office, especially when your remote workers have slow home internet connections, will result in significant latency.

The solution is to use a DNS-based filtering solution on your employees’ laptops. With a DNS filter there is no backhauling of traffic, as the DNS filter can be integrated into the laptop. When a request is made to view a website, filtering takes place as part of the DNS lookup process. Point your DNS to WebTitan and filtering takes place before any content is downloaded, with zero latency.

Web Filtering Myths

How to Defend Against Phishing Attacks on Remote Workers

There has been an increase in phishing attacks on remote workers using COVID-19 as a lure over the past few months. Multiple studies suggest the number of COVID-19 related phishing attacks have soared. The anti-phishing training company KnowBe4 placed the rise at about 600% in Q1, 2020, and that rise has continued in Q2.

As was pointed out by Microsoft, the total number of phishing attacks has not increased by any major degree during the COVID-19 public health emergency, as cyber actors have finite capabilities for conducting attacks. What has happened is threat actors have abandoned their standard phishing campaigns and have repurposed their phishing infrastructure and are now using COVID-19 lures, and with good reason.

People crave information about the 2019 Novel Coronavirus, SARS-CoV-2, and COVID-19. There is a thirst for knowledge about the virus, how it infects people, how to prevent infection, and how great the risk is of catching it. With little information available about this new virus, finding out more information required following the news from countries around the world that are involved in research. Unsolicited emails offing important information naturally had a high open rate, so it is no surprise that COVID-19 phishing attacks have increased.

To control the spread of the virus, countries have gone into lockdown, so businesses have had to allow their employees to work from home. The increase in home workers happened very quickly, so businesses did not have the time to prepare properly and that meant new risks were introduced. It is therefore no surprise that there has been an increase in data breaches during the COVID-19 pandemic. Cybercriminals have taken advantage of lapses in security, insufficient staff training, and the vulnerabilities that are introduced when employees are forced to work in an environment that has not been set up remote working.

IT teams have had to rapidly purchase new laptops to allow employees to work outside the office and there has not been time to properly secure those devices. VPN infrastructure was not sufficient to cope with the rapid increase in users. Home networks lack the security of corporate networks, and training employees on working from home securely had to be rushed. In order to allow remote workers to access the data they need, data has had to be moved to the cloud, and that has inevitably resulted in vulnerabilities being introduced. In short, the attack surface has increased considerably, huge numbers of devices are being used outside the protection of the corporate firewall, and new working environments have greatly increased the potential for errors.

Cybercriminals have taken advantage of these new vulnerabilities. Unpatched VPNs and software flaws are being exploited, RDP is being targeted, but phishing and spear phishing attacks offer the easiest way of gaining access to sensitive corporate data and spreading malware and ransomware. Improving phishing defenses is therefore critical.

Important Phishing Defenses for Remote Workers

Improving phishing defenses is one of the most important ways of protecting remote workers, their devices, and the networks and data that they are accessing remotely. Listed below are simple steps you can take to improve security and reduce risk.

Improve Email Security

The easiest way to thwart phishing attacks is to block the emails at source, and that requires a powerful anti-phishing solution. Many businesses have been relying on the standard anti-phishing measures provided with Office 365 – Exchange Online Protection (EOP). EOP is effective at blocking spam and standard (known) phishing attacks, but it is not particularly effective at blocking zero-day threats: New, previously unseen phishing and malware attacks. There have been a great many of zero-day attacks during the COVID-19 lockdown.

They key to improving email security is layered defenses. Adding an extra layer of email security on top of EOP will greatly improve detection rates. It is best not to put all your eggs in one basket and opt for the second (paid) tier of protection offered by Microsoft (Advanced Threat Protection or APT), instead use a third-party dedicated anti-spam and anti-phishing solution that features predictive threat detection and advanced anti-phishing mechanisms to detect zero-day threats. SpamTitan features machine learning, predictive technology, threat intelligence feeds, sandboxing, dual anti-virus engines and more to ensure that zero-day threats are blocked. SpamTitan adds an important extra layer of security, and SpamTitan itself includes layered defenses against phishing attacks.

Implement a Web Filter

Security can be further improved with a web filtering solution such as WebTitan. A web filter adds another layer to your anti-phishing defenses by blocking the web-based component of phishing and malware attacks. If a phishing email does reach an inbox, a web filter can prevent a click on a hyperlink from turning into a data breach. WebTitan provides time of click protection to block attempts by employees to visit malicious websites, such as those used to phish for credentials or distribute malware. WebTitan can be used to block web-based attacks for office and remote workers and allows different controls to be set depending where employees connect to the internet.

Train Staff and Conduct Phishing Simulations

Remote employees need to be trained how to work and access data securely, and that means refresher cybersecurity training should be provided to reeducate employees about cybersecurity best practices. Trai9ning must also be provided on how to work securely from home.

Phishing is the easiest way that employees can be attacked, so they must be trained how to recognize a phishing email. It is also useful to run phishing email simulations on remote workers to find out which employees have taken the training on board and who needs further training. Training can reduce susceptibility to phishing attacks by up to 90%.

Increase in Malvertising Highlights Importance of Strong Internet Security Measures

The massive increase employees working reportedly has not been missed by cybercriminals, who are actively targeting these workers using a variety of tactics to fool them into disclosing their credentials or installing malware. Phishing attacks remain the most common method used to attack remote workers, but there has also been a notable increase in malvertising during the COVID-19 pandemic.

Malvertising is the practice of creating malicious adverts which are syndicated across legitimate websites through third-party ad networks. The malicious adverts are used to redirect website visitors to webpages where credentials are harvested, malware is downloaded, or to other scams to obtain fraudulent payments or charitable donations.

Several COVID-19 themed ploys have been used in these malvertising campaigns to trick people into downloading malware. These scams prey on fears about SARS-CoV-19, often spoofing WHO and other COVID-19 authorities to add legitimacy to the campaigns. A common theme is an offer of important advice on how to protect against COVID-19.

There rise in malvertising activity during the COVID-19 pandemic has been significant, with some reports indicating the number of malicious adverts have doubled in March compared to standard levels of malicious advert activity prior to the pandemic.

A malvertising campaign was recently identified that spoofed the anti-malware software vendor Malwarebytes. The campaign claimed the user’s computer was infected with malware and a download of Malwarebytes’ software was required to remove the infections. The malicious webpage used for the scam was on a malwarebytes-free domain that was registered on March 29, 2020. The site used a copycat template created from stolen branding from the genuine site. Any individual that landed on the website that was using the Internet Explorer browser was redirected to a webpage hosting the Fallout exploit kit that silently downloads the Raccoon information stealer.

There was a major increase in domain registrations related to COVID-19 in March. While not all of these websites are currently being used for nefarious purposes, many are being used for scamming. NTT recently issued an alert stating that around 2,000 COVID-19 domains are being set up each day and there has been a significant rise in phishing attacks directing users to newly registered domains. The TrickBot Trojan accounts for the majority of malware infections from these sites. Figures from Palo Alto Networks’ Unit 42 team show there was a 656% increase in the number of new COVID-19 related domains registered in March.

The increase in web-based attacks calls for improvements to cybersecurity defenses to protect remote employee’s devices from malware infections. A download of malware onto a user’s device could easily see the malware transferred to the network when the user connects.

