Blog
by titanadmin | Aug 31, 2022 | Security Awareness |
Technology is vital for defending against cyberattacks, but it is important not to neglect employee training. Training the workforce on how to recognize and avoid threats should be a key part of your security strategy, but if you want to get the best return on your investment it is important to avoid these common security awareness training mistakes.
Why Security Awareness Training is Essential
Data from the ransomware remediation firm, Coveware, shows phishing is the main way that ransomware gangs gain initial access to business networks, and IBM reports that phishing is the main way that data breaches occur. In 2021, 40% of all data breaches started with a phishing email. Businesses should implement technologies to block these attacks, such as a spam filter, antivirus software, and a web filter; however, even with these defenses in place, threats will arrive in inboxes, they can be encountered over the Internet, or via instant messaging services, SMS, or over the phone. Unless you totally isolate your business from the outside world, employees will encounter threats.
It is therefore important to provide security awareness training to teach employees how to recognize and avoid threats and to educate them on cybersecurity best practices that they should always follow. Security awareness training is concerned with equipping employees with the skills they need to play their part in the overall security of the organization, to give them practice at detecting threats, and build confidence. Through training, you can create a human firewall to add an extra layer to your cybersecurity defenses.
Security Awareness Training Mistakes to Avoid
It is important to avoid these common security awareness training mistakes, as they can seriously reduce the effectiveness of your training.
Infrequent training
Creating a training course that covers all security best practices and threats to educate the workforce is important, but if you want to change employee behavior and get the best return on your investment, it is important to ensure that your training is effective. If you provide a once-a-year training session, after a few weeks the training may be forgotten. One of the most common mistakes with security awareness training is not providing training often enough. Training should be an ongoing process, provided regularly. You should therefore be providing training regularly in small chunks. A 10-minute training session once a month is much more likely to change behavior than a once-a-year training session.
Not making training fun and engaging
Cybersecurity is a serious subject, but that does not mean that training cannot be enjoyable. If your training course is dull and boring, your employees are likely to switch off, and if they are not paying attention, they will not take the training on board. Use a third-party security awareness training course that includes interactive, gamified, and fun content that will engage employees, and use a variety of training materials, as not everyone learns in the same way.
Using the same training course for all employees
Don’t develop a training course and give the same course to everyone. Use a modular training course that teaches the important aspects of security, but tailor it to user groups, departments, and roles. Training should be relevant. There is no point in training everyone how to recognize specific threats that they will never encounter.
Not conducting phishing simulations
Training and then testing is important to make sure that the training content has been understood, but that is unlikely to change employee behavior sufficiently. The best way to reinforce training and change employee behavior is by conducting phishing simulations. These simulations should be relevant, reflect real-world threats, and should be conducted regularly. Phishing simulations will show you how employees respond to threats when they are completing their work duties and are not in a training setting. If a phishing simulation is failed, it is a training opportunity. Provide targeted training to employees who fail, specific to the mistake they made.
Not providing training in real-time
Intervention training is the most effective. When an employee makes a security mistake, training should be automatically triggered, such as when an employee fails a phishing simulation or takes a security shortcut. If the employee is immediately notified of the error and is told where they went wrong, that will be much more effective at changing behavior than waiting until the next scheduled training session.
Speak with TitanHQ About Security Awareness Training
TitanHQ offers a security awareness training and phishing simulation platform for businesses – SafeTitan – that makes workforce training simple. The platform includes an extensive library of gamified, fun, and engaging content on all aspects of security to allow businesses to create customized training for all members of the workforce and automate phishing simulations.
The platform is easy to set up, use, and customize, and the platform is the only security awareness training solution that provides intervention training in real-time in response to employees’ security errors. For more information contact TitanHQ and take the first step toward creating a human firewall.
by titanadmin | Aug 16, 2022 | Network Security, Phishing & Email Spam |
Phishing attacks are mostly conducted via email but there has been a major increase in hybrid phishing attacks over the past 12 months, especially callback phishing. Here we explain what callback phishing is, why it poses such a threat to businesses, and why threat actors are favoring this new approach.
What is Callback Phishing?
Email phishing is used for credential theft and malware distribution, but one of the problems with this type of phishing is most businesses have email security solutions that scan inbound emails for malicious content. Phishing emails and malicious files distributed via email are often identified as such and are rejected or quarantined. Some threat actors conduct voice phishing, where an individual is contacted by telephone, and attempts are made to trick them into taking an action that benefits the scammer using a variety of social engineering tactics.
Callback phishing is a type of hybrid phishing where these two methods of phishing are combined. Initially, an email is sent to a targeted individual or company that alerts the recipient to a potential problem. This could be an outstanding invoice, an upcoming payment or charge, a fictitious malware infection or security issue, or any of a long list of phishing lures. Instead of further information being provided in an attachment or on a website linked in the email, a telephone number is provided. The recipient must call the number for more information and to address the issue detailed in the email.
