Web Filtering
Web filtering is an ideal solution to prevent Internet users from visiting unsafe website that potentially harbor viruses and malware. A web filter works by comparing a request to visit a website against a list of predetermined parameters. If the request fails to pass the criteria defined by the parameters, the request is denied.
This process prevents Internet users from accessing websites they have been invited to visit in a phishing email or when clicking on an advertising link. Web filtering can also be configured to prevent cyberslacking, to block certain types of files from being downloaded or bandwidth-hogging web applications from being used.
To find out more about how your organization can strengthen its online defenses, enhance productivity and limit bandwidth loss, speak with one of our team today about web filtering.
Jul 8, 2016 | Cybersecurity News, Internet Security News, Web Filtering
If you want to keep your computers and network protected, you should ensure that browsers are patched as soon as updates are made available. However, end users may be fooled into taking action to keep their computers secure and inadvertently use fake Firefox updates.
Fake FireFox Updates Used to Install the Kovter Trojan
Fake Firefox updates are being used by the gang behind the Kovter Trojan. A new version of the fileless malware has been identified recently, and it is infecting users by posing as a fake Firefox update.
The cybercriminal gang behind Kovter frequently tweak the malware and come up with new ways of infecting end users. Kovter is a particular worry as it can be particularly difficult to detect. Being fileless, there are no actual files to detect. The malware resides only in the memory, and it ensures it is reloaded into the memory each time a computer is rebooted with a Windows registry component.
Kovter can perform a range of malicious activities, such as redirecting users to malicious websites, performing click fraud, downloading other malware, and now also encrypting files. The latest variant discovered by CheckPoint also has ransomware capabilities.
When users visit a malicious or infected website they are presented with fake Firefox updates and are urged to download the latest version to keep their computers secure. Researchers at Barkly discovered that the gang behind the latest Kovter campaign are using a legitimate certificate to fool antivirus engines. The certificate was issued to Comodo, although it has since been revoked. Anti-virus engines are also now being updated to detect the malware and block its download.
Preventing Drive by Malware Downloads
There are a number of steps that can be taken to prevent drive-by downloads of malware such as Kovter. Policies should be implemented that prohibit end users from performing software updates, which should be left to the IT team to handle. Patch management policies should be developed and implemented to make sure that when software updates and patches are issued, they are installed promptly or preferably automatically.
Browsers should never be updated outside the normal update process. To check if the latest version is installed, simply click on the help function, followed by the About option, and the browser will check to determine whether an update is available.
A web filtering solution is also an important security control to employ to prevent drive-by downloads. A web filter can be configured to block access to webpages known to contain malware and restrict access to non-work related websites which carry a high risk of malware infections. Some web filtering solutions – WebTitan Gateway for example – can also scan websites in real-time to check for known indicators of drive-by downloads and exploit kits. WebTitan then prevents the sites from being visited.
Jul 7, 2016 | Web Filtering
A new law has been approved by the House of Representatives that will require government agencies to block pornography on computers used by federal employees.
The accessing of pornography in the workplace is a serious issue. While the employees who access the adult material at work may feel like they are doing no harm, the accessing of adult websites carries an unnecessary risk of malware being downloaded onto computers and government networks. The recent massive data breaches experienced by government agencies have highlighted the need for improved protections to be implemented.
Eliminating Pornography from Agencies Act Passed by House
Rep. Gary Palmer (R-Alabama)-sponsored the bill – the Eliminating Pornography from Agencies Act (H.R. 901) – which is part of a new government reform package. Palmer saw a need to introduce new laws to block pornography on computers after it became clear that the problem was widespread in federal agencies.
Federal workers were suspected of accessing pornography at work and internal investigations revealed that a number of workers had been accessing sexually explicit material; in some cases, for many hours each day.
One notable instance involved a worker who was suspected of accessing pornography on a federal computer. When EPA Office of the Inspector General (OIG) investigators visited the employee, he was actually viewing pornography at the time. He admitted to accessing the material for two to six hours a day.
The Securities and Exchange Commission (SEC) OIG also conducted investigations. A 2010 report indicated 33 employees had been discovered to be accessing pornography at work. Last year, media reports suggested there was a porn crisis in the federal government, saying the problem was serious and widespread.
Aside from the huge drain on productivity, if an agency fails to block pornography on computers there is a considerable risk of employees infecting their computers with malware or causing a data breach.
The reform bill was passed 241-181. The new law will require agencies to block pornography on computers for all workers, although access will still be permitted for certain individuals who require access to the material as part of their investigations.
WebTitan – A Quick and Effective Way to Block Pornography on Computers
WebTitan is a highly effective, but easy to implement web filtering solution that can be used to quickly block a wide range of inappropriate web content from being accessed by employees. WebTitan is an enterprise-class web filter that allows organizations to block specific categories of web content such as pornography.
Once the solution is installed, to block pornography on computers system administrators only have to tick a checkbox. Websites and webpages containing pornographic images will no longer be able to be accessed by employees. Since WebTitan ties in with Active Directory, it is easy for different permissions to be set for individuals, user groups, or for the entire organization.
Filters can also be applied to block productivity draining websites such as Social media platforms, gambling websites, and gaming sites. Bandwidth draining activities such as video and audit streaming can also be blocked, as can websites known to contain exploit kits or malware.
WebTitan can be used to quickly and easily enforce acceptable usage policies and improve the productivity of the workforce as well as an organization’s security posture.
May 27, 2016 | Cybersecurity News, Internet Privacy, Internet Security News, Network Security, Web Filtering
A new phishing activity report published by the Anti-Phishing Working Group (APWG) shows that the threat from phishing websites is greater than any other time in the history of the Internet. The latest phishing activity report shows that in the past six months, the number of phishing websites has increased by a staggering 250%. Most of the new websites were detected in March 2016.
The Rising Threat from Phishing Websites Should Not Be Ignored
APWG was founded in 2003 in response to the rise in cybercrime and the use of phishing to attack consumers. The purpose of the organization is to unify the global response to cybercriminal activity, monitor the latest threats, and share data to better protect businesses and consumers.
In 2004, APWG started tracking phishing and reporting on the growing threat from phishing websites. During the past 12 years, the number of phishing websites being created by cybercriminals has grown steadily; however, the past six months has seen a massive rise in new websites that trick users into revealing sensitive data.
APWG reports that there is an increase in new malicious websites around the holiday season. In the run up to the holiday period when online shopping increases and Internet traffic spikes, there are more opportunities to relieve online shoppers of their credit card details, login credentials, and other sensitive data.
In late 2015, cybercriminals increased their efforts and there was the usual spike in the number of new phishing websites. However, after the holiday period ended APWG expected activity to reduce. That didn’t happen. New sites were still being created at elevated levels.
In the first quarter of 2016, APWG detected 289,371 new phishing websites were created. However, almost half of the new websites – 123,555 of them – were detected in March 2016. Aside from a slight dip in February, the number of new websites created has increased each month. March saw almost twice the number of new sites than were created in December. The figures for Q1 and for March were the highest ever seen.
Retail and Financial Sectors Most Frequently Targeted by Phishers
Phishers tend to favor well-known brands. The phishing activity report indicates little has changed in this regard. Between 406 and 431 brands are targeted each month. Most of the new sites target the retail industry which accounts for 42.71% of the new phishing websites detected in the first quarter of 2016. The financial sector was second with 18.67% of new sites, followed by the payment service industry with 14,74% and the ISP industry with 12.01%. The remaining 11.87% of new sites targeted a wide range of industries. The United States is the most targeted country and hosts the most phishing websites.
While phishing websites are now favored by cybercriminals, emails continue to be used to send malicious links and malware-infected attachments to consumers and businesses. In January, 99,384 phishing email reports were sent to APWG. The number increased to over 229,000 in February and stayed at that level in March.
APWG also tracked malware infections. In the first quarter of the year, 20 million malware samples were intercepted – an average of 6.67 million malware samples a month.
The report shows how critical it is for business to take action to prevent end users from visiting malicious websites and the seriousness of the threat from phishing websites.
One of the best ways that businesses can reduce the risk of employees visiting phishing websites is to use a web filtering solution. By controlling the sites that can be accessed by employees, the risk of phishing, malware infections, and ransomware attacks can be greatly reduced.
May 13, 2016 | Cybersecurity Advice, Network Security, Web Filtering
To reduce the risk of malware infections from websites you can avoid certain types of sites that are commonly used by cybercriminals to infect visitors. Sites containing pornography for instance, torrents sites, and online marketplaces selling illegal medication for example. However, while these sites are often compromised with malware or contain malicious code, they are far from the most common sites used by cybercriminals to infect visitors.
The unfortunately reality is that browsing the Internet and only visiting what are perceived to be “safe sites” does not mean that you will not be exposed to maware, malicious code, and exploit kits. Hackers are increasingly compromising seemingly legitimate websites to redirect visitors to sites containing exploit kits that download malware and ransomware.
Two CBS-affiliated news websites were recently discovered to be hosting malicious adverts that redirect visitors to sites containing the Angler Exploit Kit. MSN has been found to host malvertising in the past, as has Yahoo. A study conducted by anti-virus company Symantec revealed that three quarters of websites contain security vulnerabilities that could potentially be exploited to infect visitors with malware.
High Profile Websites Compromised and Used to Deliver Ransomware to Visitors
This week, two new websites were found to have been compromised and were used to infect visitors with malware.
