titanadmin - Page 2
by titanadmin | Oct 20, 2024 | Phishing & Email Spam |
Researchers have identified a new phishing kit that is being used to steal credentials for Microsoft 365 accounts and gain access to accounts protected by multi-factor authentication (MFA). The phishing kit, called Mamba 2FA is a cause of concern as it has the potential to be widely adopted given its relatively low price and there are signs it is proving popular with cybercriminals since its release in late 2023. Phishing kits make it easy for low-skilled cybercriminals to conduct sophisticated attacks as they provide all the tools required to breach accounts. The Mamba 2FA kit includes the necessary infrastructure to conduct phishing campaigns, masks IP addresses to prevent them from being blocked, and updates the phishing URLs frequently to ensure they remain active and are not blocked by security solutions.
The Mamba 2FA kit includes phishing pages that mimic Microsoft services such as OneDrive and SharePoint, and the pages can be customized to create realistic phishing URLs for targeting businesses, including allowing the business logo and background images to be added to the login page. Since businesses often have MFA enabled, simply stealing Microsoft credentials is not sufficient, as the MFA will block any attempt to use the credentials for unauthorized access. Like several other popular phishing kits, the Mamba 2FA kit supports adversary-in-the-middle (AitM) attacks, incorporating proxy relays to steal one-time passcodes and authentication cookies in real time. When credentials are entered into the phishing page, they are relayed to Microsoft’s servers in real-time and Microsoft’s responses are relayed back to the victim, including MFA prompts, which allows the threat actor to steal the session cookie and gain access to the user’s account.
Phishing kits such as Mamba 2FA pose a serious threat to businesses, which should take steps to protect against attacks. The AitM tactics can defeat less secure forms of MFA that are based on one-time passwords but are not effective against hardware-based MFA. Implementing phishing-resistant MFA will ensure these attacks do not succeed. Other recommended controls include geo-blocking and allowlisting for IPs and devices. While these advanced phishing kits are effective, threat actors must convince people to click a link in an email and disclose their login credentials, and with advanced email security solutions these phishing threats can be identified and blocked before they reach inboxes. Training should also be provided to the workforce to help with the identification and avoidance of phishing.
TitanHQ can help through the SpamTitan cloud-based spam filtering service and the SafeTitan security awareness training and phishing simulation platform. SpamTitan incorporates reputation checks, Bayesian analysis, greylisting, machine learning-based detection, antivirus scans, and email sandboxing to block phishing and malware threats. Independent tests demonstrated SpamTitan was one of the best spam filtering solutions for businesses at blocking threats, with a 99.99% phishing block rate and a 100% malware block rate.
The SafeTitan security awareness training platform makes it easy for businesses to provide regular cybersecurity awareness training. The platform includes more than 80 training modules, videos, and webinars, with hundreds of phishing simulation templates based on real-world phishing examples. Regular training and phishing simulations have been proven to be highly effective at reducing susceptibility to phishing and other threats targeting employees. This month, TitanHQ has also launched its security awareness training platform for MSPs, which has been specifically developed to make it quick and easy for MSPs to incorporate security awareness training into their service stacks. Speak with TitanHQ today for more information about these and other cybersecurity solutions for combatting the full range of cyber threats.
by titanadmin | Oct 20, 2024 | Network Security |
Generative Artificial Intelligence (GenAI) has many benefits for businesses, including streamlining customer support, generating content, and improving productivity and there are many uses in cybersecurity, especially with the analysis of data to provide actional insights. One of the problems, however, is that the capabilities of GenAI for improving cybersecurity can also be leveraged by cybercriminals for malicious purposes.
GenAI tools have guardrails in place to prevent them from being used for malicious purposes. For instance, if you want to use ChatGPT to write a phishing email, it is not possible to ask that directly, as the request will be blocked. That does not mean that it will not write the email, only that you would need to be more subtle. There are, however, other tools that lack the guardrails and have been specifically created to be used for malicious purposes.
It is clear that cybercriminals have been using GenAI for phishing and social engineering to create grammatically perfect phishing emails even when the phisher does not know a language, and the same applies to the landing pages used for phishing. GenAI has been shown to be capable of coming up with new social engineering techniques to trick employees into disclosing their credentials or installing malware. GenAI tools can also be leveraged for malware development, either by writing new malware code from scratch or checking code for errors.
There is growing evidence that GenAI is now being used to write malicious code. This spring, evidence was uncovered that the developer and operator of the DanaBot banking trojan, Skully Spider, had used an artificial intelligence tool to create a Powershell script for loading the Rhadamanthys stealer into the memory. The researchers found that each component of the script included grammatically perfect comments explaining the function of each component. That suggested that either a GenAI tool was used to create the malware or was at least used to check the code and add comments on each function.
One of the most popular GenAI tools is ChatGPT, a tool with extensive guardrails to prevent malicious uses; however, OpenAI, the company behind ChatGPT, confirmed that its platform has been used for malicious purposes, albeit on a small scale. According to the OpenAI report, the company has disrupted more than 20 attempts to use ChatGPTfor the development and debugging of malware, creating spear phishing content, conducting research and reconnaissance, identifying vulnerabilities, researching social engineering themes, enhancing their scripting techniques, and hiding malicious code.
Malware was created by one threat actor with assistance provided by ChatGPT that allowed them to identify the user’s exact location, steal information such as call logs, contact lists, and browser histories, capture screenshots, and obtain files stored on the device. While a certain level of skill is required to abuse these tools for malware creation and other malicious purposes, they can be used to improve efficiency and could be used by relatively low-skilled threat actors to conduct more attacks and improve their effectiveness.
Cybercriminals are using AI for malicious purposes, but network defenders can also harness the power of these tools for defensive purposes. AI-augmented cybersecurity solutions such as spam filtering services are more effective at identifying AI-generated phishing and social engineering attempts and can respond to new threats and triage attacks in real time. Advanced machine learning is used in SpamTitan’s email sandbox for detecting zero-day malware threats that evade standard email security solutions. AI tools can summarize and analyze threat intelligence data, identify trends, and provide actionable insights, including analyzing network traffic logs, system logs, and user behavior to find anomalies.
With growing evidence of cybercriminals’ use of these tools, businesses need to ensure that their cybersecurity solutions also incorporate AI and machine learning capabilities to combat AI-augmented threats.
by titanadmin | Sep 30, 2024 | Internet Security, Network Security |
Spear phishing attacks are being conducted by a cyber threat group working on behalf of Iran’s Islamic Revolutionary Guard Corps. The cyber threat actors have been gaining access to the personal and business accounts of targeted individuals to obtain information to support Iran’s information operations.
According to a joint cybersecurity advisory issued by the Federal Bureau of Investigation (FBI), U.S. Cyber Command – Cyber National Mission Force (CNMF), the Department of the Treasury (Treasury), and the United Kingdom’s National Cyber Security Centre (NCSC), the campaign has been targeting individuals with a nexus to Iranian and Middle Eastern affairs, including journalists, political activists, government officials, think tank personnel, and individuals associated with US political campaign activity.
Individuals are typically contacted via email or messaging platforms. As is common in spear phishing attacks, the cyber threat actors impersonate trusted contacts, who may be colleagues, associates, acquaintances, or family members. In some of the group’s attacks, they have impersonated known email service providers, well-known journalists seeking interviews, contacts offering invitations to conferences or embassy events, or individuals offering speaking engagements. There have been instances where an individual is impersonated who is seeking foreign policy discussions and opinions.
In contrast to standard phishing attacks where the victim is sent a malicious email attachment or link to a phishing website in the initial email, more effort is put into building a rapport with the victim to make them believe they are engaging with the person the scammer is impersonating. There may be several exchanges via email or a messaging platform before the victim is sent a malicious link, which may be embedded in a shared document rather than being directly communicated via email or a messaging app.
If the link is clicked, the victim is directed to a fake email account login page where they are tricked into disclosing their credentials. If entered, the credentials are captured and used to login to the victim’s account. If the victim’s account is protected with multi-factor authentication, they may also be tricked into disclosing MFA codes. If access to the account is gained, the cyber threat actor can exfiltrate messages and attachments, set up email forwarding rules, delete or manipulate messages, and use the account to target other individuals of interest.
Spear phishing attempts are harder to identify than standard phishing attempts as greater effort is put in by the attackers, including personalizing the initial contact messages, engaging in conversations spanning several messages, and using highly plausible and carefully crafted lures. These emails may bypass standard spam filtering mechanisms since the emails are not sent in mass campaigns and the IP addresses and domains used may not have been added to blacklists.
It is important to have robust anti-phishing, anti-spam, and anti-spoofing solutions in place to increase protection and prevent these malicious emails from reaching their intended targets. An advanced spam filtering solution should be used that incorporates Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication Reporting and Conformance (DMARC) to identify spoofing and validate inbound emails. SpamTitan also incorporates machine learning and AI-based detection to help identify spear phishing attempts.
If you are a Microsoft 365 user, the anti-spam and anti-phishing mechanisms provided by Microsoft should be augmented with a third-party anti-phishing solution. PhishTitan can detect the spear phishing emails that Microsoft’s EOP and Defender often miss while adding a host of detection mechanisms and anti-phishing features including adding banners to emails from external sources.
One of the main defenses against these attacks is vigilance. An end-user security awareness training program should be implemented to improve awareness of spear phishing attacks. SafeTitan makes this as easy as possible and covers all possible attack scenarios, with training provided in short and easy-to-assimilate training modules. It is also important to conduct phishing simulations to raise and maintain awareness. These simulations can be especially effective at raising awareness about spear phishing emails and giving end users practice at identifying these threats.
Multifactor authentication should be enabled on all accounts, with phishing-resistant multi-factor authentication providing the highest degree of protection. IT teams should also consider prohibiting email forwarding rules from automatically forwarding emails to external addresses and conducting regular scans of the company email server to identify any custom rules that have been set up or changes to the configuration. Alerts should also be configured for any suspicious activity such as logins from foreign IP addresses.
by titanadmin | Sep 30, 2024 | Email Scams |
Sextortion – financially motivated sexual extortion – is a form of digital blackmail, where the attacker either holds or claims to hold compromising information and threatens to publish or share that information with others unless a payment is made. One of the most common types of sextortion scams involves a cybercriminal making contact, usually via email, claiming they have accessed the victim’s computer and found sexually explicit material such as photographs or viewed the victim’s browsing history of adult web content. The emails claim that the victim’s webcam and microphone have also been hacked, and the victim has been recorded while viewing sexually explicit content. Threats are issued to share that information with the victims, friends, family members, spouse, or employer and a demand is issued for payment. These hacking-based sextortion scams are usually empty threats, as the scammer has not managed to hack the user’s device.
New tactics have been identified in recent sextortion scams. In one campaign, the cyber threat actor impersonates a cybersecurity company and claims they have found evidence that indicates the victim’s spouse has been cheating on them. Rather than demand payment to prevent the publication or sharing of that information, the messages ask for payment to provide evidence of the infidelity. The company claims to have obtained full copies of the spouse’s address book, social media communications, website viewing history, dating app activity, and more, and that the information will be provided as a package if payment is made. The messages are addressed to the victim by name and include the spouse’s name, which adds legitimacy to the claim. That information is thought to have been obtained in a data breach.
Another sextortion tactic has been identified that uses a photograph of the victim’s home in the initial communication. In this scam, the targeted individual is sent an email with a PDF file that uses the victim’s first and last name for the file name. If the file is opened, the victim will see a photograph of their house along with their address. The sextortion scam follows a similar pattern to the hacked computer scam, where the victim is told that their computer has been hacked and the hacker has viewed their browsing history and recorded them browsing filthy videos using the laptop’s camera and clicking on links to unsafe websites. In one scam, the user is told that the well-known Pegasus spyware was used to covertly record and remotely monitor the user’s laptop and mobile, and that access has been gained to the user’s email account, social media accounts, and their full contact list has been downloaded.
The house image is a novel twist that is intended to make the scammer’s claim even more realistic and suggests that the scammer has visited the user’s home and knows where they live. While the latter is true, the image has been screenshotted from Google Maps Street View, and in all likelihood, the user’s email address and home address have been obtained from a publicly available source or a data breach.
These scam emails are intended to make the victim panic and make payment; however, these scams rarely involve actual hacking. Any payment is likely to lead to further blackmail attempts. The best approach is to simply not respond to the email and delete it.
by titanadmin | Sep 30, 2024 | Security Awareness |
While no sector is immune to cyberattacks, some sectors are targeted more frequently than others and attacks on the education sector are common and on the rise. In May 2024, new data released by the UK’s Information Commissioner’s Office revealed there had been 347 cyber incidents reported by the education and childcare sector in 2023, an increase of 55% from the previous year.
These attacks can prevent access to IT systems, forcing schools to resort to manual processes for checking pupil registers, teaching, and all other school functions. Without access to IT systems, teachers are unable to prepare for lessons, schools have been prevented from taking payment for pupil lunches, and many have lost students’ coursework. The impact on schools, teachers, and students can be severe. Some schools have been forced to temporarily close due to a cyberattack.
A survey conducted by the Office of Qualifications and Examinations Regulation (Ofqual) found that 9% of surveyed headteachers had experienced a critically damaging cyberattack in the past academic year. 20% of schools were unable to immediately recover from a cyberattack and 4% reported that they still had not returned to normal operations more than half a term later.
The Ofqual survey revealed more than one-third of English schools had suffered a cyber incident in the past academic year and a significant percentage faced ongoing disruption due to a cyberattack. Cyberattacks can take many forms and while ransomware attacks are often the most damaging, the most common type of cyber incident is phishing. According to the survey, 23% of schools and colleges in England experienced a cybersecurity incident as a result of a phishing attack in the past year.
Schools are not sufficiently prepared to deal with these attacks. According to the survey, 1 in 3 teachers said they had not been provided with cybersecurity training in the past year, even though cybersecurity training has proven to be effective at preventing cyberattacks. The survey revealed that out of the 66% of teachers who had been provided with training, two-thirds said it was useful.
TitanHQ has developed a comprehensive security awareness training platform for all sectors, that is easy to tailor to meet the needs of individual schools. The platform includes an extensive range of computer-based training content, split into modules of no more than 10 minutes to make it easy for teachers and other staff members to complete. The training material is enjoyable, covers the specific threats that educational institutions face, and teaches the cybersecurity practices that can help to improve defenses and combat phishing, spear phishing, and malware attacks.
The SafeTitan platform also includes a phishing simulator for conducting simulated phishing attacks to improve awareness, reinforce training, and give staff members practice in identifying phishing and other cyber threats. The training and simulations can be automated, and training modules can be set to be triggered by security errors and risky behaviors. Further, the platform is affordable.
To find out more about improving human defenses at your educational institution through SafeTitan, give the TitanHQ team a call. TitanHQ can also help with improving technical defenses, with a suite of cybersecurity solutions for the education sector including SpamTitan anti-spam software, the PhishTitan anti-phishing solution, and the WebTitan DNS-based web filter. Combined, these technical defenses can greatly improve your security posture and prevent cyber threats them from reaching end users and their devices.
by titanadmin | Sep 29, 2024 | Network Security, Security Awareness |
October is Cybersecurity Awareness Month – a four-week international effort to raise awareness of the importance of cybersecurity and educate everyone about online safety and the steps that can easily be taken to protect personal data. In the United States, the federal lead for National Cybersecurity Awareness Month is the Cybersecurity and Infrastructure Security Agency (CISA) and resources have been made available by the National Cybersecurity Alliance (NCA) to help organizations communicate to their employees and customers the importance of cybersecurity.
This year, the theme of the month is “Secure Our World,” and the focus is on four simple and easy-to-implement steps that everyone can take to significantly improve defenses against cyberattacks and prevent unauthorized access to personal data. Those steps are:
- Use strong passwords and a password manager
- Enable multifactor authentication
- Update software
- Recognize and report phishing
Passwords should be set that are resistant to brute force guessing attempts. That generally means setting a password that is complex and uses several different character sets to increase the number of potential combinations. The standard advice is to ensure that each password contains at least one capital letter, lowercase letter, number, and special character. Ideally, a password should consist of a random string of all of those characters and be at least 8 characters long. Since strong passwords are difficult to remember, a password manager should be used. Password managers can help to generate truly random strings of characters and store them (and autofill them) so they do not need to be remembered.
