Web filtering is an ideal solution to prevent Internet users from visiting unsafe website that potentially harbor viruses and malware. A web filter works by comparing a request to visit a website against a list of predetermined parameters. If the request fails to pass the criteria defined by the parameters, the request is denied.
This process prevents Internet users from accessing websites they have been invited to visit in a phishing email or when clicking on an advertising link. Web filtering can also be configured to prevent cyberslacking, to block certain types of files from being downloaded or bandwidth-hogging web applications from being used.
To find out more about how your organization can strengthen its online defenses, enhance productivity and limit bandwidth loss, speak with one of our team today about web filtering.
The Terror exploit kit is a relative newcomer to the EK scene, yet it is evolving rapidly. Since the demise of Angler, exploit kit activity has waned. However, the threat from new exploit kits such as Terror is growing.
Exploit kits probe for vulnerabilities in browsers or plugins. When an individual is directed to a website hosting an exploit kit, the EK searches for exploitable vulnerabilities. When exploitable vulnerabilities are discovered, the EK silently downloads malware or ransomware.
Exploit kits can be hosted on compromised websites or sites run by the attackers. Cybercriminals use a variety of techniques to get traffic to the sites. Links can be sent via spam email or via instant messaging services and social media sites. Malicious advertisements – termed malvertising – can be hosted on third party ad networks. Those ads are then served in sidebars on any number of legitimate, high traffic websites. Web redirects are also used to divert traffic to malicious sites hosting exploit kits.
If an individual with out of date plugins or older browser version visits such a malicious site, and an exploit has been loaded to the kit for a vulnerability in the browser, a malicious payload can be silently downloaded onto the user’s device.
In recent months, spam email has become the main attack vector used by cybercriminals. However, exploit kit activity appears to be increasing with the Terror exploit kit fast evolving into a significant threat.
The Terror exploit kit used to use a ‘carpet-bombing’ approach, sending a wide range of exploits at the end users system in the hope that one would be effective. Such an approach is not particularly sophisticated.
However, Terror has now been updated and attacks can be tailored based on the user’s browser environment. Exploits that have a high probability of being successful are then delivered. The Terror exploit kit can now determine which exploits to drop based on the victim’s browser version, the plugins that have been installed, or patch level, according to the researchers who discovered the update.
Protecting against exploit kits requires browsers and plugins to be kept 100% up to date and vulnerability free, which can be a challenge for businesses. Additional security solutions on endpoints can help to prevent malware downloads, although many are unable to detect or block fileless malware.
One of the best security solutions to deploy is a web filter capable of scanning the URL to prevent end users from landing on websites that are known to host exploit kits. Web filters can also be configured to block malicious adverts.
By preventing users from visiting known malicious sites, the threat from exploit kits can be significantly reduced.
Pew Research has recently published the results of a study that set out to test cybersecurity awareness in America and find out more about the risks individuals are unwittingly taking when venturing online.
The study was conducted on 1,055 adult Americans, who were each asked 13 cybersecurity questions of varying difficulty. Questions included what HTTPS means, what two-factor authentication is, what private browsing means and the level of protection offered by insecure WiFi networks using a VPN. The study showed that cybersecurity awareness in America is poor and consumers are potentially taking major risks online.
While all 13 questions should have been answered correctly ‘security aware’ individuals, only 1% were able to answer all questions correctly. A substantial majority of adult Americans that took the questionnaire were only able to answer two of the questions correctly. The median was 5 correct answers out of 13, the mean 5.5, and only 20% of participants were able to answer more than 8 answers correctly.
Three quarters of participants were able to identify the most secure password in a list and 73% of respondents were aware that the use of public WiFi networks carries a major risk and should not be used for sensitive activities such as online banking, even if the WiFi network required the use of a password.
However, cybersecurity awareness was much worse for all other areas tested by the survey. Just over half of respondents were able to correctly identify what a phishing attack involved, which is a particularly worrying result considering how widespread the use of phishing is.
Ransomware has been heavily reported in the press and attacks on businesses have soared, yet fewer than half of survey participants were able to correctly identify what ransomware is and only 46% knew that email was not encrypted by default.
Worryingly, only 33% of participants were aware that HTTPS meant traffic was encrypted, suggesting many are entering credit card information into unencrypted websites.
Only one in ten participants were able to correctly identify multi-factor authentication, with 71% thinking CAPTCHA was a form of multi-factor authentication rather than just a method of differentiating between a human web visitor and a bot.
The survey showed cybersecurity awareness improved with the level of education in all areas tested by the study. Younger participants (18-29) were also more likely to answer questions correctly than the older age groups.
The share of incorrect answers was relatively low, with many opting to answer the questions with ‘not sure.’ While the survey does not show that cybersecurity awareness is woefully inadequate, it does clearly indicate that when it comes to cybersecurity awareness, there is considerable room for improvement.
While it is the responsibility of every individual to ensure they are aware of the risks when venturing online and should take steps to protect their identities and bank accounts, the survey confirms what many IT security professionals know all too well. Employee cybersecurity awareness is poor and the risk of employees making mistakes that compromise the security of their organization is high.
Cybersecurity training programs clearly need to be improved to raise awareness of the main threats and drill in best practices. However, it is essential that robust defenses are implemented to ensure that business networks are protected from poor security decisions made by employees.
If you would like to find out more about the best cybersecurity solutions that you can implement to keep your business protected from your own employees and how you can reduce reliance on your staff making the right security choices, contact the TitanHQ team today.
The Human Trafficking and Child Exploitation Prevention Act is a bill that will make it harder for individuals to access pornography on Internet-enabled devices by making manufacturers and retailers of those devices implement a pornography filtering solution by default.
Support for the bill is growing, with 12 states having already backed the bill – Alabama, Florida, Georgia, Indiana, Louisiana, New Jersey, North Dakota, Oklahoma, South Carolina, Texas, West Virginia, and Wyoming – and many others are considering implementing similar legislation.
While many states have been opposed to introducing legislation that prevents pornography from being accessed, support for the bill has been growing due to the change in how pornography is being portrayed. Rather than being viewed as a moral issue that must be tackled, pornography is now being viewed as a public health crisis. Proponents of the Human Trafficking and Child Exploitation Prevention Act claim viewing pornography is bad for mental health, sexual health, as well as causing damage to relationships. It has been claimed that the availability of pornography is also contributing to the growth of human trafficking for the sex trade.
The legislation requires all manufacturers and retailers who make or sell Internet-enabled devices to be required by law to implement a web filtering solution on those devices to block pornography, prostitution hubs, child pornography, obscenity, and revenge pornography on those devices by default.
The law will not make it illegal for individuals over the age of 18 to view Internet pornography and other obscene content, but in order to do so they will be required to provide the retailer – or manufacturer – with proof of age. Similar laws are already in place requiring retail stores to prevent minors from being able to view pornographic magazines unless they first provide proof of age.
The legislation is the most workable solution to restrict access to pornography. It would not be feasible to require websites to conduct age checks, as there would be no jurisdiction over website owners based outside the United States. Pornography filtering legislation is viewed as the least restrictive method of controlling who can access pornography.
The Human Trafficking and Child Exploitation Prevention Act will not prohibit individuals from viewing pornography if they wish to do so. However, exercising their right to access obscene content will come at a cost. In addition to providing proof of age, consumers will be required to pay a one off fee of $20 to have the pornography filter lifted. The money collected will go to the state in which the individual resides, and those funds will be directed to a number of groups that are tackling the problem of human trafficking and sexual violence.
Individuals may have to pay further costs to access pornography as retailers and manufacturers will be permitted to charge individuals a fee on top of the $20 state fee for unlocking the pornography filter.
It is possible that the filtering solution used by manufacturers and retailers may not get the balance right 100% of the time. There are likely to be many cases of over-blocking or under-blocking of obscene content. Therefore, the Human Trafficking and Child Exploitation Prevention Act requires a mechanism to be put in place that allows individuals to submit requests to have websites and webpages added to the filter if they contain obscene content and have not been blocked. Similarly, if websites containing acceptable content are incorrectly blocked by the filter, it must be possible for individuals to request that the block be lifted. A call center or website must be made available for this purpose.
Manufacturers/retailers will be required to process requests in a reasonable timeframe. If they fail to do so they will be liable for fines.
A recent insider threat intelligence report from Dtex has revealed the vast majority of firms have employees bypassing security controls put in place to limit Internet activity. Those controls may simply be policies that prohibit employees from accessing certain websites during working hours, or in some cases, Internet filtering controls such as web filtering solutions.
Dtex discovered during its risk assessments on organizations that 95% of companies had employees that were using virtual private networks (VPNs) to access the Internet anonymously, with many installing the TOR browser or researching ways to bypass security controls online. The researchers discovered that in some cases, employees were going as far as installing vulnerability testing tools to bypass security controls.
Why Are Employees Bypassing Security Controls?
Employees bypassing security controls is a major problem, but why is it happening?
The report indicates 60% of attacks involve insiders, with 22% of those attacks malicious in nature. During the first week of employment and the final week before an employee leaves, there is the greatest chance of data theft. 56% of organizations said they had discovered potential data theft during those two weeks. During these times there is the greatest risk of employees attempting to bypass security controls for malicious reasons.
In many cases, VPNs and anonymizers are used to allow employees to access websites without being tracked. Many companies have policies in place that prohibit employees from accessing pornography in the workplace. Similar policies may cover gaming and gambling websites and other categories of website that serve no work purpose. Some employees choose to ignore those rules and use anonymizers to prevent their organization from having any visibility into their online activities.