The celebrity gossip website PerezHilton.com may cause problems for celebrities, but this week it was also causing problems for its visitors. The site attracts millions of visitors, yet few would suspect that visiting the site placed them at risk of having their computer files locked with powerful file-encrypting ransomware.
However, that is exactly what has been happening. Hackers compromised an iframe on the site and inserted malicious code which redirected visitors to a website containing the Angler Exploit Kit. Angler probes visitors’ browsers for security vulnerabilities and exploits them; silently download a payload of malware. In this case, the Angler Exploit Kit was used to push Bedep malware, which in turn silently downloaded CryptXXX ransomware onto the victims’ devices.
A second malvertising campaign was also conducted that redirected visitors to a different website. The exploit kit used to infect redirected visitors was different, but the end result was the same. A malicious payload was downloaded onto their devices.
Another well-known website was also discovered to have been compromised this week. The website of the world renowned French film production company Pathé was discovered to have been compromised. Hackers had managed to embed malicious code in one of the webpages on the site. The code also redirected users to a site hosting the Angler Exploit Kit, which similarly was used to infect visitors with CryptXXX ransomware.
How to Reduce the Risk of Malware Infections from Websites
Exploit kits take advantage of security vulnerabilities in browsers. To reduce the risk of malware infections from websites it is essential that browsers are kept up to date. That includes all browser plugins. If no security vulnerabilities exist, there would be nothing for exploit kits to exploit.
However, zero-day vulnerabilities are emerging all the time and software manufacturers are not always quick to develop fixes. Adobe was alerted to a new zero-day vulnerability a few days ago, yet they only just released a fix. During that time, the vulnerability could have been exploited using exploit kits. Cybercriminal gangs are quick to incorporate new zero-day vulnerabilities into their exploit kits and do so faster than software companies can release fixes. Ensuring all updates are installed promptly is a great way to reduce the risk of malware infections from websites, but additional measures need to be taken.
If you really want to improve your – or your company’s – security posture and really reduce the risk of malware infections from websites, you should use a web filtering solution. This is particularly important for businesses to ensure that employees do not inadvertently compromise the network. It can be difficult to ensure that all devices used to connect to the network are kept 100% up to date, 100% of the time.
A web filtering solution can be configured to block malvertising, blacklists can be used to prevent compromised websites from being accessed, and malware downloads can be prevented. Along with good patch management practices, it is possible to effectively reduce the risk of malware infections from websites.
May 11, 2016 | Cybersecurity Advice, Cybersecurity News, Internet Security News, Web Filtering
This week, patch Tuesday saw updates issued to address actively exploited security vulnerabilities in Internet Explorer, along with a swathe of fixes for a number of other critical Microsoft security vulnerabilities. In total, Microsoft issued fixes for 51 vulnerabilities this week spread across 16 security bulletins, half of which were rated as important, the other eight being rated as critical.
The updates tackle vulnerabilities in Microsoft Edge and Internet Explorer, Windows, the Microsoft .NET Framework, and MS Office; however, it is the browser fixes that are the most important. These include actively exploited security vulnerabilities that can be used to compromise computers if users visit websites containing exploit kits.
Security update MS16-051 tackles the CVE-2016-0189 zero-day vulnerability in Internet Explorer, which if exploited, would allow an attacker to gain the same level of privileges as the current user. The flaw could be used to take control of the entire system. The exploit could be used to install new programs on the device, create new accounts, or modify or delete data. The vulnerability modifies the functioning of JScript and VBScript, changing how they handle objects in the computer’s memory.
The IE security vulnerability was brought to the attention of Microsoft by researchers at Symantec, who had discovered an active exploit that was being used alongside spear-phishing attacks in South Korea. Users were being directed to a website containing an exploit kit that had been updated with the IE security vulnerability.
The MS16-052 security update tackles a vulnerability in Microsoft Edge which similarly changes how objects in the memory are handled. These two updates should be prioritized by sysadmins, although all of the updates should be installed as soon as possible. Even the important updates could potentially be exploited and used to gain control of unpatched computers.
Bulletin MS16-054 is also a priority update to patch critical vulnerabilities in Adobe Flash. Since Flash is embedded in both Edge and IE, Microsoft has started issuing updates to address Adobe Flash vulnerabilities. While these security flaws are not believed to have been exploited in the wild, it will not be long before they are included in exploit kits.
Microsoft may have fixed its actively exploited security vulnerabilities, but despite Adobe issuing patches for Acrobat, ColdFusion, and Reader on Tuesday, Flash remains vulnerable to attack. Adobe has yet to issue a patch for an actively exploited Flash security vulnerability (CVE-2016-4117) that affects version 21.0.0.226 and all earlier versions of the platform. This vulnerability has been included in exploit kits and can be used to take control of devices. In total, Adobe fixed 92 separate vulnerabilities in its Tuesday update.
Between Microsoft and Adobe, 143 vulnerabilities have been addressed this week. With hackers quick to add the vulnerabilities to website exploit kits, it is essential that patches are installed rapidly. These actively exploited security vulnerabilities also highlight the importance of using a web filtering solution to prevent users from visiting compromised websites where the vulnerabilities can be exploited.
May 6, 2016 | Cybersecurity Advice, Cybersecurity News, Internet Security News, Network Security, Web Filtering
Finding a web security service for MSPs can be a time consuming process. There are a number of solutions that allow MSPs to keep their clients protected from malware and reduce the risk from internal and external threats, yet many are far from ideal for use by MSPs.
The ideal web security service for MSPs must have a relatively low cost of ownership. Clients may be more than willing to implement a web security service to deal with the growing range of web-borne threats, but the cost of implementation is a key factor.
Many solutions offer all the necessary benefits for the client, but are not practical for use by MSPs. The time taken to install web security solutions and to configure them for each client can reduce profitability. The best web security service for MSPs need to be easy to install and maintain, and have a low management overhead.
Low cost solutions that are quick to install and easy to maintain allow MSPs to easily incorporate into existing packages to create a more comprehensive Internet security service. This can increase the value provided to clients, boost client revenue, and help MSPs to win more business and differentiate their company in the marketplace.
The ideal web security service for MSPs is available as a white label. This allows the service to be easily incorporated into existing packages. White labeling allows MSPS to strengthen their own brand image rather than promoting someone else’s.
Many providers of a web security service for MSPs fall down on customer support. If any issues are experienced, it is essential that an MSP can provide rapid solutions. Industry-leading technical support is essential.
WebTitan Cloud – A Web Security Service for MSPs That Ticks All the Right Boxes
WebTitan Cloud is an enterprise-class web filtering solution for MSPs that can be used to enforce clients’ acceptable use policies and control the content that can be accessed via their wired and wireless networks.
Our DNS-based web filtering solution allows organizations to prevent phishing, stop malware downloads, protect against ransomware and botnet infections, and block spyware and adware. Controls prevent the bypassing of the content filter by blocking anonymizer services. Encrypted web traffic is also inspected.
Implementation could not be any easier. There is no need for any hardware purchases or software downloads. All that is required is a change to the DNS to point to our servers and the Internet can be filtered in under 2 minutes.
Configuring each client to incorporate their AUPs is also a quick and easy process requiring no technical expertise. Highly granular controls ensure AUPs can be quickly and easily applied. There is no need to use on premise support teams. Everything can be monitored via the control panel from any Internet browser. There is no hardware or software to maintain and no patches to apply, reducing management overhead considerably. Cloud keys can be supplied to allow guests to bypass organization-wide content control settings, with time-limits applied to prevent abuse.
Reporting is effortless. A full suite of pre-defined reports can be generated automatically and scheduled for each client to allow Internet access to be carefully monitored.
We also offer fully white-labeled solutions for MSPs allowing logos, branding, and corporate color schemes to be easily incorporated. We are also more than happy to allow WebTitan Cloud to be hosted within an MSPs infrastructure.
What Your Customers Get
- Ransomware, malware, and phishing protection. Protection from malware, ransomware and the web-based component of phishing attacks. More than 60,000 malware iterations are blocked every day.
- A quick and easy to use DNS filter to manage and control web usage – Block malicious sites and control the web content employees and guest users can access.
- Easy to implement; Easy to use. Customer accounts are up and running within 20 minutes
- Improve network performance: A no latency DNS filtering solution that can be used to reduce bandwidth waste and abuse.
- Highly granular content filtering with flexible user policies
- Support for dynamic IP’s
- Works with any device
- Full reporting suite. WebTitan contains a comprehensive reporting suite providing automated graphical reports and extensive reports on demand.
- Fully automated updating – Does not add to your patching burden and requires minimal management while ensuring maximum security.
- Whitelists and blacklists Global whitelists and blacklists and custom categories can be configured to allow/block by full website address or by IP address
Benefits for MSPs
- Save on customer support time, hours and cost – No more costly ransomware call outs.
- Easy to deploy, manage and sell our awarded-winning cloud based web filtering solution
- Simple Integration into your existing service stack through API’s and RMM integrations
- Competitive pricing with a core focus on the SMB market.
- Generous margins and monthly billing
- White labelling – WebTitan can be fully rebranded with your logos and color scheme with us working seamlessly in the background.
