Blog
by titanadmin | May 4, 2022 | Phishing & Email Spam, Security Awareness, Spam Software |
Phishing is commonly used to gain access to credentials to hijack email accounts for use in business email compromise (BEC) attacks. Once credentials have been obtained, the email account can be used to send phishing emails internally, with a view to obtaining the credentials of the main target. Alternatively, by spear phishing the target account, those steps can be eliminated.
If the credentials are obtained for the CEO or CFO, emails can be crafted and sent to individuals responsible for wire transfers, requesting payments be made to an attacker-controlled account. A common alternative is to target vendors, in an attack referred to as vendor email compromise (VEC). Once access is gained to a vendor’s account, the information contained in the email accounts provides detailed information on customers that can be targeted.
When a payment is due to be made, the vendor’s email account is used to request a change to the account for the upcoming payment. When the payment is made to the attacker-controlled account, it usually takes a few days before the non-payment is identified by the vendor, by which time it may be too late to recover the fraudulently transferred funds. While BEC and VEC attacks are nowhere near as common as phishing attacks, they are the leading cause of losses to cybercrime due to the large amounts of money obtained through fraudulent wire transfers. One attack in 2018 resulted in the theft of $23.5 million dollars from the U.S. Department of Defense.
In this case, two individuals involved in the scam were identified, including a Californian man who has just pleaded guilty to six counts related to the attack. He now faces up to 107 years in jail for the scam, although these scams are commonly conducted by threat actors in overseas countries, and the perpetrators often escape justice. The scam was conducted like many others. The BEC gang targeted DoD vendors between June 2018 and September 2018 and used phishing emails to obtain credentials for email accounts. An employee at a DoD vendor that had a contract to supply Aviation JA1 Turbine fuel to troops in southeast Asia for the DoD received an email that spoofed the U.S. government and included a hyperlink to a malicious website that had been created to support the scam.
The website used for the scam had the domain dia-mil.com, which mimicked the official dla.mil website, and email accounts were set up on that domain to closely resemble official email accounts. The phishing emails directed the employee to a cloned version of the government website, login.gov, which harvested the employee’s credentials. The credentials allowed the scammer to change bank account information in the SAM (System for Award Management) database to the account credentials of the shell company set up for the scam. When the payment of $23,453,350 for the jet fuel was made, it went to the scammers rather than the vendor.
Security systems were in place to identify fraudulent changes to bank account information, but despite those measures, the payment was made. The SAM database is scanned every 24 hours and any bank account changes are flagged and checked. The scammers learned of this and made calls to the Defense Logistics Agency and provided a reason why the change was made and succeeded in getting the change manually approved, although flags were still raised as the payment was made to a company that was not an official government contractor. That allowed the transfer to be reverted. Many similar scams are not detected in time and the recovery of funds is not possible. By the time the scam is identified, the scammers’ account has been emptied or closed.
The key to preventing BEC and VEC attacks is to deal with the issue at its source to prevent phishing emails from reaching inboxes and teach employees how to identify and avoid phishing scams. TitanHQ can help in both areas through SpamTitan Email Security and the SafeTitan security awareness training and phishing simulation platform. Businesses should also implement multifactor authentication to stop stolen credentials from being used to access accounts.
by titanadmin | May 3, 2022 | Network Security, Security Awareness |
Providing security awareness training to the workforce is necessary for compliance and is often a requirement for getting cybersecurity insurance, but the real purpose of security awareness training is to reduce risk and avoid costly cyberattacks and data breaches.
To get the full benefits you need an effective security awareness training program, where susceptibility to phishing attacks is reduced and your resilience to cyberattacks targeting employees is significantly improved. To help you, we offer some top tips for creating an effective security awareness training program.
Security Awareness Training Must be a Continuous Process
Security awareness training should not be seen as a checkbox item for compliance. To be effective, training needs to be an ongoing process, where the training is reinforced over time. That if unlikely to happen with a once-a-year training session. Another reason for providing ongoing training is cyber threat actors are constantly changing their tactics and regularly come up with new scams. It would be unreasonable to expect employees to be able to recognize these new threats if they have not been covered in training sessions. Through regular training, provided in bite-sized chunks, you can make your employees are made aware of the latest threats which will help them to recognize them when they are encountered.