The U.S. National Institute of Standards and Technology (NIST) has recently updated its password guidance and suggests moving away from enforcing complexity rules in favor of longer passwords, as they are easier to remember and are less likely to see individuals taking shortcuts that weaken password security. NIST recommends a password of at least 8 characters, ideally 15 characters or more, and to allow passwords of up to 64 characters. Enforced password changes should only be required if a password is compromised, and businesses should maintain a list of weak and commonly used passwords and prevent them from being set. A unique password should be set for each account. Only 38% of people set a unique password for all accounts.
A password alone should not be enough to grant access to an account, as while strong passwords may be difficult to guess, they can be obtained through other means such as data breaches or phishing attacks. To better protect accounts, multifactor authentication should be enabled. If a password is compromised, another method of authentication is required before access to an account is granted. For the best protection, phishing-resistant multi-factor authentication should be used.
While the exploitation of vulnerabilities is not the main way that cybercriminals gain access to devices and networks, everyone should ensure that their software and operating system are kept up to date and running the latest version with patches applied promptly. Software should ideally be configured to update automatically, but if not possible, should be checked regularly to ensure it is running the latest version.
One of the most important defenses is to improve education about phishing, as it is one of the main ways that accounts are compromised and networks are breached. This is an area where employers need to take action. Education of the workforce about the threat of phishing and malware is vital, and it should be provided often. Employees should be taught how to identify phishing attempts, and they should be provided with an easy way of reporting potential threats to their security team and be encouraged to do so. A one-click option in their email client will make this quick and easy.
This is an area where TitanHQ can help. TitanHQ’s SafeTitan security awareness training platform has an extensive library of training content that teaches cybersecurity best practices to help eradicate the risky behaviors that open the door to hackers and scammers. The platform allows training courses to be easily created and tailored for different roles within the organization. The platform also delivers training in response to security mistakes, ensuring training is immediately provided to correct poor security behavior at the time when it is likely to have the greatest impact. The training content is constantly updated using real-world examples of the latest tactics, techniques, and procedures used by cybercriminals to ensure the workforce is kept aware of the latest threats. The platform also includes a phishing simulator, that businesses can use to reinforce training. Internal campaigns can be easily configured and automated, with reports generated to demonstrate how training is improving over time. The simulator can also be configured to immediately generate relevant training in response to a failed phishing simulation.
TitanHQ also offers a range of cybersecurity solutions that provide cutting-edge protection against phishing, social engineering, malware, and other threats. These include SpamTitan antispam software to prevent threats from reaching inboxes. SpamTitan is a cloud-based email filtering service with an exceptional detection rate thanks to AI- and machine-learning capabilities, dual anti-virus engines, a next-generation email sandbox, and the information of SPF, DKIM, and DMARC to prevent spoofing. The solution also includes an Outlook add-in to allow employees to easily report suspicious emails to their security team.
PhishTitan is an anti-phishing solution for Microsoft 365 that provides excellent protection against phishing threats, adds banners to emails to alert employees about messages from external sources, and allows security teams to rapidly remediate phishing attempts on the organization. WebTitan is a DNS-based web filtering solution that prevents employees from visiting malicious web content, blocking malware and potentially risky file downloads from the Internet, and allows organizations to carefully control the web content that can be accessed on and off the network.
This Cybersecurity Awareness Month is the ideal time to improve your defenses against phishing and other cyberattacks through our anti-spam service and security awareness training platform. Give the TitanHQ team a call today to discuss these and other solutions that can help improve your security posture. All TitanHQ solutions are available on a free trial and product demonstrations can be arranged on request.
by titanadmin | Sep 28, 2024 | Phishing & Email Spam, Security Awareness, Spam Software |
New SEO poisoning, phishing, and deepfake techniques have been identified in campaigns for malware delivery, credential theft, and financial fraud this month. It is important to ensure you have appropriate defenses in place and you update your training programs to raise awareness of these new tactics.
SEO Poisoning Used to Deliver Wikiloader Malware Masquerading as the GlobalProtect VPN
Early in September, Palo Alto Networks reported that its virtual private network, GlobalProtect, was being spoofed in a campaign to deliver Wikiloader (WailingCrab) malware – A malware variant used for delivering other malware payloads onto infected devices. The threat actors behind Wikiloader campaigns sell access to other cybercriminals. An infection with Wikiloader could lead to all manner of other infections.
This campaign was focused on the higher education and transportation sectors and like many malware distribution schemes used search engine (SEO) poisoning to get malicious websites to appear high in the search engine listings for key search terms targeting those sectors. The campaign claimed to offer a download of GlobalProtect and used a combination of cloned webpages and cloud-based git repositories and delivered a file – named GlobalProtect64.exe – offering the VPN. The file delivered was a trojanized version of a share trading application, that sideloaded a malicious DLL that allowed the execution of shellcode that delivered Wikiloader from a remote server. On execution, the user was told that GlobalProtect could not be installed due to missing libraries.
This was a marked change from other campaigns that have distributed Wikiloader, which has previously been delivered via phishing emails. This is the first time that GlobalProtect has been spoofed to deliver Wikiloader. The change in tactics is believed to be due to a different initial access broker starting using Wikiloader.
Threat Actors Increasingly Using Archive Files for Email Malware Distribution
One of the most common ways of delivering malware is via phishing emails with malicious attachments. For years, the most common method involved emailing Microsoft Office documents that contained malicious macros. If the files are opened and macros are allowed to run, a malware download will be triggered. A variety of file attachments are now used for malware delivery, including PDF files, which allow links, scripts and executable files to be incorporated into the files. To hide malicious files from email security solutions, they are often added to archive files.
According to a recent analysis by HP security researchers, 39% of malware deliveries came from archive files in Q2, 2024, up from 27% the previous quarter. The researchers noted that in addition to using the most popular and well-known archive formats such as.zip, .rar, and .7z, more obscure archive files are increasingly being used. The researchers identified around 50 different archive file formats in Q2. Threat actors are also moving away from documents and are instead favoring script languages such as VBScript and JavaScript for malware delivery, with the scripts hidden in encrypted archive files to evade email security defenses.
End users are less likely to identify obscure archive formats and script files as malicious, as security awareness training has tended to focus on malicious documents containing macros. Security awareness training programs should inform employees about the different file types that may be used for malware delivery and safeguards should be implemented to reduce the risk of malware downloads, such as advanced spam filter software and web filters for blocking malware downloads from the Internet.
Deepfakes Increasingly Used in Attacks on Businesses
Deepfakes are increasingly being used in attacks on businesses on both sides of the Atlantic, and these scams have proved to be highly effective in financial scams. According to a survey conducted by Medius, around half of UK and US businesses have been targeted with deepfake scams and around 43% have fallen victim to the scams. Deepfake scams use artificial intelligence to alter images, videos, and audio recordings, making it appear that respected or trusted individuals are requesting a certain action.
The individuals deepfaked in these scams include executives such as the CEO and CFO, as well as vendors/ suppliers. For example, a deepfake of the CEO of a company was used in a video conference call with the company’s employees. In one of these scams, an Arup employee was tricked into making 5 fraudulent transfers to Hong Kong bank accounts before the scam was detected. These scams highlight the importance of covering deepfakes in security awareness training.
TitanHQ Solutions That Can Help Protect Your Business
TitanHQ has developed a range of cybersecurity solutions for businesses and managed service providers to help defend against increasingly sophisticated cyberattacks.
- SpamTitan Email Security – An advanced AI-driven cloud-based anti-spam service with email sandboxing that has been recently shown to block 99.98% of phishing threats and 100% of malware in independent performance tests.
- PhishTitan Microsoft 365 Phishing Protection – A next-generation anti-phishing and phishing remediation solution for Microsoft 365 environments that augments native M365 defenses and blocks threats that EOP and Defender misses
- WebTitan DNS Filter – A cloud-based DNS filtering and web security solution providing AI-driven threat protection with advanced web content controls for blocking malware delivery from the Internet and access to malicious websites.
- SafeTitan Security Awareness Training – A comprehensive, affordable, and easy-to-use security awareness training and phishing simulation platform that delivers training in real-time in response to security mistakes.
For more information on these solutions, give the TitanHQ sales team a call today. All TitanHQ solutions are available on a free trial and product demonstrations can be arranged on request.
by titanadmin | Sep 27, 2024 | Phishing & Email Spam |
Generative artificial intelligence (GenAI) services are already being leveraged by cybercriminals to create convincing phishing emails, and it appears that these tools are being used for the creation of malware. GenAI services are capable of writing code; however, guardrails have been implemented to prevent malicious uses of these tools, such as the creation of malware. If those guardrails can be circumvented, the creation of malware would no longer be limited to skilled malware developers. Lower-skilled cybercriminals could develop their own malware using GenAI services, and there is growing evidence they are doing just that.
Over the summer, HP security researchers identified an email campaign targeting French users. The phishing email used HTML smuggling (encrypted HTML) to evade detection, and on analysis, the campaign delivered malicious VBScript and JavaScript code that appeared to have been created using GenAI tools. The entire malicious code included comments about what each function does, which is rare in malware development as the exact workings of the code tend not to be described. The comments, along with the use of native language function names and variables all suggest that GenAI was used to create the malware.
The code was used to deliver AsyncRAT malware, a widely available, open source malware that is an information stealer capable of recording the victim’s screen and logging keystrokes. The malware also acts as a malware downloader that can deliver other malware payloads, including ransomware. In this campaign, little technical skill was required as HTML smuggling does not require any programming, the malware being delivered is widely available, and the fact that the comments had not been removed and there was no obfuscation, points to the development of malware by an inexperienced cybercriminal.
There have been other examples of apparent malicious code creation using GenAI, such as a malicious PowerShell script identified earlier this year that was also used to deploy infostealer malware. That campaign targeted users in Germany and impersonated Metro cash-and-carry and was also delivered via email. Just as GenAI tools are helping writers rapidly create written content, GenAI tools can be used to rapidly develop malicious code. ChatGPT and Gemini have guardrails in place that it may be possible to circumvent, but there are many dark LLMs that lack those controls such as WormGPT and FraudGPT. If these tools are leveraged, relatively low-skilled cybercriminals can develop their own malware variants.
Traditional antivirus solutions use signature-based detection. When malware is identified, a signature is added to the antivirus solution for that specific malware variant that allows it to be detected in the future. There is a delay between the creation of malware and the addition of malware signatures to the definition lists of antivirus solutions, during which time malware can easily be smuggled onto devices undetected. If the creation of malware can be accelerated with GenAI tools, cybercriminals will have the upper hand.
The solution for businesses is to deploy security solutions capable of detecting novel malware variants by their behavior rather than a signature. Since malware is commonly delivered via email, having a cloud-based email security solution that incorporates behavioral analysis of attachments will help identify and neutralize these malware variants before they can be installed.
SpamTitan from TitanHQ is a cloud-based antispam software that incorporates email sandboxing. When standard antivirus checks are passed, suspicious emails and attachments are sent to a next-generation email sandbox for deep inspection, where the behavior of the attachments is assessed in an isolated sandbox environment. If malicious actions are detected, the threat is neutralized. SpamTitan also incorporates AI-based and machine-learning detection mechanisms to assist with malicious email detection, and along with a host of other checks ensure malicious emails are detected and blocked. In recent independent tests, SpamTitan has a 99.99% phishing catch rate and a 100% malware catch rate, with zero false positives.
SpamTitan, like all other TitanHQ cybersecurity solutions, is available on a free trial to allow you to see for yourself the difference it makes. To find out more about protecting your business from increasingly sophisticated threats, give the TitanHQ team a call.
by titanadmin | Sep 25, 2024 | Industry News, Security Awareness |
TitanHQ has launched a new version of its SafeTitan security awareness training and phishing simulation platform, which now includes new features for Managed Service Providers (MSPs) to allow them to enhance their security awareness training services.
Security awareness training is now vital due to the increasing number and sophistication of phishing attempts. Even with an advanced anti-phishing solution in place, it is inevitable that some phishing attempts will reach their intended targets, so the workforce needs to be trained on how to recognize and avoid phishing attempts. Companies are increasingly turning to MSPs to provide security awareness training as they lack the time and resources to develop and administer training courses and conduct phishing simulations. By providing training as a service, MSPs can better protect their clients against phishing and reduce support time, while also improving their bottom line.
Two key features added to the platform in the latest release are a multi-lure feature and reactive training for MSPs. When conducting phishing simulations internally, there is a chance that an employee will correctly identify a simulated phishing email and tip off their colleagues. The multi-lure feature of the SafeTitan platform solves this problem by allowing randomized lures to be sent during a simulated phishing campaign.
When this feature is activated, phishing emails will be sent in randomized bursts during working hours to ensure a high level of diversity within a phishing campaign and to maintain the element of surprise. The variety will help to ensure that members of the workforce experience a genuine test of their knowledge to help equip them with the skills they need to identify real phishing attempts.
Another new feature has been added to the MSP layer of the platform to ensure that MSPs can provide enhanced security awareness training. Reactive training is often not available to MSPs, yet it is one of the most effective ways of changing user behavior. Administrators can configure the platform to provide training in response to insecure behaviors by employees in real-time, ensuring timely training is provided to correct a bad behavior at the time when it is most likely to have the greatest impact. SafeTitan captures all data from users’ interactions with simulated phishing emails. If the user responds inappropriately, such as clicking a link or opening an attachment, training can be provided in real time relevant to that insecure action ensuring the employee is made aware of the error and their behavior is corrected.
For the MSP, not only does that help to improve the security awareness of the workforce, it means there is no need for manual assessments, saving MSPs valuable time. Other updates in the latest release include several much-awaited feature requests, including updates to the user experience that make navigating the platform even easier.
If you are an MSP that does not currently offer security awareness training, give the TitanHQ team a call to find out more about the SafeTitan platform. Product demonstrations, including demos of the new features, can be arranged on request.
by titanadmin | Sep 24, 2024 | Security Awareness, Spam Software |
The primary defense against spam and malicious emails is anti-spam software, through which all emails must pass to be delivered to inboxes. A spam filter performs a variety of checks to ensure that the email is genuine and does not contain any threats, and if you use an advanced spam filtering service such as SpamTitan you will be well protected.
SpamTitan incorporates SPF, DKIM, and DMARC to identify and block spoofing, AI and machine learning algorithms to identify spam and malicious messages based on how they deviate from the genuine emails a business usually receives, and the solution performs checks of message headers and the message body including Bayesian analysis to identify unsolicited and malicious messages. SpamTitan also incorporates email sandboxing to identify malicious attachments based on their behavior. The Bitdefender-powered email sandbox service identifies the zero-day malware threats that antivirus controls miss. In recent independent tests, the engine that powers the SpamTitan and PhishTitan solutions scored second-highest in the tests with a phishing catch rate of 99.990%, a malware catch rate of 100%, and a false positive rate of 0.0%.
While these advanced antispam solutions can protect your business and block the majority of threats, spam filters for incoming mail will not block 100% of threats without also blocking an unacceptable number of genuine emails. That means that your corporate email filter may not catch all malicious and unwanted messages, which is why it is important not to totally rely on your enterprise spam filter for protection.
Cybercriminals are constantly developing new tactics to defeat spam filters and get their messages in inboxes where they can be opened by their intended targets. One tactic that has been increasing is callback phishing, where the emails contain no malicious links or attachments, only a phone number. The malicious actions take place over the phone, such as convincing the user to download software that provides remote access to their device. Spam filters cannot easily determine if a phone number is malicious, although the AI content detection mechanisms of SpamTitan can identify these types of threats.
Cybercriminals are increasingly leveraging legitimate third-party infrastructure for sending their spam and malicious emails, such as exploiting web forms with backend SMTP infrastructure, legitimate online services such as Google Drive, Dropbox, and SharePoint for hosting malware and phishing content, and services such as Google Forms for hosting fake quizzes for capturing sensitive information. All of these methods can be difficult to identify as they use legitimate services that are generally trusted by email security solutions. Then there are other forms of phishing that no email security solution can block, as the phishing occurs on social media pages and links are sent via instant messaging services and SMS. These “smishing” attacks bypass standard technical defenses and often reach their intended targets.
The reality is that no matter how good your technical defenses are, threats will be encountered by employees. An advanced spam filter like SpamTitan will help to reduce the number of malicious and unwanted messages that arrive in inboxes but without comprehensive security awareness training, employees may respond to the malicious messages that sneak past your spam filter, are encountered via the Internet, or are sent via SMS or instant messaging services.
