Welcome to Security Lab Insights, your central hub for the latest email security intelligence. Here, you’ll find a comprehensive collection of in-depth analysis from Hornetsecurity’s Security Lab, specializing in forensic examinations of current and critical security threats. Designed for CISOs, Microsoft 365 admins, and all cybersecurity enthusiasts, this hub will keep you informed about the latest trends and best practices to safeguard your organization against evolving cyber threats. Explore our research library to discover valuable insights and stay ahead of the curve.

Threat Reports

Monthly Threat Report November 2024: More Breaches and New EU Regulations

A security breach at the Internet Archive exposed data of 31 million users, increasing the risk of targeted cyber-attacks. The EU has adopted a new law to enhance IoT device security, potentially impacting all digital products; with the holidays and recent U.S. elections, expect a surge in brand impersonation and malicious communications.

Threat Reports

Monthly Threat Report October 2024: Email Threats Trending Up for End of Year

In Q3 2024, email threats surged significantly, with PDF, archive, and HTML files being the top malicious attachments. The CUPS security incident drew special attention from Linux system admins, and Microsoft held a Windows Security Summit to strategize on preventing future breaches like CrowdStrike.

Threat Reports, Threat Research

Monthly Threat Report September 2024: Another Month – Another Massive Data Breach

A massive data breach at National Public Data exposed 2.9 billion records, increasing the risk of spear-phishing attacks. U.S. authorities warn of RansomHub, insider threats, and rising cyber risks during the ongoing U.S. election campaign.

Threat Reports

Monthly Threat Report August 2024: A Month of Global Impact

Widespread cyberattacks dominated July 2024, highlighted by the severe CrowdStrike incident that caused significant disruptions across multiple businesses. New vulnerabilities in VMware ESXi and increased DDoS attacks from Anonymous Sudan further compounded the threat landscape.

Threat Reports

Monthly Threat Report July 2024: Snowflake(s) in July

This month’s email attacks: more spam, less targeted. Cloud storage provider Snowflake’s customers were breached. Change Healthcare revealed leaked data from their ransomware attack. Big news: Kaspersky banned in the US! Finally, good news – the FBI has Lockbit decryption keys (see Lockbit section if affected).

Threat Reports

Monthly Threat Report June 2024: New Threat Campaigns Involving Darkgate

This month, we detected a new Darkgate Malware campaign using pastejacking to distribute malware. Additionally, the successful dismantling of the 911 S5 Proxy Botnet marks a major milestone in cybersecurity. Furthermore, threat actors impersonating helpful community members on platforms like Stack Overflow distribute malicious PyPI packages, posing a new threat vector.

Threat Reports

Monthly Threat Report May 2024: Satya Nadella’s Statement on Security, and a New UK Law Impacting the Industry

This month saw PDF files emerge as the prime target in email attacks, Microsoft’s CEO, Satya Nadella, affirmed the company’s commitment to addressing security concerns. Additionally, the introduction of new security guidelines for IoT and home devices by the British law PSTI underscores a proactive approach to safeguarding digital ecosystems.

Threat Reports

Monthly Threat Report April 2024: Impersonation Attacks, and the US CSRB’s Report on Storm-0558

This month, key highlights include a critical report on Microsoft’s response to the Storm-0558 attack, urging enhanced public cloud security. The US Federal Trade Commission reported $1.1 billion in losses from impersonation attacks in 2023. Furthermore, there was a narrow escape from a potentially catastrophic supply chain attack on a widely-used Linux library.

Threat Reports

Monthly Threat Report March 2024: A Busy Cybersecurity News Cycle with High-Impact Events

This month has been defined by significant cyberattacks, with implications reaching even into the realm of human well-being. Additionally, a critical CVSS 10 vulnerability in ScreenConnect by Connectwise has been exploited in the wild, necessitating an urgent patch for On-Prem users.

Threat Reports

Monthly Threat Report February 2024: A Month for Breaches and Ransomware

This month, we’ve witnessed a decline in low-effort high-volume email attacks, but a rise in targeted, sophisticated assaults. FedEx, Amazon, and Facebook were prime targets for brand impersonation. The breach of Microsoft’s executive emails by the ‘Midnight Blizzard’ group highlighted OAuth application security concerns. Additionally, AnyDesk reported a breach, and Johnson Controls faced a significant ransomware attack.

Threat Reports

Monthly Threat Report January 2024: Holiday-Focused Attacks on the Decrease, but Danger Remains

This month’s key highlights include the escalating MOVEit supply chain attack, the active targeting of the Albanian government and One Albania Telecom by the Iranian group “Homeland Justice,” and new phishing campaigns targeting Instagram and Twitter users for account takeover and access to crypto assets.

Threat Reports

Monthly Threat Report December 2023: Holidays Bring Malicious Email and Lots of Patches to Apply

This month’s report highlights a decline in sophisticated email threats but a rise in easily detectable threats. Microsoft fixed 63 vulnerabilities, including five zero-days, urging prompt fixes. Major CPU vulnerabilities in Intel and AMD pose risks, but patches are available.