- Set & forget. WebTitan requires minimal IT service intervention
- Short sales cycle – only a 14 day free trial required to test
- World class support – The best customer service in the industry with scalable pre-sales and technical support and sales & technical training
- Multi-tenant dashboard – MSP-client hierarchy enables you to keep clients separated and choose whether to manage client settings in bulk or on an individual basis
To find out more about why WebTitan Cloud is a game changing web security service for MSPs contact our sales team today!
MSP Testimonials
“WebTitan is an outstanding tool for most reliable content filtering. The monitoring feature of this specific product is quite unique that totally monitors all the process of online working and also secures all the data. Additionally, its set-up is superb easy and it can be done in just few minutes that save my time and energy as well.” Kristie H. Account Manager
“WebTitan is fairly easy to setup. It is available as a cloud based solution or on prem. You can get as simple or as complicated with your filtering as you like, it will handle most situations with ease. It has provided us with a stable web filtering platform that has worked well for us for many years. ” Derek A. Network Manager
“WebTitan is outstanding software that helps me a lot in minimizing viruses. The thing I like most about WebTitan is that it is extremely easy to use and configure. I like its clear interface. It lets us block malicious content and spam easily. It is no doubt an amazing product helping us a lot in kicking out harmful bad stuff.” Randy Q. Software Engineer
“By reducing malware-related security incidents, you’re reducing your number one uncontrollable expense: the people on your IT operations team, like your help desk techs.” MSP, Washington, US
“Web filtering is one of the, if not the greatest bang for your buck services. It’s built in anti malware has protected our clients, saving us thousands of hours of repair time I am absolutely certain.” MSP, New York, US
“a key part of our security stack as we’ve scaled to over 6,000 managed endpoints, while decreasing virus and malware related tickets by 70%.” MSP, Boston, US
“It has paid for itself many times over by reducing malware calls.” MSP, Toronto, Canada
May 5, 2016 | Cybersecurity Advice, Cybersecurity News, Internet Security News, Network Security, Web Filtering
Over the past two weeks there have been three worrying instances of the Angler exploit kit being used to infect website visitors with malware and ransomware. Cybercriminals are increasingly using exploit kits to deliver their malicious payloads and all organizations need to be aware of the risk.
Why AUPs May Not Be Sufficient to Keep Networks Secure
Many companies advise employees of the types of websites that can be accessed via work networks and which are forbidden. Typically, employees are banned from visiting pornographic websites, using the Internet for the sharing of copyright-protected material, installing shareware or other unauthorized software, and using unauthorized web applications and gaming sites.
Employees are provided with a document which they are required to read and sign. They are informed of the actions that will be taken for breaching the rules: verbal and written warnings for example, and in some cases, instant dismissal. These AUPs are usually effective and employees do heed the warnings if they value their jobs.
If an employee breaches the AUPs and accesses pornography for instance, action can be taken against that individual. It is probable that no harm will have been caused and the matter can be dealt with by HR.
However, if an employee breaches AUPs and visits a website that has been compromised with malware or installs shareware that includes malicious files, taking action against the employee will not undo the damage caused.
To better protect networks, AUPs should be enforced with a software solution. By implementing a web filtering solution, HR departments can ensure that inappropriate website content is not accessed, while IT departments can be prevented from having to deal with malware infections.
Even if AUPs are followed to the letter, malware may still be downloaded onto the network. The risk has recently been highlighted by two security incidents discovered in the past two weeks.
Legitimate Websites Compromised with Angler Exploit Kit
Last week, news emerged that a toy manufacturer’s website had been compromised and was being used to infect visitors with malware. The website had been loaded with the Angler exploit kit and was being used to silently infect visitors’ devices with ransomware.
An exploit kit is a malicious toolkit used by hackers to probe for security vulnerabilities in website visitors’ browsers. A visitor to a website containing an exploit kit – BlackHole, Magnitude, Nuclear, Styx, or Angler for example – will have their browser checked for out of date plugins such as Adobe Reader, Silverlight, Flash, or Java. If the plugins are not up to date, security vulnerabilities can be exploited to download a payload of malware. These attacks are silent and the website visitor will be unaware that their machine has been compromised.
This week, two more websites were discovered to have been hijacked and were being used to direct visitors to the Angler exploit kit. These websites were much more likely to be visited by company employees. They were the sites of two CBS-affiliated TV stations: KMOV in St. Louis and WBTV in Charlotte, North Carolina.
These news websites would be unlikely to be banned in AUPs, and few organizations would see the risk of their employees visiting these websites.
News Websites Contained Malvertising Directing Users to the Angler Exploit Kit
While the toy manufacturer’s website was directly infecting web visitors, in the case of KMOV and WBTV the attackers were using a common technique called malvertising. The websites had not been loaded with the Angler exploit kit, instead the attacks were taking place via third party adverts that were being served on the sites.
The sites contain adblocks which were used to serve advertisements via the Taggify network – a legitimate advertising network. However, a rogue advertiser had got around the controls put in place by Taggify and malicious adverts were being served.
The attackers hosted the malicious ad components – images and JavaScript- on their own servers. The malicious adverts were then served on unsuspecting website visitors. However, the rogue advertiser was also serving legitimate ads and these were displayed to web crawlers and scanners to avoid detection. Other users were served an advert that redirected them to the Angler exploit kit. If those visitors had browsers with out of date plugins, they would be infected with whatever payload the attackers chose to deliver.
Reduce Risk of Attack with a Web Filtering Solution
These three recent cases are just the tip of the iceberg. Criminals are hijacking all manner of websites and using them to host exploit kits. Legitimate websites serving third party adverts are also being targeted with malvertising.
Enforcing AUPs with a web filtering solution can help to prevent end users from visiting websites that have been compromised with malware. A web filter – such as WebTitan – can also be used to block third party advertisements from being displayed.
Unfortunately for enterprises, it is not possible to install patches as soon as they are released. Many patches require reboots, and that is not practical. The number of patches being released to plug security holes is considerable, and it takes time to patch all devices that connect to a network. Good patch management policies can reduce the likelihood of a successful attack, but they cannot prevent all attacks from taking place. If a web filtering solution is used that can block malvertising and websites known to contain malware, end users and networks will be better protected.
Apr 30, 2016 | Cybersecurity Advice, Cybersecurity News, Network Security, Web Filtering
There are some very good reasons why you should block file sharing websites. These websites are primarily used to share pirated software, music, films, and TV shows. It would be unlikely for the owner of the copyright to take action against an employer for failing to prevent the illegal sharing of copyrighted material, but this is an unnecessary legal risk.
However, the main risk from using these websites comes from malware. Research conducted by IDC in 2013 showed that out of 533 tests of websites and peer-2-peer file sharing networks, the downloading of pirated software resulted in spyware and tracking cookies being downloaded to users’ computers 78% of the time. More worryingly, Trojans were downloaded with pirated software 36% of the time.
A survey conducted on IT managers and CIOs at the time indicated that malware was installed 15% of the time with the software. IDC determined that overall there was a one in three chance of infecting a machine with malware by using pirated software.
Even visiting torrent sites can be harmful. This week Malwarebytes reported that visitors to The Pirate Bay were served malicious adverts. An advertiser used a pop-under to silently redirect users to a malicious site containing the Magnitude exploit kit which was used to downloaded Cerber ransomware onto users’ devices.
A study conducted by UC San Diego involved testing pirated software downloads using VirusTotal. VirusTotal checks files against the databases of 47 different anti-virus engines. The research team determined that 50% of pirated files were infected with malware.
Dealing with malware from pirated software was determined to take around 1.5 billion hours per year. For businesses the cost can be considerable. IDC calculated the cost to enterprises to be around $114 billion in 2013 alone. And that was just for the clean-up. The cost of data breaches caused by illegal software installations was estimated to be in the order of $350 billion.
Time to Block File Sharing Websites?
Organizations can monitor devices and check for unauthorized software installations on individual devices; however, by the time a software installation has been discovered, malware is likely to already have been installed. A recent report by Verizon suggests that on average, hackers are able to exfiltrate data within 28 minutes of gaining access to a system.
One of the easiest ways to manage risk is to block file sharing websites such as P2P and torrent sites. A web filter can be easily configured to block file sharing websites and prevent them from being accessed. Many web filters can also be configured to block specific file types from being downloaded, such as keygens and other executables.
By blocking file sharing websites organizations can ensure that copyright-violating activities are prevented and malware risk is effectively managed. Furthermore, web filters can be used to block web-borne threats such as phishing websites, compromised webpages, spam and botnets, adware, malware, ransomware, and anonymizers.
The failure to block file sharing websites could turn out to be costly. It is far better to block potentially dangerous websites and online activities than to have to cover the cost of removing malware infections and dealing with data breaches.
Apr 28, 2016 | Cybersecurity Advice, Internet Security News, Network Security, Web Filtering
Organizations are investing in technology to ensure the perimeter defense are not breached; however, it is also important to address the risk of insider data breaches. According to a recent report from Forrester, internal incidents were responsible for more than half of data breaches suffered by firms. Cybercriminals have stepped up their efforts and are attacking organizations with increased vigor, but the report suggests more than half of data breaches are caused by employee errors, oversights, and negligence.
Employees are under increasing pressure to get more work completed in less time. This can easily lead to errors being made or shortcuts being taken. Employees may be security minded most of the time, but it is all too easy for sloppy data security practices to creep in. Even with the most robust perimeter security defenses in place, simple mistakes can lead to disaster.