This is why TitanHQ strongly recommends providing regular security awareness training to the workforce to train individuals how to recognize and avoid threats such as malware and phishing and to teach cybersecurity best practices to eradicate risky behaviors. This is also an area where TitanHQ can help. TitanHQ offers a comprehensive security awareness training platform (SafeTitan) that makes it easy for businesses to create security awareness training programs for the workforce, with those campaigns tailored for different departments and roles and the different threats that each is likely to encounter.
The training courses are modular, with each element lasting no more than 10 minutes, which makes it easy to fit training into busy workflows. Through regular training, reinforced with phishing simulations conducted through the platform, businesses will be able to improve their human defenses. If malicious messages do make it past your perimeter defenses or if employees encounter threats online or elsewhere, they will have the skills to recognize and avoid those threats.
Give the TitanHQ team a call today to discuss improving your defenses through advanced spam filtering, web filtering, and security awareness training. TitanHQ solutions are available on a free trial to allow you to put them to the test before making a purchase decision, and demonstrations can be arranged on request.
by titanadmin | Sep 24, 2024 | Network Security, Phishing & Email Spam, Security Awareness |
Cybercriminals and nation state threat actors are targeting businesses to steal sensitive information, often also using file encryption with ransomware for extortion. Initial access to business networks is gained through a range of tactics, but the most common is the use of compromised credentials. Credentials can be guessed using brute force tactics, by exploiting password reuse in credential stuffing attacks, using malware such as keyloggers to steal passwords, or via phishing attacks.
According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), compromised credentials are the most common method for initial access in attacks on critical infrastructure entities. CISA revealed that 41% of all attacks on critical infrastructure used compromised credentials and phishing and spear phishing were identified as the second most common attack vector. A separate study by Osterman Research and OPSWAT revealed that the majority of critical infrastructure entities have suffered an email security breach in the past 12 months, with 75% of critical threats arriving via email.
Should any of these email threats arrive in inboxes, they could be opened by employees resulting in the theft of their credentials or the installation of malware. Both could provide a threat actor with the access they need to steal sensitive data and encrypt files with ransomware. Email threats usually impersonate a trusted entity such as a vendor, well-known organization, colleague, or previous acquaintance, which helps to make the correspondence appear authentic, increasing the likelihood of an employee responding.
According to CISA, the success rate of these emails depends on the technical defenses a business has in place and whether security awareness training has been provided to the workforce. The primary defense against phishing and other email attacks is a spam filter, which can be a cloud-based spam filtering service or gateway spam filter. CISA recommends implementing email filtering mechanisms incorporating Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), as both are important for protecting against spoofing and email modification.
Antiphishing defenses should rewrite URLs to show their true destination, and for maximum protection – especially against AI-generated phishing attempts – anti-spam software should incorporate machine learning and AI-based detection mechanisms and analyze email content to determine how emails deviate from the typical emails received by a business. Malware is often used in attacks, so spam filters should incorporate antivirus protection, including email sandboxing to detect malware based on its behavior rather than signature since many novel threats can bypass the signature-based defenses of standard anti-virus products.
A web filter is a useful tool for protecting against the web-based component of phishing attempts, as it can block access to known malicious websites and also prevent visits to malicious websites from general web browsing. Security awareness training should be provided frequently to the workforce to improve human-based defenses and reduce the risk of employees being tricked by social engineering and phishing attempts. Employees should also be provided with an easy way of reporting suspicious requests to their security teams. Backing up security awareness training with phishing simulations can help reinforce training and identify knowledge gaps.
To protect against compromised credentials, multifactor authentication should be implemented, with phishing-resistant MFA providing the highest level of protection. Password policies should be implemented that require the use of unique, strong passwords, all default passwords should be changed, and any inactive or unnecessary accounts should be disabled.
TitanHQ can help protect against these attacks through a suite of cybersecurity solutions. SpamTitan email Security, the WebTitan DNS-based web filter, the PhishTitan anti-phishing solution for Microsoft 365, and the SafeTitan security awareness training platform. All solutions have been developed to be easy for businesses to implement and use and provide cutting-edge protection against the full range of cyber threats. For more information give the TitanHQ team a call and take the first steps towards improving your defenses against increasingly sophisticated cyber threats.
by titanadmin | Sep 15, 2024 | Network Security |
Ransomware attacks can cause an incredible amount of damage to an organization’s reputation as well as huge financial losses from the downtime they cause. Recovery from an attack, regardless of whether the ransom is paid, can take weeks and the theft and publication of sensitive data on the dark web can prompt customers to leave in their droves. Attacks are still being conducted in high numbers, especially in the United States and the United Kingdom. One recent survey indicates that 90% of businesses in those countries have experienced at least one attack in the past 12 months, with three-quarters of organizations suffering more than one attack in the past year.
The healthcare sector is often attacked as defenses are perceived to be weak and sensitive data can be easily stolen, increasing the chance of the ransom being paid. The Inc Ransom group has been targeting the healthcare sector and conducted an attack on an NHS Trust in Scotland earlier this year, stealing 3 TB of sensitive data and subsequently publishing that data on the dark web when the ransom wasn’t paid.
The Inc Ransom group also conducted an attack on a Michigan healthcare provider, preventing access to its electronic medical record system for 3 weeks in August. A group called Qilin attacked an NHS pathology provider, Synnovis, in June 2024 which had a huge impact on patient services, causing a shortage of blood in London hospitals that caused many surgeries to be postponed. Education is another commonly attacked sector. The Billericay School in Essex had its IT system encrypted, forcing the school to temporarily close. In all of these attacks, highly sensitive data was stolen and held to ransom. The public sector, healthcare, and schools are attractive targets due to the value of the sensitive data they hold, and attacks on businesses cause incredibly costly downtime, both of which can force victims into paying ransoms. What is clear from the reporting of attacks is no sector is immune.
There is increasing evidence that ransomware groups are relying on malware for initial access. Microsoft recently reported that a threat actor tracked as Vanilla Tempest (aka Vice Society) that targets the healthcare and education sectors has started using Inc ransomware in its attacks and uses the Gootloader malware downloader for initial access. A threat actor tracked as Storm-0494 is responsible for the Gootloader infections and sells access to the ransomware group. Infostealer malware is also commonly used in attack chains. The malware is installed by threat groups that act as initial access brokers, allowing them to steal credentials to gain access to networks and then sell that access to ransomware groups. Phishing is also commonly used for initial access and is one of the main initial access vectors in ransomware attacks, providing access in around one-quarter of attacks.
Infostealer malware is often able to evade antivirus solutions and is either delivered via malicious websites, drive-by malware downloads, or phishing emails. Gootloader infections primarily occur via malicious websites, with malvertising used to direct users to malicious sites where they are tricked into downloading and installing malware. Credentials are commonly compromised in phishing attacks, with employees tricked into disclosing their passwords by impersonating trusted individuals and companies.
Advanced cybersecurity defenses are needed to combat these damaging cyberattacks. In addition to traditional antivirus software, businesses need to implement defenses capable of identifying the novel malware threats that antivirus software is unable to detect. One of the best defenses is an email sandbox, where emails are sent for behavioral analysis. In the sandbox – an isolated, safe environment – file attachments are executed, and their behavior is analyzed, rather than relying on malware signatures for detection, and links are followed to identify malicious content.
DNS filters are valuable tools for blocking web-based delivery of malware. They can be used to control access to the Internet, prevent malvertising redirects to malicious websites, block downloads of dangerous file types from the Internet, and access to known malicious URLs. Employees are tricked into taking actions that provide attackers with access to their networks, by installing malware or disclosing their credentials in phishing attacks, so regular security awareness training is important along with tests of knowledge using phishing simulations.
There is unfortunately no silver bullet when it comes to stopping ransomware attacks; however, that does not mean protecting against ransomware attacks is difficult for businesses. TitanHQ offers a suite of easy-to-use cybersecurity solutions that provide cutting-edge protection against ransomware attacks. TitanHQ’s award-winning products combine advanced detection such as email sandboxing, AI and machine-learning-based detection, and are fed threat intelligence from a massive global network of endpoints to ensure businesses are well protected from the full range of threats.
Give the TitanHQ team a call today and have a chat about improving your defenses with advanced anti-spam software, anti-phishing protection, DNS filtering, and security awareness training solutions and put the solutions to the test on a free trial to see for yourself the difference they make.
by titanadmin | Jul 31, 2024 | Phishing & Email Spam |
Microsoft credentials are being targeted in phishing campaigns that abuse Microsoft Forms. Microsoft Forms is a feature of Microsoft 365 that is commonly used for creating quizzes and surveys. Microsoft Forms has been used in the past for phishing campaigns, and Microsoft has implemented phishing protection measures to prevent abuse, but these campaigns show that those measures are not always effective.
To increase the probability of the phishing emails being delivered and the recipients responding, threat actors use compromised email accounts for the campaigns. If a business email account can be compromised in a phishing attack, it can be used to send phishing emails internally. Vendor email accounts are often targeted and used to conduct attacks on their customers. The emails are likely to be delivered as they come from a trusted account, which may even be whitelisted on email security solutions to ensure that their messages are delivered.
If the recipient clicks the link in the email they are directed to a Microsoft Form, which has an embedded link that the user is instructed to click. If the link is clicked, the user is directed to a phishing page where they are asked to enter their Microsoft 365 credentials. If the credentials are entered, they are captured by the attacker and are used to access their account.
The initial contact includes messages with a variety of lures, including fake delivery failure notifications, requests to change passwords, and notifications about shared documents. When the user lands on the form, they are told to click a link and fill in a questionnaire, that link then sends the user to a phishing page that appears to be a genuine login page for Microsoft 365 or another company, depending on which credentials are being targeted.
The attackers make their campaign more realistic by using company logos in the phishing emails and familiar favicons in the browser tab on the fake web pages. Since Microsoft Forms is used in this campaign, the URL provided in the phishing emails has the format https://forms.office[dot]com, as the forms are on a genuine Microsoft Forms domain. Not only does that help to trick the user into thinking the request is genuine, but it also makes it much harder for email security solutions to determine that the email is not legitimate as the forms.office[dot]com is generally trusted as it has a high reputation score.
When these phishing campaigns are detected, Microsoft takes prompt action to block these scams. Each form has a ‘report abuse’ button, so if the scams are identified by users, Microsoft will be notified and can take action to shut it down. The problem is that these emails are being sent in huge numbers and there is a considerable window of opportunity for the attacks. Further, if the attacker’s campaign is detected, they can just set up different web pages and forms and continue.
These phishing campaigns involve two phases, the first phase involves compromising email accounts to send the initial phishing emails. An advanced email security solution with sandboxing, URL rewriting, and AI-based detection capabilities will help to block this first phase of the attack. Advanced anti-phishing solutions for Office 365 can reduce the number of phishing emails that land in inboxes, even when sent from trusted email accounts. Banner warnings in emails will help to alert users to potential phishing emails; however, users need to be vigilant as it may be up to them to spot and report the phishing attempt. That means security awareness training should be provided to raise awareness of these types of phishing attempts.
Security awareness training should also incorporate phishing simulations, and it is recommended to create simulations of phishing attempts using Microsoft Forms. If users fall for the fake Microsoft Forms phishing attempts, they can be provided with further training and told how they could have identified the scam. If another Microsoft Forms phishing attempt is received, they are more likely to be able to identify it for what it is.
TitanHQ can help businesses improve their defenses against phishing through the TitanHQ cybersecurity suite, which includes SpamTitan cloud-based anti-spam service, the PhishTitan anti-phishing solution, and the SafeTitan security awareness and phishing simulation platform. SpamTitan and PhishTitan have exceptionally high detection rates with a low false positive rate, and SafeTitan is the only behavior-driven security awareness training platform that delivers training in real-time in response to employee mistakes. Give the TitanHQ team a call today for more information about these products, you can book a product demonstration to find out more, and all solutions are available on a free trial.
by titanadmin | Jul 30, 2024 | Phishing & Email Spam, Security Awareness |
Cybersecurity awareness training is now vital for businesses to raise employees’ awareness of cyber threats. Here we will explain why you need real-time security awareness training and phishing simulations and the difference they can make to your security posture.
The biggest cybersecurity threat faced by businesses is phishing. Phishing attacks target employees as cybercriminals and nation-state actors know all too well that employees are a weak link in security defenses. If they can get a phishing email in front of an employee and give them a plausible reason for taking the action they suggest, they can steal credentials that will give them the access they need or get the employee to download and open a malicious file, that will download malware and provide persistent access to the network.
If doesn’t always need to be a sophisticated phishing attempt if the email lands in the inbox of a busy employee or one who lacks security awareness. Many unsophisticated phishing attempts succeed due to human error. The problem is that phishing attempts are often sophisticated, and are now being crafted using LLMs that not only ensure that the emails are devoid of spelling mistakes and grammatical errors, but LLMs can also help to devise new phishing lures.
All it takes is for one phishing attempt to be successful to give an attacker the access they need for an extensive compromise. Cybercriminals often gain access to an employee’s email account and then use that account to conduct further phishing attempts internally, until they compromise large numbers of email accounts and manage to steal credentials with high privileges. Since email accounts often contain a wealth of sensitive and valuable data, the attack does not even need to progress further for it to be costly to remediate.
Businesses need to ensure that they have robust email security defenses, including an email security solution with sandboxing, AI, and machine learning detection to identify and block malware threats and zero-day phishing attacks, malicious URL detection capabilities, and a solution that is constantly updated with the latest threat intelligence. While the most advanced cloud-based email security solutions will block the vast majority of malicious emails, they will not block all threats. For example, in recent independent tests, SpamTitan email security was determined to have a spam catch rate of 99.984%, a phishing catch rate of 99.99%, and a malware catch rate of 100% with zero false positives, finishing second in the test.
For the small percentage of malicious emails that do reach inboxes, employees need to be prepared, be on their guard, and have the skills to identify and report suspicious emails, which is where security awareness training and phishing simulations are needed.
The purpose of security awareness training is to raise the level of awareness of cyber threats within the workforce, teach cybersecurity best practices, and eliminate risky behaviors. Training will only be effective if it is provided regularly, building up knowledge over time. Training should ideally be provided in short regular training sessions, with training programs running continuously throughout the year. Each week, every employee can complete a short training module which will help to build awareness and keep security fresh in the mind, with the ultimate goal of creating a security culture where every employee is constantly on their guard and aware that the next email they receive could well be a phishing attempt or contain malware.
Training is most effective when combined with phishing simulations. You can teach employees how to recognize a phishing email, but simulations give them practice at detecting threats and applying their training. Further, the emails will be received when the employees are completing work duties, just the same as a genuine phishing threat. A phishing simulator can be used to automate these campaigns, and administrators can track who responds to determine the types of threats that are tricking employees and the individuals who are failing to identify threats. Training programs can then be tweaked accordingly to address the weaknesses.
The most effective phishing simulation programs automatically deliver training content in real-time in response to security mistakes. When a phishing simulation is failed, the employee is immediately notified and given a short training module relevant to the mistake they made. When training is delivered in real time it serves two important purposes. It ensures that the employee is immediately notified about where they went wrong and how they could have identified the threat, and the training is delivered at the point when it is likely to have the greatest impact.
SafeTitan from TitanHQ makes providing training and conducting phishing simulations simple. The training modules are enjoyable, can be easily fitted into busy workflows, and the training material can be tailored to the organization and individual employees and roles. The training and simulations can be automated and require little management, and since the content is constantly updated with new material and phishing templates based on the latest tactics used by cybercriminals, employees can be kept constantly up to date.
For more information about SafeTitan security awareness training and phishing simulations, give the TitanHQ team a call.
by titanadmin | Jul 28, 2024 | Spam Software |
Phishing is one of the most common ways that cybercriminals gain initial access to networks. A single response to a phishing email can be all it takes to compromise an entire network. These attacks can be incredibly costly. According to the 2024 Cost of a Data Breach Report from IBM, the average cost of a data breach that starts with phishing has risen to $4.88 million. According to the Federal Bureau of Investigation (FBI), phishing was the leading reason for reports of cybercrime to its Internet Crime Complaint Center in 2023.