The phone number is manned by the threat actor who uses social engineering techniques to trick the caller into taking an action. That action is usually to disclose credentials, download a malicious file, or open a remote desktop session. In the case of the latter, the remote desktop session is used to deliver malware that serves as a backdoor into the victim’s computer and network.
This hybrid approach to phishing allows threat actors to get around email security solutions. The only malicious element in the initial email is a phone number, which is difficult for email security solutions to identify as malicious and block. That means the emails are likely to reach their targets.
Major Increase in Callback Phishing Attacks
Callback phishing was adopted by the Ryuk ransomware threat group in 2019 to trick people into installing BazarBackdoor malware, in a campaign that was dubbed BazarCall/BazaCall. Typically, the lure used in these attacks was to advise the user about an upcoming payment for a subscription or the end of a free trial, with a payment due to be automatically taken unless the trial/subscription is canceled by phone.
The Ryuk ransomware operation is no more. The threat actors rebranded as Conti, and the Conti ransomware operation has also now shut down; however, three threat groups have been formed by members of the Conti ransomware operation – Silent Ransom, Quantum, and Zeon – and all have adopted callback phishing as one of the main methods for gaining initial access to victims’ networks for conducting ransomware attacks. These three groups impersonate a variety of companies in their initial emails and trick people into believing they are communicating with a genuine company. The aim is to get the user to establish a remote desktop session. While the user is distracted by the call, a second member of the team uses that connection to install a backdoor or probe for ways to attack the company, without the user being aware what is happening.
Callback phishing is also used by other threat groups for credentials theft and malware distribution, often by impersonating a cybersecurity firm and alerting the user to a security threat that needs to be resolved quickly. These attacks see the user tricked into installing malware or disclosing their credentials. According to cybersecurity firm Agari, phishing attacks increased by 6% from Q1, 2022 to Q2, 2022, and over that same time frame hybrid phishing attacks increased by an incredible 625%.
How to Protect Against Callback Phishing Attacks
As is the case with other forms of phishing, the key to defending against attacks is to implement layered defenses. Email security solutions should be implemented that perform a range of checks of inbound emails to identify malicious IP addresses. Email security solutions such as SpamTitan incorporate machine learning mechanisms that can detect emails that deviate from those normally received by an organization. Multi-factor authentication should be implemented on accounts to block attempts to use stolen credentials.
The best defense against callback phishing is to provide security awareness training to the workforce. Employees should be told about the social engineering tactics used in these attacks, the checks everyone should perform before responding to any email, and the signs of callback phishing to look out for. Callback phishing simulations should also be conducted to gauge how susceptible the workforce is to callback phishing. A failed simulation can be turned into a training opportunity to proactively address the lack of understanding.
TitanHQ offers a comprehensive security awareness training platform for businesses – SafeTitan – that covers all forms of phishing and the platform included a phishing simulator for conducting phishing tests on employees. For more information, give the TitanHQ team a call today.
by titanadmin | Aug 12, 2022 | Phishing & Email Spam, Security Awareness |
Business Email Compromise (BEC), also known as Email Account Compromise (EAC), is one of the most financially damaging types of cyberattacks, and attacks have been increasing. These attacks involve gaining access to business email accounts, often the email account of the CEO or CFO, and using those accounts to send emails to staff that has responsibility for making payments and tricking them into wiring funds to an attacker-controlled account. The attacks can also be conducted to make changes to payroll information to get employees’ salaries deposited to attacker-controlled accounts.
BEC scams have resulted in losses in excess of $43 billion over the past 5 years according to the Federal Bureau of Investigation (FBI), and that is just complaints submitted to its Internet Crime Complaint Center (IC3). In 2021 alone, almost $2.4 billion in losses to BEC attacks were reported to IC3.
Anatomy of a BEC Attack
BEC attacks require considerable effort by threat actors, but the rewards from a successful attack are high. BEC attacks often see fraudulent transfers made for hundreds of thousands of dollars and in some cases several million. Companies are researched, individuals to target are identified, and attempts are made to compromise their accounts. Accounts can be compromised through phishing or brute force attempts to guess weak passwords.
With access to the right email accounts, the attacker can study the emails in the account. The usual communication channels can be identified along with the style of emails that are usually sent. The attacker will identify contracts that are about to be renewed, invoices that will soon be due, and other regular payments to try to divert. Timely and convincing emails can then be sent to divert payments and give the attacker sufficient time to move the funds before the scam is uncovered.
A recent report from Accenture suggests the rise in ransomware attacks is helping to fuel the rise in BEC attacks. Ransomware gangs steal data before encrypting files and publish the data on their data leak sites. The stolen data can be used to identify businesses and employees that can be targeted, and often includes contract information, invoices, and other documents that can cut down on the time spent researching targets and identifying payments to divert. Some ransomware gangs are offering indexed, searchable data, which makes life even easier for BEC scammers.