Email Borne Attacks Are Still A Major Risk
During the past 12 months the volume of spam email has fallen considerably. This is partly due to law enforcement taking down major botnets and the increasing use of efficient spam filters. Even with the reduced volume the threat from spam email is considerable. The Forrester report indicates spam email volume has dropped from almost 89% of all emails in 2014 to 68% of emails in 2015. However, over 91% of all spam emails contain a malicious link and 2.34% contain malicious email attachments.
Cybersecurity awareness training has helped to mitigate the risk of insider breaches to some degree but they are still occurring. Most employees now know not to open email attachments from people they do not know, but what about from people they do know?
There has been an increase in business email compromise attacks in recent months. These attacks involve the sending of spam and phishing emails from within an organization. These emails are more likely to result in malicious email attachments being opened and links being clicked than emails from strangers. All emails should be treated as suspicious and should be carefully checked, not only those from outside an organization.
Employees are aware never to run an executable file that has been sent via email and to be wary of opening zip files from strangers. The Forrester report suggests that attackers are increasingly using standard office files to infect their targets. Microsoft Office files are used in 44.7% of attacks.
Employees who install unauthorized software are also placing their companies at risk. The use of shadow IT is behind many data breaches. Cybercriminals are exploiting vulnerabilities in the software installed by end users. Many of these programs contain serious vulnerabilities.
How to Address the Risk of Insider Data Breaches
Tacking the threat from within is more complicated that securing the defense perimeter as it is far harder to prevent employees from making simple mistakes. Organizations must take steps to reduce the likelihood of mistakes being made, while also ensuring that when employees do make data security snafus do not prove to be catastrophic.
Some of the ways organizations can address the risk of insider data breaches include:
- Conduct background checks before hiring new staff
- Ensuring access to systems is terminated before staff are
- Limiting network privileges
- Block the copying of critical data onto portable devices
- Provide all new staff with data security training
- Regularly conducting refresher training sessions
- Conducting quarterly cybersecurity fire-drills to ensure training is not forgotten.
- Sending regular email bulletins to keep cybersecurity awareness training fresh in the mind
- Sending dummy phishing emails to staff to test the effectiveness of training
- Scanning for shadow IT installed on user devices
- Ensuring bank transfer requests are checked by two individuals before being authorized
- Using a web filtering service to block phishing websites and limiting access to potentially risky websites
- Configuring a web filter to block the downloading of risky file types
It may not be possible to eliminate the risk of insider data breaches, but it is possible to effectively mitigate risk.
Apr 22, 2016 | Cybersecurity Advice, Cybersecurity News, Web Filtering
The healthcare industry has had a hard time in recent months; however, it is far from the only industry being targeted by hackers. Manufacturing company cyberattacks are on the increase and the industry is now second only to healthcare according to a new report from IBM X-Force Research. The manufacturing industry has replaced the financial sector as hackers attempt to gain access to intellectual property. Intellectual property can be sold for big bucks on the black market.
$400 Billion Worth of Intellectual Property Is Stolen from U.S. Companies Every Year
According to figures from the Federal Bureau of Investigation, each year over $400 billion worth of intellectual property is stolen from the United States and sold overseas. Many of the attacks are conducted by nation-state backed hacking groups, although a number of players have now got in on the act due to the value of data and the relative ease of breaking through manufacturing company cybersecurity defenses.
According to the IBM’s 2016 Cyber Security Intelligence Index, manufacturers in the automotive sector were most frequently targeted. Chemical companies were the second most likely to be attacked. 30% of manufacturing company cyberattacks took place on automotive manufacturers.
Not only are the potential rewards for successful manufacturing company cyberattacks high, attacks are relatively easy to pull off. A successful attack on a company in the financial sector may be rewarding, but the defenses put in place to keep hackers at bay are usually far more robust than in less well regulated industries such as manufacturing. The manufacturing industry has been relatively slow to improve cybersecurity defenses.
Organizations in the healthcare industry are required to comply with the Health Insurance Portability and Accountability Act or HIPAA for short. HIPAA sets a number of minimum standards which must be met by all healthcare organizations. Administrative, technical, and physical safeguards must be implemented to keep patient data protected. The legislation has forced healthcare companies to improve their cybersecurity defenses.
Similarly, legislation has been introduced that requires organizations in the financial services industry to improve protections to keep data secure. Organizations must comply with the Gramm-Leach-Bliley Act and implement Payment Card Industry Data Security Standards. With no equivalent legislation covering the manufacturing industry, companies have not been forced to improve their cybersecurity defenses. While many organizations have implemented robust multi-layered security defenses, data security standards are higher in the healthcare and financial services verticals.
Many Manufacturing Company Cyberattacks Target Employees
With the number of manufacturing company cyberattacks increasing, cybersecurity defenses need to be improved. Many of the attacks target end users. Phishing and spear phishing emails can be a highly effective way of getting past security defenses. Employees are seen to be the weakest link in the security chain.
IBM X-Force senior threat researcher John Kuhn pointed out that servers are being targeted by hackers using phishing and spear phishing schemes. If employees can be lured onto malicious websites, vulnerabilities can be exploited and malware downloaded onto computers. From there it is a small hop to network servers.
Providing security training to staff is essential to reduce the risk of phishing attacks being successful. However, training alone is not sufficient to prevent all attacks. Software solutions should also be used to make it harder for end users to inadvertently install malware. A web filter should be implemented to prevent end users from downloading malicious software and visiting compromised websites. Web filtering can be a highly effective way of preventing attacks that target employees.
It is also essential to conduct comprehensive risk assessments to identify security vulnerabilities. All systems need to be assessed regularly. Any vulnerabilities identified need to be promptly addressed.
Apr 1, 2016 | Cybersecurity News, Network Security, Web Filtering
The FBI issued warnings last year over the rise in popularity of Bitcoin ransomware, and a few days ago the law enforcement agency reached out to companies requesting assistance to help it tackle the threat from the latest ransomware variants, just days before the malicious software was used on MedStar Health System.
Over the last few weeks a number of healthcare institutions have reported being attacked with ransomware, and there is no telling how many companies have had corporate and customer data encrypted by attackers. Many do not like to advertise the fact they have been attacked.
While attacks on individuals only result in relatively small ransoms being paid, the same cannot be said for companies. Ransom demands of tens of thousands of dollars are issued, and many companies feel they have little alternative but to pay the ransom demand in order to recover their data.
Unfortunately for enterprises, the threat from Bitcoin ransomware is unlikely to go away any time soon. More cybercriminals are getting in on the act and attacks will continue as long as they prove to be profitable. The bad news is Bitcoin ransomware is very effective. Worse still, attacks require little technical skill and cost very little to pull off.
Bitcoin Ransomware Kits Mean Little Skill is Required to Pull Off a Successful Attack
According to a report in the Italian newspaper La Stampa, the cost of conducting a ransomware attack can be shockingly low and requires little in the way of skill. One reporter at the newspaper set out to discover just how easy it is to buy ransomware and conduct an attack. After visiting underground forums on the darknet, the researcher found a board where ransomware-as-a-service was being offered.
One poster on a Russian forum was not only offering ransomware for sale, but made it exceptionally easy for would-be cybercriminals to conduct campaigns. The purchaser would be supplied with the ransomware, distribution tools to send out the malicious file-encrypting software via email and advertising networks, and this Bitcoin ransomware service could be bought for as little as $100.
According to the article, the purchaser would be allowed to keep 85% of the ransoms that were collected, with the remaining 15% going to the seller of the service. There appears to be no shortage of takers. The hacker behind this campaign allegedly has between 300 and 400 active customers. This is only one seller. There are many more offering such a service. The campaigns may not be particularly sophisticated, but the reality is that they don’t actually need to be.
Some sellers even offer Bitcoin ransomware kits where purchasers only need to enter in their Bitcoin address for the payment of the ransom, the amount they wish to charge their victims for the security keys, and they can download everything they need, including instructions on how to run the campaign. These services are not being sold for big bucks. The sellers know they can earn considerable sums by taking a cut of the ransoms that are paid.
The standard rates being charged by attackers to supply security keys for single computer infections is between 0.5 and 1 Bitcoin – approximately $200-$425. All that is required for an attacker to make a profit is one or two victims to install the Bitcoin ransomware and pay for a security key. According to data released by Tripwire, half of American ransomware victims have ended up paying the ransom demand to recover their data.
Until law enforcement efforts to track down attackers and shut down underground forums improve, and victims stop paying ransoms, the attacks are likely to continue to increase.
What businesses need to do is to make sure they are better protected to prevent Bitcoin ransomware from being installed and to ensure they have viable backups in case ransomware does get installed on their networks.
Mar 31, 2016 | Cybersecurity Advice, Network Security, Social Media, Web Filtering
There are a number of ways for managed service providers to increase cash flow and boost profits. Efficiency can be improved, staff productivity can be increased, better margins achieved, and new in-house products could be developed. Unfortunately, all of these are easier said than done.
The main ways to increase profits by a significant amount is to attract new customers and increase the amount each existing client is spending.
If only there was a secret ingredient that MSPs are missing that could help them help to win more business and get each client to spend more! The good news is that for many MSPs, there is such a product.
Any MSP that has yet to include a web filtering service into their product portfolio could be missing out on substantial profits.