The best way to gain access to an internal network is to ask someone with access (an employee) to provide that access. That is essentially what phishing is about. Phishing involves deception to gain access, tricking employees into disclosing their credentials or installing software that provides remote access, such as malware or a remote desktop solution. Social engineering techniques are used to convince the employee to take an action that benefits the attacker. That action may be required to fix a problem, such as preventing an avoidable charge to an account, correcting a security issue before it is exploited, or recovering a missing package.
Phishing often involves the impersonation of a trusted entity, which could be the CEO, HR department, colleague, vendor, lawyer, government entity, or a trusted business. Emails may impersonate a trusted individual or company, provide a plausible reason for clicking a link in an email or opening a file attachment. When links are included in emails, they often direct the user to a website that requires them to log in. The log-in box presented will be familiar as it will be a carbon copy of the brand that is being spoofed. When the credentials are entered, they are captured and used to remotely log into that user’s account. Alternatively, they may be directed to a web page and told they must download and open a file, which unbeknown to them, contains a malicious script that silently installs malware.
Phishing targets human weaknesses so one of the best solutions for combatting phishing is end user training. Training the workforce on how to identify a phishing attempt and providing an easy way for them to report potential phishing attempts is vital. Security awareness training should cover cyber threats and how to identify and avoid them, as well as teach cybersecurity best practices and why they are important. If a threat actor can get phishing content in front of an employee, whether that is via email, SMS message, social media, an instant messaging platform, or over the phone, they will be more likely to recognize that threat for what it is and take the appropriate action. Security awareness training is about strengthening your defensive line.
Training can be provided in a one-time training session, but that is unlikely to be effective. If your child wants to drive, you would not pay for a 1-hour lesson and expect them to pass their driving test. Multiple lessons are required along with a lot of practice, and as experience builds, they will become a better driver and learn how to react to situations they have not seen before. It is the same with security awareness training. Providing training frequently will build knowledge and understanding and that knowledge can then be tested and employees given practice at recognizing phishing attempts by using a phishing simulator.
The best defense against phishing is to ensure that no phishing attempt ever reaches an end user; however, in practice that is a major challenge. The aim should be to make it as difficult as possible for attackers to reach end users by implementing technical solutions that can recognize phishing attempts and block them before they are delivered. The primary technical defense is anti-spam software.
Anti-spam software can be provided as a cloud-based anti-spam service or an anti-spam gateway for on-premises email systems, through which all inbound and outbound emails must pass. A spam filter for incoming mail is essential for blocking the majority of phishing threats, but an outbound spam filter is also important for identifying phishing attempts from compromised internal mailboxes.
An anti-spam server must be capable of identifying and blocking malware threats. Spam filters include anti-virus software that scans for known malware signatures, but that is no longer enough. Malware is constantly changing and can easily defeat signature-based detection measures, so email sandboxing is also required. Sandboxing uses pattern filtering and behavioral analysis in a safe environment to identify malware by what it attempts to do. Since phishing attempts are becoming more sophisticated, often not including any malicious content in the emails – such as callback phishing – an anti-spam solution should have AI and machine learning capabilities, to predict phishing attempts by how they deviate from the standard messages received by a business.
Technical defenses will reduce the number of threats that employees encounter, and security awareness training will prepare the workforce in case a threat is not blocked. Further technical defenses should also be considered to combat phishing. Multifactor authentication is important for preventing unauthorized access in the event of an employee disclosing their credentials. With multifactor authentication, a username and password are not enough to grant access to an account. Since multifactor authentication can be circumvented with some of the more advanced phishing kits used by cybercriminals, robust MFA is required, often referred to as phishing-resistant MFA.
No single anti-phishing measure is sufficient on its own. Layered defenses are key to mounting a good defense against phishing, and this is an area where TitanHQ can help. TitanHQ can offer cutting-edge anti-spam software (SpamTitan) that has been shown to block 100% of known malware and, through sandboxing, block novel malware threats, and has a phishing and spam detection rate of over 99.99%. To block phishing threats in Microsoft 365 environments and to help security teams with remediation, TitanHQ offers the PhishTitan solution, and security awareness training and phishing simulations can be created and automated with the SafeTitan platform.
Give the TitanHQ team a call today to find out more about these anti-phishing measures and the team will help you with improving your defenses and getting started on a free trial of these solutions.
by titanadmin | Jul 27, 2024 | Phishing & Email Spam |
A ZeroFont phishing campaign is being conducted that targets Microsoft 365 users. Rather than using the ZeroFont technique to hide malicious content from anti-spam software, this method aims to trick end users into thinking the email is genuine and safe.
The ZeroFont phishing technique was first identified in phishing attempts around five years ago, so it is not a new technique; however, this version uses a novel approach. When an email is sent to a business user, before that email is delivered it will be subject to various checks by the anti-spam server. The business’s anti-spam solution will perform reputation checks, scan the email for malware, and analyze the content of the email to search for signs of spam or phishing. Only if those checks are passed will the message be delivered to the end user. ZeroFont is a technique for hiding certain words from email security solutions to ensure that the messages are not flagged as spam and are delivered.
According to Check Point, Microsoft is the most commonly impersonated brand in phishing emails. If a threat actor impersonates Microsoft, they obviously cannot send the email from the Microsoft domain as they do not have access. Spam filters will check to make sure that the domain from which the email is sent matches the signature, and if there is no match, that is a strong signal that the email is not genuine. With ZeroFont, the signature used would only display Microsoft to the end user, and the spam filter is presented with a nonsensical string of text. The user would not see that text as the padding text around the word Microsoft is set to a font size of zero, which means the text is machine-readable but cannot be seen by the user.
A recent campaign uses the ZeroFont techniques but with a twist. In this campaign, the aim is not to trick a spam filter but to instead trick Outlook users. In Outlook, it is possible to configure the mail client with a listing view option, which will show the user the first lines of text of an email. The problem for phishers is getting Outlook users to engage with the messages, which means the messages must be sufficiently compelling so as not to be deleted without opening them. This is especially important if the sender of the email is not known to the recipient.
The email was detected by Jan Kopriva, who noticed that ZeroFont was used to make the message appear trustworthy by displaying text indicating the message had been scanned and secured by the email security solution, rather than showing the first lines of visible content of the message. This was achieved by using a zero font size for some of the text. The threat actor knew that the first lines of the emails are displayed by the mail client in the listing view, regardless of the font size, which means if the font is set to zero, the text will be displayed in the listing view but will not be visible to the user in the message body when the email is opened.
The email used a fake job offer as a lure and asked the user to reply with their personal information: Full name, address, phone number, and personal email, and impersonated the SANS Technology Institute. The full purpose of the phishing attempt is not known. There were no malicious links in the email and no malware attached so the email would likely pass through spam filters. If a response is received, the personal information could be used for a spear phishing attempt on the user’s personal email account, which is less likely to have robust spam filtering in place, or for a voice phishing attempt, as we have seen in many callback phishing campaigns.
Security awareness training programs train employees to look for signs of phishing and other malicious communications, and they are often heavily focused on embedded links in emails and attachments. Emails such as this and callback phishing attempts lack the standard malicious content and as such, end users may not identify them as phishing attempts. It is important to incorporate phishing emails such as this in security awareness training programs to raise awareness of the threat.
That is easy with SafeTitan from TitanHQ, as is conducting phishing simulations with these atypical message formats. SafeTitan includes a huge library of security awareness training content, and the phishing simulator includes thousands of phishing templates from real-world phishing attempts. It is easy for businesses to create and automate comprehensive security awareness training programs for the workforce and provide training on how to identify novel techniques such as this when they are identified, to ensure employees are kept up to date on the latest tactics, techniques, and procedures used by cybercriminals.
by titanadmin | Oct 10, 2022 | Security Awareness |
One of the fastest areas of growth for Managed Service Providers (MSPs) is managed security services. The number of cyberattacks on businesses continues to increase and there is a major shortage of skilled cybersecurity staff. Further, the cost of hiring new talent can be prohibitively expensive for many small- and medium-sized businesses, who are turning to their MSPs to provide those services. Many MSPs have developed a technology stack to meet the demand and are offering managed security services such as identity protection and access management, endpoint security, spam filtering/email security, web security, data protection, network security, and mobile security, but one area that is often lacking in managed services is security awareness training. Currently, only 60% of MSPs offer security awareness training as part of their managed security services.
Technological solutions are implemented by MSPs to protect against hackers, malware, ransomware, and phishing attacks, and these solutions will detect and block the majority of threats, but it is not possible to prevent employees from encountering all threats. The workforce, therefore, needs to be prepared and be taught how to recognize the signs of phishing and other types of attacks, so that when these threats are encountered, they can be identified as such and avoided.
Studies conducted on companies that have conducted benchmarking phishing tests on employees prior to commencing security awareness training have shown that susceptibility to phishing attacks can be reduced considerably. Across all industry sectors, the average click rate for phishing is 37.9%. TitanHQ’s data shows that with regular security awareness training through the SafeTitan platform, susceptibility reduces to under 3%. Such a major reduction will significantly improve an organization’s security posture, yet as important as security awareness training is, a recent survey has shown that 57% of SMBs provide no security awareness training to their workforce whatsoever.
MSPs that do not offer security awareness training are missing out on easy, regular recurring revenue, and their clients are likely to be at risk of falling victim to phishing and other attacks that target employees. It is also worth noting that 69% of SMBs say they would hold their MSP accountable for a phishing attack!
TitanHQ Launches Security Awareness Training & Phishing Simulation Platform for MSPs
It has been a few months now since TitanHQ launched its new security awareness training and phishing simulation platform – SafeTitan. The initial launch was aimed at SMBs and enterprises to help them create an effective, ongoing security awareness training program for the workforce, and conduct phishing simulations to reinforce training, identify weak links, and track improvements over time.
The platform includes an extensive library of training content on a wide range of topics including security best practices, cyber hygiene, phishing, vishing, and smishing, to allow businesses to easily create training programs to match their needs and risk profiles. The training is gamified, engaging, and delivered in short (max 10-minute) modules, which makes security awareness training enjoyable, while allowing it to be easily fit into busy workflows.
While the platform is well suited to businesses of all sizes, from the smallest of businesses to large enterprises, the platform had to be developed further to meet the needs of MSPs. To make a truly MSP-friendly solution, TitanHQ worked closely with the MSP advisory council and TitanHQ’s extensive MSP customer base to discover exactly what MSPs need to be able to start delivering security awareness training and phishing simulations as a managed service, which lead to the addition of several important new features.
TitanHQ is now happy to announce that SafeTitan for MSPs has now officially been launched. The new product incorporates an intuitive MSP dashboard, through which campaigns can be easily managed. The dashboard gives MSPs real-time live analytics and allows quick actions to be performed.
The phishing simulation platform includes more than 1.8K phishing templates, taken from real-world phishing attempts, with the campaigns easy to schedule for a group of customers, to be run at set intervals every week, month, or year. The platform allows mass training campaigns to be developed, along with mass phishing simulations. The addition of the direct email injection (Graph API) feature allows MSPs to deliver their phishing simulations directly to user inboxes, without having to spend time and effort configuring allowed lists and firewalls.
MSPs also benefit from dynamic user management, so changes can be made quickly and easily to existing campaigns if new users need to be added. If any user fails a phishing simulation, they can be automatically enrolled in relevant training content to provide targeted training on the aspect of security relevant to the failure.
MSP clients will want to be provided with feedback on how their campaigns are progressing and the impact the training is having on phishing susceptibility, and to make this as easy as possible, the platform now includes scheduled reporting. Reports are automated and are sent to clients at regular intervals with no MSP interaction once configured.
Contact TitanHQ Today
If you have yet to add security awareness training and phishing simulations to your managed security services, contact TitanHQ today to find out more about SafeTitan for MSPs on +1 813 519 4430 (US) or +353 91 545555 (IRL).
by titanadmin | Sep 29, 2022 | Email Archiving, Industry News, Internet Security, Security Awareness, Spam Software, Website Filtering |
TitanHQ has collected 5 awards for its cybersecurity solutions in the Expert Insights Fall 2022 ‘Best-Of’ Awards across 5 product categories.
Expert Insights is an online platform for businesses that provides independent advice on business software solutions to help businesses make informed purchasing decisions about software solutions. The advice provided on the website is honest and objective, and the site features helpful guides to help businesses purchase with confidence. The site is used by more than 85,000 businesses each month, with the website helping more than 1 million readers each year.
Twice yearly, Best-of awards are given to the top ten solutions in each of the 41 product categories. The awards showcase the best quality solutions that are helping businesses to achieve their goals and defend against the barrage of increasingly sophisticated cyberattacks. The awards are based on several factors, such as the features of products, market presence, ease of use, and customer satisfaction scores, with the award winners chosen by the in-house team of editors. The editorial team conducts research into each solution to assess its performance, functionality, and usability, and assesses the reviews from genuine business users of the solutions.
TitanHQ collected five awards for its products in the Spring 2022 Best-of awards, and this has been followed up with another 5 Fall 2022 Best-of awards. TitanHQ was given a Best-of award for SafeTitan in the Phishing Simulation and Security Awareness Training categories, SpamTitan Cloud received an award in the Email Security category, WebTitan Cloud got an award in the Web Security category, and ArcTitan won in the Email Archiving category. Further, ArcTitan Email Archiving was rated the top solution in the Email Archiving category and SpamTitan was rated the top solution in the Email Security category.
There were several big winners at the Fall 2022 Expert Insights Best-of awards, with TitanHQ joining companies such as ESET, CrowdStrike, and Connectwise in winning big.
“We are honored that TitanHQ was named as a Fall 2022 winner of Expert Insights Best-Of award for phishing simulation, email security, security awareness training, web security and email archiving” said TitanHQ CEO, Ronan Kavanagh. “Our cloud-based platform allows partners and MSPs to take advantage of TitanHQ’s proven technology so they can sell, implement and deliver our advanced network security solutions directly to their client base”.
by titanadmin | Sep 7, 2022 | Industry News, Website Filtering |
WebTitan Cloud is an award-winning DNS filter that prevents access to malicious websites and allows businesses to control the web content users can access with precision. This week, TitanHQ has announced the release of a new version of WebTitan Cloud, that includes new features to improve usability, security, protection for remote workers, and provides greater insights into DNS requests. These new features now form part of an industry-leading feature set that is in a cloud-delivered solution that is easy to set up, use, and maintain.
New UI with Advanced Reporting Features
If you are a current WebTitan Cloud user, the first change you will notice is the new user interface which provides easy access to all WebTitan Cloud features. The enhancements provide intuitive, advanced, relevant, and easy-to-digest data, through new interactive reports and data visualization tools, which are embedded into the UI to improve the user experience.
The advanced security reports show malware-infected clients, malware-infected domains, malware-infected users, blocked phishing sites, blocked phishing domains, and blocked phishing sites by user, and the view can be customized by date and client IP. New reports show behavior, blocked sites, and trends to provide insights into network use and threats. These reports have been added based on the feedback received by WebTitan Cloud users.
Interactive Threat Intelligence with DNS Data Offload
The latest version of WebTitan Cloud provides users with easier access to valuable threat intelligence to aid IT decision-making, network troubleshooting, and security planning. Users can now list DNS request history on screen, download DNS request logs, view all DNS data to gain valuable insights into activity, and easily extract DNS query data for sophisticated integrations and advanced data analysis.
DNSSEC Security Enhancements
WebTitan Cloud now benefits from security enhancements to protect against DNS attacks by strengthening authentication using Domain Name System Security Extensions (DNSSEC). DNSSEC uses digital cryptographic signatures to verify the origin and integrity of data during the DNS resolution process to protect against malicious DNS poisoning attacks. Users of WebTitan Cloud can implement DNSSEC through a simple and straightforward process to improve security.
WebTitan OTG Improvements for Protecting Off Network Users
The WebTitan On-the-Go (OTG) agent allows users to extend the protection of WebTitan Cloud to off-network users, no matter where they connect to the Internet. WebTitan OTG was introduced some time ago; however, the latest release includes several enhancements. The JSON Config filters have been replaced for OTG devices, and the agent used to protect, manage, and monitor off-network users has been significantly improved. It is also much easier to add and update exceptions to OTG devices through an easy-to-use interface.