The report indicates 59% or organizations had discovered employees were accessing pornographic websites at work. There are many reasons why companies prohibit the accessing of pornography at work. It is a drain of productivity, it can lead to the development of a hostile working environment, and from a security standpoint, it is a high-risk activity. Pornographic websites are often targeted by cybercriminals and used to host malware. Visiting those sites increases the risk of silent malware downloads. 43% of companies said they had found out some employees had been using gambling sites at work, another high-risk category of website and a major drain of productivity.
While employees are provided with email accounts, many are choosing to access web-based accounts such as Gmail. Dtex found that 87% of employees were using web-based email programs on work computers. Not only does this present a security risk by increasing the probability of malware being downloaded, it makes it harder for employers to identify data theft. Dtex says “By completely removing data and activity from the control of corporate security teams, insiders are giving attackers direct access to corporate assets.”
Lack of Control and Visibility
Many companies are unaware that they have employees bypassing security controls because they lack visibility into what is happening on end points. Shadow IT can be installed without the organization’s knowledge, including VPN’s and hacking tools, but what can be done to stop employees bypassing security controls?
Security software can be installed to allow organizations to closely monitor the types of activities that are taking place on work computers. This can allow action to be taken to reduce insider threats. Organizations should also block the use of VPN’s and anonymizers to ensure they have more visibility into employee’s online activities.
One of the easiest ways to block the use of VPNs and anonymizers is to use a web filtering solution. Web filters are increasingly used as a way of preventing productivity losses during the working day. Web filtering solutions can be configured to block specific sites or categories of website.
A web filter, such as WebTitan, can be configured to block access to anonymizer websites, along with other websites that are prohibited under organization’s acceptable use policies.
Some employees find the controls overly restrictive and search for ways to bypass those controls. Organizations should carefully consider what websites and types of websites are blocked. Excessively restrictive controls over personal Internet access can prompt employees to try to bypass security controls. Allowing some personal use may be preferable.
One solution, possible with WebTitan, is to ease restrictions on Internet access by using time controls. To prevent falls in productivity, web filters can be applied during working hours, yet relaxed at other times such as lunch breaks. By allowing some personal Internet use, there is less incentive for employees to attempt to bypass security controls.
WebTitan also produces access logs to allow organizations to carefully monitor online user activity and take action against the individuals discovered to be violating company policies. Automatic reports can also be generated to allow organizations to take more timely action.
Monitoring employee Internet access and installing solutions to provide visibility into end point activity allows organizations to reduce the risk of insider threats and stop employees from engaging in risky behavior.
2017 has already seen numerous cyberattacks on educational institutions. 2017 has started particularly badly for the education sector and there is no sign of the cyberattacks abating any time soon. But why is the education sector being so heavily targeted by hackers, cybercriminals, and scammers?
It is easy to see why cyberattacks on financial institutions occur. There are substantial funds to be plundered. Cyberattacks on healthcare organizations are also common. Those organizations hold vast quantities of data; data that can be sold for big bucks on the black market and used for all manner of fraud: Medical fraud, identity theft, tax fraud, and insurance fraud for example.
However, the education sector is similarly being targeted. K12 schools, colleges, and universities have all been attacked and those attacks have soared in 2017.
The list of educational institutions that have reported cyberattacks in 2017 is long. Barely a day goes by without another educational institution being added to the list. Many of the cyberattacks on educational institutions are random, but it is becoming increasingly clear that the education sector is being targeted.
There are many reasons why the attacks have soared in recent months. Educational institutions hold vast quantities of valuable data, they have considerable computer resources that can be used by cybercriminals, and in contrast to other industry sectors, educational institutions are not as heavily regulated when it comes to cybersecurity protections. Defenses are relatively poor and educational organizations tend to have relatively few IT staff compared to the corporate sector.
In short, the potential profits from cyberattacks on educational institutions are high and attacks are relatively easy to perform. For cybercriminals that is an excellent combination.
What Data are Cybercriminals Attempting to Steal?
K12 school systems have been targeted by criminals in order to gain access to student data. Social Security numbers of minors are extremely valuable. Dates of birth and Social Security numbers can be used for identity theft and fraud and in the case of minors, fraud is less likely to be identified quickly. Minors details can be used for longer.
Universities and school systems also hold considerable amounts of intellectual property and research. That information can be sold for considerable sums on the black market.
As we have seen on many occasions this year, the personal information of school employees has been targeted by scammers. Emails have been sent requesting W-2 Form data, which are used to file fraudulent tax returns in school employees’ names.
This tax season, the following colleges, universities, schools and school districts have reported that employees have fallen for a W-2 Form phishing scam and have emailed the data of their employees to cybercriminals.
Abernathy Independent School District
Ark City School District
Ashland University
Barron Area School District
Belton Independent School District
Black River Falls School District
Bloomington Public Schools
College of Southern Idaho
Corsicana Independent School District
Crotched Mountain Foundation
Davidson County Schools
Dracut Schools
Glastonbury Public Schools
Groton Public Schools
Independent School District
Lexington School District Two
Manatee County School District
Mohave Community College
Morton School District
Mount Healthy City Schools
Northwestern College
Odessa School District
Redmond School District
Tipton County Schools
Trenton R-9 School District
Tyler Independent School District
Virginian Wesleyan College
Yukon Public Schools
As with the healthcare industry, the reliance on data makes schools, colleges, and universities targets for ransomware attacks. Ransomware is used to encrypt data and a ransomware demand is issued to unlock files. In many cases ransoms are paid as no backups of the encrypted data exist.
Some notable cyberattacks on educational institutions that have been reported this year are listed below.
2017 Cyberattacks on Educational Institutions
January 2017
Northside Independent School District in San Antonio, TX, discovered its email system had been hacked. Names, addresses, and dates of birth were potentially stolen. In total, 23,000 individuals were impacted by the incident.
South Washington County Schools in Minnesota discovered that one of its students had hacked into its system and stolen more than 15,000 employee records.
Los Angeles County College was attacked with ransomware in January and was forced to pay a ransom demand of $28,000 to regain access to its files. The attack resulted in most of the college’s infrastructure, including email and voicemail, being encrypted by the ransomware.
February 2017
Horry County Schools in South Carolina was forced to pay a ransom demand of $8,500 to recover data that were encrypted with ransomware. Even though the ransom was paid, systems were taken out of action for over a week as a result of the infection.
These are just a handful of the cyberattacks on educational institutions reported this year. Given the increase in cyberattacks on educational institutions, it is essential that schools, colleges, and universities take action and implement appropriate defences to mitigate risk.
If you are in charge of cybersecurity at your educational organization and you would like to receive tailored advice on some of the best protection measures you can implement to reduce the risk of a cyberattack, contact the TitanHQ team today.
Opposition to pornography filtering in libraries has seen the American Library Association placed on the National Center for Sexual Exploitation (NCOSE) naughty list.
Each year, NCOSE publishes a list of the top twelve companies and organizations that it believes are either profiting from pornography or facilitating access. The aim of the list, referred to as the Dirty Dozen, is to name and shame the companies and organizations that are failing to do enough to tackle the growing problem of online pornography.
Pornography is only the tip of the iceberg. Hidden underneath is a world of sexual exploitation, prostitution, and sex trafficking. NCOSE sees companies and organizations that fail to take action as being part of the problem, inadvertently – or in some cases deliberately – contributing to the considerable harm that is caused by pornography.
This year’s list includes technology and telecoms companies (Amazon, Comcast, Roku) the American Library Association (ALA) and EBSCO, a provider of library resources to schools, colleges, higher education establishments and libraries). Four websites make the list (YouTube, Twitter, Snapchat, and Backpage.com), along with Cosmopolitan Magazine, HBO, and Amnesty International.
The ALA is almost a permanent fixture on the NCOSE Dirty Dozen list, having been present for the past five years. It is the ALA’s opposition to the use of pornography filtering in libraries that sees it included year after year. NCOSE says “the ALA zealously encourages public libraries not to install internet filters on public access computers.” By taking such a stance, the ALA is providing patrons – including children – with the means to access sexually explicit and obscene material. ALA told CBN news that “Librarians encourage parents and children to talk with one another. Families have a right to set their own boundaries and values. They do not have the right to impose them on others.”
NCOSE doesn’t hold back, saying the ALA stance on pornography filtering in libraries “has turned the once safe community setting of the public library into a XXX space that fosters child sexual abuse, sexual assault, exhibitionism, stalking, and lewd behavior in libraries across the country.”
Only this month, NCOSE responded to the ALA’s continued opposition to pornography filtering in libraries on the grounds of free speech, saying there is no constitutional requirement for libraries to provide access to hardcore pornography to patrons.
EBSCO made the list as its databases “provide easy access to hardcore pornography sites and extremely graphic sexual content,” pointing out that its system allows schoolchildren to easily circumvent web filters in schools. In response to its inclusion on the list, EBSCO says it is working on enhancing its web filtering systems and will implement better algorithms to filter pornographic content.
Amazon made the list, even though it has a policy prohibiting the sale of pornography, because of its pornography-related items on its site, including hardcore pornographic films and sex dolls with childlike features.