Web Filtering – An Easy Way for MSPs to Increase Profits
Filtering the Internet is now essential for many enterprises. In certain Industries it is mandatory for companies to filter the Internet. They need to ensure sensitive data are protected and risk is effectively managed. Networks must be protected from attacks by hackers and with an increasing number of web-borne threats, Internet usage policies alone are not sufficient to keep organizations protected. Those policies need to be enforced and a web filter is the natural choice.
In some industries, education for example, it is mandatory for the Internet to be filtered. Minors must be prevented from accessing obscene website content or other material that could be harmful. Even when it is not mandatory to filter the Internet it is often desirable. Hotels, restaurants, transport networks, airports, cafes, and coffee shops are choosing to implement controls to ensure all users enjoy a safe browsing experience.
In business, productivity losses from Internet abuse can be considerable. If every employee wasted an hour each day on personal Internet use, the losses to a medium-sized company would be substantial. Some studies suggest even more time is wasted by employees each day on non-work related Internet activities.
Failure to filter the Internet can prove costly in many ways. For example, the accessing of adult content in the workplace can lead to the development of a hostile working environment, which affects morale, productivity, and can cause all manner of HR headaches. The use of torrent sites and the downloading of pirated films, music, TV shows, and software can cause organizations legal headaches as well as placing pressure on bandwidth.
Many websites are unsafe and accessing those sites places organizations at a greater risk of a malware infection. A single compromised computer can cause an incredible amount of damage. The latest ransomware attack on Medstar Health is a good example. A computer virus was inadvertently downloaded which resulted in the shutdown of the health system’s email for its entire workforce, as well as its electronic medical record system.
Hollywood Presbyterian Medical Center was attacked with ransomware and had to pay $17,000 to obtain security keys to unlock its data. It is not only healthcare organizations that are having to deal with ransomware. U.S Police Departments have been forced to pay attackers after their computers have been locked by file-encrypting software, and many organizations have fallen victim to ransomware, keyloggers, viruses, and other malicious software. These infections are a drain on productivity and take a considerable amount of time and resources to fix.
A web filtering solution can protect against web-borne threats, can be used to tackle productivity losses, and prevent illegal or unsuitable website content from being accessed. Web filtering is now less of an option for many businesses and more of a requirement. MSPs offering such a service can fine it is an easy sell and a great way to boost profits.
What to Look for in a Web Filtering Product
In order for a third-party product to be included in an MSPs existing portfolio it should have a number of features. MSPs therefore need to find a web filtering product that:
- Has generous margins
- Is easy for sales teams to sell to clients
- Has a low management overhead
- Is easy to install
- Appeals to a wide range of clients
- Can be easily incorporated into existing product offerings
- Can be easily incorporated into back-office systems
There is a product that ticks all of these boxes, and that is WebTitan Cloud.
WebTitan Cloud and WebTitan Cloud for WiFi – Ideal Web Filtering Solutions for MSPs
WebTitan Cloud is a 100% cloud-based DNS filtering solution that has been designed to be easy to implement, maintain, manage, and sell to clients. WebTitan Cloud a no-brainer for many organizations, allowing thousands of dollars to be saved.
WebTitan Cloud can help organizations increase productivity of the workforce, improve security posture to prevent malware infections, and highly competitive pricing means considerable savings can be made by organizations looking to switch web filtering providers.
WebTitan can be implemented without any effect on Internet speed, there is no need for any additional hardware, no software downloads are required. Our product is easy to use and management is straightforward and not labor-intensive.
Key Features and Benefits of WebTitan Cloud that will Appeal to MSPs
WebTitan Cloud and WebTitan Cloud for WiFi have been developed to be appealing to MSPs and their clients. To make it as easy as possible for our web filtering solutions to be incorporated into existing client packages and allow MSPs to boost profits, we offer the following:
White labelling – Allows MSPs to add their own branding and color schemes.
Hosting choices – We can host on our servers, provide private cloud hosting, or you can run our solution within your own infrastructure.
Generous margins for MSPs and highly competitive pricing – An easy way to boost profits.
Usage-based Monthly billing – Makes WebTitan Cloud more affordable for clients.
Flexible pricing – Our product can easily be included in your pricing models.
Multi-tenanted solution – Advanced customer management features makes it easy to add new clients.
API-Driven – Easy integration into back-end billing and reporting systems.
Highly scalable – Our web filtering solution is suitable for businesses of all sizes.
Excellent Support – Industry leading customer service and technical support. If you have a problem, it will be rapidly resolved.
To find out more about how easy it is to incorporate WebTitan Cloud into your existing portfolio and boost profits contact our sales team today.
Mar 19, 2016 | Cybersecurity News, Internet Security News, Web Filtering
Cybercriminals are moving away from email attacks and are concentrating on web-based exploits to deliver malware. Email remains a major source of malware, but web-based attacks are now much more prevalent.
Web-Based Exploits Increasingly Used to Deliver Malware
A recent report from Palo Alto Networks showed that out of just over 68,000 malware samples collected, 25% were delivered via email, whereas 68% were delivered during web-browsing. Those figures were for known malware. When it comes to undetected samples, the figures for web-browsing rose to 90% compared to just 2% delivered via email. Undetected malware samples are those which are not detected by traditional anti-malware and anti-virus solutions.
It is easy to see why web-based exploits are being favored by cybercriminals. It takes much longer for web-based exploits to be detected by anti-virus software than email-based attacks. Palo Alto reports that it takes four times as long to detect web-based exploits as it does email-based attacks. Attackers are also able to tweak web-based malware in real-time. Email-based malware needs to be sent out and changes can only be made for each new campaign.
In the case of email-based malware attacks, the malicious software is relatively easy to detect by AV companies. They are able to give each malware sample a signature, which makes it much easier to block attacks. In the case of web-based malware this is a much harder task. The malware can be tweaked in real-time, making it harder for AV companies to capture and create a signature. A web server on which malware is hosted can be configured to re-code the malware automatically and generate many thousands of unique malware. Capturing and adding a signature to each simple takes too long.
There are many methods that can be employed to reduce the risk of malware infections from web browsing, although one of the easiest preventative steps to take is to use a web filtering solution such as WebTitan. WebTitan allows organizations to carefully control the websites that can be accessed by end users.
Palo Alto reported that HTTP proxies were frequently used in malware delivery. The blocking of HTTP proxies and web anonymizers can help to improve security posture and reduce the risk of malware downloads. P2P networks are also commonly used to deliver malware, and these can also be easily blocked with WebTitan web filtering solutions.
Social media websites are a common source of malware infections. A recent survey conducted by the Ponemon Institute revealed that 18% of respondents had experienced a malware attack via social media websites. Blocking access to social media networks, or blocking the file-transfer function of Facebook for example, can help to reduce the risk of malware downloads.
The threat landscape is constantly changing; however, by carefully controlling the actions that can be performed by end users with a web filter, the risk of malware infections can be greatly reduced.
Mar 17, 2016 | Cybersecurity Advice, Cybersecurity News, Social Media, Web Filtering
Enterprise social media usage policies have only been introduced by 54% of organizations according to a recent social media research study conducted by Osterman Research.
Social media use in the workplace has grown significantly in recent years, both personal use of social media sites as well as the use of the platforms for business purposes. However, just over half of enterprises have implemented policies that limit or restrict use of the websites.
Enterprises face a choice. Allow the use of the sites and accept that a considerable amount of each employee’s day will be devoted to personal social media site use, or place controls to limit use. These can be restrictions on the times that the sites can be accessed, the amount of time each employee is “allowed” to take as Facetime, or the actions that can be performed on social media sites.
There are good reasons for not introducing social media usage policies. Some employers believe social media site use can improve collaboration between employees and departments. Some employers believe social media use can help improve corporate culture and even lead to faster decision making capabilities.
However, some studies suggest that employers lose more than an hour each day per employee to social media networks. If that figure is multiplied by the 500 or more employees in an organization, it represents a considerable productivity loss.
Many employers do not mind a little time on social media sites each day, provided that usage is kept within reasonable limits. An employee cannot be expected to work productively for a full 8 hours a day, so allowing some social media time can help employees recharge before they get back to working at full speed. If an employee takes 5 minutes every hour to check their Facebook feed, it could actually help to increase the work that they perform each day.
Social Media Usage Policies Can Help Employers Manage Security Risk
Use of social media platforms is not only about time not spent working. There is a security risk associated with the use of social media networks. That security risk is considerable and the risk is growing. The Osterman Research study revealed the risk of malware delivery via social media networks is considerable. 18% of respondents said that they had had malware installed as a result of social media site use. 25% said they had experienced a malware attack where they could not determine the origin. Some of those incidents may have also resulted from social media site use.
Social media site use may have benefits, but it is important for enterprises to manage the risks. To do that, social media usage policies are likely to be required along with technological controls to help enforce those policies.
Osterman Research suggested a three step approach should be taken. Before enterprises implement social media usage policies it is important to find out why social media platforms are being used and how often they are being accessed. An audit should be conducted to determine the extent to which sites are accessed, the tools that are being used by employees, the time spent on the sites, and the activities that take place.
This will allow organizations to determine the benefits they get from social media site use and weigh these up against the risks. Appropriate social media usage policies can then be developed.