Make Sure Your Training Content is Interesting
Different employees will respond to different training methods. A classroom-based training session may be good for some employees, but others will respond better to computer-based training, infographics, videos, and quizzes. Keep your training varied to make sure it appeals to a wide audience and try to make the training interesting and engaging to improve knowledge retention, such as using storytelling to trigger emotions and the imagination, and don’t be afraid to use humor. Cybersecurity can be a pretty dry topic for many people and if they can enjoy it, they are more likely to retain the information and apply the training on a day-to-day basis.
Get Buy-in from the C-Suite
If you want to create a security culture in your organization, you will need to get buy in from the C-suite. Any change in culture in an organization needs to start at the top. The C-Suite must be made aware of the importance of security awareness training and cybersecurity, and using data is usually the best approach. Using a security awareness training company that can provide data on the effectiveness of training at reducing risk will help. You will be able to prove the return on investment you are likely to achieve.
Conduct Phishing Simulations After Providing Training
Providing security awareness training is only one step toward developing a security culture and reducing risk. You also need to conduct tests to determine whether your training is being applied on a day-to-day basis, and the best way to test that is with phishing simulations. Conduct realistic simulations to determine whether the training has been effective. If employees fail simulations, provide extra training.
Do Not Punish Employees for Failing Phishing Simulations
Many companies operate a three strikes and you’re out policy for failing phishing simulations or penalize employees in other ways for falling for phishing emails. Around 40% of organizations take disciplinary action against employees for cybersecurity errors such as phishing simulation failures. Punishing employees for failing to identify phishing simulations often does not have the desired effect.
If you want to encourage employees to be more security-aware and create a security culture, creating a culture of fear is unlikely to help. This approach is likely to cause stress and anxiety, which can lead to the creation of a hostile working environment, and that does not help employees become more security aware. Further, when mistakes are made, employees will be much less likely to report their mistakes to the security team out of fear of negative consequences.
Conduct Real-Time Security Awareness Training
Training is likely to be most effective immediately after employees have made a mistake. By using a security awareness training solution such as SafeTitan, the only behavior-driven security training solution that delivers contextual training in real-time, you can deliver relevant training immediately and explain how a mistake was made and how similar errors can be avoided in the future. For instance, if an employee is discovered to be downloading free software from the Internet, an immediate alert can be delivered explaining why it is not allowed and the risks of installing software without approval from the IT department. If a phishing simulation is failed, employees can be alerted immediately, and it can be turned into a relevant training session.
Benchmark to Learn the Effectiveness of Security Awareness Training
Businesses conduct security awareness training to reduce susceptibility to phishing attacks and other cyber threats, but to gauge the effectiveness of the training there must be a benchmark to measure against. Conducting phishing simulations prior to providing training will allow you to measure how effective the training has been. You can use pre-training simulations to determine how many employees are falling for scams and the percentage of simulated phishing emails that are being reported. You can then reassess after providing training and can determine exactly how effective the training has been.
Security Awareness Training and Phishing Simulations are Not Enough
Providing regular security awareness training and conducting phishing simulations are important for improving resilience to cyber threats and will allow you to prove training has been provided for compliance or insurance purposes, but you also need to make sure that training has been absorbed by employees. Don’t just provide training – use quizzes to assess whether the training has been absorbed. You should also analyze the results of phishing simulations to identify any knowledge gaps that need to be addressed with future training courses. If employees are still falling for a certain type of scam, it could be your training that is the issue.
For more information about security awareness training, conducting phishing simulations, and to discover the benefits of real-time security awareness training, contact TitanHQ today for more information about SafeTitan. You can also take advantage of a free trial of the solution before deciding on a purchase.
by titanadmin | Apr 30, 2022 | Network Security, Security Awareness |
It is important for security to implement an advanced spam filtering solution to block email threats such as phishing and malware, but security awareness training for the workforce is still necessary. The reason why phishing attacks are successful is that they target a weak point: employees. Humans make mistakes and are one of the biggest vulnerabilities as far as security is concerned. All it takes is for one phishing email to sneak through your defenses and land in an inbox and for the recipient to click a link in the email or open a malicious attachment for a threat actor to get the foothold they need in your network.