Amnesty International made the list for its stance on the decriminalization of prostitution and for creating “a de facto right for men to buy people.” Cosmopolitan was included for its hypersexualized imagery and glamorization of violent, public, and group sex. Roku, Comcast, Snapchat, Twitter, YouTube and HBO were included for peddling pornography, pushing the boundaries of what is acceptable, and making it too easy for pornographic content to be accessed.
A security researcher has discovered a new Google Chrome scam that infects victims’ computers with malware. In contrast to many malware-downloading scams, the new Google Chrome scam is highly convincing and is certain to result in many malware infections.
Hackers have installed malicious JavaScript on a number of compromised WordPress websites. The JavaScript modifies the text on a compromised webpage when it is visited using the Google Chrome browser. The text on the website appears as if Google Chrome cannot read the font, with the characters on the site replaced with random fonts and symbols.
A popup appears on screen informing the visitor that “the “HoeflerText” font wasn’t found” by Google Chrome. The visitor is told that the webpage they are trying to view cannot be displayed correctly as a result. Visitors are prompted to update their Chrome browser to include the new font by downloading a “Chrome Font Pack.”
The Google Chrome scam is convincing. The popup uses the Chrome logo and looks official, with colors and branding that Google would use on its popup windows. The shading used for the “Update” button on the popup window is also accurately reproduced.
Furthermore, HoeflerText is a true font. If the user opens a new tab on their browser and Google’s the font, they will discover the font is real, making the Google Chrome scam seem entirely plausible.
Clicking the update button will trigger a download of the update file – ChromeFontv7.5.1.exe – which is an executable containing the malware. While attempting to run the executable would normally result in an anti-virus warning being displayed, relatively few anti-virus products are detecting the ChromeFontv7.5.1.exe file as malicious. VirusTotal shows that just 9 out of 59 AV products identify the file as malicious.
The Google Chrome scam was uncovered by NeoSmart Technologies researcher Mahmoud Al-Qudsi. He reports that while the Google Chrome scam is highly convincing, there are two signs that the update is not real. First, regardless of the version of Chrome used, the popup says the user has Chrome version 53. The second sign of the scam is the popup says the update file is called Chrome_Font.exe, yet the file that is downloaded has a different name. These two slipups by the criminals behind the campaign are only slight and would unlikely be noticed by many users.
WebTitan Protects Users from the Latest Google Chrome Scam
The malware is identified as malicious by ClamAV and Kaspersky Lab, the dual anti-virus engines used by WebTitan to protect users from malware infections while browsing the Internet. If WebTitan is installed, this and other malware threats are blocked, preventing end users from inadvertently infecting their computer with malware.
If you have yet to implement a web filtering solution, your computers and networks are likely to be at risk of being infected. Malware and ransomware infections are costly to resolve, cause considerable disruption to business processes, and can result in the theft of intellectual property, customer data, and login credentials. The latter can be used to gain access to corporate bank accounts, allowing funds to be transferred to criminals’ accounts.
Since visiting malicious websites can result in malware being silently downloaded without any user interaction, employees may be unaware that their computers have been infected. Malware infections may go undetected for long periods of time, during which large volumes of sensitive data can be stolen.
A web filtering solution will prevent employees from visiting malicious websites that phish for sensitive information or download malware. Furthermore, a web filtering solution is inexpensive to implement and maintain.
To discover the benefits of web filtering and to find out more about WebTitan, contact the TitanHQ team today. WebTitan is also available on a 14-day, no obligation free trial allowing you to discover the benefits of the full product before deciding to proceed with a purchase.
Following a massive increase in ransomware attacks, security experts have called for ransomware protection for universities to be augmented
Ransomware: A Major Threat to Universities the World Over
Ransomware has become one of the biggest data security threats. The healthcare industry has been extensively targeted, as have the financial services, manufacturing, telecoms, and just about every other industry sector. Now, attacks are being conducted on higher education establishments with increased vigor.
Universities are attractive targets. They store vast quantities of data. Researchers, teaching staff, and students alike need access to data on a daily basis. Without access, all work grinds to a halt. That means ransom demands are likely to be paid.
Secondly, universities use thousands of computers and have tens of thousands of users. Cybersecurity defenses may be good, but with so many individuals with access to Internet facing computers, protecting against targeted attacks on those individuals is a major challenge. Staff and students are being actively targeted as they are the weak links in the security chain.
Then there is the issue of academic freedom. While many industries have implemented web filtering solutions to limit the websites that can be visited by staff and students, many universities have been reluctant to restrict Internet access.
In a similar vein, university networks tend to be more open than in the business world for example. Businesses tend to severely restrict access to networks. If an attack occurs, the damage is very limited. Open networks tend to result in huge numbers of files and devices being encrypted if an attacker breaks through the security perimeter.
Ransomware Protection for Universities Clearly Lacking
The number of university ransomware attacks that have been reported by institutions in the United States and Canada in 2016 has reached alarming levels. Many of those universities have been forced to pay the ransom demands to restore access to files.
Last year, the University of Calgary was forced to pay $16,000 to restore access after a ransomware attack. Carleton University was also attacked with ransomware, as was Los Angeles Valley College. According to a Newsweek report in August last year, two thirds of British universities had been attacked with ransomware. Queen’s University in Belfast, Northern Ireland, was one of those attacked. A ransom had to be paid to recover data. One university in the United Kingdom – Bournemouth University – experienced 21 ransomware attacks in the space of 12 months. The list goes on and on.
Malware is also a problem. The University of Alberta discovered a malware infection on 304 computers. A keylogger had been installed which recorded details of all information entered on infected computers, including login details.
It is unsurprising given the extent to which universities are being attacked that there have been numerous calls for ransomware protection for universities to be improved. But how can ransomware protection for universities actually be improved without causing major disruption to staff and students or overly restricting data access?
How Can Ransomware Protection for Universities be Improved?
Universities, like all organizations, must develop a strategy to prevent ransomware attacks and deal with them when they occur. Protections need to be improved to prevent attacks, technology needs to be employed to detect ransomware infections quickly, and policies and procedures must be developed so rapid action can be taken when attacks occur. Rapid action can greatly reduce the harm caused.
No university wants to overly restrict Internet access, but the use of a web filter is strongly recommended. Rather than blocking access to valuable information, an advanced web filtering solution such as WebTitan can be applied to restrict access to malicious websites and to block malware downloads. WebTitan has highly granular controls which allow restrictions to be put in place to prevent ransomware infections, without overblocking website content. Furthermore, Internet access controls can be easily set for different user groups.
At the very least, universities should apply web filtering controls to prevent the accessing of websites that are known to contain malware and should not rely on their anti-virus solution to provide this service.
It is also essential for controls to be applied to the email system to block emails containing malicious links and attachments. SpamTitan blocks 99.97% of spam emails and 100% of known malware using two anti-virus engines for extra protection. SpamTitan not only blocks incoming spam, but also performs scans of outgoing mail to prevent the spread of infections between end users.
Antivirus and anti-malware solutions should also be used and updated automatically. Intrusion detection systems should also be considered to ensure that infections are rapidly identified.
Good patch management policies are also essential to ensure vulnerabilities are not allowed to persist. Applying patches and software updates promptly reduces the risk of vulnerabilities being exploited.
Even with technologies in place, staff and students should be educated about the risk of cyberattacks, phishing, malware and ransomware. Best practices should be distributed via email to all staff and students along with information about any specific cyberthreats.
Unfortunately, unless ransomware protection for universities is greatly improved, the attacks are likely to continue. Cybercriminals view higher education institutions as soft and potentially highly lucrative targets. It is up to universities to take appropriate action to prevent malware and ransomware attacks.
Poor cybersecurity practices exist at many US organizations, which are allowing hackers and other cybercriminals to gain access to corporate networks, steal data, and install malware and ransomware. Businesses can implement highly sophisticated cybersecurity defenses, but even multi-million-dollar cybersecurity protections can be easily bypassed if poor cybersecurity practices persist.
This month we have seen two reports issued that have highlighted one of the biggest flaws in cybersecurity defenses in US enterprises. Poor password hygiene.
The purpose of passwords is to prevent unauthorized access to sensitive data, yet time and again we have seen data breaches occur because of end users’ poor choice of passwords and bad password practices.
Earlier this month, SplashData released its annual report on the worst passwords of 2016. The report details the top 25 poorly chosen passwords. This year’s report showed that little had changed year on year. Americans are still very bad at choosing strong passwords.
Top of this year’s list of the worst passwords of 2016 were two absolute howlers: 123456 and password. Number three and four were no better – 12345 and 12345678. Even number 25 on the list – password1 – would likely only delay a hacker by a few seconds.
Another study also highlighted the extent to which Americans practice poor password hygiene. Pew Research asked 1,040 US adults about their password practices. 39% of respondents said they used the same passwords – or very similar passwords – for multiple online accounts, while 25% admitted to using very simple passwords because they were easier to remember. 56% of 18-29-year-old respondents said that they shared their passwords with other individuals, while 41% of all respondents said they shared passwords with family members.
The results of this survey were supported by later research conducted by Telsign, who found a very blasé attitude to online security among U.S. citizens. Although 80% of respondents admitted to being concerned about online security (and half of those claimed to have had an online account hacked in the past year), 73% of respondents´ online accounts are guarded by duplicate passwords and 54% of respondents use five or fewer passwords across their entire online life.