One of the easiest and most effective ways of blocking these attacks is to implement a web filtering solution such as WebTitan Cloud. With WebTitan Cloud in place, when a user attempts to visit a malicious website, or when an attempt is made to redirect a user through malvertising, rather than arriving on the website the user will be directed to a local block page.

WebTitan Cloud also allows filtering controls to be applied to control the types of websites employees can visit on their corporate-owned devices. Controls can be applied to block access to risky websites such as torrents and peer-to-peer file sharing sites, which are also being used to distribute malware.

WebTitan Cloud is a DNS-based filter that conducts filtering at the DNS lookup stage of a web request. Applying filtering controls and restricting access to certain categories of website involves no latency, which is especially important during lockdown when employees typically have far less bandwidth available than at the office.

WebTitan Cloud does not require the installation of a clients and the solution can be set up and configured in minutes to protect all workers, no matter where they choose to access the internet.

If you are interested in improving internet security and want to find out more about WebTitan Cloud and DNS filtering, call TitanHQ today to book a product demonstration, register for a free trial, and start protecting your employees from online threats.

Cybercriminals Are Exploiting Uncertainty and Fear About Coronavirus and COVID-19

Cybercriminals are taking advantage of the 2019 Novel Coronavirus pandemic and are exploiting fear to spread malware and steal data. These tactics many not be new, but these campaigns pose a significant threat in the current climate of global fear and worry.

People are naturally worried about contracting COVID-19 and will be concerned about the wellbeing of their friends and family members. Many people crave new information to help avoid them avoid illness and protect their families. If that information arrives in an inbox, email attachments may be opened, and links clicked to malicious websites.

Even when training is provided to employees and they are taught not to respond to unsolicited messages, open email attachments, or click links in emails from unknown senders, mistakes can still be made. During the COVID-19 crisis, stress levels are high, and this can easily lead to decisions being taken that would not normally be made.

Businesses have been forced to allow their employees to work from home, many of whom are now working in a home environment where there are many distractions. Many people do not have home offices where they can quietly work, and a challenging working environment also makes mistakes more likely. Those mistakes can prove very costly.

Phishing campaigns are being conducted targeting home workers as they are seen as low-hanging fruit and an easy way to gain access to business networks to install malware, ransomware, and steal sensitive data. Several campaigns have been detected that offer important advice on the 2019 novel coronavirus that impersonate authorities on disease control and prevention such as the U.S. Centers for Disease Control and Prevention (CDC), U.S. Department of Health and Human Services, UK National Health Service, and the World Health Organization (WHO). The phishing campaigns are credible, claim to offer important advice, and are likely to be opened by many individuals. These campaigns seek remote access credentials and distribute malware.

Coronavirus maps that display the number of cases per country are being used on many websites, including a legitimate COVID-19 case tracking map on Johns Hopkins University website.  One campaign has been detected that uses a carbon copy map and urges users to download a desktop application that allows them to track new cases. The application installs the information-stealing AZORult Trojan. As the COVID-19 crisis has deepened, these phishing and malspam campaigns have increased significantly.

With more people working from home and self-isolating, the risk of malware and phishing attacks has increased significantly. It is therefore important for businesses to make sure that they are properly protected and manage risk. During this difficult time, it is important to provide security awareness training to staff to keep them aware of the threat of cyberattacks and to help them identify malicious messages. Phishing simulation exercises are a useful way of assessing risk and identifying individuals that require further training.

It is also important to implement additional control measure to block attacks at source. There are two main attack vectors being used to target remote workers: Email and the web. Due to the high risk of mistakes by employees it is essential for businesses to have an effective email security solution in place.

The key to improving email security is defense in depth. Layered defenses will greatly improve resilience to phishing and malware attacks. If you are using Office 365 and have yet to augment protection with a third-party email security solution, now is the ideal time. One 2019 study showed that Office 365 protections only block around 75% of phishing attempts. Given the increase in phishing volume, a great many malicious emails will land in inboxes unless protection is improved.

The more time people spend online, the greater the risk. With many workers housebound and self-isolating, online time has increased considerably. Unsurprisingly, the of number of malicious domains being used to distribute malware has increased and drive-by malware attacks have spiked. With corporate laptops being used at home, steps should be taken to limit what employees can do on those laptops. Blocking access to ‘risky’ websites such those distributing pirated TV shows and movies will help to reduce the risk of a malware download, along with controls to prevent the downloading of risky file times such as software installers and executable files.

A web filtering solution will allow you to control the sites that remote employees can access on their corporate laptops and prevent malicious websites from being visited. A cloud-based web filtering solution is the ideal choice as it can be easily implemented to protect all remote workers, without causing any latency issues.

TitanHQ can help you protect your telecommuting workers from email and web-based threats. SpamTitan is a powerful email security solution that compliments Office 365 anti-spam and anti-phishing controls and enhances protection against phishing, spear phishing, and zero-day malware.  WebTitan is a cloud-based DNS filtering solution that is simple to implement that allows you to carefully control the online activities of remote employees and block drive-by malware downloads and other web-based threats.

Both solutions can be implemented in a matter of minutes and will greatly improve protection against web and email-based threats. For further information, to book a product demonstration, or to register for a free trial, contact TitanHQ today.

Why a DNS Filter Should be Part of Your Security Stack

Phishing attacks are increasing and malware is a growing threat. A DNS filter adds an important level of protection to block these attacks. In this post we explain why.

The Growing Threat from Malware and Phishing Attacks

There are various methods used to deliver malware, but email remains one of the most common methods of distributing malware, either through malicious attachments or hyperlinks in emails that direct users to websites where malware is downloaded. The latter is a popular method of malware delivery as there is an increased chance that the hyperlink will not be detected as malicious by an email security solution. Various tactics are used to mask these URLs from email security solutions, such as adding the hyperlink to an attached file such as a PDF.

The Emotet Trojan is one of the most prevalent threats and also one of the most dangerous. Emotet is primarily spread via email through a combination of attachments and malicious URLs. The Trojan is an information stealer capable of spreading across networks to infect other vulnerable devices. Removing the malware is problematic, as there are usually multiple devices infected. As soon as the malware is removed from one device, others on the network re-infect the cleaned machine. Emotet is also a malware downloader. Once all valuable information has been obtained post-infection, other malware variants such as the TrickBot Trojan and RYUK ransomware are downloaded. All devices infected with Emotet are added to the botnet. An analysis by the SpamHaus project revealed around 6,000 malicious URLs are emitted from infected devices, which act as compromise vectors.

An advanced spam filter will ensure that the majority of malicious emails are blocked, but it is important not to totally rely on a spam filter alone to block email-based malware and phishing attacks. The key to a strong defense is to implement layered defenses. With overlapping layers of security, if one layer fails to block a threat, another is in place to provide protection. One of the most important additional protections against phishing attacks and email-based malware is a web filter.

Why a Web Filter is so Important

Phishing attacks have an email and web-based component. The email contains the lure and a hyperlink is included that directs the recipient to a webpage hosting a phishing kit. When the user visits the website credentials and other sensitive information is harvested. A spam filter will block most of these phishing emails and a web filter provides protection against emails that are not blocked, as well as protecting against accidental navigation to malicious websites through malvertising or general web browsing.