The easiest way to target employees is with phishing emails. The majority of phishing emails will be blocked by your spam filter, but some emails will be delivered. It doesn’t matter how advanced and effective your spam filter is, it will not block every single phishing email without also blocking an unacceptable number of genuine emails.
Phishing emails are used to achieve one of three aims: To trick individuals into disclosing credentials, to trick them into emailing sensitive data, or to trick them into installing malware. There are many tactics, techniques, and procedures (TTPs) employed in phishing attacks to make the emails realistic, convincing, and to get employees to act quickly. The emails may closely match standard business emails related to deliveries, job applications, invoices, or requests for collaboration. Spoofing is used to make the messages appear to have come from a trusted sender. Emails can spoof brands and often include the correct corporate logos, formats, and color schemes. While phishing emails include red flags that indicate all is not what it seems, busy employees may not notice those flags. Further, sophisticated, targeted phishing attacks contain very few red flags and are very difficult to identify. Even system administrators can be fooled by these attacks.
Businesses cannot expect every employee to be an expert at identifying phishing emails and other email threats, nor should they assume that employees have a good understanding of security practices that need to be employed. The only way to ensure employees know about security practices and how to recognize a phishing email is to provide security awareness training.
Security Awareness Training Improves Resilience to Phishing Attacks
The purpose of security awareness training is to make the workforce aware of the threats they are likely to encounter and to provide them with the tools they need to recognize and avoid those threats. Security awareness training is not a checkbox item that needs to be completed for compliance, it is one of the most important steps to take to improve your organization’s security posture and it needs to be an ongoing process. You could provide a classroom-based training session or computer-based training session once a year, but the TTPs of cyber threat actors are constantly changing, so that is not going to be sufficient. More frequent training, coupled with security reminders, newsletters, and updates on the latest threats to be wary of will ensure that security is always fresh in the mind, and it will help you to develop a security culture in your organization.
One of the most effective strategies is to augment training with phishing simulations. Phishing simulations involve sending fake but realistic phishing emails to employees to see how they respond. If you do not conduct these tests, you will not know if your training has been effective. The simulations will identify employees that require further training and the simulations will give employees practice at recognizing malicious emails. Reports from these simulations allow security teams to assess how resilient they are to phishing attacks and other email threats and will allow them to take action and focus their efforts to make immediate improvements.
SafeTitan Security Awareness Training & Phishing Simulations
TitanHQ can now help businesses create a human firewall through SafeTitan Security Awareness Training. SafeTitan is the only behavior-driven security awareness platform that delivers training in real-time and will greatly improve resilience to social engineering and advanced phishing attacks.
If you want to improve your resilience to cyberattacks, prevent more data breaches, and avoid the costs and reputation damage caused by those incidents, you need to be training your workforce and running phishing simulations. Get in touch with TitanHQ today for more information and get started creating your human firewall.
by titanadmin | Apr 27, 2022 | Phishing & Email Spam, Spam Software |
It took 10 months for the operators of the Emotet botnet to return after their botnet infrastructure was shut down in an international law enforcement operation, and then just a further 3 months for Emotet malware to regain its position as the most widely deployed malware.
According to Check Point, in March 2022, Emotet reestablished itself as the most widely distributed malware. Emotet has emerged like a phoenix from the flames, and infections have been soaring, with March seeing an astonishing increase in infections. Check Point says as many as 10% of all organizations globally were infected with Emotet in March, which is twice the number of infections the firm recorded in February.
Emotet first appeared in 2014 and was initially a banking Trojan; however, the malware has evolved considerably. Like many other banking Trojans, modules have been added to give the malware new functionality and today the malware is operated under the malware-as-a-service model, with access to Emotet-infected devices sold to other cybercriminal operations, which in the past has included the TrickBot operators and ransomware gangs.
In November 2021, 10 months after the botnet’s infrastructure was taken down, security researchers started reporting the resurrection of Emotet. The TrickBot operators helped to rebuild the Emotet botnet by using their malware to download Emotet as a secondary payload, and in the past couple of months, massive spamming campaigns have been launched to distribute Emotet which have proven to be highly successful. Emotet is also a self-propagating malware and the emails used to distribute it are convincing. One of the Emotet spam email campaigns being tracked by Kaspersky has been scaled up considerably, increasing 10-fold in just one month. That campaign is being used to distribute Emotet and the linked malware QBot. In February, Kaspersky intercepted 3,000 emails. In March, 30,000 emails were intercepted.