While the Pew Research and Telsign surveys did not specifically apply to businesses, these poor password practices are regrettably all too common. Passwords used for corporate accounts are recycled and used for personal accounts, and poor password choices for company email accounts and even network access are common. Although two factor authentication is not a solution to the problem of poor personal cybersecurity practices, only 38% of U.S. companies use it to protect their networks from poor corporate cybersecurity practices.
Poor Cybersecurity Practices That Leave Organizations Open to Cyberattacks
Unfortunately, poor cybersecurity practices persist in many organizations. IT departments concentrate on implementing sophisticated multi-layered defenses to protect their networks and data from hackers, yet are guilty of failing to address some of the most basic cybersecurity protections.
The failure to address the following poor cybersecurity practices at your organization will leave the door wide open, and hackers are likely to be quick to take advantage.
More than 4,100 data breaches of more than 500 records were reported by organizations in the United States in 2016*. Many of those data breaches could have been avoided if organizations had eradicated their poor cybersecurity practices.
Some of the main cybersecurity mistakes made by US companies include:
Not conducting a comprehensive, organization-wide risk assessment at least every 12 months
The failure to enforce the use of strong passwords
Not providing employees with a password manager to help them remember complex passwords
The continued use of unsupported operating systems such as Windows XP
Failure to apply patches and updates promptly
Not restricting the use of administrator accounts
Failure to adequately monitor devices for shadow IT
Failure to block macros from running automatically
Giving employees unnecessary access to data systems and networks
Not providing employees with cybersecurity awareness training
Not instructing employees on the safe handling of personally identifiable information
Failure to conduct anti-phishing simulation exercises
Failure to notify new employees and vendors of IT security policies and procedures before data access is provided
Not revising and updating IT security policies and procedures at least every six months
Failure to change default logins on networked devices
Failure to encrypt data on portable storage devices
Allowing employees full, unfettered access to the Internet
Failure to implement a spam filter to block malicious email messages
Failure to monitor applications with access to data
Internet filtering laws in the UK could soon be updated to allow Internet Service Providers (ISPs) to legally block explicit website content.
Former UK Prime Minister David Cameron announced in 2013 that his – and his party’s – aim was to implement greater controls over the Internet and to start blocking pornography by default. In the summer of 2013, pornography filters were put in place by most Internet Service Providers in the UK. Major ISPs in the UK now require customers to opt-in if they wanted to use their computers to view online pornography. However, unless requested, pornography filters are applied.
However, last year, as part of a new EU ruling covering mobile phone roaming charges, the porn filter in the UK was determined to be illegal. The EU ruled that companies are not permitted to block access to legal website content, only website content that is illegal in member states.
The UK opted out of the law after it was passed last year, allowing ISPs to continue to block Internet porn without violating the EU’s ‘Net Neutrality’ laws. However, even though the UK voted out, ISPs were only ever requested to implement porn filters. Internet filtering laws in the UK have never been introduced.
The Digital Economy Bill – which has already been passed by the House of Commons – has had a number of amendments added this week, one of which covers the use of Internet filters. If the Bill is written into law, this will be the first legislation in the UK covering the use of Internet filters.
The new clause is as follows: “A provider of an internet access service to an end-user may prevent or restrict access on the service to information, content, applications or services, for child protection or other purposes, if the action is in accordance with the terms on which the end-user uses the service.”
The UK’s House of Lords will now subject the bill, and the proposed amendments, to close scrutiny next week, examining the Bill line by line. While it is possible that some of the controversial elements of the Bill will be dropped, it is now looking likely that Internet filtering laws in the UK will be introduced.
The Bill also requires ISPs in the UK to block websites containing pornography that do not have any age verification mechanism in place. According to Department of media, culture, and sport parliamentary under-secretary of state Lord Ashton, ISPs will be required to block these websites, with the legislation enforced by the British Board of Film Classification.
While the UK has voted to leave the EU following the ‘Brexit’ vote, until the UK actually leaves the European Union it is required to comply with EU laws. Currently there is some confusion over whether the blocking of pornography by default in the UK contravenes EU laws.
While there is some doubt over the matter, the UK’s communications regulator – OFCOM – has not instructed ISPs to lift the block and require customers to opt in if they want to restrict access to pornography.
A spokesperson for the Department of media, culture, and sport said “We are committed to keeping children safe from harmful pornographic content on the internet and this amendment will give internet service providers reassurance the family friendly filters they currently offer are compliant with EU law.”
There is an important reason why the use of web filters in libraries is increasing. The cost of providing computers with Internet access to patrons is not inconsiderable, yet in order to qualify for discounts under the E-Rate program, libraries must implement a web filter to comply with CIPA regulations. Libraries must use the web filter to block obscene images (pornography), images of child abuse, and any other graphics that could cause minors to come to harm.
However, there is another reason why the use of web filters in libraries is important. This has been clearly demonstrated this week in St. Louis, MO.
Web Filters in Libraries are Not Only About Internet Control
This week, every computer in the St. Louis Public Library System was taken out of action. Visitors were still able to visit the library and use the books, but do little else. All book borrowing stopped since it is not possible to for library staff to log borrowing on the checkout system. Patrons have also been prevented from gaining access to the Internet. Even the email system has been locked and taken out of action.
What kind of computer malfunction causes the entire network of computers to stop working? The answer is ransomware.
Ransomware is malicious software that has been developed with one sole purpose: To encrypt system and data files to prevent access. Once downloaded, ransomware locks files with powerful encryption preventing files from being accessed. The attacker then sends a ransom demand offering the unique keys to decrypt files in exchange for payment.
Typically, attackers demand $500 in an anonymous currency such as Bitcoin to unlock each computer that has been attacked. In the case of the St. Louis Public Library system, the ransom demand was $35,000. All 700 of the library systems’ computers – across 16 locations – were attacked and encrypted.
Some ransomware variants also act as information stealers. Fortunately for the library, its inventory was unaffected and payment card information and other personal information of patrons were not stolen.
The St. Louis Public Library system will not be paying the extortionate ransom demand. It has instead opted for the only alternative in cases of ransomware infections. To wipe its entire system and reinstall files from backups. That is not a quick process. It could take weeks; certainly days.
The ransom payment may be avoided, but removing the infection will still result in considerable costs being incurred. Then there is the impact the attack has had on patrons of the city’s libraries. The library system is primarily used by poor and disadvantaged individuals. According to library spokesperson Jen Hatton, “For many of our patrons, we’re their only access to the internet.” Hatton also said, “This is their only access to a computer. Some of them have a smartphone, but they don’t have a data plan. They come in and use the Wi-Fi.”
It is not clear how the infection occurred, although there are two main ways that ransomware is installed: Malicious spam email messages and by visiting malicious websites. Both of these attack vectors can be blocked if appropriate software is installed.
Web Filters in Libraries are an Important Ransomware Defense
A spam filter can be used to filter out malicious messages. Those messages contain attachments, which if opened, infect computers or download ransomware. User interaction is required. If the messages are quarantined and not delivered to users’ inboxes, infection can be prevented.
In the case of malicious links contained in emails – an alternative to attachments – a click will direct the user to a malicious website where ransomware is downloaded. Even if a link is clicked, access to the website can be blocked with a web filter. Web filters in libraries can also be configured to stop patrons and staff from visiting malicious sites while browsing the Internet. If a website that is known to be malicious is accessed – deliberately or accidentally – the site will not be displayed and infection will be blocked. Web filters in libraries can also block the downloading of files that are commonly used to infect computers – executable or JavaScript files for example.
The use of web filters in libraries is therefore not just about limiting access to inappropriate and harmful website content. Web filters in libraries are an important cybersecurity protection that can help to ensure that, come what may, patrons will still be able to access the Internet and borrow books.
There is now a new and particularly dangerous ransomware threat to deal with. Spora ransomware could well be the new Locky.
Locky and Samas ransomware have proved to be major headaches for IT departments. Both forms of ransomware have a host of innovative features designed to avoid detection, increase infections, and inflict maximum damage, leaving businesses with little alternative but pay the ransom demand.
However, there is now a new ransomware threat to deal with, and it could well be even bigger than Locky and Samas. Fortunately, the ransomware authors only appear to be targeting Russian users, but that is likely to change. While a Russian version has been used in attacks so far, an English language version has now been developed. Spora ransomware attacks will soon be a global problem.
A considerable amount of time and effort has gone into producing this particularly dangerous new ransomware variant and a decryptor is unlikely to be developed due to the way that the ransomware encrypts data.
In contrast to many new ransomware threats that rely on a Command and Control server to receive instructions, Spora ransomware is capable of encrypting files even if the user is offline. Shutting down Internet access will not prevent an infection. It is also not possible to block access to the C&C server to stop infection.
Ransomware variants have previously been developed that can encrypt without C&C communication, although unique decryption keys are not required. That means one key will unlock all infections. Spora ransomware on the other hand requires all victims to use a unique key to unlock the encryption. A hard-coded RSA public key is used to generate a unique AES key for every user. That process occurs locally. The AES key is then used to encrypt the private key from a public/private RSA key pair generated for each victim, without C&C communications. The RSA key also encrypts the unique AES keys for each user. Without the key supplied by the attackers, it will not be possible to unlock the encryption.
This complex encryption process is only part of what makes Spora ransomware unique. In contrast to many other ransomware variants, the attackers have not set the ransom amount. This gives the attackers a degree of flexibility and importantly this process occurs automatically. Security researchers believe the degree of automation will see the ransomware offered on an affiliate model.