Employees will need to be trained on appropriate social media usage. Employers have the right to monitor Internet activity at work. The use of Facebook, Twitter, LinkedIn and other social platforms is therefore not private. Employers should explain that they have the right to monitor social media usage at work and take action against individuals who violate social media usage policies.
Osterman suggests that technologies should be implemented to control social media usage to help mitigate the risk of malware downloads and other social media threats.
Controlling Social Media Usage at Work
WebTitan Gateway – and WebTitan Cloud for WiFi – can help in this regard. Both web filtering solutions can help organizations control the use of social media sites at work and both solutions can be used to enforce social media usage policies. Controls can be placed on when social media sites can be accessed: Outside working hours or during lunch hours for example. Controls can also be set by user group. The marketing department will require a different set of rules to the billing department for example.
Controls can also be implemented to manage risk from malware. The downloading of risky files can be blocked: .exe, .scr, .zip, or .bat for example. Links to malicious websites are often uploaded to social media networks. WebTitan can be configured to prevent those sites from being accessed. WebTitan also allows Internet usage to be carefully monitored.
Many organizations prefer to take a reactive approach to social media use at work, and only introduce controls when there has been a malware attack, a breach of confidentiality, or when site usage has reached unacceptable levels. Taking a more proactive approach can prevent problems before they occur.
Mar 10, 2016 | Cybersecurity Advice, Network Security, Web Filtering
Ransomware is not new; however, cybercriminals have been using the malicious software with increased frequency in recent months as a sure fire way of generating income. It is now essential to protect networks from ransomware due to the increased risk of attack.
What Is Ransomware?
Ransomware can be considered to be rogue security software. It uses the same encryption that companies are advised to use to protect their data from cyberattackers. It encrypts files to prevent them from being used or accessed. Encrypted files can only be unlocked with a security key. Attackers lock data and demand a ransom to provide the security key. Without the key, the files will remain locked forever. It is therefore important for organizations to take steps to protect networks from ransomware. The threat of attack is increasing and failure to take proactive steps to reduce risk could prove costly.
Why are Ransomware Infections Increasing?
Malware can be used to record keystrokes and gain login credentials to access bank accounts, or to create botnets that can be sold as a service. Corporate secrets can be sold to the highest bidder, or Social Security numbers, names, and dates of birth stolen and sold on to identity thieves. However, attacks of this nature take time and effort. Ransomware on the other hand gives criminals the opportunity to make a quick buck. Several hundred of them in fact.
If a cybercriminal can infect a single machine with ransomware and lock that device, a ransom of between $300 to $500 can be demanded. The ransom must be paid using the virtually anonymous Bitcoin currency. Bitcoin can be bought, sold, traded, and spent without having to disclose any identifying information. Cybercriminals are able to demand ransoms with reasonable certainty that they will not be caught.
Ransomware-as-a-service is being offered on underground networks, meaning cybercriminals do not need to be skilled hackers or programmers. For a payment of between 5% to 20% of the profits and a nominal download fee, criminals are able to use the malware to generate a significant income.
Ransomware is lucrative. One of the most sophisticated strains of ransomware, CryptoWall, has been estimated to have netted its developers around $325 million in profit. Considerably more in fact, since the CyberThreat Alliance figures were calculated in 2015.
It is not difficult to see the attraction of ransomware. Because of the effectiveness of ransomware campaigns, we are only likely to see even more infections in 2016. In fact, this year there have been a number of ransomware infections reported by companies who have failed to protect networks from ransomware infections, leaving them little alternative but to pay to have their data unlocked. The victims include schools, healthcare providers, and even law enforcement departments. All organizations need to protect networks from ransomware or they may be left with little choice but to pay a ransom to unlock their files.
Who Is Being Targeted with Ransomware?
In the majority of cases, individuals and businesses are not actually targeted. Ransomware is sent out randomly via spam email. Oftentimes, millions of emails are sent in a single campaign. It is a numbers game and a percentage of emails will be opened, a smaller number of machines will be infected, and organizations that have failed to protect networks from ransomware are likely to have to pay the ransom.
However, businesses are also being targeted by attackers as the money that can be demanded to unlock devices – and networks – is much higher. A business may decide to pay several thousand dollars to recover critical data. Hackers and cybercriminals know this and are targeting organizations with spear phishing emails designed to get users to visit malicious websites that download ransomware. Spam emails are also sent with the malware disguised as invoices or even image files.
How Much Are Cybercriminals Asking to Unlock Encrypted Devices?
While single users receive $500 demands, the same cannot be said of businesses. Attackers can demand whatever fee they want. In February, Hollywood Presbyterian Hospital felt that paying a $17,000 ransom was the most logical solution considering the cost of data loss, downtime, and the restoration of its systems. The effort required and the cost of rectifying an infection could exceed the ransom cost by several orders of magnitude.
Horry County school district in South Carolina paid a ransom of $8,500 to decrypt 25 servers. The FBI investigated and told the school it had no alternative but to pay the ransom if it wanted to recover its data. In 2015, the Tewkbury, Mass., Police Department was also forced to pay up after it suffered a CryptoLocker attack. While data could be restored from a backup, the most recent file was corrupted and the only viable backup was more than 18 months old. In late February, 2016., Melrose Police Department, Mass., also paid a ransom to unlock files.
Is There an Alternative to Paying A Ransomware Ransom?
Depending on the type of ransomware used by cybercriminals in their attack, it may be possible to unlock data without paying a ransom. In some cases, data may not actually be locked at all. Users may just be fooled into thinking that it is.
Scareware is used to fool users into thinking they have been attacked with ransomware, when in actual fact they have not. Paying the ransom will remove the scareware from the device, but since no files have been encrypted, it is possible to remove the malware without paying the ransom. Many security tools can be used. In fact, that is how the attackers often make their money. By selling victims a security tool to remove their own infection.
Kovtar ransomware is a little different. This malware locks a computer and displays a message that cannot be removed. A lock screen is used which is displayed on boot, which prevents the user from using their device. It resides in the registry, but can be removed without paying a ransom. It has been commonly used as a police scam, claiming the user had visited websites displaying child pornography, even though in all likelihood they did not. It displays an FBI or police department warning, and demands that a payment be made to avoid any further action.
However, ransomware that actually encrypts files is a different beast entirely. Encryption cannot be unlocked without a security key, although it may be possible to restore files from a backup or with a system restore. Provided of course that those files have not also been encrypted. Some ransomware encrypts the files needed to restore data from a backup, or the backup files themselves.
When files have been encrypted, even the FBI has advised individuals to pay the ransom. In 2015, Joseph Bonavolonta, FBI cybercrime chief in Boston, was quoted as saying, “To be honest, we often advise people just to pay the ransom.”
The FBI says that most ransomware attackers are true to their word and supply the keys. That is not necessarily the case though. The keys may not be supplied and the individual could receive a further demand. Some ransomware that has been tweaked has been broken, making it impossible to decrypt locked files. Paying the ransom in such cases would not allow data to be recovered. There is no guarantee that payment of a ransom will result in a working key being provided. It is therefore essential to implement a number of measures to protect networks from ransomware infections.
How to Protect Networks from Ransomware?
There are a number of strategies that can be adopted to protect networks from ransomware infections and to reduce the damage caused if security defenses are breached.
Perform Regular Backups
Performing daily and weekly backups is essential. This measure will not protect networks from ransomware, but it will reduce the damage cause if an infection occurs. Backups of data should ensure files can be recovered. However, backups cannot always be restored. Just as the Tewkbury Police Department. It is essential that backups are not stored on portable devices that are left connected to computers. Ransomware can encrypt portable drives and can scan and lock files on networks, not just on individual devices.
Use a Spam Filter
Ransomware is often spread via spam email. One of the best ways to protect networks from ransomware is to prevent spam email from being delivered. Using a robust spam filtering solution will ensure the majority of malicious emails are caught and quarantined to prevent them from being opened by end users.
SpamTitan blocks 99.9% of spam emails, greatly reducing the likelihood of employees infecting their computers and corporate networks with ransomware.
Train Staff How to Identify Malicious Emails
Staff training is essential and a great way of helping to protect networks from ransomware. Emails are occasionally delivered to inboxes even with a robust spam filter in place. Employees must therefore be made aware of the risk and taught best security practices to avoid compromising their network or infecting their devices. Employees should be told never to open an email attachment that has been sent from someone they do not know. They should always check the email address of the sender carefully. Unfortunately, ransomware is not only spread via spam emails and web-borne attacks are more difficult to identify.
Use WebTitan to Block Malicious Websites
Cybercriminals use malicious advertising – terms malvertising – to lure individuals onto malicious websites where drive-by ransomware downloads take place. These adverts are often placed on legitimate websites via third party advertising networks. Malicious links are also posted on social media networks. Phishing emails also contain links to malicious sites that download ransomware.
One of the best ways that businesses can reduce the risk of a web-borne attack and protect networks from ransomware infections is by limiting the websites that can be accessed via their Wi-Fi and hard-wired networks. Blocking websites known to contain malware, preventing the downloading of file types commonly associated with ransomware, and blocking third party adverts from being displayed can all greatly reduce risk. To do this, a web filter is required.
WebTitan Cloud for Wi-Fi and WebTitan Gateway can be used by businesses, schools, and operators of Wi-Fi networks to reduce the risk of a ransomware attack. WebTitan blocks users from engaging in risky online behaviors and visiting malicious websites. Regardless of the level of training provided to users of computer networks, it is not possible to eliminate risk entirely. Using a web filtering solution to protect networks from ransomware, along with staff training and a spam email filter can greatly improve security posture.
