Very soon, major changes are coming to the title industry. On October 3, 2015, Truth in Lending Act and Real Estate Settlement Procedures Act (TILA-RESPA) will add a new set of regulations to the title industry to help safeguard consumers from non-public information (NPI) data breaches. While this is a win for consumers, it can leave title companies vexed as they try to determine the best course for compliance with the new regulations.

Fortunately, the American Land Title Association (ALTA) has issued NPI best practices guidelines for title companies. While the guidelines are not mandatory, they can ease the burden of research on small title companies by showing them the easiest way to protect their clients and themselves. Between July and December 2014, over $19 million in remediation was paid out to more than 92,000 consumers for infractions with Consumer Financial Protection Bureau (CFPB) compliance regulations. As the regulations toughen in October, this number can only be expected to rise.

One of the simplest ways to keep your business compliant is with email encryption. As recommended by the ALTA’s Best Practices Pillar 3, email encryption can help you stay compliant by sending NPI securely, mitigating the risk of a data breach via unsecure email. AppRiver’s email encryption service, CipherPost Pro™ includes an FYEO feature and message tracking, freezing and recalling options, helping to ensure than sensitive data is received only by its intended recipients.


Over the past week we have been monitoring (and blocking) a stream of malicious emails attempting to pose as legitimate Amazon purchase confirmations. The messages simply state that your order has been confirmed and contains a small amount of details. The user being target is directed to the attached .doc file for the shipping and tracking details.

amazon malware

In order for the .doc (MD5sum=998692c0e93d4821c069aa96ddff800c) to actually infect the user’s machine they must have Macro’s enabled for MS Word. Thankfully for most users, Macros are disabled by default in current versions. However, for those who already have it enabled or chose to follow the prompt and enable them an infection will occur. The malware contained in these messages is identified as part of the Fareit malware family. This family of malware is often distributed via Word documents with malicious macros embedded and has been known to drop multiple malware variants on the target machine.

In this particular case the malware quickly goes to work attempting to steal your Outlook password along with website passwords from various browsers such as Firefox, IE, Chrome and Opera. It then attempts to harvest account credentials for a lengthy list of FTP and multiple file storage programs. In addition it begins pilfering the target machine for just about every type of Crypto currency in existence. Including:

callout3This behavior (stealing Crypto currency) is something we have been seeing with more frequency as of late. The anonymous nature and lack of regulation in the Crypto Currency market make it more akin to stealing actual cash than to committing wire fraud by raiding someones online bank accounts. But in this case the cybercriminals are  o.k. with that too… The last observed behavior was to drop a copy of the Zeus Trojan to be used to capture and steal bank related information.

Recently, we learned of a federal data breach involving the personal records of around four million current and former government employees. While information about the scope of the attack is still developing, we do know that US investigators are saying that it could affect nearly every government agency and is likely the largest federal government data breach to date. US investigators believe they can trace the attack to the Chinese government, claims that Beijing has called baseless.

In regards to cybersecurity, relations between the US and China haven’t been the best in the past. Each side has pointed fingers in cyberattacks before, with the US saying not too long ago the Chinese government may have stolen terabytes worth of data about a new jet fighter being developed. This latest attack further enforces the idea that nations are moving towards cyber warfare with each other. These sorts of attacks are becoming more and more common in the news, and we’re now seeing nations forming cybersecurity divisions devoted to protecting national security as well as have offensive abilities.

With over four million records stolen of government employees in this breach, a question that comes up is “what will they do with all of that data?” US officials believe China is trying to compile a large database of Americans’ sensitive data, but they are unsure of the purpose of that database. While they may just take the stolen data and save it, it’s possible there could be other ideas in store for it, such as fraud and impersonation. The data could be sold to other governments that may want it for their own use for attacks, or they could even use the information gained to have further successful attacks in the future.

This is also a grim reminder that anyone with sensitive data needs to stay on top of security. Whether you are a small business or a national government, there is always someone out there that wants to get a hold of your data. It was mentioned this breach of data occurred right before the adoption of tougher security controls.  In this instance, they were unfortunately too late, but this is a good reason to show why putting off updates and security upgrades can be a bad idea. If there is a soft spot in security somewhere, it’s just a matter of time before an attacker may find it and exploit it.

ppl_logo_smallEarly this morning, right around the start of the business day over here in the states, we began seeing a malware campaign hitting our filters that masqueraded as UK music licensing firm PPL. Even though it looks like this was a cast net style attack where both US domains and British domains were targeted, the time of day this was launched certainly was centered around US targets starting their workday.

The email states that the recipient needs to pay licensing fees associated with playing recorded music at their premises. This is usually reserved for bars with jukeboxes or other businesses such as restaurants that play music for their guests or show television programs with copyrighted material. However, these emails weren’t only sent to businesses that this would apply to, they were sent to a huge swatch of possible victims regardless of their services provided. The information provided in the email is well presented with links that actually lead to the PPL site and the corresponding information for them is also correct. The danger here lies in the attachment that is supposed to be an invoice for the incurred fees. It is a Word document by the name of “P_PP_INVN_02573466_01-43-52_03657322_NEWBUS_O_E.DOC”, not the most eloquent of naming conventions, but likely busy on purpose to add to the confusion. This Word file, as has been popular as of late, contains a malicious macro that reaches out to the domain in order to pull down more malicious files onto the victim machine. Furthermore, these files reach out to the IP which belongs to a company in Thailand by the name of Internet Thailand Company Limited, which appears to be a cloud service provider. One of the files downloaded named “10.exe” belongs to the Dridex family of banking trojans which are commonly found in these malicious macro style attacks. Dridex relies on these Word documents and associated macros to steal online banking credentials.


End of life (EOL) is approaching. July 14, 2015 is an important date to note if your organization is still running Microsoft Windows Server 2003. After this date, extended support will end and Microsoft will no longer deliver critical security patches or updates. Being slated by some as one of the “biggest security risks of 2015,” there are major threats to your organization if migration is forgone or delayed past this deadline. This official alert from the US Department of Homeland Security warns of the possible consequences facing those who do not take action, including cybersecurity threats, as well as compliance and compatibility issues.

Plan ahead! Doing a migration after a server has failed will not only increase server maintenance costs, but will also put your data at risk and result in lost productivity. By moving to the cloud, you can reduce your costs and grow your business. AppRiver has solutions for you in both our Secure Hosted Exchange and Office 365 services. There are a few initial steps that our team can help you complete and depending on which platform you’re coming from, we can easily migrate your email messages, folders, calendars, contacts and notes. We understand that migrating your email and services can be a stressful transition, but our 24/7 Phenomenal Care™ team will be with you every step of the way, eliminating the guess work and helping you transition with confidence.