The flexibility allows businesses to be charged a different amount to an individual. The ransom set based on the extent of the infection and types of files that have been encrypted. Since Spora ransomware collects data on the user, when contact is made to pay the ransom, amounts could easily be adjusted.
When victims visit the attacker’s payment portal to pay the ransom, they must supply the key file that is created by the ransomware. The key files contains a range of data on the user, including details of the campaign used. The attackers can therefore carefully monitor infections and campaigns. Those campaigns that are effective and result in more payments can then be repeated. Less effective campaigns can be dropped.
Currently there are multiple payment options, including something quite different. Victims can pay to unlock the encryption, or pay extra to prevent future attacks, essentially being granted immunity.
Emisoft researchers who have analyzed Spora ransomware say it is far from a run of the mill variant that has been quickly thrown together. It is the work of a highly professional gang. The encryption process contains no flaws – uncommon for a new ransomware variant – the design of the HTML ransom demand and the payment portal is highly professional, and the payment portal also contains a chat option to allow communication with the attackers. This degree of professionalism only comes from extensive investment and considerable work. This threat is unlikely to go away soon. In fact, it could prove to be one of the biggest threats in 2017 and beyond.
Infection currently occurs via spam email containing malicious attachments or links. Currently the attachments appear to be PDF invoices, although they are HTA files containing JavaScript code. Preventing emails from being delivered is the best form of defense. Since no decryptor is available for Spora, a backup will be required to recover for the infection or the ransom will need to be paid.
Cybercriminals have embraced ransomware and have been increasingly targeting businesses, yet many business leaders are unsure how to prevent ransomware attacks. Consequently, the risk from ransomware is not being effectively managed, and that may prove costly.
Ransomware is a form of malware that is capable of encrypting files on local machines, network drives, and servers. Any computer that is connected to the Internet can potentially be infected. Even without internet access, files may be encrypted if a computer is networked. The latest ransomware variants are capable of spreading laterally within a network and encrypting the data on hundreds of devices.
Files required for critical business processes may be encrypted and made inaccessible. A successful attack can result in a company’s operations grinding to a halt. A healthcare ransomware attack can result in patients’ health information becoming inaccessible. An attack on a pharmaceutical company may result in files necessary for drug manufacture being locked, which could affect the quality of products. Lawyers offices may lose essential client information. Few businesses could continue to operate at their full potential during a ransomware attack.
The loss of files can prove extremely expensive, far less than the cost of any ransom payment. Many companies therefore are left with little alternative but to pay the ransom demand. Ransom payments are actually made surprisingly frequently. According to a recent study conducted by IBM, 70% of businesses that experienced a ransomware infection ended up paying the attackers to supply the keys to unlock their data. Half of those businesses paid more than $20,000 while 20% paid more than $40,000.
Even when the ransom is paid there is no guarantee that a viable key will be supplied to unlock the encryption. Files may therefore be lost forever. One healthcare organization in the United States recently discovered that files can all too easily be lost forever. Three months after ransomware was installed on one of its servers and critical patient health information was encrypted, Desert Care Family and Sports Medicine has still not been able to unlock the encryption nor access its patients’ data.
It is essential to learn how to prevent ransomware attacks and to implement appropriate defenses not only to stop attackers from installing ransomware, but to ensure a system is put in place that will allow data to be recovered without having to resort to paying a ransom.
Recovering from a ransomware attack can be extremely expensive. Ransom payments can be extortionate. Business can be lost while systems are taken out of action. Even applying keys that have been supplied by attackers can be long winded. Each encrypted device has its own key, and those keys must be applied very carefully. A forensic analysis is also important after a ransomware attack to search for backdoors that may have added, as well as to determine if data have been stolen. Additional protections then need to be put in place to prevent future attacks from occurring.
How to Prevent Ransomware Attacks
The first and most important step to take will not prevent ransomware attacks, but it will help you to recover from a ransomware attack promptly without having to resort to paying the ransom. Recovery will depend on you having a viable backup of your data. Total file recovery may not be possible, but it should be possible to recover the vast majority of your files.
For that to be possible, you must ensure that all files on all devices and network drives are backed up. That includes all removable drives such as flash drives. Backup files must be stored on a non-networked drive, in the cloud, or ideally on an air-gapped device – One that is unplugged as soon as the backup is performed. Multiple backups should ideally be made with one copy stored in the cloud and one on a detachable storage device. You should always store backups in multiple files. If one becomes corrupted, you will not lose all of your data.
Avoid the use of administrator accounts with extensive privileges as far as is possible. If an administrator account is required, use it and then change to a guest account with limited privileges. This will reduce the damage caused if the user’s machine is infected.
Ensure that all software is kept up to date and your organization employs good patch management practices. In particular, ensure browser and plugin updates are applied promptly. Vulnerabilities can all too easily be exploited and used to download ransomware.
If plugins are not required, remove them. Adobe Flash in particular, but also Java and Silverlight. If required, they should require activating individually as and when needed.
Ensure employees’ computers are configured to show file extensions. If full file extensions are displayed, it is easier to identify potentially malicious files with double extensions.
Ensure macros are disabled on all devices. At the very least, ensure macros do not run automatically.
Disable Remote Desktop Protocol (RDP) on all devices unless it is absolutely essential.
A web filter can be used to prevent end users from visiting malicious websites where ransomware can be downloaded. A web filter can also block malicious third party adverts (malversting).
End users should be instructed never to open files from unknown senders or to click on links contained in emails unless 100% sure that the links are genuine.
The use of a spam filter is strongly advisable. The spam filter should be configured to aggressively block threats. Executable file attachments should also be automatically quarantined.
In the past few days, Facebook Messenger Locky ransomware attacks have been discovered, exploit activity has increased, and malicious spam email volume has increased. Organizations now need to defense against a wide range of attack vectors
2016 – The Year of Ransomware
2016 has seen an explosion in the use of ransomware by cybercriminals and there is no sign of that changing in the near future. More than 200 ransomware families have now been identified, one of the most dangerous being Locky.
Locky ransomware was first discovered in February this year, but it has fast become one of the most prolific ransomware variants and has infected thousands of computers. No organization is immune to attack, although the gang behind the infections have been extensively targeting healthcare organizations. A number of U.S. healthcare providers have been forced to pay a ransom demand to recover their data.
Rather than cybercriminals having to break through company defenses to gain access to data, then exfiltrate files, and sell those data on the black market – a process that can take weeks before payment is received – ransomware is a quick and easy revenue generator. Payments are made within a few days of infection as many companies cannot continue to function without access to their data.
It is not even necessary for cybercriminals to develop their own ransomware. The malicious file-encrypting software can be ‘hired’ from the authors. By using ransomware-as-a-service, anyone with an Internet connection could run a ransomware campaign. Little skill is needed and attacks result in fast payment. It is therefore no surprise that the file-encrypting software has become so popular.
Infection can occur via malicious adverts, exploit kits, or via spam email. All of those infection vectors allow the attackers to bypass traditional cybersecurity defenses such as firewalls.
Some headway has been made by security researchers and decryptors have been developed for some ransomware variants. Wildfire, Chimera, Shade, TeslaCrypt, and CoinVault have all been cracked. However, Locky has so far resisted security researchers’ efforts to crack it.
The authors of the crypto-ransomware are also constantly updating Locky and new variants are regularly being released. At present, there is no decryptor available for Locky infections and victims are faced with three choices if they experience an infection:
Accept data loss
Pay the ransom demand to obtain a key to unlock data
Recover encrypted files from backups
Unfortunately for the victims, recovering encrypted files from backups can be complicated. Locky not only locks files with powerful encryption, the files names and file extensions are also changed. This makes it hard for victims to identify specific files. Locky also deletes Windows Shadow Copies to make it harder for victims to recover their data.
The authors behind Locky have experimented with exploit kits to spread infections, although since the demise of the Angler and Neutrino exploit kits, Locky has primarily been distributed via spam email. Massive spam email campaigns are used to spread the malicious software. Those campaigns involve many millions of emails.
However, earlier this month, security researchers noticed that the cybercriminal gang behind Locky has started to use exploit kits again. The Bizarro Sundown exploit kit has been discovered to be spreading Locky. More worrying, Facebook Messenger Locky ransomware attacks have now been reported.
The Facebook Messenger Locky ransomware attacks were noticed by security researcher Bart Blaze earlier this month. Malicious messages are being sent to Facebook Messenger users which contain an .SVG image file. That image file is not what it seems. It contains the Nemucod downloader – malicious JavaScript code embedded in the image. The code is run when the image file is opened and Nemucod then downloads Locky.
The social media giant has confirmed that Facebook Messenger Locky ransomware attacks have occurred, although Facebook was quick to point out that infections are occurring via “a poorly implemented extension for Google’s Chrome browser.”
Security controls are generally very good at Facebook, but they are not infallible. Facebook Messenger Locky ransomware attacks are a major risk and users must exercise caution.
As with spam email, users should not open any attachments from individuals they do not know. Even when image files and other file types are received via messenger apps and spam email from individuals that are known to the recipient, they should be treated with suspicion.
How to Reduce the Risk of a Ransomware Infection
Businesses need to implement defenses to reduce the risk of a ransomware infection. The consequences for taking no action can be severe.
Ransomware infections can spread laterally through a network and ransomware gangs require payment for each infected machine and can even set the price per infected organization. The Locky ransomware attack on Hollywood Presbyterian Medical Center in February resulted in a ransom payment of $17,000 being made, in addition to the considerable cost associated with removing the infection and recovering from more than a week without access to key information systems.