“This WebTitan release is hitting so many key pillars of success for TitanHQ. The data offload feature has been requested by many customers and creates real differentiation for our solution in the market. This coupled with our new advanced reporting were major requests from our MSP customers,” said Ronan Kavanagh, CEO of TitanHQ. “Finally, security is at the heart of what we do and are, the addition of DNSSEC just continues to add to our credentials.”
by titanadmin | Sep 6, 2022 | Email Scams, Internet Security, Phishing & Email Spam, Spam Advice |
When multifactor authentication is set up on accounts, attempts to access those accounts using stolen credentials will be prevented, as in addition to a correct username and password, another factor must be provided to authenticate users. Phishing attacks may allow credentials to be stolen, but that does not guarantee accounts can be accessed. More companies are implementing multifactor authentication which means phishing attacks need to be more sophisticated to bypass the protection provided by multifactor authentication.
One of the ways that multifactor authentication can be bypassed is by using a reverse proxy. In a phishing attack, an email is sent to a target and a link is provided to a malicious website hosting a phishing form that spoofs the service of the credentials being targeted – Microsoft 365 for example. Instead of just collecting the login credentials and using them to try to remotely access the user’s account, a reverse proxy is used.
The reverse proxy sits between the phishing site and the genuine service that the attacker is attempting to access and displays the login form on that service. When the credentials are entered, they are relayed in real-time to the legitimate service, and requests are returned from that service, such as MFA requests. When the login process is successfully completed, a session cookie is returned which allows the threat actor to access the genuine service as the victim. The session cookie can also contain the authentication token. In these attacks, once the session cookie has been obtained, the victim is usually presented with a notification telling them the login attempt has failed or they are directed to another site and will likely be unaware that their credentials have been stolen and their account is being accessed.
These attacks allow the victim’s account to be accessed for as long as the session cookie remains valid. If it expires or is revoked, the attacker will lose access to the account. To get around this and gain persistent access, account details may be changed or other authentication methods will be set up.
These types of phishing attacks are much more sophisticated than standard phishing attacks, but the extra effort is worth the investment of time, money, and resources. Many advanced persistent threat actors use reverse proxies in their phishing campaigns and have developed their own custom reverse proxies and tools. There are, however, publicly available kits that can be used in phishing campaigns such as Modlishka, Necrobrowser, and Evilginx2. These kits can be used at a cost and allow MFA to be bypassed, although they can be complicated to set up and use.
Now a new phishing-as-a-Service (PaaS) platform has been identified – EvilProxy – that is being pushed on hacking forums. EvilProxy allows authentication tokens to be stolen from a range of vendors including Microsoft, Apple, Twitter, Facebook, Google, and more, according to Resecurity which recently reported on the phishing kit.
EvilProxy lowers the bar considerably and makes conducting reverse proxy phishing attacks far simpler. The service includes instructional videos, provides a user-friendly graphical interface, and even supplies templates of cloned phishing pages for stealing credentials and auth tokens. Through the graphical interface, threat actors can set up and manage their phishing campaigns with ease. EvilProxy comes at a cost, starting at $150 for 10 days up to $400 for a month. While the service is not cheap, the potential rewards can be considerable. EvilProxy allows low-skill threat actors to gain access to valuable accounts, which could be used or sold on to other threat actors such as ransomware gangs.
Multifactor authentication is strongly recommended as it will block the majority of attacks on accounts; however, it can be bypassed by using reverse proxies. Protecting against reverse proxy phishing attacks requires a defense-in-depth approach. An email security solution – SpamTitan for example – should be implemented to block the initial phishing email. A web filter – WebTitan – should be used to block attempts to visit the malicious websites used in these man-in-the-middle attacks. Security awareness training is important for training employees on how to recognize and avoid phishing threats, and employers should conduct phishing simulation tests as part of the training process. TitanHQ’s SafeTitan platform allows businesses to conduct regular training and phishing simulations with ease.
by titanadmin | Sep 5, 2022 | Industry News, Spam Software |
For more than 10 years, PeerSpot (formerly IT Central Station) has been helping tech pros make intelligent decisions on the best information technology solutions to implement to ensure they get the solutions that perfectly address the needs of their businesses. The PeerSpot Buying Intelligence Platform is powered by the world’s largest community of enterprise tech buyers and bridges the gap between vendors and buyers. Vendors are helped through the voice of their customers, and enterprise tech buyers receive relevant and practical advice to help them make better purchasing decisions. The platform provides in-depth reviews of products, online forums, and tech buyers have access to direct Q&A support.
This year sees PeerSpot launch its first Annual User’s Choice Award program to recognize the products that are helping businesses to achieve their goals. Customers of enterprise technology vendors are invited to vote for their favorite B2B Enterprise Technology products across 11 product categories.
In 2022, those product categories are:
- Endpoint Protection for Business
- Firewalls
- Backup and Recovery Software
- Network Monitoring Software
- HCI
- All-Flash Storage Arrays
- Email Security
- Ethernet Switches
- Application Security Tools
- Functional Testing Tools
- Rapid Application Development Software
In order for a solution to be included in the relevant category, it must be amongst the highest-rated products on the PeerSpot Buying Intelligence Platform. That requires a product to have generated significant user engagement on the platform and to have been rated highly by verified users of the solutions.
The winners in each category will be decided by popular vote.
TitanHQ is proud to have had its SpamTitan solution included as one of the top spam filtering, anti-phishing, and anti-malware solutions in the email security category. SpamTitan provides layered protection for enterprises, SMBs, and managed service providers and blocks email-based threats such as phishing, malware, spam, viruses, and botnets. The solution incorporates signature- and behavior-based detection to block malware threats and predictive technologies to anticipate zero-minute threats. SpamTitan is much loved by users not just for its performance, but also ease of set up, use, maintenance, price, and the industry-leading customer support provided by TitanHQ. SpamTitan has an overall star rating of 4.6/5 on the platform.
If you love using SpamTitan and it has helped your business block more threats, cut down on the resources you have had to devote to email security, or saved you money, TitanHQ encourages you to vote for SpamTitan. Voting will take around a minute of your time. Votes are being accepted until September 16th, 2022, and the winners in each category will be announced by PeerSpot on October 25, 2022.
by titanadmin | Aug 31, 2022 | Security Awareness |
Technology is vital for defending against cyberattacks, but it is important not to neglect employee training. Training the workforce on how to recognize and avoid threats should be a key part of your security strategy, but if you want to get the best return on your investment it is important to avoid these common security awareness training mistakes.
Why Security Awareness Training is Essential
Data from the ransomware remediation firm, Coveware, shows phishing is the main way that ransomware gangs gain initial access to business networks, and IBM reports that phishing is the main way that data breaches occur. In 2021, 40% of all data breaches started with a phishing email. Businesses should implement technologies to block these attacks, such as a spam filter, antivirus software, and a web filter; however, even with these defenses in place, threats will arrive in inboxes, they can be encountered over the Internet, or via instant messaging services, SMS, or over the phone. Unless you totally isolate your business from the outside world, employees will encounter threats.
It is therefore important to provide security awareness training to teach employees how to recognize and avoid threats and to educate them on cybersecurity best practices that they should always follow. Security awareness training is concerned with equipping employees with the skills they need to play their part in the overall security of the organization, to give them practice at detecting threats, and build confidence. Through training, you can create a human firewall to add an extra layer to your cybersecurity defenses.
Security Awareness Training Mistakes to Avoid
It is important to avoid these common security awareness training mistakes, as they can seriously reduce the effectiveness of your training.
Infrequent training
Creating a training course that covers all security best practices and threats to educate the workforce is important, but if you want to change employee behavior and get the best return on your investment, it is important to ensure that your training is effective. If you provide a once-a-year training session, after a few weeks the training may be forgotten. One of the most common mistakes with security awareness training is not providing training often enough. Training should be an ongoing process, provided regularly. You should therefore be providing training regularly in small chunks. A 10-minute training session once a month is much more likely to change behavior than a once-a-year training session.
Not making training fun and engaging
Cybersecurity is a serious subject, but that does not mean that training cannot be enjoyable. If your training course is dull and boring, your employees are likely to switch off, and if they are not paying attention, they will not take the training on board. Use a third-party security awareness training course that includes interactive, gamified, and fun content that will engage employees, and use a variety of training materials, as not everyone learns in the same way.
Using the same training course for all employees
Don’t develop a training course and give the same course to everyone. Use a modular training course that teaches the important aspects of security, but tailor it to user groups, departments, and roles. Training should be relevant. There is no point in training everyone how to recognize specific threats that they will never encounter.
Not conducting phishing simulations
Training and then testing is important to make sure that the training content has been understood, but that is unlikely to change employee behavior sufficiently. The best way to reinforce training and change employee behavior is by conducting phishing simulations. These simulations should be relevant, reflect real-world threats, and should be conducted regularly. Phishing simulations will show you how employees respond to threats when they are completing their work duties and are not in a training setting. If a phishing simulation is failed, it is a training opportunity. Provide targeted training to employees who fail, specific to the mistake they made.
Not providing training in real-time
Intervention training is the most effective. When an employee makes a security mistake, training should be automatically triggered, such as when an employee fails a phishing simulation or takes a security shortcut. If the employee is immediately notified of the error and is told where they went wrong, that will be much more effective at changing behavior than waiting until the next scheduled training session.
Speak with TitanHQ About Security Awareness Training
TitanHQ offers a security awareness training and phishing simulation platform for businesses – SafeTitan – that makes workforce training simple. The platform includes an extensive library of gamified, fun, and engaging content on all aspects of security to allow businesses to create customized training for all members of the workforce and automate phishing simulations.
The platform is easy to set up, use, and customize, and the platform is the only security awareness training solution that provides intervention training in real-time in response to employees’ security errors. For more information contact TitanHQ and take the first step toward creating a human firewall.
by titanadmin | Aug 12, 2022 | Phishing & Email Spam, Security Awareness |
Business Email Compromise (BEC), also known as Email Account Compromise (EAC), is one of the most financially damaging types of cyberattacks, and attacks have been increasing. These attacks involve gaining access to business email accounts, often the email account of the CEO or CFO, and using those accounts to send emails to staff that has responsibility for making payments and tricking them into wiring funds to an attacker-controlled account. The attacks can also be conducted to make changes to payroll information to get employees’ salaries deposited to attacker-controlled accounts.
BEC scams have resulted in losses in excess of $43 billion over the past 5 years according to the Federal Bureau of Investigation (FBI), and that is just complaints submitted to its Internet Crime Complaint Center (IC3). In 2021 alone, almost $2.4 billion in losses to BEC attacks were reported to IC3.
Anatomy of a BEC Attack
BEC attacks require considerable effort by threat actors, but the rewards from a successful attack are high. BEC attacks often see fraudulent transfers made for hundreds of thousands of dollars and in some cases several million. Companies are researched, individuals to target are identified, and attempts are made to compromise their accounts. Accounts can be compromised through phishing or brute force attempts to guess weak passwords.
With access to the right email accounts, the attacker can study the emails in the account. The usual communication channels can be identified along with the style of emails that are usually sent. The attacker will identify contracts that are about to be renewed, invoices that will soon be due, and other regular payments to try to divert. Timely and convincing emails can then be sent to divert payments and give the attacker sufficient time to move the funds before the scam is uncovered.
A recent report from Accenture suggests the rise in ransomware attacks is helping to fuel the rise in BEC attacks. Ransomware gangs steal data before encrypting files and publish the data on their data leak sites. The stolen data can be used to identify businesses and employees that can be targeted, and often includes contract information, invoices, and other documents that can cut down on the time spent researching targets and identifying payments to divert. Some ransomware gangs are offering indexed, searchable data, which makes life even easier for BEC scammers.
How to Improve Your Defenses Against BEC Attacks
Defending against BEC attacks can be a challenge for businesses. Once an email account has been compromised, the emails sent from the account to the finance department to make wire transfers can be difficult to distinguish from genuine communications.
Use an Email Security Solution with Outbound Scanning
An email security solution such as SpamTitan can help in this regard, as all outbound emails are scanned in addition to inbound emails. However, the key to blocking attacks is to prevent the email accounts from being compromised in the first place, which is where SpamTitan will really help. SpamTitan protects against phishing emails using multiple layers of protection. Known malicious email accounts and IP addresses are blocked, other checks are performed on message headers looking for the signs of phishing, and the content of the emails is checked, including attachments and embedded hyperlinks. Emails are checked using heuristics and Bayesian analysis to identify irregularities, and machine learning helps to identify messages that deviate from the normal emails received by a business.
Implement Robust Password Policies and MFA
Unfortunately, it is not only phishing that is used to compromise email accounts. Brute force tactics are used to guess weak passwords or credentials stuffing attacks are performed to guess passwords that have been used to secure users’ other accounts. To block this attack vector, businesses need to implement robust password policies and enforce the use of strong passwords. Remembering complex passwords is difficult for employees, so a password manager solution should be used so they don’t need to. Password managers suggest complex, unique passwords, and store them securely in a vault. They autofill the passwords when they are needed so employees don’t need to remember them. If email account credentials are compromised, they can be used to remotely access accounts. Multifactor authentication can stop this, as in addition to a password, another form of authentication must be provided.
Provide Security Awareness Training to the Workforce
Providing security awareness training to the workforce is a must. Employees need to be taught how to recognize phishing emails and should be trained on cybersecurity best practices. If employees are unaware of the threats they are likely to encounter, when the threats land in their inboxes or are encountered on the web, they may not be able to recognize them as malicious. Training should be tailored for different users, and training on BEC attacks should be provided to the individuals who are likely to be targeted: the board, finance department, payroll, etc.
Security awareness should be accompanied by phishing simulations – fake, but realistic, phishing emails sent to the workforce to test how they respond. BEC attacks can be simulated to see whether the scams can be recognized. If a simulation is failed it can be turned into a training opportunity. These campaigns can be created, and automated, with the SafeTitan Security Awareness Training and Phishing Simulation Platform.
Set Up Communication Channels for Verifying Transfer Requests
Employees responsible for making wire transfers or changing payroll information should have a communication channel they can use to verify transfers and bank account changes. Providing them with a list of verified phone numbers will allow them to make a quick call to verify changes. A quick phone call to verify a request can be the difference between an avoided scam and a major financial loss.
Speak to TitanHQ about Improving Your Defenses Against BEC Attacks
TitanHQ offers a range of cybersecurity solutions for blocking email and web-based cyber threats. For more information on SpamTitan Email Security, WebTitan Web Filtering, and SafeTitan Security Awareness Training, give the TitanHQ team a call. All solutions are quick and easy to set up and use, and all have been developed to make it easy for MSPs to offer these cybersecurity solutions to their clients. With TitanHQ solutions in place, you will be well protected from phishing, malware, ransomware, botnets, social engineering, and BEC attacks.
by titanadmin | Aug 9, 2022 | Phishing & Email Spam, Security Awareness |
Phishing is mostly conducted via email; however, a recent data breach at the cloud communication company Twilio demonstrates that phishing can be highly effective when conducted using other popular communication methods, such as SMS messages.
An SMS phishing attack – known as SMiShing – involves sending SMS messages with a link to a malicious website with some kind of lure to get people to click. Once a click occurs, the scam progresses as an email phishing attack does, with the user being prompted to disclose their credentials on a website that is usually a spoofed site to make it appear genuine. The credentials are then captured and used by the attacker to remotely access the victims’ accounts.
Twillio provides programmable voice, text, chat, video, and email APIs, which are used by more than 10 million developers and 150,000 businesses to create customer engagement platforms. In this smishing attack, Twilio employees were sent SMS messages that appeared to have been sent by the Twilio IT department that directed them to a cloned website that had the Twilio sign-in page. Due to the small screen size on mobile devices, the full URL is not displayed, but certain keywords are added to the URLs that will be displayed to add realism to the scam. The URLs in this campaign included keywords such as SSO, Okta, and Twilio.
According to Twilio EMEA Communications director, Katherine James, the company detected suspicious account activity on August 4, 2022, and the investigation confirmed that several employee accounts had been accessed by unauthorized individuals following responses to the SMS messages. The attackers were able to access certain customer data through the Twilio accounts, although James declined to say how many employees were tricked by the scam and how many customers had been affected.
Twilio was transparent about the data breach and shared the text of one of the phishing emails, which read:
Notice! [redacted] login has expired. Please tap twilio-sso-com to update your password!
The text messages were sent from U.S. carrier networks. Twilio contacted those companies and the hosting providers to shut down the operation and take down the malicious URLs. Twilio said they were not the only company to be targeted in this SMS phishing campaign, and the company worked in conjunction with those other companies to try to shut the operation down; however, as is common in these campaigns, the threat actors simply switch mobile carriers and hosting providers to continue their attacks.