How to Improve Your Defenses Against BEC Attacks
Defending against BEC attacks can be a challenge for businesses. Once an email account has been compromised, the emails sent from the account to the finance department to make wire transfers can be difficult to distinguish from genuine communications.
Use an Email Security Solution with Outbound Scanning
An email security solution such as SpamTitan can help in this regard, as all outbound emails are scanned in addition to inbound emails. However, the key to blocking attacks is to prevent the email accounts from being compromised in the first place, which is where SpamTitan will really help. SpamTitan protects against phishing emails using multiple layers of protection. Known malicious email accounts and IP addresses are blocked, other checks are performed on message headers looking for the signs of phishing, and the content of the emails is checked, including attachments and embedded hyperlinks. Emails are checked using heuristics and Bayesian analysis to identify irregularities, and machine learning helps to identify messages that deviate from the normal emails received by a business.
Implement Robust Password Policies and MFA
Unfortunately, it is not only phishing that is used to compromise email accounts. Brute force tactics are used to guess weak passwords or credentials stuffing attacks are performed to guess passwords that have been used to secure users’ other accounts. To block this attack vector, businesses need to implement robust password policies and enforce the use of strong passwords. Remembering complex passwords is difficult for employees, so a password manager solution should be used so they don’t need to. Password managers suggest complex, unique passwords, and store them securely in a vault. They autofill the passwords when they are needed so employees don’t need to remember them. If email account credentials are compromised, they can be used to remotely access accounts. Multifactor authentication can stop this, as in addition to a password, another form of authentication must be provided.
Provide Security Awareness Training to the Workforce
Providing security awareness training to the workforce is a must. Employees need to be taught how to recognize phishing emails and should be trained on cybersecurity best practices. If employees are unaware of the threats they are likely to encounter, when the threats land in their inboxes or are encountered on the web, they may not be able to recognize them as malicious. Training should be tailored for different users, and training on BEC attacks should be provided to the individuals who are likely to be targeted: the board, finance department, payroll, etc.
Security awareness should be accompanied by phishing simulations – fake, but realistic, phishing emails sent to the workforce to test how they respond. BEC attacks can be simulated to see whether the scams can be recognized. If a simulation is failed it can be turned into a training opportunity. These campaigns can be created, and automated, with the SafeTitan Security Awareness Training and Phishing Simulation Platform.
Set Up Communication Channels for Verifying Transfer Requests
Employees responsible for making wire transfers or changing payroll information should have a communication channel they can use to verify transfers and bank account changes. Providing them with a list of verified phone numbers will allow them to make a quick call to verify changes. A quick phone call to verify a request can be the difference between an avoided scam and a major financial loss.
Speak to TitanHQ about Improving Your Defenses Against BEC Attacks
TitanHQ offers a range of cybersecurity solutions for blocking email and web-based cyber threats. For more information on SpamTitan Email Security, WebTitan Web Filtering, and SafeTitan Security Awareness Training, give the TitanHQ team a call. All solutions are quick and easy to set up and use, and all have been developed to make it easy for MSPs to offer these cybersecurity solutions to their clients. With TitanHQ solutions in place, you will be well protected from phishing, malware, ransomware, botnets, social engineering, and BEC attacks.
by titanadmin | Aug 9, 2022 | Phishing & Email Spam, Security Awareness |
Phishing is mostly conducted via email; however, a recent data breach at the cloud communication company Twilio demonstrates that phishing can be highly effective when conducted using other popular communication methods, such as SMS messages.
An SMS phishing attack – known as SMiShing – involves sending SMS messages with a link to a malicious website with some kind of lure to get people to click. Once a click occurs, the scam progresses as an email phishing attack does, with the user being prompted to disclose their credentials on a website that is usually a spoofed site to make it appear genuine. The credentials are then captured and used by the attacker to remotely access the victims’ accounts.
Twillio provides programmable voice, text, chat, video, and email APIs, which are used by more than 10 million developers and 150,000 businesses to create customer engagement platforms. In this smishing attack, Twilio employees were sent SMS messages that appeared to have been sent by the Twilio IT department that directed them to a cloned website that had the Twilio sign-in page. Due to the small screen size on mobile devices, the full URL is not displayed, but certain keywords are added to the URLs that will be displayed to add realism to the scam. The URLs in this campaign included keywords such as SSO, Okta, and Twilio.
According to Twilio EMEA Communications director, Katherine James, the company detected suspicious account activity on August 4, 2022, and the investigation confirmed that several employee accounts had been accessed by unauthorized individuals following responses to the SMS messages. The attackers were able to access certain customer data through the Twilio accounts, although James declined to say how many employees were tricked by the scam and how many customers had been affected.