One of the best defenses against ransomware is WebTitan. WebTitan is an innovative web filtering solution that can be configured to limit access to websites known to host exploit kits. Malicious third-party adverts (malvertising) can be blocked, along with websites that carry a high risk of being exploited by hackers to spread infections.
The best way for businesses to ensure that Facebook Messenger Locky ransomware attacks do not occur is to block Facebook Messenger entirely. With WebTitan, blocking Facebook Messenger – without blocking the Facebook website- is a quick and easy task.
By limiting the websites that can be visited by employees and blocking Facebook Messenger and other chat platforms, organizations can greatly improve their security posture and prevent ransomware from being installed.
For further information on the full range of features of WebTitan, details of pricing, and how to register for a free no-obligation trial, contact the TitanHQ sales team today.
Hardware-based web filtering appliances for schools have some advantages, but many K12 schools are saying goodbye to the appliances and are choosing a much more convenient and practical solution.
In the United States, K12 schools are required to implement a web filtering solution to control access to the Internet in order to receive E-Rate discounts on Internet access. Even schools that do not participate in the E-rate program need to filter the Internet. Parents are pressuring schools into ensuring the Internet can be accessed safely in schools and want to receive assurances that their children can use the Internet without inadvertently – or deliberately – viewing inappropriate material such as pornography. Twenty four states have also introduced legislation covering children and Internet access in schools.
Hardware-Based Web Filtering Appliances for Schools
A hardware-based web filtering appliance for schools may appear to tick all the boxes. Hardware devices sit in front of an Internet gateway and filter Internet traffic. They prevent users from accessing websites that are deemed to be dangerous or inappropriate.
While hardware-based web filtering appliances for schools can seem like an easy option, many schools are finding that is far from the case. Hardware-based web filtering appliances for schools are fine if there are just a handful of computers accessing the Internet in each classroom, but hardware solutions lack scalability. When the number of devices is increased, more appliances must be purchased.
Hardware-based web filtering appliances place limitations on web traffic. When the number of devices simultaneously requiring access to the Interest increases, a bottleneck can occur. It doesn’t matter how much the Internet pipe to a school is increased with an ISP, if a 1GB web filtering appliance is used for example, that will be the limiting factor not a 5GB connection. There is likely to be latency, which can be considerable.
One solution is to use multiple hardware devices. This will increase the capacity, although more devices mean an increased maintenance burden on IT departments. Multiple devices mean schools have to find the space to house the appliances. Cooling systems may need to be augmented and more devices means higher energy bills. Hardware-based web filtering appliances for schools can prove to be very costly.
Hardware-based web filtering appliances are now being stretched further still as many schools start increasing the number of devices used by students. While one or two desktop computers used to be sufficient, many schools are now considering one-to-one computing, where each student is issued with a school laptop. However, such an increase in devices places considerable demands on hardware-based web filters and the result is considerable latency.
Then there is the problem of how to protect students when laptop computers are taken home. As we have already seen, some parents have made their schools take back the devices until adequate controls are placed on the devices to restrict Internet content. If software is installed on each laptop – in the form of a local client – the Internet can still be filtered using school hardware-based web filters. The client forwards traffic to the school’s datacenter, and traffic then passes through a web filtering appliance.
This sorts out the problem of Internet filtering, but it also puts more pressure on the datacenter. This may even require additional hardware devices to be purchased. Also, outside of normal school hours, if there are any issues with the datacenter, students will be prevented from accessing the Internet.
The latency and cost issues have spurred many K12 schools to look for an alternative to hardware-based web filtering appliances for schools. The answer has been found in the cloud.
Benefits of Cloud-Based Web Filtering Solutions for Schools
Cloud-based web filtering solutions offer a number of advantages over hardware-based web filtering appliances and solve many problems, especially as schools increase either the number of devices supplied to students or the number of devices that are allowed to connect to the network.
Cloud-based solutions require no hardware purchases and no space in the data center. This offers an initial cost saving as devices do not need to be purchased. No network deployments of client applications also means quick and easy implementation and since there is no hardware to maintain, the burden on IT departments is eased.
Any web filtering solution involves a certain degree of latency, although with cloud-based solutions this is kept to an absolute minimal level. Internet speed is not noticeably reduced and there is no latency within the datacenter itself. When students take hardware off the premises they can still be protected without data needing to be routed back to the schools’ datacenter. An roaming agent can be installed on each school-issued device that is taken off premises or even on students’ personally owned devices to ensure that filtering controls are applied.
Then there is the speed of reaction to web content that should be blocked. When changes need to be made to filtering rules, they can be applied quickly and easily from any location without the need for IT staff to access each hardware appliance. A cloud-based control panel can be accessed from anywhere with an Internet connection and changes can be rapidly made.
Cloud-based solutions are also highly scalable. There is no limit on bandwidth or the number of users. Once a solution is deployed, it doesn’t matter how big the network gets. There is no need to upgrade hardware or purchase any more devices. Additional licenses can be purchased as and when needed. Further, if there is ever a reduction in required capacity, licenses can be adjusted accordingly.
With these and many other benefits, it is no surprise that so many schools are now turning to the cloud for their Internet filtering needs. The cloud is the perfect choice for K12 schools looking to keep their students – and devices – safe and WebTitan Cloud is the ideal solution for K12 schools to filter the Internet.
WebTitan - Web Security for the Education Sector
The TitanHQ team has worked on email anti-spam solutions for schools, web filtering for education, and email archiving for schools for over 20 years. We have a deep understanding of the web security issues that all schools and colleges face when protecting students, staff members, and visitors.
WebTitan is a powerful web security solution that ensures safe Internet browsing for children. The solution provides protection from harmful and obscene web content whether students are studying in the classroom, school library, or offsite and blocks threats such as malware, ransomware, and phishing. WebTitan Web security is available for all devices, including Chromebooks, Windows, and Apple devices, and the solution is quick and easy to implement and maintain.
Benefits of WebTitan
Create a safe and secure web browsing environment.
Comply with CIPA and qualify for E-Rate discounts
Block malicious websites and malware downloads.
Block material contained in the child abuse image content URL list (CAIC List) and other third-party blacklists.
Accurately filter web content through 53 pre-set categories and up to 10 custom categories.
Filter by keyword and keyword score.
Inspect encrypted websites.
Filter content in 200 languages.
Apply time-based filtering controls.
Filter the Internet across multiple WiFi hotspots.
Protect students when learning remotely.
Manage access points through a single web-based administration panel.
Delegate management of access points.
Schedule and run reports on demand with real time-views of Internet activity and extensive drill down reporting.
Integrate the solution into existing security and monitoring systems.
Test WebTitan for Yourself with a Free Trial
WebTitan is currently protecting 10 million students and 2.5 billion DNS requests a day with T-Mobile. With WebTitan, you can quickly and easily protect your students from inappropriate web content, ensure CIPA compliance and create a safe environment for children.
You can also take advantage of a Free Trial of the solution to see for yourself how easy it is to use and maintain, and how effective it is at blocking access to content you do not want to be accessed by students, on or off the network.
There are a number of reasons why ransomware attacks have been increasing and why the crypto-ransomware has now become one of the biggest and most worrying threats. However, the main reason is ransomware is extremely profitable.
How profitable? According to a recent security report from McAfee Labs, one single ransomware author managed to pull in an incredible $121 million in ransomware payments in the first six months of 2016. Take off the expenses incurred and the author cleared $94 million in profit.
That was just one author. There are many. There are now more than 200 different ransomware families and many more variants of each. Fortunately, developing new ransomware is a complicated business that requires considerable programming skill. Unfortunately, there are many individuals who rent ransomware to conduct campaigns and take a cut of the profits.
The explosion in use of ransomware in the past two years is a cause for concern for all Internet users, especially for business owners. Unfortunately, the ransomware crisis is unlikely to be resolved any time soon. As long as it is profitable, the attacks will continue. Vincent Weafer, VP of Intel Security’s McAfee Labs, expects the revenues from ransomware infections in 2016 will be of the order of several hundreds of millions of dollars and most likely considerably more.
McAfee recorded 1.3 million new ransomware samples in the first half of 2016. The risk of infection with ransomware has increased as authors employ increasingly sophisticated methods of evading detection. Ransomware is also spreading faster and encrypting even more data to ensure victims have no alternative but to pay up.
But how is it possible to prevent ransomware attacks? Unfortunately, there is no silver bullet. Prevention requires several different strategies to be adopted. To prevent ransomware attacks, check out the ransomware protection tips below.
Ransomware Protection Tips
We have listed some ransomware protection tips below that will help you to avoid ransomware infections – And how to avoid paying a ransom should the unthinkable happen.
The first rule of ransomware avoidance is backing up your data
The no More Ransom Project is a great initiative. When ransomware variants are cracked and decryptors developed, they are being uploaded onto the No More Ransom site. Victims can then decrypt their files for free. However, there are more than 200 ransomware families and less than 10 free decryptors. You don’t need to have majored in mathematics to work out that the probability of a decryptor being available is rather small. If you want to be able to avoid paying a ransom you must have a viable backup of your data.
The second rule of ransomware avoidance is backing up your data
Without a backup, you will need to pay the ransom if you want your data back. You therefore need to make sure you have a viable backup file. However, multiple backups should be performed. You should have a backup on an external hard drive and a second backup in the cloud. Your external drive must also be disconnected once the backup has been performed.