The smishing attack and data breach should serve as a reminder to all businesses of the risk of smishing. Blocking these types of phishing attacks can be a challenge for businesses. The best starting point for improving your defenses is to provide security awareness training for the workforce. Security awareness training for employees usually has a strong emphasis on email phishing, since this type of phishing is far more common, but it is important to also ensure that employees are trained on how to recognize phishing in all its forms, including smishing, social media phishing, and voice phishing – vishing – which takes place over the telephone.
The easiest way to do this is to work with a security vendor such as TitanHQ. TitanHQ offers a comprehensive security awareness training platform – SafeTitan – with an extensive range of training content on all aspects of security, including smishing and voice phishing. The training content is engaging, interactive, and effective at improving cybersecurity understanding, and SafeTitan is the only security awareness training platform that delivers training in real-time in response to the behavior of employees. The platform also includes a phishing simulator for automating simulated phishing tests on employees.
For more information about improving security awareness in your organization, contact TitanHQ today.
by titanadmin | Jul 26, 2022 | Industry News, Phishing & Email Spam, Spam Advice, Spam News, Spam Software |
TitanHQ has announced an update has been made to its flagship anti-phishing solution, SpamTitan Plus. The new enhancements have been added to the predictive phishing detection capabilities of SpamTitan Plus to help users block personalized URL attacks.
Phishing attacks on businesses have become much more sophisticated and new tactics are constantly being developed to evade standard email security solutions. While commercial email security solutions perform well at identifying and blocking spam emails, achieving detection rates in excess of 99%, blocking phishing emails is more of a challenge and many phishing threats sneak past email security solutions and are delivered to inboxes.
One of the ways that cyber threat actors bypass email security solutions is by creating personalized URLs for their phishing emails. One of the methods used by email security solutions for blocking phishing URLs is a real-time blacklist of known malicious URLs and IP addresses. If an email is sent from an IP address that has previously been used to send spam or phishing emails, the IP address is added to a blacklist and all emails from that IP address will be blocked. The URLs in phishing campaigns are set up and massive email runs are performed. When those URLs are detected as malicious, they are also added to a blacklist and will be blocked by email security solutions.
However, it is becoming increasingly common for personalized URLs to be used. These URLs can be personalized for the targeted organizations at the path and parameter level, and since a unique URL is used in each attack, standard anti-phishing measures such as blacklists are ineffective at detecting these URLs as malicious. That means the emails containing these malicious URLs are likely to be delivered to inboxes and can only be blocked after they have been delivered. That typically means an employee needs to report the email to their security team, and the security team must then act quickly to remove all phishing emails in that campaign from the email system. That process takes time and there is a risk that the links in the emails could be clicked, resulting in credential theft or malware infections. Most of the phishing detection feeds that are used by email security solutions do not gather the necessary intelligence to be able to inform customers of the level at which a phishing campaign should be blocked. SpamTitan Plus, however, does have that capability.
“With predictive phishing detection, SpamTitan Plus can now combat automated bot phishing,” said Ronan Kavanagh, CEO of TitanHQ. “At TitanHQ we always strive to innovate and develop solutions that solve real-security problems and provide tangible value to our customers. The end goal is to have our partners and customers two or three steps ahead of the phishers and cybercriminals.”
SpamTitan Plus
SpamTitan Plus is an AI-driven anti-phishing solution that is capable of blocking even the newest zero-day phishing threats. The solution has better coverage than any of the current market leaders and provides unparalleled time-of-click protection against malicious hyperlinks in phishing emails, with the lowest false positive rate of any product. SpamTitan Plus benefits from massive clickstream traffic from 600+ million users and endpoints worldwide, which sees the solution block 10 million new, never-before-seen phishing and malicious URLs a day.
The solution protects against URL-based email threats including malware and phishing, performs predictive analyses to identify suspicious URLs, URLs are rewritten to protect users, real-time checks are performed on every click, and the solution includes 100% of all current market-leading anti-phishing feeds. That translates into a 1.5x increase in unique phishing URL detections, 1.6x faster phishing detections than the current market leaders, and 5 minutes from initial detection of a malicious URL to protecting all end user mailboxes.
For more information about the best phishing solution for businesses, give the TitanHQ team a call today. Current users of SpamTitan Plus already have these new capabilities added, at no additional cost.
by titanadmin | Jul 13, 2022 | Email Scams, Phishing & Email Spam, Security Awareness |
A new phishing campaign is being conducted that abuses trust in cybersecurity companies. The campaign uses scare tactics to get company employers to pick up the phone and speak to the cybersecurity vendor about a recently detected data breach and potential workstation compromise.
It is becoming increasingly common for phishing scams to involve initial contact via email with requests to make a call. This tactic is often used in tech support scams, where victims are convinced they have a malware infection or another serious security issue on their device, and they are tricked into downloading malicious software such as Remote Access Trojans (RATs).
RATs give the attackers access to the user’s computer, and that access can be abused by the attacker or the access can be sold to other threat groups such as ransomware gangs. Affiliates of ransomware-as-a-service operations may use this technique to conduct attacks and are then paid a percentage of any ransom payments they generate.
In this campaign, the impersonated companies are very well-known providers of enterprise security solutions, such as CrowdStrike, and the emails are very well written and convincing. They claim that a data breach has been detected that affected the part of the cybersecurity provider’s network associated with the customer’s workstation and warns that all workstations on the network may have been compromised. As such, the cybersecurity company is conducting an audit.
The emails claim that the cybersecurity vendor has reached out to the IT department, which has instructed the vendor to contain individual users directly. The emails claim that the audit is necessary for compliance with the Consumer Privacy Act of 2018 (CCPA) and other regulations and that the agreement between the targeted individual’s company and the cybersecurity vendor allows it to conduct regular audits and security checks. A phone number is provided for the individual to make contact, and the email includes the correct corporate logo and genuine address of the cybersecurity vendor.
CrowdStrike reports that a similar scam has been conducted by the Wizard Spider threat group, which was responsible for Ryuk ransomware attacks. That campaign delivered BazarLoader malware, which was used to deliver the ransomware payload.
This type of phishing attempt is known as callback phishing. This technique can be effective at bypassing email security solutions since the emails contain no malicious content – There are no hyperlinks and no file attachments. This scam highlights the importance of conducting security awareness training on the workforce to help employees identify and avoid phishing scams.
How TitanHQ Can Help
TitanHQ provides a range of security solutions for blocking phishing attacks, including SpamTitan Email Security, WebTitan DNS Filtering, and the SafeTitan Security Awareness and Phishing Simulation Platform.
SafeTitan has an extensive library of interactive, gamified, and engaging training content for improving security awareness of the workforce, including phishing and the full range of cyberattacks that employees are likely to encounter. The training is delivered in easily assimilated modules of no more than 8 to 10 minutes, and training can be delivered in real-time in response to risky user behaviors to nip bad security practices in the bud. The platform also includes hundreds of phishing templates for conducting and automating phishing simulations on the workforce, to gain insights into the individuals who are susceptible to phishing attacks and any knowledge gaps.
For more information on improving your defenses against phishing attacks, review our solutions in the links at the top of this page or give the team a call. Products are available on a free trial and demonstrations can be arranged on request.
by titanadmin | Jul 13, 2022 | Phishing & Email Spam, Security Awareness |
Phishing can take many forms and while email is the most common vector used in these scams, other types of phishing such as voice phishing (vishing), SMS phishing (Smishing), and social media phishing increasing. In particular, there has been a recent spike in social media phishing attempts.
The threat from email phishing can be greatly reduced with an email security solution; however, these solutions will do nothing to block vishing, smishing, and social media phishing attempts. Businesses can improve their defenses by also using a DNS filtering solution. DNS filters block attempts to visit malicious websites and work in tandem with email security solutions to block email phishing and can also block the web-based component of smishing attacks and social media phishing to a certain extent. Unfortunately, since the social media networks where phishing takes place are not malicious websites, it will not prevent people from encountering phishing attempts.
This is why security awareness training is so important. Security awareness training gives employees the skills they need to recognize and avoid phishing attempts, no matter where the phishing attack is conducted. By training the workforce on security threats, risky behaviors can be eradicated, and employees can be taught the signs of phishing to look out for. The SafeTitan Security Awareness Training platform also delivers training in real-time, in response to risky behaviors by employees. This ensures training is delivered instantly when risky behavior is detected and training is likely to have the greatest benefit.
Social Media Phishing
Two social media phishing campaigns have recently been identified by researchers at Malwarebytes, the goal of which is to obtain the credentials for social media accounts. If the credentials are disclosed, the attacker can access the victim’s account and use it to conduct further attacks on the victim’s followers. If the credentials for a corporate social media account are stolen, attacks could be conducted on all the company’s followers. These attacks abuse the trust customers have in the company. The two campaigns have been conducted on Twitter and Discord users. Both use social engineering to trick people into disclosing their account credentials.
Twitter Phishing Campaign
In the Twitter campaign, the scammer sends a direct message to the user informing them that their account has been flagged for hate speech and threatens an immediate suspension of the account unless action is taken. The user is told that they must authenticate the account via the Twitter Help Center, a link for which is provided in the message. The link directs the user to a phishing page that spoofs Twitter where they are asked to log in. If they do, their credentials will be captured.
Discord Phishing Campaign
The Discord campaign sees a message sent from either a contact of the victim using a compromised Discord account or from strangers. The account owner is accused of disseminating explicit photographs and the sender says they are going to block the account until an explanation is provided. A link is provided to a server where the recipient has allegedly been named and shamed. If the message recipient tries to respond to the message, their message will not be sent as they will have been blocked, increasing the likelihood of their clicking the link to the server.
Victims are required to log in via a QR code and once they have attempted that they are locked out of their accounts, which are then under the full control of the scammer. The scammer is then free to use the legitimate account to continue their scam on all the victims’ contacts. Social media scams such as these try to scare or shame users into responding. This tactic can be very effective, even if the user has never said a bad word on Twitter or sent an explicit photograph to anyone on Discord.
Other Social Media Phishing Campaigns
Phishing can – and does – occur on all social media platforms. One scam that has proven successful targets Instagram users and offers them the verified Instagram badge. In order to receive the badge, they are required to log in to verify their identity, naturally via a malicious link. Doing so will allow the scammer to take full control of the user’s Instagram account.
It is a similar story on LinkedIn. One of the most common scams involves impersonating a company and sending a message to an individual about a job offer, or a message suggesting they have been headhunted. Fake connection requests are also common. In this scam, the user is provided with a link to a scam site that spoofs LinkedIn and again is conducted to harvest credentials.
On Facebook, phishing scams are rife but often they seem innocuous. If you use Facebook, you will no doubt have seen countless posts asking site users to determine their band name, porn star name, pirate name, etc., by providing information such as the month and year of birth. Posts asking what was your first car? Where did you grow up? What was your favorite teacher’s name? and many more do not seek credentials, but the information disclosed can be used to answer security questions that are asked in order to recover accounts. These scams also make brute force attacks to guess passwords so much easier.
Dangers of Social Media Phishing
The loss of access to a social media account may not be the end of the world and is likely far better than having a bank account emptied, but the damage caused can be considerable. Many small businesses rely on social media for publicity and generating sales, and the loss of an account or scamming of customers can be devastating. The passwords used for social media accounts are often reused across multiple platforms. Scammers often conduct credential stuffing attacks on other platforms and accounts using the same password. Fall victim to a social media phishing scam and many other accounts could be compromised.
Blocking social media phishing attacks can be a challenge. You should also ensure that two-factor authentication is enabled on social media accounts, consider restricting who can send direct messages to your account, and who can view your profiles. If you encounter a scam, be sure to report it.
For businesses, employees with access to corporate social media accounts should be given specific training on social media phishing to ensure they can recognize and avoid phishing scams. The SafeTitan Security Awareness Training platform makes this simple and helps businesses instantly correct risky behaviors through the automated delivery of a relevant training course in real-time. The platform has a wealth of engaging, gamified training content and a phishing simulation platform for testing resilience to phishing attacks.
For more information on SafeTitan and improving your phishing defenses through the use of an email security solution and DNS filtering, give the TitanHQ team a call today.
by titanadmin | Jul 12, 2022 | Email Scams, Phishing & Email Spam |
Microsoft previously announced a new security feature that would see VBA macros automatically blocked by default, but there has been a rollback in response to negative feedback from users.
Phishing emails are commonly used for malware delivery which contain links to websites where the malware is hosted or by using malicious email attachments. Word, Excel, Access, PowerPoint, and Visio files are commonly attached to emails that include VBA macros. While there are legitimate uses for VBA macros, they are often used for malware delivery. When the documents are opened, the macros would run and deliver a malware loader or sometimes the malware payload directly.
Office macros have been used to deliver some of the most dangerous malware variants, including Emotet, TrickBot, Qakbot, Dridex. To improve security, in February 2022, Microsoft announced that it would be blocking VBA macros by default. If macros are blocked automatically, it makes it much harder for this method of malware delivery to succeed.
With autoblocking of macros, users are presented with a security alert if a file is opened that includes a VBA macro. When opening a file with a VBA macro, the following message is displayed in red:
“SECURITY RISK: Microsoft has blocked macros from running because the source of this file is untrusted.”
The user would not be able to click the warning to override the blocking, instead, they would be directed to a resource that provides further information on the risk of enabling macros. They would have the option of ignoring the warning but would be strongly advised not to. Previously, a security warning was displayed in a yellow warning box that says, “Security Warning: Macros have been disabled.” The user would be presented with a prompt to Enable Content, and thus ignore the warning.
Microsoft had rolled out this new security feature, but recently Windows users started to notice that the new security warning was no longer being displayed, instead, Microsoft appeared to have rolled back to its previous system without announcing it was doing so.
Microsoft did confirm that it is rolling back this security feature and that an update announcing that has been planned; however, it had not been announced before the rollback started. The process has been heavily criticized, not for the rollback itself (although there has been criticism of that), but for starting the rollback without first making an announcement.
Microsoft said the rollback was due to negative feedback it had received, but it is not known at this stage which users had complained. It is suspected that the change posed a problem for individuals who commonly use VBA macros, and the automatic blocking made the process of running macros cumbersome. Most SMB users, however, do not deal with macros frequently, so the rollback means a reduction in security.
It took several days for Microsoft to confirm that the rollback is temporary and that it was necessary to make changes to improve usability. Microsoft said it is still committed to blocking macros by default for users. So, while this is a U-turn, it is just a temporary one.
While automatically blocking macros is important to improve security, it is still strongly recommended to implement a robust email security solution, as macros are not the only way that malware is delivered via email. Also, blocking macros will do nothing to stop phishing emails from being delivered.
With SpamTitan Email Security, phishing and malware threats can be easily blocked. For more information, give the TitanHQ team a call.
by titanadmin | Jun 29, 2022 | Phishing & Email Spam, Security Awareness |
Cybercriminals are constantly changing tactics and lures in their phishing campaigns, so it is no surprise to see a new technique being used by affiliates of the Lockbit ransomware-as-a-service operation. A campaign has been identified by researchers at AhnLab in Korea that attempts to deliver a malware loader named Bumblebee, which in turn is used to deliver the LockBit 2.0 ransomware payload.
Various lures are used in phishing campaigns for delivering malware loaders, with this campaign using a warning about a copyright violation due to the unauthorized use of images on the company’s website. As is common in phishing emails, the emails contain a threat should no action be taken – legal action. Emails that deliver malware loaders either use attached files or contain links to files hosted online. The problem with attaching files to emails is they can be detected by email security solutions. To get around this, links are often included. In this case, the campaign uses the latter, and to further evade detection, the linked file is a password-protected archive. This is a common trick used in malware delivery via email to prevent the file from being detected as malicious by security solutions, which are unable to open the file and examine the contents. The recipient of the message is provided with the password to open the file in the message body.
The password-protected zip file contains a file that masquerades as a PDF file, which the user is required to open to obtain further information about the copyright violation. However, a double file extension is used, and the attached file is actually an executable file, which will deliver the Bumblebee loader, and thereafter, LockBit 2.0 ransomware.
These types of phishing attacks are all too common. Believable lures are used to trick people into taking the requested action, a threat is included should no action be taken, and multiple measures are used to evade security solutions. Any warning about a copyright violation must be taken seriously but as with most phishing emails, there are red flags in this email that suggest this is a scam. Security-aware employees should be able to recognize the red flags and while they may not be able to confirm the malicious nature of the email, they should report such messages to their IT department or security team for further investigation. However, in order to be able to identify those red flags, employees should be provided with security awareness training.