Like previous campaigns distributing Emotet, business email threads are hijacked and replies are sent to those messages that contain malicious hyperlinks or attachments. Since the messages come from trusted senders and appear to be responses to genuine messages, the chance of them attracting a click is high. This campaign highlights the importance of having an email security solution than conducts scans of outbound as well as inbound mail. Security Awareness training is also important to condition the workforce to constantly be on the lookout for potential threats, even when emails appear to have been sent internally from corporate accounts or other trusted senders.
Some of the spam email campaigns have revealed new tactics, techniques, and procedures (TTPs) are being tested to distribute the malware. This April, Microsoft started blocking macros in Office files downloaded from the Internet by default. This is a problem for threat actors that have previously relied on macros in Excel spreadsheets and Word documents to download their malware, so it is no surprise to see the Emotet operators changing their tactics to get around this.
One campaign has been identified that uses XLL files – a type of dynamic link library (DLL) file – rather than Excel and Word files. XLL files increase the functionality of Excel, and using these files gets around the problem of VBA macros being blocked. Emotet is known for large spamming campaigns; however, this campaign was conducted on a small scale, possibly to test its effectiveness. Should the campaign prove successful, it will likely be scaled up. In this campaign, the emails are linked to OneDrive, and if the link in the email is clicked, the XLL file is downloaded in a password-protected .zip file. The password to unlock the .zip file is provided in the message body.
Emotet is also being distributed via Windows shortcut files (.LNK). The Emotet operators have used this tactic in the past in combination with VBS code; however, this campaign does away with the VBS code, and instead, the .LNK files are used to directly execute PowerShell commands that download the Emotet payload.
Is likely that the operators will switch to new variants that have lower detection rates by AV engines, as has been done many times in the past, which is why it is important to have an email security solution that is not reliant on signature-based detection mechanisms. Behavioral analysis is vital for detecting these new variants. An email security solution with email sandboxing will help to protect against new malware variants that have not had their Signatures uploaded into AV engines.
by titanadmin | Apr 19, 2022 | Industry News |
This month, TitanHQ has collected five prestigious awards for its cloud-based security solutions from Expert Insights. Expert Insights is an online publication with editorial and technical teams in the UK and US, that provide insights into cybersecurity and cloud-based technologies to help businesses make the right purchasing decisions.
Hundreds of B2B solutions are covered on the website, along with editorial buyers’ guides, blog articles, and industry analyses, with interviews and technical product reviews written by industry experts. More than 80,000 business owners, IT admins, and users visit the website every month to research products ahead of making a purchase.
Expert Insights issues ‘Best-Of’ awards to recognize companies that have developed products that provide essential services to businesses, help drive business growth, improve efficiency, and secure their IT environments against an ever-increasing range of cyber threats. The Expert Insights’ Spring 2022 Best-Of awards are issued across a range of categories, including cloud software, security, and storage, with up to 11 vendors chosen in each category. Vendors and their products are selected based on extensive research into the solutions by industry experts, and from feedback from genuine business users of the solutions. “These awards recognize the continued excellence of the providers in these categories,” said Joel Witts, Expert Insights’ Content Director.
TitanHQ collected awards for SpamTitan Email Protection, WebTitan DNS Filter, ArcTitan Email Archiving, and SafeTitan Security Awareness Training, with each product being awarded Best-in-Class in their respective categories..png)
SpamTitan was named as the Best Email Security Gateway and was ranked the number 1 solution. WebTitan ranked best in the Web Security Solution category, ArcTitan was ranked number 1 in the Email Archiving Solution for Business category, and SafeTitan collected two best-of awards, one in the Security Awareness Training Category and another in the Phishing Simulation category.
“The recent pandemic and the growth of remote working initiatives have further highlighted the need for multiple layers of cybersecurity and our award-winning solutions form key pillars in this security strategy,” said TitanHQ CEO Ronan Kavanagh. “We will continue to innovate and provide solutions that MSPs can use to deliver a consistent, secure, and reliable experience to their customers.”