Twilio was transparent about the data breach and shared the text of one of the phishing emails, which read:
Notice! [redacted] login has expired. Please tap twilio-sso-com to update your password!
The text messages were sent from U.S. carrier networks. Twilio contacted those companies and the hosting providers to shut down the operation and take down the malicious URLs. Twilio said they were not the only company to be targeted in this SMS phishing campaign, and the company worked in conjunction with those other companies to try to shut the operation down; however, as is common in these campaigns, the threat actors simply switch mobile carriers and hosting providers to continue their attacks.
The smishing attack and data breach should serve as a reminder to all businesses of the risk of smishing. Blocking these types of phishing attacks can be a challenge for businesses. The best starting point for improving your defenses is to provide security awareness training for the workforce. Security awareness training for employees usually has a strong emphasis on email phishing, since this type of phishing is far more common, but it is important to also ensure that employees are trained on how to recognize phishing in all its forms, including smishing, social media phishing, and voice phishing – vishing – which takes place over the telephone.
The easiest way to do this is to work with a security vendor such as TitanHQ. TitanHQ offers a comprehensive security awareness training platform – SafeTitan – with an extensive range of training content on all aspects of security, including smishing and voice phishing. The training content is engaging, interactive, and effective at improving cybersecurity understanding, and SafeTitan is the only security awareness training platform that delivers training in real-time in response to the behavior of employees. The platform also includes a phishing simulator for automating simulated phishing tests on employees.
For more information about improving security awareness in your organization, contact TitanHQ today.
by titanadmin | Jul 26, 2022 | Industry News, Phishing & Email Spam, Spam Advice, Spam News, Spam Software |
TitanHQ has announced an update has been made to its flagship anti-phishing solution, SpamTitan Plus. The new enhancements have been added to the predictive phishing detection capabilities of SpamTitan Plus to help users block personalized URL attacks.
Phishing attacks on businesses have become much more sophisticated and new tactics are constantly being developed to evade standard email security solutions. While commercial email security solutions perform well at identifying and blocking spam emails, achieving detection rates in excess of 99%, blocking phishing emails is more of a challenge and many phishing threats sneak past email security solutions and are delivered to inboxes.
One of the ways that cyber threat actors bypass email security solutions is by creating personalized URLs for their phishing emails. One of the methods used by email security solutions for blocking phishing URLs is a real-time blacklist of known malicious URLs and IP addresses. If an email is sent from an IP address that has previously been used to send spam or phishing emails, the IP address is added to a blacklist and all emails from that IP address will be blocked. The URLs in phishing campaigns are set up and massive email runs are performed. When those URLs are detected as malicious, they are also added to a blacklist and will be blocked by email security solutions.
However, it is becoming increasingly common for personalized URLs to be used. These URLs can be personalized for the targeted organizations at the path and parameter level, and since a unique URL is used in each attack, standard anti-phishing measures such as blacklists are ineffective at detecting these URLs as malicious. That means the emails containing these malicious URLs are likely to be delivered to inboxes and can only be blocked after they have been delivered. That typically means an employee needs to report the email to their security team, and the security team must then act quickly to remove all phishing emails in that campaign from the email system. That process takes time and there is a risk that the links in the emails could be clicked, resulting in credential theft or malware infections. Most of the phishing detection feeds that are used by email security solutions do not gather the necessary intelligence to be able to inform customers of the level at which a phishing campaign should be blocked. SpamTitan Plus, however, does have that capability.
“With predictive phishing detection, SpamTitan Plus can now combat automated bot phishing,” said Ronan Kavanagh, CEO of TitanHQ. “At TitanHQ we always strive to innovate and develop solutions that solve real-security problems and provide tangible value to our customers. The end goal is to have our partners and customers two or three steps ahead of the phishers and cybercriminals.”
SpamTitan Plus
SpamTitan Plus is an AI-driven anti-phishing solution that is capable of blocking even the newest zero-day phishing threats. The solution has better coverage than any of the current market leaders and provides unparalleled time-of-click protection against malicious hyperlinks in phishing emails, with the lowest false positive rate of any product. SpamTitan Plus benefits from massive clickstream traffic from 600+ million users and endpoints worldwide, which sees the solution block 10 million new, never-before-seen phishing and malicious URLs a day.
The solution protects against URL-based email threats including malware and phishing, performs predictive analyses to identify suspicious URLs, URLs are rewritten to protect users, real-time checks are performed on every click, and the solution includes 100% of all current market-leading anti-phishing feeds. That translates into a 1.5x increase in unique phishing URL detections, 1.6x faster phishing detections than the current market leaders, and 5 minutes from initial detection of a malicious URL to protecting all end user mailboxes.
For more information about the best phishing solution for businesses, give the TitanHQ team a call today. Current users of SpamTitan Plus already have these new capabilities added, at no additional cost.