The cost of these protections for businesses, educational institutions, and healthcare organizations is likely to be far lower than the cost of paying a ransom.
Feb 11, 2016 | Cybersecurity Advice, Internet Security News, Network Security, Web Filtering
One of the main priorities for IT professionals in 2016 is securing Wi-Fi hotspots. The use of unsecured public Wi-Fi is notoriously risky. Cybercriminals spy on the activity taking place at WiFi hotspots, and it is at these Internet access points is where many man-in-the-middle attacks take place.
The Dangers of Unsecured WiFi
Preventing employees from using personally owned and work devices on unsecured Wi-Fi networks is a major challenge, but one that must be met in order to keep work networks free from malware.
When employees use smartphones, tablets, and laptops to connect to unsecured Wi-Fi networks, there is a high risk that those devices may be compromised. Hotspots are frequently used to deliver malware to unsuspecting website visitors, and malicious software can subsequently be transferred to work networks. With personally owned devices increasingly used for private and work purposes, the risk of a work network malware infection is particularly high.
The risks associated with unsecured Internet access points are well known, yet people still tend to still engage in risky behavior when accessing the Internet via these wireless networks. In a rush to take advantage of free Internet access, basic security best practices are all too often ignored. Devices are allowed to connect to Wi-Fi hotspots automatically and Wi-Fi hotspots are not checked to find out if they are genuine or have been spoofed.
Security Professionals Concerned About Employees’ Use of Unsecured WiFi Networks
A recent survey conducted by the Cloud Security Alliance indicates security professionals are very concerned about the use of unsecured WiFi networks. The Cloud Security Alliance is a collective of security professionals, businesses, and privacy and security organizations that are committed to raising awareness of cybersecurity best practices.
The organization recently conducted a survey and asked 210 security professionals their opinions on the top threats to mobile computing in 2016. 2010 member organizations were polled and more than 8 out of 10 respondents (81%) said that the threat from unsecured WiFi access points was very real, and was one of the biggest mobile security risks in 2016.
The Importance of Securing WiFi Hotspots
Many organizations that operate a network of Wi-Fi hotspots have yet to implement security measures to keep users of those networks secure. Those Wi-Fi access points are made available to customers in bars, restaurants, hotels, airport lounges, sporting venues, and on public transport such as busses and trains.
Guests are allowed to connect to those networks, yet little is done to police the activity that takes place over the network. Consequently, the door is left open for cybercriminals to conduct attacks.
Failing to provide even a basic level of security is a big mistake. If patrons suffer malware infections, data loss, identity theft, or other forms of fraud as a result of accessing the internet at a particular location, they are likely never to return.
With IT professionals now educating their staff members about the dangers of using unsecured WiFi access points, businesses that offer secure WiFi access are likely to attract far greater numbers of customers than those that do not.
There is a cost associated with securing WiFi hotspots of course. However, what must be considered is the amount of business that will be lost as a result of not securing WiFi hotspots. The cost of implementing security measures is likely to be much lower in the long run.
Securing WiFi Hotspots with WebTitan Cloud for WiFi
A business offering customers wireless Internet access used to have to purchase additional hardware or software in order to secure WiFi access points. Not only was there a cost associated with adding a security solution, implementing that solution was a complex task that required skilled staff and many man-hours.
Providing a secure browsing environment for customers would mean getting them to download software to the device used to access the Internet. That is hardly a practical solution for a bar or restaurant where quick and easy access to the internet is required by customers.
WebTitan offers a much easier solution that makes securing WiFi hotspots a quick and easy task. Since WebTitan Cloud for WiFi is a 100% cloud-based security solution, it requires no additional hardware and no software installations. Any user can connect to a WiFi network and benefit from a secure browsing environment, regardless of the device they use to connect.
Setting up a WiFi web filtering security solution is also fast and painless, and doesn’t require much in the way of technical expertise. Simply change the DNS settings and point them to WebTitan, and a secure browsing environment will be available to customers in a matter of minutes.
Websites known to contain malware can be easily blocked, users can be prevented from downloading files types frequently associated with malware, and web content can be filtered to stop users from engaging in questionable internet activity such as viewing pornography. Securing WiFi hotspots couldn’t be any easier.
If you are interested in securing WiFi hotspots run by your company, contact WebTitan today to find out just how easy and cost effective it can be to offer your clients a secure browsing environment.
US Sales +1 813 304 2544
UK/EU Sales +44 203 808 5467
IRL +353 91 54 55 00
or email us at info@webtitan.com
Feb 5, 2016 | Cybersecurity Advice, Network Security, Web Filtering
Organizations running WiFi networks are facing attacks from all angles. Many companies are choosing to implement web filters for WiFi networks to help mitigate risk from the growing number of malware variants that are being used to attack businesses via their WiFi networks.
A new report issued by Bilbao-based antivirus software developer Panda Security, has revealed the extent of the problem. Last year, over 84 million new malware samples were identified, which equates to 27% of all malware previously identified.
The proliferation in malware has been attributed, in part, to the rise in use of antivirus software and the effectiveness of those software programs. When a new malware is discovered, antivirus signatures are updated and shared with all antivirus software developers. In a very short space of time, all AV engines will block a particular malware.
Hackers have respondent by using software that modifies malware slightly, allowing hundreds or thousands of variants to be released. An increased number of malware variants are needed in order to get past antivirus software programs, as many AV engines are capable of detecting malware that has been modified slightly. The more variants are used, the higher the probability of malware getting past security software.
When Panda was formed in 1990, the company was detecting approximately 100 new malware variants a day. Today 230,000 new samples are discovered every day, on average.
Trojans are the most common malware form, with the full breakdown of new malware variants detailed below:
| Malware Type |
% of new malware discovered in 2015 |
| Trojans |
51.45% |
| Viruses |
22.79% |
| Worms |
13.22% |
| PUPs |
10.71% |
| Spyware |
1.83% |
Blocking Malware with a Web Filtering Solution
Malware is installed on user devices via a variety of different vectors. Spam email is one of the most common methods of malware delivery, but fortunately, one of the most straightforward to block. A robust anti-spam solution can be used to block the vast majority (over 99.7%) of spam emails from being delivered. Training users how to recognize malware can help to ensure that any rogue emails that get past the filter will be identified and deleted before any damage is caused.
Blocking malware from being installed via malicious websites can be more difficult. Hackers use exploit kits to probe for security vulnerabilities in browsers and browser plug-ins, and deliver malware in drive-by attacks without the knowledge of website visitors. Social engineering tactics are used to fool users into downloading malware, and malicious software can be installed on legitimate websites or placed on adverts displayed by those websites.
One of the best protections to implement to ensure users’ devices are not infected with malware is a web filter. A web filter will restrict access to websites known to contain malware, as well as categories of websites where malware is most likely to be located. As well as protecting users from objectionable website content such as pornography or religious extremist material, it will also keep their devices safe and free from Trojans, viruses, worms and other malicious software. A web filtering solution can be a highly effective protection against malware as part of a multi-layered security system.
Web Filters for Wi-Fi Networks Keep Internet Users Secure
One of the ways enterprises are keeping their wireless networks secure is by using web filters for WiFi networks. WiFi networks are particularly risky and need to be secured. Due to the risk of using wireless networks, many customers avoid networks that are unsecured.
Installing software solutions on individual devices that connect to wireless networks is far from ideal. Many companies have BYOD policies that permit the use of personal devices at work, and it would not be practical to install web filtering software solutions on each and every device used to connect to the network. In a coffee shop or hotel, this would simply not be possible.
The easy solution is to use DNS-based web filtering solutions, as they do not require the installation of any software on users’ devices. All that is required to run DNS-based web filtering is a simple change to the DNS server addresses on the company’s router.
Any user with a modicum of technical knowhow would be able to bypass a DNS-based web filter and access blocked content, although with some minor configuration changes to the router, users can be prevented from using any other DNS servers other that the one with the web filtering solution in place.
TitanHQ web filters for WiFi networks
TitanHQ’s web filters for WiFi networks offer highly granular controls. WebTitan Cloud for WiFi networks can be fine-tuned to suit any organization’s needs, allowing light control of Internet use to highly restrictive Internet filtering.
No software installations are required thanks to the 100% cloud-based system, and no additional hardware is required. Only very minor changes need to be made to point DNS servers to the correct location, and after basic parameters are set, WebTitan’s web filters for WiFi networks will be up and running.
It may not be possible to eliminate the risk of a malware attack, but with WebTitan Cloud for WiFi, risk can be reduced to a low and acceptable level.
Key benefits of WebTitan web filters for WiFi networks
- Create a family-friendly, safe and secure web browsing environment.
- Accurately filter web content through 53 pre-set categories and up to 10 custom categories.
- Filter by keyword and keyword score.
- Filter content in 200 languages.
- No hardware or software installations required
- Suitable for static and dynamic IPs
- No impact on broadband speed
- Suitable for use with multiple routers
- No limits on access points or users
- Scalable solution for businesses large and small
- Block access to inappropriate website content
- Block phishing attacks and malware and ransomware downloads
- Integrate the solution into existing billing, auto provisioning and monitoring systems through a suite of APIs
- Manage access points through a single web-based administration panel.