A web filter is a form of content control that prevents network users from visiting known malicious websites. When a network user attempts to visit a malicious website, rather than connecting to the site, they are directed to a block page. That block page informs the user that they have attempted to visit a prohibited website which, in this case is a phishing page or website hosting malware. It could equally be a website that violates an organization’s internet usage policies. A web filter therefore serves as an additional, and important, layer of security to block phishing attacks and malware and ransomware downloads.

Web Filtering Options

There are different web filtering options available. Appliance-based web filters were once the go-to solution, but cloud-based filtering is now much more common, more cost effective for most organizations, and easier to implement and maintain.

Appliance-based solutions are not scalable. Once capacity has been reached, another appliance must be purchased. Software-based web filters, which are usually deployed as a virtual appliance on existing hardware, are a good choice but the most popular web filtering solutions are cloud-based. With cloud-based web filters, all filtering takes place in the cloud on the service provider’s hardware. Cloud-based filters are highly scalable. If capacity is increased, additional licenses just need to be purchased which takes seconds.

DNS Filtering is the Most Flexible Web Filtering Choice

The most popular, flexible, and scalable solution is a DNS filter. When a user makes a request to visit a website, such as by clicking a hyperlink or navigating to a website through their browser, a set of procedures must be followed to display the content.

One of the first steps is to send a query to the DNS server. The DNS server matches an easy to remember domain name – google.com for instance – with an IP address that allows the site to be found. A DNS filter works at this stage of the process and will block attempts to visit prohibited websites or malicious sites before any content is downloaded. Modern DNS filters do not just block content at the domain level. They also block content at the URL and page level. This means that a page on Medium.com could be blocked, while other content on the site is allowed. This means filtering controls are very granular and there is less potential for overblocking of web content.

WebTitan – A DNS Filter for SMBs and MSPs Serving the SMB Market

TitanHQ’s DNS filtering solution – WebTitan – has been developed for use by SMBs, MSPs providing security services to SMBs, and ISPs with millions of users. WebTitan includes market-leading classification of web content and malicious URL detection, and the solution is updated in real-time with more than 60,000 malicious URLs added to the filter every day. The solution includes advanced analytics and threat intelligence feeds and covers more than 99.9% of the active web. The solution is also easy to integrate into your own systems through TitanHQ’s API, and the solution can be purchased, set up, and be providing protection in just a few minutes.

For more information on WebTitan, to sign up for a free trial, or to book a product demonstration, give the TitanHQ team a call today.

How to Protect Remote Workers from Wi-Fi Threats

Today there is an increasingly mobile workforce. Workers are able to travel and stay connected to the office and many employees are allowed to work remotely for at least some part of the week. While workers are in the office, security is not a problem for IT departments. Workers connect to the internal network, be that a wired or wireless network, and thanks to the protection of the firewall, their devices and the network are protected. The problem comes when workers move outside the protection of that firewall. Here IT departments struggle to ensure the same level of protection.

When workers are travelling for work or are between the home and the office, they often connect to public Wi-Fi hotspots. Connecting to those hotspots introduces risks. While connected, sensitive information could potentially be disclosed which could be intercepted. Malware could also be inadvertently downloaded. When a connection is made to the work network, that malware could easily be transferred.

Connecting to untrusted Wi-Fi networks is a major risk. These could be legitimate Wi-Fi services provided on public transport, in coffee shops, or city-wide Wi-Fi networks. While these networks may be safe, there is no telling who may be connected to that network. These Wi-Fi networks are often not monitored, and cybersecurity protections may be poor.

There are several possible attack scenarios where an individual could perform malicious acts on users of the Wi-Fi network. One of the biggest risks is a man-in-the-middle attack. In this scenario, a Wi-Fi user will be connected to the network and will believe that they are securely accessing the internet, their email, or even the work network, when the reality is that their connection is anything but secure.

A hacker could be listening in and could obtain information from that connection. Through ARP poisoning, a hacker could trick the Wi-Fi gateway and the user’s device into connecting, and traffic would be routed through the hacker’s device where it is intercepted. An attacker could also create an evil twin hotspot. Here a rogue hotspot is created that closely mimics the genuine hotspot. A Wi-Fi user may mistakenly connect to the evil twin thinking they are connected to the legitimate hotspot. Since the evil twin is operated by the attacker, any information disclosed while connected can be intercepted.

Remote workers must be told never to connect to a Wi-Fi network unless they do so through a VPN than encrypts their data. Employees may forget to connect to their VPN, and if weak passwords are used, even if they are encrypted they could be cracked relatively easily, but with a VPN and password policies, risk will be reduced to a reasonable level.

Wi-Fi networks tend not to have the same protections as corporate networks, so there may be little restrictions on the types of website that can be accessed while connected. To protect remote workers, a DNS filter such as WebTitan should be used.

A DNS filter performs content control at the DNS lookup stage when a user attempts to access the internet. When a web address is entered in the browser, the DNS server looks up the fully qualified domain name (FQDN) and matches it with the IP address of the website. The browser is provided with the IP address and the server is contacted and the content is downloaded. With a DNS filter, before any content is downloaded, it is subject to certain rules. For instance, category-based filtering could be used to prevent adult content from being accessed. An attempt would be blocked before any content is downloaded. Importantly for security, the DNS filter would prevent the user from visiting any known malicious website. A phishing site for instance or a site known to harbor malware. With a cloud-based DNS filtering service, all filtering takes place in the cloud and there is no latency regardless of where the individual is located. DNS filtering protects workers on corporate networks as well as remote workers.

A further control that is useful is an email filtering solution, such as SpamTitan, that incorporates Domain-Based Message Authentication, Reporting, and Conformance (DMARC).

In the event of a user’s email credentials being obtained in a man-in-the-middle attack via a rogue Wi-Fi hotspot, their email account could be accessed by the attacker. Since legitimate credentials are being used, this would not generate any alerts and the attacker could peruse the email account in their own time. If the account is used to send phishing messages, as they often are, DMARC will prevent those messages from being delivered and will alert the company to the issue.

The DMARC element of the spam filter checks the sender’s IP address to make sure it matches the IP on the DNS servers for the sender’s organization to make sure they match. If the IP is not authorized to send messages from that domain, the messages will be rejected or quarantined, and the company would be alerted to the phishing attack. The same is true for spoofing of email addresses.

SpamTitan also includes dual anti-virus engines to identify malware sent via email and sandboxing to help catch previously unknown malware variants that have yet to have their signatures uploaded to AV engines. Any malware sent via email will also be quarantined to keep inboxes free of threats.

If you run a business and allow workers to connect remotely, speak to TitanHQ today to find out more about how you can better protect your remote workers, and your business, from cyberattacks conducted via email and the web.

Our team of highly experienced staff will walk you through the benefits of DNS and spam filtering, can schedule a personalized product demonstration, and will help you get set up for a free trial of SpamTitan and WebTitan. You can then evaluate both solutions in your own environment. Both solutions can be set up and protecting you in a matter of minutes.

Rise in Cyberattacks on Law Firms Highlights Need for Additional Security Layers

The increase in cyberattacks on law firms has highlighted a need for greater security protections, especially to protect against phishing, malware, and ransomware.