Keep software up to date
Vulnerabilities are constantly being discovered and patches issued to plug security holes. Even if exploits have not been developed to take advantage of those vulnerabilities, patches can be reverse engineered. Once patches are released, it will only be a matter of time before exploits are developed. It is therefore essential to apply patches and install software updates promptly. Patches should be prioritized with critical updates applied first.
Remove unnecessary software and browser plugins
If you have browser plugins installed that you never use, remove them. They are an unnecessary risk. Of particular concern are Adobe Flash, Java, and Silverlight. Vulnerabilities are regularly discovered in these plugins and for many businesses they are surplus to requirements. Remove them or at least set them to require manual activation.
Block adverts
Malvertising may not be the most common method of ransomware delivery but the risk should be mitigated nonetheless. Businesses should use an adblocker to prevent malicious adverts from being displayed. Do your employees need to see web adverts? If not, why take the risk?
Filter the Internet
Malicious websites containing exploit kits can probe for a wide range of security vulnerabilities and leverage these to silently download ransomware. WebTitan can be configured to block websites known to contain malware and block sites by category. Categories of websites known to be ‘high risk’ can be blocked, as well as sites that have no work-purpose. Blocking access to certain categories of websites can greatly reduce the risk from web-borne ransomware and malware infections.
Conduct security awareness training
Security awareness training is not just for employees. All individuals in an organization should be taught the security basics from the CEO down. Training should include phishing awareness and avoidance, ransomware and malware, and good security best practices such as never opening emails from unknown sources, not enabling macros, and avoiding clicking links in spam and suspicious emails.
Turn off macros
Macros are used in many organizations, but not by the majority of employees. Macros should be disabled on all devices unless essential, and even then, macros should be enabled manually on documents and spreadsheets if required.
Employ a robust spam filtering solution
A paid-for spam filtering solution should be installed to catch spam emails and prevent delivery. Email is one of the most commonly used ransomware delivery mechanisms. Anti-spam solutions such as SpamTitan can greatly reduce the probability of employees’ security training being put to the test.
Use anti-malware and anti-virus solutions
Employ anti-malware and anti-virus solutions that include a real-time scanning feature and set the solutions to update virus/malware definitions automatically. Full system scans should also be periodically conducted.
The threat from malware is now greater than ever before in the history of the Internet. New malware is being developed at alarming rates, and traditional antivirus software developers are struggling to maintain pace and prevent new forms of malware from being installed on endpoints.
Not only are malware developers creating ever stealthier information stealers, Trojans, and ransomware, the methods used to install the malicious software are becoming much more sophisticated. Keeping endpoints and networks free from infection is becoming far more complicated, while the cost of dealing with malware infections is increasing. Figures from the Ponemon Institute suggest the average cost of a data breach has now reached $4 million.
2015 saw some of the largest data breaches ever discovered and the situation is getting worse. The 78.8-million record attack on Anthem Inc. may have been one of the worst ever data breaches in terms of the number of individuals affected and the amount of data obtained by the attackers, but 2016 has seen even larger data breaches uncovered.
The attack on LinkedIn, which was discovered in May this year, affected 117 million users. The data breach at MySpace resulted in 460 million passwords being obtained by hackers, 111 million of those records also included a username. However, even those massive data breaches were dwarfed by the discovery of the data breach at Yahoo Inc., this month. Hackers were found to have obtained the information of around 500 million individuals.
Not all of those data breaches involved the use of malware, but a large percentage of smaller breaches have occurred as a result of malware infections and the threat from ransomware has grown significantly over the past few months.
Threat from Malware Greater than Ever Before
This month, a study conducted by Proofpoint has cast more light on the seriousness of the threat from malware and the extent to which organizations are being attacked and the seriousness of the threat from malware. The Proofpoint 2016 Security Report shows that throughout 2015, an average of 274 new forms of previously unknown malware were discovered every minute. 971 forms of unknown malware hit organizations every hour in 2015. That’s 9 times the downloads that occurred in 2014. Proofpoint’s research indicates 12 million new pieces of malware were discovered every month last year.
Proofpoint’s study revealed that in 2015, 89% of organizations downloaded a malicious file. In 2014, only 63% of companies reported downloading malicious files. In 2014, malware was downloaded every 6 minutes on average. In 2015, new malware was being downloaded every 81 seconds. In total, almost 144 million new malware were found in 2015. Out of the 6,000 gateways analyzed by Proofpoint, 52.7% were found to have downloaded at least one file infected with malware, and an average of 2,372 infected files were reported per gateway.
Email remains one of the most common vectors for malware delivery. Attackers are sending malicious emails containing scripts that download malware, or links to websites containing exploit kits that download information stealers, Trojans, and ransomware.
There was a small decline in the number of malicious websites that were accessed by employees. In 2014, 86% of organizations reported that end users had visited malicious websites. In 2015, 82% of organizations said employees had visited malicious websites.
However, employees in enterprise organizations were five times more likely to visit malicious websites in 2015 than in 2014. On average, enterprise employees visited malicious websites every 5 seconds. In 2014, malicious websites were accessed every 24 seconds.
Protecting Against Malware Attacks
Defending against malware attacks requires more than an anti-virus or anti-malware solution. Multi-layered cybersecurity defenses are required to cope with the onslaught.
Training programs should be conducted regularly to ensure employees are aware of the risks and latest threats. Knowledge should also be put to the test by conducting phishing training exercises.
Technical solutions should include anti-virus, anti-malware, and anti-bot software. Virus and malware definitions must be kept up to date and regular network scans conducted to identify infections rapidly.
Since email is the most common attack vector, anti-spam solutions should be employed. By using a robust anti-spam solution such as SpamTitan it is possible to prevent the vast majority of malicious emails from being delivered to end users. SpamTitan blocks 99.7% of spam email.
A URL filtering solution such as WebTitan should also be employed to prevent end users from visiting malicious websites and downloading malware. WebTitan can be configured to prevent end users from visiting websites known to contain malware and exploit kits. Malicious third party adverts – malvertising – can also be blocked, as can categories of websites which carry a high risk of containing malware.
Along with advanced threat prevention technologies, application controls, intrusion prevention systems, and good patch management policies it is possible to prevent the vast majority of malware attacks. However, with the volume of malware now being released and the extent to which hackers are attacking organizations, failing to commit improve cybersecurity defenses is likely to see organizations become another breach statistic.
The American Civil Liberties Union (ACLU) of Rhode Island has praised the General Assembly for introducing more transparent standards for the use of Internet filters in schools in the state.
Since the passing of the Children’s Internet Protection Act (CIPA), K-12 schools and libraries that apply for E-Rate discounts have been required to implement a web filter to restrict access to inappropriate or harmful website content. The web filter must be configured to block obscene images, child pornography, and other content that could be considered harmful to minors.
Overzealous Use of School Internet Filters in Rhode Island
While schools in Rhode Island have complied with CIPA, many have gone further and have used Internet content filtering software to block far more website content than CIPA requires. Blocking potentially harmful website content protects children from harm; however, schools must take care not to overblock website content.
There is a clear difference between pornographic content which contains images of naked individuals and artwork which depicts nudes for example. The former has potential to cause harm to minors, the latter has educational value and should not be blocked. If there are no standards for the use of Internet filters in schools, it is all too easy for valuable educational material to be inadvertently blocked.
Three years ago UCLA published a report on how overblocking of website content can harm public education. The report details some of the difficulties staff and students have had accessing valuable website content after web filtering solutions have been implemented in educational establishments in Rhode Island.
Internet filters allow website content to be blocked based on categories. Schools may, for instance, choose to block content relating to alcohol. However, the report says some students had tried searching for polyvinyl alcohol – information on which was required for their studies, yet the content was not accessible because the Internet filtering category “alcohol” had been blocked.
Students who want to access LGBT information or individuals wishing to find out about sexually transmitted diseases should be able to access that information, yet this type of website content can all too easily be blocked if Internet filters are not carefully applied. The ACLU believes that transparent standards for the use of Internet filters in schools are necessary. Schools should be open about the type of content that they block and the reasons for doing so. With greater transparency students can be protected from harm, yet have access to valuable educational material.
New Standards for the Use of Internet Filters in Schools in Rhode Island
Rep. Art Handy and Sen. Adam Satchell sponsored the new bills (H-7583-A and S-2172-A) which require written policies to be implemented which explain the categories of website content which are blocked by the state Department of Education and school districts. The new legislation also requires reasons to be provided for blocking specific categories of website content. Policies must also be reviewed on an annual basis.
Hillary Davis, policy associate of ACLA of Rhode Island, praised the introduction of new standards for the use of Internet filters in schools by the General Assembly. She said, “The Internet offers a world of educational opportunities that Rhode Island’s students have been denied because of overzealous filtering software.” Davis went on to say, “This new law will go a long way toward ensuring teachers can bring their full range of resources to the classroom, and that students can complete their studies without interruption or frustration.”
WebTitan – Web Filtering for the Education Sector
The TitanHQ team has worked on email anti-spam solutions for schools, web filtering for education, and email archiving for schools for over 20 years. We have a deep understanding of the web security issues that all schools and colleges face when protecting students, staff members, and visitors.
WebTitan is a powerful web security solution that ensures safe Internet browsing for children. The solution provides protection from harmful and obscene web content whether students are studying in the classroom, school library, or offsite and blocks threats such as malware, ransomware, and phishing. WebTitan Web security is available for all devices, including Chromebooks, Windows, and Apple devices, and the solution is quick and easy to implement and maintain.