- Easy delegation of the management of access points
- Schedule and run reports on demand with real time-views of Internet activity and extensive drill down reporting.
- World class customer service
- Highly competitive pricing and a fully transparent pricing policy
Find out more about the benefits of installing web filters for WiFi networks by calling TitanHQ today
Jan 29, 2016 | Cybersecurity Advice, Web Filtering
A new report released by data privacy and security group Morrison and Foerster indicates the main privacy and security concerns of customers.
Don’t Ignore the Privacy and Security Concerns of Customers
If you ignore the privacy and security concerns of customers it is likely to have a significant effect on your bottom line.
A new report recently released by Morrison and Foerster suggests that consumers are even more concerned about their privacy than four years ago. Furthermore, many will take action if they feel their privacy is not protected. The survey indicates more than one in three consumers have switched companies they do business with due to privacy concerns, and one in five would switch after a breach of their personal data.
The company conducted a survey on 900 U.S. consumers in November, 2015. 35% of respondents said they had taken the decision switch companies or not buy products as a result of privacy concerns. When it came to a breach of personal information, 22% of individuals said they had taken the decision to stop purchasing products or had switched services as a result.
According to the report, more educated individuals and higher earners were the most likely to stop doing business with a company as a result of a data breach. 28% of respondents educated to college degree level or higher said they would make the switch after a data breach compared to 18% of individuals without a college degree.
For the upper income bracket, 33% said they stopped buying as a result of a data breach. That figure fell to 28% for the middle income bracket, and 17% for the low income bracket.
When the company conducted the survey back in 2011, 54% of consumers said that privacy concerns affected their decision to make a purchase. In 2015, 82% of consumers said that privacy concerns influenced their purchasing decisions.
Companies are not perfect, but consumers are intolerant of data breaches
In 2011, 16% of consumers believed no business was perfect, and were therefore likely to overlook privacy issues and data breaches, whereas in 2015 the figure had fallen to 9%.
The greatest concern is now the risk of identity theft, with the percentage of individuals worried about thieves stealing their identity jumping from 24% in 2011 to 52% in 2015.
The survey shows that not only must companies do more to earn the trust of consumers, they must also do more, and be seen to be doing more, to safeguard the data they store on consumers, especially Social Security numbers, passwords and personal IDs, payment card information, and user IDs, passwords and account information.
How to improve your security posture and prevent data breaches
It is essential to implement multi-layered security systems to prevent cyberattacks. For businesses, one of the biggest problems is how to stop employees from inadvertently compromising a network. Security training is therefore essential. Employees must be advised of security risks and given regular training to help avoid scams, malicious websites, and told how to identify phishing emails.
It is essential that risky behavior is eradicated. Internet and BYOD policies must be introduced that cover the acceptable uses of the devices, and the sites that are permitted to be accessed at work. However, not all employees will adhere to those policies. For maximum protection it is strongly advisable to implement a solution that reduces the risk of malware downloads.
A web filtering solution is essential I this regard. A web filter can block malicious websites and reduce the risk of malware infections, while also being configured to protect end users from malvertising.
A patch management policy must be implemented and software updates installed promptly to prevent zero-day security vulnerabilities from being exploited.
Anti-virus and anti-malware software must be used. A different engine for servers and end users is a wise precaution to maximize the probability of malware and viruses from being installed.
It is now an inevitability that a data breach will be suffered at some point in time, but reducing the likelihood of that happening is essential. It is important to pay attention to the privacy and security concerns of customers. Show consumers how dedicated you are to protecting their privacy, and implement a wide range of controls to prevent a data breach and you will reduce the risk of losing customers to better protected organizations.
Jan 19, 2016 | Web Filtering
There as a clear need for British libraries to implement web filtering solutions to restrict the content that can be accessed through library computers. However, as has been recently discovered, web filter implementation errors can all too easily result in important and valuable Internet content being blocked.
Web filter implementation errors damage public access to content sought by vulnerable users
Give a schoolboy a dictionary and it will not be long before the exact meaning of every cuss word will have been looked up. Provide totally free access to the Internet without the watchful eye of parents and it will not be long before access is used to access pornography and other objectionable content.
The anonymity afforded by library computers allows objectionable content to be accessed, such as pornography, ISIS propaganda, and other web content and imagery that has potential to cause harm. Libraries are an extremely valuable resource, but the type of information that can be accessed does need to be controlled, according to some local authorities at least.
The implementation of a web filtering solution was deemed to be an appropriate safeguard to prevent unsavory content from being accessed on library computers in Britain. The problem with using a web filter is how to prevent potentially damaging content from being accessed, while ensuring that those filters do not block access to acceptable content, especially content that many people may choose to access quite legitimately in a library. Content about sexual health for example.
Many vulnerable individuals may not be able to access sexual health information at home. The sites that are accessed may be seen by family members for example. A teenager may want information about contraception, abortion, or sexually transmitted diseases, yet be unable to search for the information they need at home. They may want to access resources produced for the LGBT community. A library is an ideal place for this important information to be obtained. Information that may prevent these individuals from coming to harm.
Data recently released by the Radical Librarians Collective indicates that web filter implementation errors have resulted in much of this important content being blocked, even though this is exactly the sort of content that libraries exist to provide. The problem is not the use of web filters, but web filter implementation errors and a lack of intelligent oversight, according to the collective.
Web filtering policies should be developed to allow anonymous unblocking of legitimate websites
Library officials have implemented web filtering solutions, but have done so with a top-down filtering policy. This has resulted in valuable and important content being blocked by the filters. The data came from a study of over 200 local authorities and showed content that should be permitted under acceptable use policies was being blocked.
If solutions are used to filter the Internet there will naturally be some websites that are accidentally blocked, just as some sites containing objectionable content may still be accessible. It may not be a case of web filter implementation errors being made. A web filter does require some fine-tuning and a few false positives and false negatives are to be expected. The problem in Britain appears to involve more than just a few websites, indicating web filer implementation errors have been made.
Another problem is that individuals trying to access blocked content do not request libraries to unblock websites out of embarrassment or fear.
When a web filter is used, it is vital that policies are developed to permit users to request access to a particular website if it can be legitimately viewed under the library’s allowable usage policy. However, due to the sensitive nature of some information, sexual health matters for instance, users should be able to make that request without fear of repercussions. Allowing requests to be submitted anonymously could help in this regard.
Dec 29, 2015 | Cybersecurity News, Internet Security News, Web Filtering
With Internet use increasing in schools the UK government has taken the decision to make school web filters mandatory. The government has previously recommended that schools implement web filtering solutions, although many schools have not taken action to curb and monitor Internet use in classrooms. Consequently, children are still able to access adult and other potentially damaging content.
The government is now going to get tougher on schools and will introduce legislation to force primary and secondary schools to filter online content. From September 2016, primary and secondary school children must also be educated about online safety.
How School Web Filters Make the Internet Safer for Kids
The main aim of mandatory school web filters is to prevent them from accessing online pornography at school and other potentially damaging content. The move will make it harder for religious extremists to radicalize children and it is hoped that the implementation of school web filters will help to reduce instances of cyber-bullying.
Some evidence has emerged that shows UK school children who have tried to leave the country, or have travelled to Syria, have been able to access information about Daesh/IS from school computers. Ministers believe that action must be taken to prevent such material from being viewed at school, but to also identify individuals who are attempting to access such material. Greater efforts can then be made to tackle the issue before it is too late. Children must also be educated more about how to stay safe when using social media websites such as Facebook, Twitter, Snapchat, and Instagram.
Proposals were published last week on the introduction of new measures to curb Internet usage in schools, which will include school web filters but also monitoring systems to identify individuals who are attempting to access illegal, dangerous, or inappropriate content. There is also concern that individuals will try to access the same material at home. To tackle that issue, the Department of Education has drafted new guidance for parents to help them keep their children safe at home.
School web filters will prevent all adult content from being accessed from any computer connected to a school network. Websites known to promote IS could also be blocked, along with other potentially harmful content. Children must be allowed Internet access at school as it is now an essential part of their education, but they must only be permitted to use the Internet responsibly. Greater efforts must be made to prevent children from being exploited, radicalized, groomed or recruited by extremists.
The new proposals are to be discussed over the next two months and a consultation will take place, after which the proposals will go to the vote. If adopted, enforcing school web filters will come under the remit of Ofsted.
Sky Implements Automatic Web Filtering to Block Online Pornography
School web filters are only one measure that is required to keep children safe. Protecting minors at home is another matter. Guidance can be given to parents, but that does not mean that all parents will read that information and take action to prevent inappropriate Internet usage at home. Sky Broadband is now planning to do its bit. From 2016, all new customers will be automatically prevented from accessing online pornography at home. New customers will be required to opt in rather than opt out if they want to view pornography. Any content with a rating of 13 years or above will also be automatically blocked until 9pm. At present, new customers are prompted to pick which elements of the Internet will be blocked by Sky web filters when they first access the internet.
Sky will also be backdating this new measure. A statement issued by Sky Broadband indicated this will be applied to all customers who have “joined since November 2013 and have not turned on Sky Broadband Shield”. According to Ofcom, only 30-40 percent of Sky customers have activated its web filter. Other broadband providers are being urged to follow suit. Currently only 6% of BT Broadband customers have implemented parental controls.