Through regular training employees will learn the signs of phishing emails, can be conditioned to always report the emails to their security team, and can be kept abreast of the latest tactics used in phishing emails for malware delivery. It is also recommended to conduct phishing simulations to test whether employees are being fooled by phishing attempts. If employees fail phishing simulations it could indicate issues with the training course that need to be addressed, or that certain employees need to be provided with additional training. Through regular security awareness training and phishing simulations, businesses can create a human firewall capable of detecting phishing attempts that bypass the organization’s email and web security defenses.
TitanHQ can provide assistance in this regard through the SafeTitan Security Awareness Training and Phishing Simulation Platform – Further information on the solution can be found here.
by titanadmin | Jun 17, 2022 | Industry News |
Following on from being included in the Expert Insights’ list of the Top 100 Most Innovative Cybersecurity Companies of 2022, TitanHQ has been named a finalist in the 2022 CompTIA UK Spotlight Awards in the Innovative Vendor Award Category.
The Computing Technology Industry Association (CompTIA) is an advocate for the $5 trillion global information technology ecosystem and the estimated 75 million professionals who design, implement, manage, and safeguard the technology that powers the world’s economy.
CompTIA provides education, training, certifications, philanthropy, and market research and promotes industry growth, the development of a highly-skilled workforce, and the creation of an environment where innovation happens and opportunities are made possible through technology that is available to all.
Every year, CompTIA recognizes individual and organizational excellence in the UK tech industry through the CompTIA UK Spotlight Awards, which took place on June 16 at the CompTIA UK Business Technology Community Meeting, in Bristol.
TitanHQ is delighted to have been named a finalist at this year’s awards and to be recognized for its innovative cybersecurity solutions that are helping SMBs and Managed Service Providers defend against increasingly sophisticated cyber threats.
Over the past 12 months, TitanHQ has enjoyed excellent growth, has brought in a wealth of new talent, and has released two innovative new cybersecurity solutions to its product portfolio: SpamTitan Plus and the SafeTitan Security Awareness and Phishing Simulation Platform.
SpamTitan Plus provides cutting-edge, industry-leading protection against zero-day phishing threats. The AI-driven anti-phishing solution has better coverage, a significant uplift in phishing link detections, and faster detection speeds, with the lowest false positive rate of any product. The solution includes updates from massive clickstream traffic of 600+ million users and endpoints worldwide, which protects against 10 million+ new, never-before-seen phishing and malicious URLs each day.
According to research, 97% of users fail to identify all phishing emails, so advanced phishing protection is essential. So too is security awareness training, to teach employees how to identify phishing and other threats and increase threat reporting rates to security teams.
TitanHQ now offers a comprehensive platform that businesses can use to train their employees to be security titans and create a human firewall to complement their technical anti-phishing safeguards. SafeTitan includes an extensive library of interactive, fun, and engaging training content, a phishing simulator, and is the only behavior-driven security awareness training platform that delivers security awareness training in real-time.
If you want to benefit from these new solutions and any of TitanHQ’s other innovative cybersecurity protects – DNS filtering, email encryption, and email archiving- contact TitanHQ today.
by titanadmin | Jun 8, 2022 | Industry News |
TitanHQ has collected several accolades already in 2022 for the full range of cloud-delivered solutions. The 2022 tally now includes recognition as one of the top 100 most innovative cybersecurity companies.
The Expert Insights’ Top 100 Most Innovative Cybersecurity Companies list was created to recognize the most innovative companies in cybersecurity – companies that develop highly innovative solutions to better protect businesses and consumers from increasingly sophisticated cyber threats. The Top 100 list is broken down into 12 different categories, with TitanHQ included in the Email and Messaging Security Category.
It is vital for businesses of all sizes to implement robust defenses to block email-based attacks. Email is the leading vector for malware delivery and phishing attacks are increasing in number and sophistication. As TitanHQ CEO, Ronan Kavanagh, pointed out, “The overwhelming feedback from our users and customer base has been that phishing attacks are becoming more advanced, proficient and dangerous. Phishing is the number one problem to solve in the email security community.”
TitanHQ’s SpamTitan suite of products provides cutting-edge, robust, and rapid protection against phishing attacks, malware threats, and other email-borne cyberattacks. In addition to the SpamTitan Gateway and SpamTitan Cloud solutions, TitanHQ recently released SpamTitan Plus, which provides best-in-class protection against phishing attacks, with the most comprehensive coverage of any solution, incorporating 100% of current market-leading anti-phishing feeds. That translates into 1.5x faster URL threat detection, 1.6x faster phishing detection than the current market leaders, and just 5 minutes from initial detection of malicious URLs to protecting all mailboxes.
“Over the past year, TitanHQ has significantly grown its global presence, strengthened its executive leadership team, and added to its product and services portfolio, all of which have contributed to our impressive placement on the 2022 Expert Insights’ Top 100 Most Innovative Cybersecurity Companies list,” said Kavanagh.
The latest accolade follows on from TitanHQ collecting no fewer than five Expert Insights’ ‘Best of’ Awards in the spring for SpamTitan Email Security, WebTitan DNS Filter, ArcTitan Email Archiving, with two awards for SafeTitan Security Awareness Training.
by titanadmin | May 26, 2022 | Security Awareness |
On June 7, TitanHQ, in partnership with the Oxford Cyber Academy, will be hosting a webinar to discuss employee cyber risks in growing organizations, and how to balance safety and agility.
Organizations are facing an increasing number of threats when trying to stay agile, competitive, and innovative in a digital world, and for small- and medium-sized businesses, those threats have significant potential to threaten growth. Businesses of all sizes are being targeted by cyber threat actors, and successful attacks can cause significant damage to a business’s hard-won market reputation and operations. Those threat actors target a common weak point in security defenses – employees. Digital security needs to be front and center of your continued innovation, but it can be a challenge to stay competitive whilst sustaining a cyber-savvy workforce. Help is at hand, however.
During this webinar, attendees will be provided with valuable information on the changing nature of the cyber threats facing small- and mid-sized businesses and will discover what they need to protect, what they have to lose if they fail to protect it, how to balance technology and human cyber risks, and how to improve employee security awareness and achieve measurable changes in employee behavior through easy, intuitive, personalized and targeted training that is delivered where it’s needed the most.
Join TitanHQ on June 7th where Nick Wilding, Neil Sinclair, Cyber Programme Lead, UK Police Crime Prevention Initiatives, and Richard Knowlton, Director of Security Studies at the Oxford Cyber Academy will discuss:
If you can’t make the event, register anyway and you will receive the webinar to watch on-demand at any time.
by titanadmin | May 18, 2022 | Industry News |
TitanHQ has recruited the popular channel veteran Tom Watson, who will serve as the company’s new Channel Chief to help bring profitable growth to all TitanHQ Managed Service Provider (MSP) partners.
TitanHQ is committed to serving the MSP community and channel and offers a wide range of cybersecurity solutions that have been developed from the ground up to meet the needs of MSPs. The TitanHQ product portfolio now includes best-in-class email security, DNS filtering, email archiving, email encryption, and security awareness training and phishing simulation solutions, that are easy to implement, manage, and fit seamlessly into MSP’s service stacks. The solutions are delivered through an MSP-centric platform to allow MSPs to provide defense-in-depth security solutions to their SMB and enterprise clients.
Demand from MSPs in North America for TitanHQ solutions has prompted a major expansion of US operations. TitanHQ is well aware that such tremendous growth must be supported by locally sourced experienced advisors such as Tom Watson. Tom brings considerable experience to TitanHQ, having previously owned an MSP business and served as Channel Chief at top-level vendors such as NinjaOne and Axcient. Tom will be based at TitanHQ’s new North American base in Shelton, Connecticut, where he will be working alongside locally sourced talent such as TitanHQ VP of Sales, Jeff Benedetti, and his North American team.
Tom has been tasked with managing TitanHQ’s MSP tradeshows, roadshows, and webinars, and will oversee the creation of a brand-new MSP partner program. “I see my role as being more of a liaison than anything,” said Tom, regarding his new position at TitanHQ. “TitanHQ already has a fantastic offering. You’ll be hearing me talk about that in the future. For now, I think it’s more important to highlight the commitments TitanHQ has made to the channel. This is a company that is 100% dedicated to making sure they serve the MSP community.”
Tom went on to explain the reason why he chose to join the TitanHQ team. “I’ve wanted to work for a rising cybersecurity company for quite a while now. Here I know I can use my skills and understanding of MSP operations, sales, and marketing to help MSPs succeed. Working together with TitanHQ we can give MSPs everything they need to provide quality cyber services to their clients.”
Everyone at TitanHQ is excited about Tom joining the company and the role he will play in ensuring TitanHQ remains the leading provider of cloud-based cybersecurity solutions to MSPs serving the SMB market by supporting growth in the North American market.
“As we continue to further expand into the North American market, introducing industry experts like Tom to our team is vital to allow us to continue to partner with MSPs looking for best in class cybersecurity solutions,” said TitanHQ CEO, Ronan Kavanagh. “We are thrilled to welcome Tom to the team, his wealth of experience working with the MSP sector will serve us well as we continue on our growth journey.”
by titanadmin | May 18, 2022 | Uncategorized |
A new malware-as-a-service operation has been identified named Eternity Project which is offering a modular malware with extensive capabilities, allowing threat actors to conduct a range of malicious activities based on the modules they pay for. The capabilities of the malware are being enhanced to include further modules. Currently, the threat group is offering an information stealer, clipper, miner, dropper, worm, and ransomware, with distributed-denial-of-service (DDoS) bots to be provided in an upcoming module.
The threat actors claim the stealer module will allow users to obtain passwords stored in multiple browsers, data from email clients, instant messaging services, password managers, VPN clients, gaming software, system credentials, cryptocurrency wallets, and more. The miner allows victim devices to become cryptocurrency mining slaves, the clipper allows data to be stolen from the clipboard, which specifically targets cryptocurrency wallets and replaces them with the threat actors’ crypto-wallet addresses, with the ransomware allowing data encryption, although no data exfiltration. The worm module allows the user to infect other devices on the network, with the dropper used to drop the payload of choice onto infected devices. The Eternity Project malware was analyzed by researchers at Cyble, who report that the malware is being offered via a Telegram channel which, at the time of publication, had over 500 subscribers, as well as on the threat group’s TOR website.
Malware-as-a-service operations such as the Eternity Project give unskilled hackers the capability to conduct a range of attacks that they would otherwise not be able to perform. According to Cyble, the malware modules are being offered from as little as $90 up to $490 for the most expensive module – ransomware. Those costs could easily be recovered from the capabilities provided. The methods used to distribute Eternity malware will depend on the capabilities of the threat actors that pay for the modules. Since multiple methods of distribution could be used, defending against Eternity malware and other malware-as-a-service offerings requires a defense-in-depth approach and for security best practices to be followed.
Email Security
Phishing remains the number one vector for delivering malware. Campaigns are easy and cheap to conduct, and phishing campaigns can be very effective. Email security solutions are fed threat intelligence and have anti-virus components, but many solutions rely on signature-based detection and are only effective at detecting known malware. Behavior-based detection methods are needed for detecting heavily obfuscated malware and zero-day threats. SpamTitan combines signature-based threat detection using dual AV engines and a Bitdefender-powered sandbox for identifying zero-day malware threats and allows the blocking of specified attachments such as zip files and executable files. SpamTitan protects against malicious links in emails and scans all inbound emails in real-time, using advanced threat protection methods such as Bayesian analysis, machine learning, greylisting, and heuristics which provide a market-leading 99.99% spam catch rate with a 0.003% false-positive rate
DNS Filtering
Defense-in-depth against phishing is critical for blocking malware threats. Protection can be significantly improved using DNS filtering. DNS filtering is used to block the web-based component of phishing attacks by providing time-of-click protection to prevent users from visiting malicious web pages linked in phishing emails. DNS filtering is used to filter out malicious websites by preventing users from visiting those sites when web browsing, blocking redirects to malicious sites, and category and keyword-based filters to control the content that users can access, preventing access to risky websites. DNS filters can also be used to block downloads of certain file types from the Internet, such as those associated with malware.
The WebTitan DNS Filter provides these capabilities without latency, and protections can be applied for users on or off the network, no matter where they access the Internet. WebTitan is fed threat intelligence from more than 500 million endpoints worldwide and provides AI-based protection against active and emerging phishing URLs and zero-minute threats.
Security Awareness Training & Phishing Simulations
Technical measures to block email and web-based threats are essential, but it is also important to provide security awareness training to the workforce on security best practices and to teach employees how to recognize and avoid threats such as phishing. Security awareness training should be provided regularly, and phishing simulations conducted to identify gaps in knowledge to allow them to be addressed before they can be exploited.
SafeTitan is the only behavior-driven security awareness solution that delivers security awareness training in real-time in response to specific user behaviors and includes an extensive library of training content that is delivered in easy-to-digest chunks for creating a human firewall to augment your technical cybersecurity measures.
Enforce Multifactor Authentication
Multifactor authentication should be implemented on all accounts and services to prevent compromised, stolen, or leaked credentials from being used to gain access to accounts. It is especially important to apply multifactor authentication to administrator accounts and for remote access services. Multifactor authentication requires an additional factor to be provided before access is granted, in addition to a password.
Backup Regularly
To protect against destructive malware attacks involving wipers and ransomware, it is essential to back up data regularly and to test backups to ensure that file recovery is possible. A good approach to take is the 3-2-1 method for backing up – make three copies, stored on at least two different media, and ensure that one copy is stored securely off-site. Backup files should also be encrypted.
Patch Promptly
You should ensure that updates for software and operating systems are applied promptly, with patching prioritized to address the most critical vulnerabilities first.
Change Default Credentials and Set Strong Passwords
Default credentials should be changed, as should the default configurations of off-the-shelf software and strong, unique passwords should be set to protect against brute force attacks. Threat actors can easily gain initial access to the network through brute force attempts to steal passwords, such as password spraying – using passwords compromised in previous data breaches.
by titanadmin | May 4, 2022 | Phishing & Email Spam, Security Awareness, Spam Software |
Phishing is commonly used to gain access to credentials to hijack email accounts for use in business email compromise (BEC) attacks. Once credentials have been obtained, the email account can be used to send phishing emails internally, with a view to obtaining the credentials of the main target. Alternatively, by spear phishing the target account, those steps can be eliminated.
If the credentials are obtained for the CEO or CFO, emails can be crafted and sent to individuals responsible for wire transfers, requesting payments be made to an attacker-controlled account. A common alternative is to target vendors, in an attack referred to as vendor email compromise (VEC). Once access is gained to a vendor’s account, the information contained in the email accounts provides detailed information on customers that can be targeted.
When a payment is due to be made, the vendor’s email account is used to request a change to the account for the upcoming payment. When the payment is made to the attacker-controlled account, it usually takes a few days before the non-payment is identified by the vendor, by which time it may be too late to recover the fraudulently transferred funds. While BEC and VEC attacks are nowhere near as common as phishing attacks, they are the leading cause of losses to cybercrime due to the large amounts of money obtained through fraudulent wire transfers. One attack in 2018 resulted in the theft of $23.5 million dollars from the U.S. Department of Defense.
In this case, two individuals involved in the scam were identified, including a Californian man who has just pleaded guilty to six counts related to the attack. He now faces up to 107 years in jail for the scam, although these scams are commonly conducted by threat actors in overseas countries, and the perpetrators often escape justice. The scam was conducted like many others. The BEC gang targeted DoD vendors between June 2018 and September 2018 and used phishing emails to obtain credentials for email accounts. An employee at a DoD vendor that had a contract to supply Aviation JA1 Turbine fuel to troops in southeast Asia for the DoD received an email that spoofed the U.S. government and included a hyperlink to a malicious website that had been created to support the scam.
The website used for the scam had the domain dia-mil.com, which mimicked the official dla.mil website, and email accounts were set up on that domain to closely resemble official email accounts. The phishing emails directed the employee to a cloned version of the government website, login.gov, which harvested the employee’s credentials. The credentials allowed the scammer to change bank account information in the SAM (System for Award Management) database to the account credentials of the shell company set up for the scam. When the payment of $23,453,350 for the jet fuel was made, it went to the scammers rather than the vendor.