Benefits of WebTitan
Create a safe and secure web browsing environment.
Comply with CIPA and qualify for E-Rate discounts
Block malicious websites and malware downloads.
Block material contained in the child abuse image content URL list (CAIC List) and other third-party blacklists.
Accurately filter web content through 53 pre-set categories and up to 10 custom categories.
Filter by keyword and keyword score.
Inspect encrypted websites.
Filter content in 200 languages.
Apply time-based filtering controls.
Filter the Internet across multiple WiFi hotspots.
Protect students when learning remotely.
Manage access points through a single web-based administration panel.
Delegate management of access points.
Schedule and run reports on demand with real time-views of Internet activity and extensive drill down reporting.
Integrate the solution into existing security and monitoring systems.
Test WebTitan with a 14-Day Free Trial
WebTitan is currently protecting 10 million students and 2.5 billion DNS requests a day with T-Mobile. With WebTitan, you can quickly and easily protect your students from inappropriate web content, ensure CIPA compliance and create a safe environment for children.
You can also take advantage of a Free Trial of the solution to see for yourself how easy it is to use and maintain, and how effective it is at blocking access to content you do not want to be accessed by students, on or off the network.
McDonalds and Starbucks have recently announced that they have taken steps to block porn on WiFi networks that can be accessed by their customers. McDonalds restaurants in the United States already have a web filtering solution in place that prevents customers from accessing pornographic material via their in-restaurant WiFi networks. Mature content – such as online streaming of TV shows such as Game of Thrones – will still be possible. Starbucks has also recently followed the lead of McDonalds and will soon implement a web filtering solution to block pornography.
McDonalds is the largest fast-food chain in the United States, operating more than 14,000 restaurants. Starbucks is the largest coffee shop chain in the United States, with more than 12,200 outlets in the U.S. Due to the size of the chains, and their popularity with children and families, both organizations have faced pressure from Internet safety organizations to start implementing controls to limit the website content that can be accessed via their WiFi networks.
McDonalds Chooses to Block Porn on WiFi Networks in its Restaurants
McDonalds started to block porn on WiFi networks available to customers earlier this year. According to a statement issued by the fast-food chain, the corporation was previously unaware that there was a problem with customers accessing pornography inside its restaurants or that consumers wanted restrictions to be placed on its WiFi networks.
After the not-for-profit Internet safety organization Enough is Enough reached out to the CEO of McDonalds last year and suggested WiFi network porn filtering should be implemented, the fast-food chain reacted “promptly and positively.”
McDonalds recently issued a statement saying “We had not heard from our customers that this was an issue, but we saw an opportunity that is consistent with our goal of providing an enjoyable experience for families.”
McDonalds started exploring web filtering solutions to block pornography on WiFi networks in its restaurants and, after researching the available options, McDonalds implemented a WiFi network porn filtering solution in Q1, 2016. Last week, McDonalds announced that a web filtering solution had been deployed to block porn on WiFi networks in its restaurants.
WiFi Network Porn Filtering to be Implemented by Starbucks
Hot on the heels of the announcement by McDonalds was a press release confirming that Starbucks had taken the decision to block porn on WiFi networks in its coffee shops.
Two days after the McDonalds announcement, Enough is Enough reported that Starbucks had also opted to block porn on WiFi networks in its coffee shops in the United States. When the evaluation process has been completed, and a suitable WiFi network porn filtering solution has been selected, it will be rolled out worldwide across the company´s coffee shops to ensure that all customers are protected from exposure to pornographic material.
A spokesperson for Starbucks said, “We are in the process of evaluating a global protocol to address this in all of our company owned stores, and are in active discussions with organizations on implementing the right, broad-based solution that would remove any illegal and other egregious content.”
Enough is Enough has been campaigning for safer Internet since the group was formed in 1994. In 2014 the organization launched a new campaign to place pressure on corporations in America to use WiFi network porn filtering to ensure that children and families could access the Internet safely without being exposed to pornographic material.
Increasing Pressure on Corporations to Implement WiFi Filtering Solutions to Block Pornography
Enough is Enough claim “Internet safety is now the fourth top-ranked health issue for U.S. children with peer- reviewed research confirming Internet pornography as a public health crisis.” The organization says that individuals are increasingly using open WiFi networks to gain access to online pornography and child pornography. They cite news reports that public WiFi networks are also being used by individuals to share obscene, abusive, and illegal images.
Enough Is Enough has been putting an increasing amount of pressure on organizations in the United States over the past two years to carefully control the content that can be accessed via WiFi networks. The organization has now gained the support from 75 partner organizations including the Salvation Army, National Coalition to Protect Child Sexual Abuse, U.S Department of Justice, American Family Association (AFA), Family Research Council (FRC), and the National Center on Sexual Exploitation.
Enough is Enough and the National Center on Sexual Exploitation recently appealed to Starbucks to follow the lead of McDonalds and implement a WiFi web filtering solution to block porn on WiFi networks accessible to its customers.
Both organizations will now be increasing their efforts to get other corporations in the United States to make a similar decision and block porn on WiFi networks in order to provide family-friendly Internet access.
WebTitan Cloud for WiFi: Secure WiFi Networks and Easily Restrict Access to Inappropriate Web Content
WebTitan Cloud for WiFi is a powerful WiFi filtering solution that is often awarded top marks in user reviews for ease of implementation, ease of use, quality of filtering, pricing, and customer service and support. Restaurants, coffee shops, retail outlets, and many other businesses that offer WiFi to guests can easily implement controls to restrict access to inappropriate web content and block threats such as phishing and malware and ransomware downloads. The solution is DNS-based, has no impact on Internet speed, and can be implemented in minutes, with no need for any additional hardware or software downloads.
With WebTitan Cloud for WiFi you can:
Create a family-friendly, safe and secure web browsing environment.
Accurately filter web content through 53 pre-set categories and up to 10 custom categories.
Filter by keyword and keyword score.
Filter content in 200 languages.
Apply time-based filtering controls.
Filter the Internet across multiple WiFi hotspots.
Manage access points through a single web-based administration panel.
Delegate management of access points.
Reduce the risk of phishing attacks.
Block malware and ransomware downloads.
Inspect encrypted websites with SSL certificates.
Schedule and run reports on demand with real time-views of Internet activity and extensive drill down reporting.
WebTitan Customers benefit from:
A highly competitive pricing policy
flexible pricing terms including monthly billing
Industry leading customer support
Easy integration of the solution into existing security and monitoring systems
Multiple hosting options, including within your own data center
Insights into customer behavior
Full visibility into usage of the WiFi network
If you want to provide a clean, filtered WiFi service to your customers, give the TitanHQ team a call today to find out more about the benefits of WebTitan Cloud for WiFi, for details of pricing, and to book a product demonstration or set up a free trial of the solution.
New Locky ransomware variants are frequently developed to keep security researchers on their toes. The malicious ransomware is highly sophisticated and further development allows the gang behind the crypto-ransomware to keep raking in millions of dollars in ransoms.
According to security researchers at Avira, a new Locky variant has now been discovered with new capabilities that spell trouble for businesses, even those with highly advanced security systems in place. Now, even rapid detection of Locky will not prevent files from being encrypted. Even if Locky cannot contact its command and control server, it will still execute and encrypt files. Previous Locky ransomware variants would only encrypt files after C&C server contact was established.
This means that if Locky is detected on a computer, shutting down the network or blocking communications will not prevent files from being encrypted. This is one of the few options open to organizations to limit the damage caused if ransomware is discovered.
New Locky Ransomware Variants Encrypt Without C&C Server Contact
Many of the latest ransomware strains use public key cryptography to lock users’ files. They will not encrypt files if systems are taken offline because they require contact with a C&C server to obtain the public-private key pairs that are used to lock files. These are only generated if a connection to the C&C is made. The private key that is used to unlock files is stored on the attacker’s server and never on the local machine that is infected.
Without a connection, unique keys for each user cannot be generated. This means that even if millions of computers are locked, one key will unlock them all. By generating a unique key for each infection, a ransom must be paid for each device that is encrypted. Without this, a business would only need to pay one ransom payment to unlock all infected devices.
Fortunately, that is the case with the latest Locky strain. If no C&C contact is made, all infected devices will be locked with the same key. That means only one ransom payment may need to be paid. However, if C&C contact is established, the AES encryption key will be encrypted using a separate RSA encryption key for each device and multiple payments will be required.
Avira reports that the new Locky ransomware variants use separate types of victim IDs, depending on whether files were encrypted offline or online. Offline infections use a 32-character alphabet for the victim IDs – “YBNDRFG8EJKMCPQX0T1UWISZA345H769” – rather than hex digits. By doing so, the attackers can determine which key to supply to unloick the encryption.
According to Avira’s Moritz Kroll, “Theoretically, if a company with a domain controller is hit by the new Locky and sees a non-hexdigit ID like ‘BSYA47W0NGXSWFJ9’, it might be cheaper to generate a victim ID with the same public key ID but without saying it’s a corporate computer.” That key can then be used for all other devices that have been infected.
While this may work, it is no substitute for having a viable backup. It is also far better to block the malicious spam emails that are used to deliver the ransomware using an advanced spam filtering solution such as SpamTitan, and to prevent drive-by downloads using WebTitian.