According to a recent Law.com report, more than 100 law firms are known to have experienced cyberattacks in the past five years: Cyberattacks that have resulted in hackers gaining access to sensitive information and, in many cases, employee, attorney, and client information.

Investigations such as this are likely to uncover just a small percentage of successful cyberattacks, as many are resolved quietly and are not reported. Many law firms will be keen to keep a cyberattack private due to the potential damage it could do to a firm’s reputation. The reputation of a law firm is everything.

As Law.com explained, there are different data breach reporting requirements in different states. If there is no legal requirement to report the data breaches, they will not be reported. That means that only if reportable information has potentially been compromised will the breach be reported to regulators or made public. It is therefore not possible to tell how many successful cyberattacks on law firms have occurred. However, there has been a steady rise in reported cyberattacks on law firms, as is the case with attacks on other industry sectors. Law.com’s figures are likely to be just the tip of the iceberg.

From the perspective of cybercriminals, law firms are a very attractive target. The types of information stored on clients is incredibly valuable and can be used for extortion. Information on mergers and takeovers and other sensitive corporate data can be used to gain a competitive advantage. Cybercriminals are also well aware that if they can deploy ransomware and encrypt client files, there is a higher than average probability that the ransom will be quietly paid.

Based on the information that has been made public about law firm data breaches, one of the main ways that law firms are attacked is via email. Many of the data breaches started with a response to a phishing or spear phishing email. Phishing allows cybercriminals to bypass even sophisticated cybersecurity protections as it targets a well-known weakness: Employees.

Employees can be trained to be more security aware and be taught how to recognize potential phishing emails, but phishers are conducting ever more sophisticated campaigns and every employee will make a mistake from time to time. That mistake could be all that it takes to compromise a computer, server, or a large part of a network.

One firm contacted for the report explained that it had implemented advanced cybersecurity protections that were undone with a phishing email. The digital security measures it had in place greatly restricted the harm caused, and there was no evidence that the attacker had accessed sensitive information, but the attack did succeed.

In response, the law firm implemented more advanced security protocols, implemented a more aggressive spam filter, multi-factor authentication was used more widely, and it revised its policies and procedures and training. Had those measures been implemented in advance, it may have been possible to block the attack.

The response was to implement more layered defenses, which are critical for blocking modern cyberattacks. Overlapping layers of security ensure that if one measure fails, others are in place to prevent an attack from succeeding.

This is an area where TitanHQ can help. TitanHQ has developed cybersecurity solutions that can fit seamlessly into existing security stacks and provide extra layers of security to block the most common attack vectors. TitanHQ’s email and web security solutions – SpamTitan and WebTitan – provide advanced protection without compromising usability.

Since many clients prefer to communicate via email, it is important for all incoming attachments to be analyzed for malicious code. Extensive checks are performed on all incoming (and outgoing) emails, with SpamTitan able to block not only known malware but also zero-day threats. SpamTitan also includes DMARC email authentication to block email impersonation attacks and sandbox to analyze suspicious files and identify malicious or suspicious activity.

WebTitan provides protection from web-based threats. Most malware is now delivered via the internet, so a web security solution is essential. WebTitan is a DNS filtering solution that protects against all known malicious sites. It is constantly updated in real time through threat intelligence services to ensure maximum protection. The solution provides advanced protection against drive-by downloads and malicious redirects to exploit kits and other malicious sites and provides and important additional layer of security to protect against phishing attacks.

Law firms will no doubt prefer to host their cybersecurity solutions within their own environments or private clouds, which TitanHQ will happily accommodate.

For further information on TitanHQ’s cybersecurity solutions for law firms, contact the TitanHQ team today. Managed Services Providers serving the legal industry should contact TitanHQ’s channel team to find out more about the TitanShield program and discover why TitanHQ is the leading provider of cloud-based email and web security solutions to MSPs serving the SMB market.

Spelevo Exploit Kit Now Delivering Maze Ransomware

The Spelevo exploit kit is being used to deliver Maze ransomware to unsuspecting internet users via a vulnerability in Adobe Flash Player.

The Spelevo exploit kit has been used to deliver a variety of malicious payloads since it was first detected in early 2019. Initially it was used to silently download the GootKit Trojan, and latterly the Dridex and IceD banking Trojans. Now the threat actors behind Maze ransomware have joined forces with the EK developers to deliver their malicious payload.

Spelevo has previously been loaded onto a compromised business-to-business contact website to target business users, although the latest campaign uses ad network traffic to send users to a fake cryptocurrency website, where they are then redirected to a web page hosting the exploit kit.

The Flash Vulnerability – CVE-2018-15982 – is then exploited in the browser to silently download and execute the ransomware payload. If that download occurs, the user’s files will be encrypted. There is currently no free decryptor for Maze ransomware. Recovery will depend on restoring files from backups – provided they too have not also been encrypted – or the user will face permanent file loss if they do not pay the ransom demand. The ransom doubles if payment is not made within a week.

Exploit kits used to be one of the main ways that malware was distributed, although they fell out of favor with cybercriminals who found alternate, more profitable ways to earn money. The threat never disappeared but exploit kit activity dropped to a tiny fraction of the level seen a few years ago when Angler exploit kit activity was at its peak. However, over the past year or so, exploit kit activity has been increasing. Today, there are several active exploit kits that are being used to deliver a variety of malware and ransomware payloads.

Exploit kits will only work if they have been loaded with an exploit for a vulnerability that has not been patched on a user’s device. Prompt patching will ensure that even if a user lands on a web page hosting an exploit kit, no malware download will take place. However, many businesses are slow to apply patches and it can be several months before vulnerabilities are corrected.

One of the best defenses against exploit kits is a DNS filter. A DNS filter is a control mechanism used to prevent users from visiting malicious websites. With a DNS filter in place, websites known to host malware or malicious code are blocked at the DNS lookup stage, before any content is downloaded. If a user attempts to visit a known malicious web page, they will be directed to a block screen instead.

Web filters can also be used to prevent ‘risky’ file types from being downloaded, such as .exe, .scr, or .js files.  In addition to blocking malware downloads, a DNS filter can be used by businesses to enforce their acceptable internet usage policies and prevent employees from accessing productivity-draining websites and adult content.

A web filter is an important part of layered defenses against malware and other internet-based attacks such as phishing. TitanHQ’s DNS filter, WebTitan, is used by thousands of businesses and managed service providers to protect against web-based threats. WebTitan blocks more than 60,000 new malware sites every day and provides businesses and MSPs with real-time protection against the full range of web-based threats.

WebTitan can be deployed in minutes, is updated automatically, highly scalable, and costs as little as 90 cents per user per month. The productivity gains alone from using the solution mean it more than pays for itself, let alone the savings from preventing phishing attacks and costly malware downloads and data breaches.

To find out more about DNS filtering and why it is now considered an essential part of layered security defenses, give the TitanHQ team a call. Our support staff will be happy to answer your questions, book a product demonstration, and help you get set up for a free trial.

Rise in Ransomware Attacks on Education Institutions Highlights Need for Improved Defenses

Ransomware attacks slowed in 2018 but the malicious file-encrypting malware is back with a vengeance. Ransomware attacks on educational institutions have soared this year, and as the attackers are well aware, these attacks can be extremely profitable.