Security systems were in place to identify fraudulent changes to bank account information, but despite those measures, the payment was made. The SAM database is scanned every 24 hours and any bank account changes are flagged and checked. The scammers learned of this and made calls to the Defense Logistics Agency and provided a reason why the change was made and succeeded in getting the change manually approved, although flags were still raised as the payment was made to a company that was not an official government contractor. That allowed the transfer to be reverted. Many similar scams are not detected in time and the recovery of funds is not possible. By the time the scam is identified, the scammers’ account has been emptied or closed.
The key to preventing BEC and VEC attacks is to deal with the issue at its source to prevent phishing emails from reaching inboxes and teach employees how to identify and avoid phishing scams. TitanHQ can help in both areas through SpamTitan Email Security and the SafeTitan security awareness training and phishing simulation platform. Businesses should also implement multifactor authentication to stop stolen credentials from being used to access accounts.
by titanadmin | Apr 27, 2022 | Phishing & Email Spam, Spam Software |
It took 10 months for the operators of the Emotet botnet to return after their botnet infrastructure was shut down in an international law enforcement operation, and then just a further 3 months for Emotet malware to regain its position as the most widely deployed malware.
According to Check Point, in March 2022, Emotet reestablished itself as the most widely distributed malware. Emotet has emerged like a phoenix from the flames, and infections have been soaring, with March seeing an astonishing increase in infections. Check Point says as many as 10% of all organizations globally were infected with Emotet in March, which is twice the number of infections the firm recorded in February.
Emotet first appeared in 2014 and was initially a banking Trojan; however, the malware has evolved considerably. Like many other banking Trojans, modules have been added to give the malware new functionality and today the malware is operated under the malware-as-a-service model, with access to Emotet-infected devices sold to other cybercriminal operations, which in the past has included the TrickBot operators and ransomware gangs.
In November 2021, 10 months after the botnet’s infrastructure was taken down, security researchers started reporting the resurrection of Emotet. The TrickBot operators helped to rebuild the Emotet botnet by using their malware to download Emotet as a secondary payload, and in the past couple of months, massive spamming campaigns have been launched to distribute Emotet which have proven to be highly successful. Emotet is also a self-propagating malware and the emails used to distribute it are convincing. One of the Emotet spam email campaigns being tracked by Kaspersky has been scaled up considerably, increasing 10-fold in just one month. That campaign is being used to distribute Emotet and the linked malware QBot. In February, Kaspersky intercepted 3,000 emails. In March, 30,000 emails were intercepted.
Like previous campaigns distributing Emotet, business email threads are hijacked and replies are sent to those messages that contain malicious hyperlinks or attachments. Since the messages come from trusted senders and appear to be responses to genuine messages, the chance of them attracting a click is high. This campaign highlights the importance of having an email security solution than conducts scans of outbound as well as inbound mail. Security Awareness training is also important to condition the workforce to constantly be on the lookout for potential threats, even when emails appear to have been sent internally from corporate accounts or other trusted senders.
Some of the spam email campaigns have revealed new tactics, techniques, and procedures (TTPs) are being tested to distribute the malware. This April, Microsoft started blocking macros in Office files downloaded from the Internet by default. This is a problem for threat actors that have previously relied on macros in Excel spreadsheets and Word documents to download their malware, so it is no surprise to see the Emotet operators changing their tactics to get around this.
One campaign has been identified that uses XLL files – a type of dynamic link library (DLL) file – rather than Excel and Word files. XLL files increase the functionality of Excel, and using these files gets around the problem of VBA macros being blocked. Emotet is known for large spamming campaigns; however, this campaign was conducted on a small scale, possibly to test its effectiveness. Should the campaign prove successful, it will likely be scaled up. In this campaign, the emails are linked to OneDrive, and if the link in the email is clicked, the XLL file is downloaded in a password-protected .zip file. The password to unlock the .zip file is provided in the message body.
Emotet is also being distributed via Windows shortcut files (.LNK). The Emotet operators have used this tactic in the past in combination with VBS code; however, this campaign does away with the VBS code, and instead, the .LNK files are used to directly execute PowerShell commands that download the Emotet payload.
Is likely that the operators will switch to new variants that have lower detection rates by AV engines, as has been done many times in the past, which is why it is important to have an email security solution that is not reliant on signature-based detection mechanisms. Behavioral analysis is vital for detecting these new variants. An email security solution with email sandboxing will help to protect against new malware variants that have not had their Signatures uploaded into AV engines.
by titanadmin | Apr 19, 2022 | Industry News |
This month, TitanHQ has collected five prestigious awards for its cloud-based security solutions from Expert Insights. Expert Insights is an online publication with editorial and technical teams in the UK and US, that provide insights into cybersecurity and cloud-based technologies to help businesses make the right purchasing decisions.
Hundreds of B2B solutions are covered on the website, along with editorial buyers’ guides, blog articles, and industry analyses, with interviews and technical product reviews written by industry experts. More than 80,000 business owners, IT admins, and users visit the website every month to research products ahead of making a purchase.
Expert Insights issues ‘Best-Of’ awards to recognize companies that have developed products that provide essential services to businesses, help drive business growth, improve efficiency, and secure their IT environments against an ever-increasing range of cyber threats. The Expert Insights’ Spring 2022 Best-Of awards are issued across a range of categories, including cloud software, security, and storage, with up to 11 vendors chosen in each category. Vendors and their products are selected based on extensive research into the solutions by industry experts, and from feedback from genuine business users of the solutions. “These awards recognize the continued excellence of the providers in these categories,” said Joel Witts, Expert Insights’ Content Director.
TitanHQ collected awards for SpamTitan Email Protection, WebTitan DNS Filter, ArcTitan Email Archiving, and SafeTitan Security Awareness Training, with each product being awarded Best-in-Class in their respective categories..png)
SpamTitan was named as the Best Email Security Gateway and was ranked the number 1 solution. WebTitan ranked best in the Web Security Solution category, ArcTitan was ranked number 1 in the Email Archiving Solution for Business category, and SafeTitan collected two best-of awards, one in the Security Awareness Training Category and another in the Phishing Simulation category.
“The recent pandemic and the growth of remote working initiatives have further highlighted the need for multiple layers of cybersecurity and our award-winning solutions form key pillars in this security strategy,” said TitanHQ CEO Ronan Kavanagh. “We will continue to innovate and provide solutions that MSPs can use to deliver a consistent, secure, and reliable experience to their customers.”
by titanadmin | Apr 19, 2022 | Email Scams, Phishing & Email Spam |
LinkedIn has jumped to the top of the list of the most impersonated brands in phishing attacks, now accounting for 52% of all phishing attacks involving brand impersonation – a 550% increase from the 8% in the previous quarter, according to Check Point.
LinkedIn phishing scams take various forms, although one of the most common is a fake request from an individual to connect on the platform. The phishing emails include the official LinkedIn logo and are indistinguishable from the genuine LinkedIn communications that they spoof. If the user clicks on the Accept button, they are directed to a phishing webpage that is a carbon copy of the genuine LinkedIn page aside from the domain.
The increase in LinkedIn phishing attacks is part of a trend in attacks targeting social media credentials. While these credentials do not provide an immediate financial return, social media account credentials are valuable to cybercriminals as they allow them to conduct highly effective spear phishing attacks. If a corporate social media account is compromised, trust in the company can be abused to distribute malware and links can be added to direct followers to malicious websites.
Failed delivery and shipping notifications are still a common theme in phishing emails targeting businesses and consumers. Around 22% of phishing attacks in Q1, 2022 involved the impersonation of shipping and delivery companies. The package delivery firm DHL is the second most spoofed brand accounting for 14% of brand impersonation attacks. Many of these shipping and delivery phishing emails are conducted to distribute malware, usually through the downloading of fake documents that include malicious code that installs malware such as remote access Trojans.
Phishing is the number one threat faced by businesses. Most successful cyberattacks start with a phishing email, with stolen credentials or malware providing cybercriminals with the foothold they need in a corporate network to launch an extensive attack. Phishing attacks are cheap and easy to conduct and they target employees, who can easily be fooled into installing malware or disclosing their credentials.
This month, a healthcare data breach was reported by Christie Clinic in the United States that involved a hacker gaining access to a single email account. That account was used in a business email compromise attack to divert a large vendor payment. Business email compromise attacks are the main cause of losses to cybercrime according to the Federal Bureau of Investigation. In this breach, the compromised email account contained the personal data of more than half a million patients. Cyberattacks such as this only require one employee to respond to a phishing email for a costly data breach to occur.
Also this month, a new malware distribution campaign has been identified that attempts to install the Meta information stealer, which is capable of stealing passwords stored in browsers and cryptocurrency wallets. The malware is delivered via phishing emails with Excel spreadsheet attachments, which include malicious macros that download and install malware via HTTPS from GitHub. In this campaign, the lure used to trick recipients into opening the file claims to be a notification about an approved transfer of funds to Home Depot, the details of which are detailed in the attached spreadsheet. In order to view the contents of the spreadsheet, the user is told they must enable content to remove DocuSign protection. Enabling content allows the macros to run.
An advanced spam filtering solution such as SpamTitan will help to ensure that inboxes are kept free of phishing emails and any emails containing malicious scripts or attachments are not delivered. SpamTitan includes dual antivirus engines to ensure malware is identified and sandboxing to catch malware variants that bypass signature-based detection mechanisms. The next-gen email sandbox is part of a set of award-winning machine learning and behavioral analysis technologies that are capable of identifying and blocking zero-day threats,
While a spam filter used to be sufficient for blocking phishing emails, the sophisticated nature of phishing attacks today and the sheer volume of phishing emails being sent, mean some phishing emails will inevitably arrive in inboxes. For this reason it is also important to provide regular security awareness training to the workforce. TitanHQ can help in this regard through SafeTitan security awareness training and phishing simulations. SafeTitan is the only behavior-driven security awareness solution that delivers security awareness training in real-time. The solution is proven to significantly improve resilience to phishing attacks.
by titanadmin | Mar 23, 2022 | Phishing & Email Spam |
Phishing remains the top cybersecurity threat to businesses. Phishing scams can be realistic and difficult for people to identify for the scams that they are. The sender field is often spoofed to make it appear that the emails have been sent by known individuals or trusted companies, the body of the messages often contains well-known branding, and templates are used for messages that are carbon copies of the genuine emails they impersonate.
The emails may contain malicious attachments if the aim is to install malware, and malicious hyperlinks if credential harvesting is the goal. The hyperlinks direct users to a website where they are asked to enter their credentials – a web page that is difficult to distinguish from the genuine web page being spoofed. As if those messages were not convincing enough, there is now a new Chrome phishing toolkit that makes credential theft even easier.
Most Internet users will be familiar with websites that use Single Sign-on popups to authenticate users. Rather than requiring website users to register an account, they can authenticate using an existing Google, Apple, or Facebook account. This way of logging in is popular, as users do not need to create and remember another set of login credentials. There is, however, a problem with this approach, and that is that single sign-on popups are easy to spoof in Chrome.
As previously mentioned, phishing scams can be convincing, but there are often red flags and the biggest flag is the URL of the website used for phishing. If you are expecting to sign in to Facebook for example, and you are directed to what is clearly not a Facebook-owned domain, the phishing scam can be easily identified.
The latest toolkit does not produce this red flag. The single sign-on popup generated on the webpage looks exactly the same as the genuine popup being spoofed, including the URL. If an individual is directed to one of these fake phishing forms, it is highly unlikely that they would be able to identify it as malicious and their credentials will be stolen.
A phishing email could be sent advising the recipient that a file has been shared with them, inviting them to log in to Dropbox for instance. The link is clicked, and the user will be directed to the website and will be presented with the login box which includes the address bar with the URL of the login form. For example, if you attempt to log in with your Google account, the URL will start with accounts.google.com/. The phishing toolkit uses pre-made templates that are fake, but incredibly realistic. These Chrome popup windows allow a custom address URL and title to be displayed.
This toolkit was created by the security researcher dr. d0x, who made them available on GitHub. They allow any would-be hacker to quickly and easily create a highly convincing SSO pop-up window, which could be added to any website and be used for a browser-in-the-browser phishing attack. This attack method is nothing new, as fake SSO pop-up windows have been created in the past, but previous attempts have not been particularly convincing, as they do not exactly replicate the genuine pop-ups. The popups have previously been used on fake gaming websites to harvest credentials from the unwary. This kit is different as it is so convincing, and could easily be used to steal credentials and even 2FA codes.
by titanadmin | Mar 21, 2022 | Network Security, Phishing & Email Spam, Spam News |
2019 was a particularly bad year for ransomware attacks, and while there was a reduction in the use of ransomware in 2020, attacks increased sharply in 2021, with the education sector and government organizations the most attacked sectors, although no industry sector is immune to attacks.
There is growing concern about the increase in attacks on critical infrastructure organizations, which are an attractive target for ransomware gangs. According to the data from the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA), 14 of the 16 critical infrastructure sectors in the United States reported ransomware attacks in 2021, including the defense industrial base, emergency services, healthcare, food and agriculture, information technology, and government facilities. Cybersecurity agencies in the United Kingdom and Australia have also said critical infrastructure has been targeted.
Critical Infrastructure Organizations Warned About AvosLocker Ransomware Attacks
This week, a warning has been issued by the Federal Bureau of Investigation (FBI), the U.S. Department of the Treasury, and the U.S. Treasury Financial Crimes Enforcement Network (FinCEN) about ransomware attacks using AvosLocker ransomware.
AvosLocker was first identified as a threat in late June 2021 and despite being a relatively new threat, poses a significant risk. Attacks using the ransomware increased in the latter half of 2021, with spikes in attacks occurring in November and December. Variants of AvosLocker ransomware have now been developed to attack Linux as well as Windows systems.
As is now common, the attackers engage in double extortion and demand payment for the keys to decrypt files and to prevent the release of stolen data. The gang operates a data leak site where a sample of stolen data is uploaded and made accessible to the public. The gang says it then sells the stolen data to cybercriminals if payment is not made. AvosLocker is one of a handful of ransomware operations that also makes contact with victims by phone to encourage them to pay the ransom. The gang is known to issue threats of Distributed Denial of Service (DDoS) to further pressure victims into paying the ransom.
AvosLocker is a ransomware-as-a-service operation where affiliates are recruited to conduct attacks for a percentage of any ransom payments they generate. Consequently, the attack vectors used in attacks depend on the skillsets of the affiliates. Common vulnerabilities are known to be exploited to gain initial access to networks, including vulnerabilities associated with Proxy Shell and unpatched vulnerabilities in on-premises Microsoft Exchange Servers. However, over the past year, spam email campaigns have been a primary attack vector.
Email Filtering Vital for Defending Against Ransomware Attacks
Spam email is a common attack vector used by ransomware gangs. Spam email campaigns are effective and provide low-cost access to victim networks. Phishing and spam campaigns either use malicious attachments or embedded hyperlinks in emails, along with social engineering techniques to convince end users to open the attachments or click the links.
The primary defense against these attacks is email filters. Email filters scan all inbound emails and attachments and prevent malicious messages from being delivered to inboxes. Since cyber actors are constantly changing their lures, social engineering methods, and strategies to bypass email security solutions, it is vital to have an email security solution in place that can respond to changing tactics.
Email security solutions that use artificial intelligence and machine learning to identify and block threats outperform solutions that rely on antivirus engines and blacklists of known malicious IP addresses. SpamTitan incorporates artificial intelligence-based detection mechanisms in addition to blacklists, dual antivirus engines, and email sandboxing, which ensures a high detection rate for malicious emails, including zero day threats. SpamTitan also provides time-of-click protection against malicious hyperlinks in emails to ensure users are well protected against phishing, malware, ransomware, and other email threats.
Don’t Neglect Security Awareness Training for the Workforce
It is also important to provide security awareness training to all members of the workforce from the CEO down. The FBI and the U.S. Treasury Department recommended in the latest alert to “Focus on cyber security awareness and training,” and “Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities (i.e., ransomware and phishing scams).” TitanHQ can help in this regard with SafeTitan – “The only behavior-driven security awareness solution that delivers security training in real-time.”
For more information on improving your defenses against ransomware and other cyber threats, give the TitanHQ team a call to inquire about email filtering, web filtering, and security awareness training for your workforce.