There have been 182 reported ransomware attacks so far this year and 26.9% of those attacks have been on school districts and higher education institutions. The increase has seen education become the second most targeted sector behind municipalities (38.5%) but well ahead of healthcare organizations (14.8%).

The reason why the number of ransomware attacks on educational institutions, healthcare, and municipalities is so high compared to other sectors is because attacks are relatively easy to perform and there is a higher than average chance that the ransoms will be paid.

Attacks on municipalities mean they can’t access computer systems, and essential services grind to a halt. Police departments can’t access criminal records, courts have to be shut down, and payments for utilities cannot be taken. If hospitals can’t access patient data, appointments have to be cancelled out of safety concerns. In education, teachers cannot record grades and student records cannot be accessed. Administration functions grind to a halt and a huge backlog of work builds up.

Some of the recent ransomware attacks on school districts have seen schools forced to send students home. Monroe-Woodbury Central School District in New York had to delay the start of the school year due to its ransomware attack. If students need to be sent home, there is often backlash from parents – Not only because their children are not getting their education, but childcare then needs to be arranged.

The costs of these attacks are considerable for all concerned. Each day without access to systems costs schools, universities, municipalities, and hospitals a considerable amount of money. Downtime is by far the biggest cost of these attacks. Far greater than any ransom payment.

It is no surprise that even when ransom demands are for tens or hundreds of thousands of dollars, they are often paid. The cost of continued losses as a result of the attacks makes paying the ransom the most logical solution from a financial perspective. However, paying the ransom sends a message to other cybercriminals that these attacks can be extremely profitable, and the attacks increase.

The huge cost of attacks has seen educational institutions take out insurance policies, which typically pay the ransom in the event of an attack. While this is preferable financially for the schools, it ensures that the attackers get their pay day. Some studies have suggested that attackers are choosing targets based on whether they hold insurance, although the jury is out on the extent to which that is the case.

In total, 49 school districts and around 500 K-12 schools have been affected by ransomware attacks this year. While the ransomware attacks on school districts have been spread across the United States, schools in Connecticut have been hit particularly hard. 7 districts have been attacked, in which there are 104 schools.

Prevention of these attacks is key but securing systems and ensuring all vulnerabilities are identified and corrected can be a challenge, especially with the limited budgets and resources of most schools. Cybersecurity solutions need to be chosen wisely to get the maximum protection for the least cost.

A good place to start is by addressing the most common attack vectors, which for ransomware is Remote Desktop Protocol and email-based attacks.

Remote Desktop Protocol should be disabled if it is not required. If that is not possible, connection should only be possible through a VPN. Rate limiting should also be set to block access after a number of failed login attempts to protect against brute force password-guessing attacks.

Email security also needs to be improved. Massive spam campaigns are being conducted to distribute the Emotet banking Trojan, which serves as a downloader for Ryuk ransomware and others. Embedded hyperlinks in emails direct end users to sites where they are encouraged to download files that harbor malware, or to exploit kits where ransomware is silently downloaded.

Advanced spam filters should be deployed that incorporate sandboxing. This allows potentially suspicious email attachments to be checked for malicious activity in a safe environment. DMARC email authentication is also important as it is one of the best defenses against email impersonation attacks. SpamTitan now incorporates both of these measures.

A DNS based content filtering solution is also beneficial as an additional protection against malware downloads and phishing attacks. Not only can the content filter be used to ensure compliance with CIPA, it will prevent end users from visiting malicious websites where ransomware is downloaded.

Email attacks usually require some user interaction, which provides another opportunity to block the attacks. By educating all staff and students on the risks, they can be prepared for when malicious emails arrive in their inboxes and will be conditioned how to respond.

It is often the case that breached entities only implement these measures after an attack has occurred to prevent any further attacks from succeeding. By taking a more proactive approach and implementing these additional security measures now, costly, disruptive attacks can be avoided.

For more information on ransomware defenses such as email and DNS filters for educational institutions, give the TitanHQ team a call today. You are likely to find out that these security measures are far cheaper than you think… and naturally a great deal less expensive than having to deal with an attack.

How Does DNS Filtering Work?

Venture online and you will be faced with a wide range of threats, some of which could result in your bank account being emptied, others could see sensitive information being compromised and your accounts being hijacked. Then there is ransomware, which could be used to stop you from accessing your data (unless you have backups or pay the ransom).

More malicious websites are now being created than legitimate sites, so how can you stay safe online? One solution used by businesses and ISPs is a web filter. A web filter can be configured to restrict access to certain categories of Internet content and block the majority of malicious websites.

While it is possible for businesses, MSPs, and ISPs to purchase web filtering appliances that sit between end users and the Internet, DNS filters allow the Internet to be filtered without having to purchase any hardware or install any software. So how does DNS filtering work?

How Does DNS Filtering Work?

DNS filtering – or Domain Name System filtering to give it its full title – is a technique of blocking access to certain websites, webpages, and IP addresses. The DNS is what allows easy to remember domain names to be used – such as Wikipedia.com – rather than typing in very difficult to remember IP addresses – such as 198.35.26.96. The DNS maps IP addresses to domain names to allow computers to find web resources.

How DNS Filtering WorksWhen a domain is purchased from a domain register and that domain is hosted, it is assigned a unique IP address that allows the site to be located. When you attempt to access a website, a DNS query will be performed. Your DNS server will look up the IP address of the domain/webpage, which will allow your browser to make a connection to the web server where the website is hosted. The webpage will then be loaded. The actual process involves several different steps, but it is completed in a fraction of a second.

So how does DNS web filtering work? With DNS filtering in place, rather than the DNS server returning the IP address if the website exists, the request will be subjected to certain controls. DNS blocking occurs if a particular webpage or IP address is known to be malicious. The DNS filter will use blacklists of known malicious websites, previous crawls of new websites and web pages, or web content will be assessed in real time if the web page or website has not previously been crawled and categorized. If the website trying to be accessed is determined to be malicious or otherwise violates pre-defined policies, instead of the user being connected to the website, the browser will be directed to a local IP address that displays a block page explaining why the site cannot be accessed.

This control could be applied at the router level, via your ISP, or by a web filtering service provider. In the case of the latter, the user – a business for instance – would point their DNS to the service provider. That service provider maintains a blacklist of malicious webpages/IP addresses and access to those sites is prevented.

Since the service provider will also categorize webpages, the DNS filter can also be used to block access to certain categories of webpages – pornography, child pornography, file sharing websites, gambling, and gaming sites for instance. Provided a business creates an acceptable usage policy (AUP) and sets that policy up with the service provider, the AUP will be enforced. Since DNS filtering is low-latency, there will be next to no delay in accessing safe websites that do not breach an organization’s acceptable Internet usage policies.

Will a DNS Filter Block All Malicious Websites?

Unfortunately, no DNS filtering solution will block all malicious websites, as in order to do so, a webpage must first be determined to be malicious. If a cybercriminal sets up a brand-new phishing webpage, there will be a delay between the page being created and it being checked and added to a blacklist. However, a DNS web filter will block the majority of malicious websites.

Can DNS Filtering be Bypassed?

The short answer is yes. Proxy servers and anonymizer sites could be used to mask traffic and bypass the DNS filter unless the chosen solution also blocks access to these anonymizer sites. An end user could also manually change their DNS settings locally unless they have been locked down. Determined individuals may be able to find a way to bypass DNS filtering, but for most end users, a DNS filter will block any attempt to access forbidden or harmful website content.

No single cybersecurity solution will allow you to block 100% of malicious websites or all NSFW websites. The purpose of a web filter is to reduce risk, not eradicate it entirely. Since the vast majority of malicious web content will be blocked, risk can be significantly reduced and there will only be a low chance of a website being accessed that violates your policies.

WebTitan Cloud from TitanHQ

WebTitan Cloud is a powerful, easy to implement DNS filtering solution that allows you to filter the internet and block access to malicious content and enforce your acceptable internet usage policies. Being DNS-based, there are no hardware requirements and no software downloads are required. To get started you simply point your DNS to WebTitan, set your filtering parameters through an easy to use web-based interface, and you will be filtering the internet in minutes. WebTitan Cloud can be used to protect users on and off the network, so it is the perfect choice for protecting remote workers from online threats as well as office staff.

WebTitan incorporates an intelligent AI-based component that provides real-time classification of websites for precision control over the content that can be accessed. WebTitan Cloud provides real-time categorization of over 500 million websites, and 6 billion web pages in 200 languages, including coverage of Alexa 1 million most visited websites. Industry leading antivirus is also incorporated to identify and block malware and ransomware threats. A full suite of reports gives you full visibility into the online activities of your employees and any guest users of your network. The reports can be scheduled or run on demand.

These and more features will allow you to block web-based threats and carefully control online activities for only a few dollars per user per year.

If you have yet to implement a web filtering solution, are unhappy with your current DNS filtering service, or you have questions about DNS content filtering, contact the TitanHQ team today and ask about WebTitan Cloud. We invite you to sign up for a free 14-day trial of the solution, including full support, to see for yourself the difference WebTitan makes.

WebTitan provides a simple and easy DNS filtering solution to protect your company and employees.

Request a Quote

Confidentiality Guaranteed
Details Never Shared

 

How Does DNS Filtering Work FAQ

What 3 things are most important about employee internet access?

Employees need internet access to complete their work duties, but it is essential to develop an acceptable Internet usage policy and get employees to sign it, that policy should be enforced using a web filtering solution, and you should have a sanctions policy for when employees violate the rules.

What is best, a web filtering appliance of cloud-based web filter?

Both options will provide clean, safe Internet access, but cloud-based web filtering does not require the purchase of a costly appliance, it is more flexible and scalable, and there is no patching burden. For SMBs and MSPs, cloud-based web filtering is the easiest and most cost-effective Internet filtering solution.

Does web filtering slow Internet speed?

Some web filtering solutions involve a degree of latency, but a DNS filtering solution will not slow internet speed as all filtering takes place at the DNS lookup stage of a web request before any content is downloaded. Filtering occurs in the same time as it takes to perform a standard DNS lookup so there is no latency.

How can I provide DNS filtering as a managed service as an MSP?

With WebTitan, adding web filtering to your service stack couldn’t be easier. WebTitan is can be set up in minutes, APIs allow easy integration into your existing back office systems, you will be provided with a white label version ready to take your branding, and you can even host the solution in your own environment.

How much does web filtering cost?

There is considerable variation in price between different web filtering solutions. The most expensive solution will not necessarily be the best option for your business. Price depends on contract term, the number of users, and add-ons. TitanHQ’s DNS filtering solution, WebTitan, typically costs around $1 per user, per month.

FBI Issues HTTPS Phishing Warning

The FBI’s Internet Crime Complaint Center (IC3) has issued a warning about the increasing number of phishing websites using HTTPS.

The green padlock next to a URL once gave an impression of security. Now it is a false sense of security for many internet users.

HTTPS or Hyper Text Transfer Protocol Secure to give it its full name, indicates the website holds a valid certificate from a trusted third-party. That certificate confirms that the website is secure and any data transmitted between the browser and the website will be encrypted to prevent interception in transit.

The public has been taught to look for the green padlock and HTTPS before entering card details or other sensitive information. However, the padlock does not mean that the website being visited is genuine. It only means any information transmitted is secured in transit between the browser and the website.

If you are buying a pair of shoes from Amazon, all well and good. If you are on a website controlled by a cybercriminal, HTTPS only means that the cybercriminal will be the only person stealing your data.

Cybercriminals create realistic phishing webpages that imitate well-known brands such as Microsoft and Google to obtain login credentials or banks to obtain banking information. These phishing pages can be set up on dedicated phishing websites or phishing kits can be added to previously compromised websites. Traffic is then generated to those webpages with an email phishing campaign.

If one of the links in the email is clicked, a user will be directed to a website that requests some information. If the website starts with HTTPS and displays the green padlock, the user may mistakenly believe the site is genuine and that it is safe to disclose sensitive information.

The IC3 alert was intended to raise awareness of the threat from HTTPS phishing and make the public aware of the true meaning of the green padlock and never to trust a website because it starts with HTTPS.

Businesses should take note and make sure they include HTTPS phishing in their security awareness training programs to raise awareness of the threat with employees.

A web filter can greatly reduce the risk of HTTPS phishing attacks, provided the web filter has the capability to decrypt, scan, and re-encrypt HTTPS traffic.

WebTitan provides real-time protection against web-based attacks and uses a constantly updated database of 3 million known malicious sites to block attempts to visit phishing websites. WebTitan is capable of SSL inspection and can inspect HTTPS traffic, block specific applications within a webpage, and display alerts or block sites with fake https certificates.

If you want to improve protection against web-based attacks, contact the TitanHQ team today for more information about WebTitan.

Buran Ransomware Distributed via RIG Exploit Kit

While it is good news the GandCrab ransomware operation has been shut down, ransomware attacks are on the rise and a new threat has been detected: Buran ransomware.

Buran ransomware lacks some of the common features of more successful ransomware strains. The ransomware does not make any attempt to hide its activity and it doesn’t attempt to hamper recover by deleting Windows shadow copies. However, it is capable of encrypting a wide range of file types and there is currently no free decryptor available to unlock encrypted files.

Buran ransomware is being spread via the RIG exploit kit, with traffic to that exploit kit generated using a malvertising campaign. Malicious adverts have been injected into legitimate ad networks and are being displayed on a range of different websites. The malvertising campaign was identified by security researcher nao_sec.

The malvertising campaign directs web browsers to a domain hosting RIG, which attempts to exploit several vulnerabilities in Internet Explorer. If an unpatched vulnerability exists, Buran ransomware will be downloaded and executed.

An analysis of the malware suggests it is a new variant of Vega ransomware that was previously used in a campaign in Russia.

While Buran ransomware may not be a long-term successor to GandCrab ransomware, there are many threat actors moving to fill the void. Sodinokibi ransomware attacks are increasing and the ransomware developers are also using a malvertising campaign on the PopCash ad network to deliver traffic to domains hosting the RIG exploit kit.

Exploit kits can only download malware if they have been loaded with an exploit for a vulnerability that has not been patched on a visitor’s computer. The primary defense against these attacks is to ensure that all Windows security updates are applied promptly, along with updates and patches for plugins and other browsers.

There is invariably a delay between a patch being issued and all devices being updated. To provide protection until patches are applied, and to protect against zero-day exploits, a web filtering solution is recommended. A web filter can be used to control the websites that can be visited by employees and can block access to known malicious websites to prevent attacks on vulnerable computers.

TitanHQ Incorporates Location-Based Filtering into WebTitan Cloud 4.12

A new version of WebTitan Cloud has been released by TitanHQ. WebTitan Cloud 4.12 offers existing and new customers the opportunity to set filtering controls by location, in addition to setting organization-wide policies and role and departmental policies via links to Active Directory/LDAP.

The new feature will be especially useful to MSPs and companies with remote workers, satellite offices, bases in multiple locations, and operations in overseas countries. Organization-wide web filtering policies can be set to prevent users from accessing illegal web content and pornography, but oftentimes, the one size fits all approach does not work for web filtering. The new location filter helps solve this.

MSPs can use this new feature to set web filtering controls for customers in different locations while businesses using WebTitan Cloud can easily set a range of different policies for all users from a specific location, whether those users are accessing the Internet on or off the network.

There will naturally be times when policies need to be bypassed to enable specific tasks to be completed. Rather than making temporary changes to location or other policies, WebTitan Cloud uses cloud keys which allow policy-based controls to be temporarily bypassed.

Accompanying the location-based controls are new reporting options which allow administrators to quickly access information about web views and blocked access attempts in real time. While reports can be useful, oftentimes information needs to be accessed quickly. To help administrators find the information they need, search functionality has been enhanced.

Administrators can use the search filter on the history page to search by location name. For MSPs this allows a specific customer to be selected and for traffic information at a specific location to be quickly viewed in real time, without having to generate a report.

Location-based when filtering policies can be set and viewed for all locations through the same user interface, giving administers full visibility into traffic and settings of all customers through a single pane of glass.

It is hoped that these updates will make WebTitan even more useful for businesses and MSPs and will further improve the user experience.
 

TitanHQ Partner ViaSat Launches Secure Managed WiFi Hotspot Service for SMBs

TitanHQ partner, Viasat, has launched a new managed Wi-Fi service for businesses that allows them to offer their customers free, in-store Wi-Fi at an affordable price point.

The service is aimed at small and medium sized businesses that want to reap the rewards of providing free Wi-Fi to customers. Businesses that provide free Wi-Fi access can attract new customers and can benefit from customers spending longer in stores.

One of the problems for small businesses is finding a hotspot solution that is affordable. Most SMBs have to resort to setting up Wi-Fi access themselves, which can be difficult. Further, should errors be made, security could be placed in jeopardy and customers – or hackers – could potentially gain access to the business Wi-Fi network.

The Viasat Business Hotspots service makes the creation and management of Wi-Fi hotspots simple. The service can be used to set up Wi-Fi networks indoors or outdoors and has scope for customization. The login page is supplied in white label form ready to take a company’s branding.

The solution keeps the business Wi-Fi network totally separate from the guest Wi-Fi network. Two separate Wi-Fi networks are provided through a single internet connection. The business network remains secure and private and cannot be accessed by guest users, who are only permitted to access the public guest network.

Viasat Business Hotspots is an enterprise-grade hotspot solution for SMBs complete with a range of management and security features.  Businesses that sign up for the solution can manage their hotspots through the Viasat management portal where they can view the status of the Wi-Fi network and equipment, manage user access, run a wide range of reports on usage, and customize their login screens.

Viasat Business Hotspots also incorporates enterprise-grade Wi-Fi security which is powered by WebTitan – TitanHQ’s advanced web content filtering solution.

WebTitan offers businesses the option of restricting the types of content that users can access while connected to the Wi-Fi network, such stopping users from visiting inappropriate websites, sites hosting malware, and phishing websites.

Granular controls allow businesses to carefully control content and apply application controls. The solution also includes a full reporting suite, which lets businesses see exactly what sites users are accessing, giving them valuable insights into user behavior while in-store.

TitanHQ Forms Strategic Cloud Distribution Partnership with GRIDHEART

TitanHQ has formed a strategic partnership with the GRIDHEART, which will see TitanHQ’s leading cloud-based email security, web security, and email archiving solutions made available to users of the Cloudmore Cloud Commerce platform.

GRIDHEART is a privately-owned Swedish company that delivers the world’s leading cloud-based solutions through its Cloud Commerce platform, Cloudmore.

For the past 10 years, GRIDHEART has been offering leading cloud solutions to its customers and resellers and now deals with more than 1,000 cloud partners. The Cloudmore platform makes selling cloud services easy and brings a wide range of cloud services together in a single unified platform.

The platform gives users complete centralized control over their cloud solutions and allows them to easily provision new customers, bill for services, automate processes, and obtain pre-and post-sales support. The platform provides a host of management tools to make control of SaaS and cloud computing simple.

The partnership with TitanHQ will see the Galway, Ireland-based cybersecurity firm add its leading cybersecurity solutions to the platform, through which users can manage the solutions for free.

GRIDHEART’s customers will be able to offer their clients the SpamTitan Cloud email security solution, the WebTitan web filtering solution, and the ArcTitan email security solution and provide multi-layered security to protect against email, web, and modern blended threats.

“By offering additional layers of cloud-based security through Cloudmore’ s unique Cloud Commerce platform, MSPs can procure and deploy IT services for their customers and quickly maximize their IT investment, enhance their security stack and lower operational costs for their customers,” said Rocco Donnino, Executive VP of Strategic Alliances at TitanHQ. “This agreement highlights the importance of delivering comprehensive security solutions to the MSP community through a single and powerful platform”

“TitanHQ fits the bill as a perfect partner with their razor focus on advanced threat protection via email and the web. We’ve very happy to have them on board,” said Stefan Jacobson, Sales Director of GRIDHEART.
 

Mandatory Internet Filtering in Hawaii Under Consideration

Two companion bills have been introduced in the House and Senate that require mandatory Internet filtering in Hawaii by device manufacturers to block access to adult web content, sites that facilitate human trafficking, and illegal content such as child and revenge pornography.

The bills mirror those introduced in other states in the U.S. to restrict access to adult content by default and prevent illegal online activities. The aim of the bills is not to prevent individuals from accessing adult content in Hawaii, only to make it harder for minors to gain access to inappropriate material and to make prostitution hubs harder for the general public to access. The proposed laws will simultaneously help to protect children and fight human trafficking.

If the bills are passed, Internet filtering in Hawaii will be required by default on all Internet-enabled devices that allow the above content to be viewed.

Adults that wish to opt in to view legal adult content will be free to do so, although in order to lift the digital content block they will be required to pay a one-off fee of $20. In order to have the content block lifted, an individual would be required to provide proof of age (18+) and sign to confirm they have been provided with a written warning about the dangers of lifting the content filter. In addition to the $20 fee, manufacturers, vendors, and other individuals/companies that distribute devices will be permitted to charge a separate, reasonable fee for lifting the content block on a device.

The money raised through the $20 fee payments will be directed to a fund which will be used to support victims of human trafficking and for projects that help to prevent human trafficking and child exploitation.

Any manufacturer, vendor, company, or individual covered by the act that does not implement a digital content block will be liable for financial penalties. Financial penalties will also be applied if requests to block covered content are received and are not added to the content filter within 5 days. Similarly, if a request is made to unblock content not covered by the bill and the request is not processed within 5 days a fine will be issued. The proposed fine is $500 per piece of content.

If the bills are passed, Internet filtering in Hawaii will be mandatory from July 1, 2020.
 

Benefits of Internet Content Control for Businesses

In this post we explore the key benefits of Internet content control for businesses and explain how the disadvantages can be minimized or eliminated.

The Problems of Providing Unfettered Internet Access to Employees

Providing employees with Internet access makes a great deal of sense. In order to work efficiently and effectively, employees need access to the wealth of information that is available online. Via the internet, businesses can interact with customers and vendors and provide them with important information. Information can easily be shared with colleagues rather than relying on email, and a wide range of online tools are available to improve productivity.

The Internet is something of a double-edged sword. It offers the opportunity to improve productivity, but it also has potential to reduce productivity. A great deal of time is wasted online by employees – Often referred to as cyber slacking. The losses to cyber slacking can be considerable. If each employee spends an hour a day on personal Internet use, a company with 50 employees would lose 50 hours a day or 250 hours a week. That’s 13,000 hours a year lost to personal Internet use. Many employees waste much more time online than an hour a day, so the losses can be significantly higher.

Personal Internet use can also result in legal problems for businesses. Businesses can be vicariously liable for illegal activities that take place on their network. Illegal file sharing for instance. Some online activities can also lead to the creation of a hostile work environment.

Giving employees full access to the Internet also introduces security risks. As well as very beneficial websites there is no shortage of malicious web content. Phishing websites are used to steal login credentials. If credentials are stolen, hackers can gain access to the network undetected and steal data and install malware. Malware downloads are also common. The cost of mitigating cyberattacks is considerable and can be catastrophic for small to medium sized businesses.

Common Internet Content Control Issues and How to Avoid Them

The solution to these issues is to implement an Internet content control solution. By carefully controlling the websites employees can access at work, productivity losses can be avoided and businesses can effectively manage risk. Access to phishing and other malicious websites can be blocked and businesses can block categories of website that are NSFW or are a major drain on productivity. The former includes adult content and the latter includes gaming websites, dating sites, and social media websites.

Internet content control for businesses is best achieved with a web filtering solution. This can either be an appliance that sites between your Internal network and the Internet through which all web traffic passes, or a DNS-based web filter that applies Internet content control for businesses at the DNS level.

The former is a more traditional approach to content control that comes with certain disadvantages. The latter is a more modern approach, that eliminates the problems of internet content control for businesses.

The benefits of Internet content control for businesses are clear but there are disadvantages. Latency is a key issue. If Internet speed is slowed, productivity declines. Appliance based filtering solutions tend to slow Internet access and download speeds. DNS-based Internet content control for businesses avoids this. There is no latency with DNS-level filtering.

Cost is another stickling point. An appliance-based solution requires a significant outlay and the appliances are not scalable. They need to be upgraded when the business grows. DNS-based solutions on the other hand are highly scalable – up and down. DNS-based filtering is much cheaper – a few dollars a year per employee. TitanHQ also offers monthly billing to make the cost more affordable.

Appliances need to be selected to fit in with your network architecture and there can often be compatibility issues. DNS-filtering allows businesses to seamlessly integrate Internet content control into the current infrastructure. DNS-based filters are technology agnostic and work on all operating systems.

Easy Internet Content Control for Businesses

WebTitan Cloud is an innovative, easy to use, DNS-based web filter that provides cost-effective Internet content control for businesses of all sizes.

For further information on WebTitan Cloud, to arrange a product demonstration, or to register for a free trial, contact TitanHQ today.

WebTitan Cloud v Cisco Umbrella

OpenDNS used to be a free DNS-based web filtering service, although it has since been acquired by Cisco and rebranded as Cisco Umbrella. Cisco Umbrella is a popular web filter for businesses, although many firms are now abandoning the product and making the switch to WebTitan Cloud. In this WebTitan Cloud v Cisco Umbrella post, we cover some of the key reasons behind this switch.

WebTitan Cloud v Cisco Umbrella

If you are currently a Cisco Umbrella customer and are considering a replacement DNS-based web filtering service, or if you have yet to make a decision on the best web filtering solution to match the needs of your business, we hope this quick WebTitan Cloud v Cisco Umbrella comparison is useful.

WebTitan Cloud v Cisco Umbrella: Key Differences

Cost and pricing

One of the main reasons why businesses switch from Cisco Umbrella to WebTitan is cost. Cisco Umbrella is a powerful web filtering solution, but generally speaking, WebTitan Cloud offers similar features and is a direct swap out. Businesses that make the switch can continue to filter the Internet to protect against web-based threats and exercise content control while making savings of up to 50%.

TitanHQ offers a simple and transparent pricing model with monthly billing. All features are included in the price, rather than the multi-tiered system of Cisco Umbrella that only provides the advanced features in the upper product tiers.

User Interface and Reporting

One of the main complaints about Cisco Umbrella is an overly complicated user interface which can make configuration, maintenance, and generating reports time consuming and difficult. If the staff doesn’t like using a product, they may avoid it, which will have an impact on security. WebTitan Cloud has a highly intuitive user interface with all information placed at your fingertips. That makes for simple configuration and management without the need for user training. It also means problems can be quickly identified and remediated, improving security.

Flexibility

Cisco has a vast and diverse product range and is a massive IT provider. While its products have been developed to meet the needs of businesses, the options available are somewhat rigid. TitanHQ is much smaller by comparison, but as an independent entity, has the flexibility to work more closely with customers and better meet the needs of small to medium sized businesses. Commercial arrangements can be made to suit both parties.

Support

TitanHQ customers benefit from industry-leading customer support, with full support provided to all customers at no additional cost. That includes support during the free trial of the product. With Cisco Umbrella, phone support is only provided to customers on the platinum, gold, or silver plans.

Cloud Keys

In order to protect the entire enterprise network, WebTitan Cloud applies security rules across the entire organization, in addition to AD/LDAP integration to allow rules to be applied for groups and individuals. Sometimes, individuals may require access to content that violates enterprise-wide rules. WebTitan Cloud allows cloud keys to be generated, which allows filtering controls to be bypassed without the need to change policies. They can be configured to expire after a set time or number of uses.

Ability to Host Locally

Some businesses will have no qualms about using a web filter that is hosted on the service provider’s servers, although this is far from ideal for some businesses such as Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs). Businesses that do not want to direct users to an external cloud service can host WebTitan Cloud in a private cloud or host the solution locally. With Cisco Umbrella, local hosting is not an option.

Ability to Rebrand the Solution

Another bugbear of MSPs and MSSPs is the inability to fully rebrand Cisco Umbrella.  WebTitan Cloud on the other hand is fully rebrandable and customizable. This includes a full white label and customizable user interface and block page ready for rebranding. This allows service providers to offer the solution to their customers while reinforcing their own brand image.

Further Information on WebTitan Cloud

Our WebTitan Cloud v Cisco Umbrella comparison includes just a few of the reasons why businesses are switching from Cisco Umbrella to WebTitan Cloud. For further information on WebTitan Cloud, to schedule a product demonstration, to register for a free trial to find out how WebTitan Cloud works in your environment, contact the TitanHQ team today.