Hornetsecurity Blog
Get regular updates from the world of cloud security
In our blog, the Hornetsecurity team – especially the experts from the Security Lab – regularly report on IT security topics as well as on current innovations and events at Hornetsecurity.
Increase in cybercrime in the pre-Christmas season
New Infopaper gives tips on how to best protect your businessThe year is coming to an end, and the earliest shoppers are thinking about what to give their loved ones for Christmas. Online stores and local businesses in turn are preparing for the high-volume,...
Hornetsecurity included in Gartner’s 2020 Market Guide for Email Security
The new Market Guide for Email Security from leading research and advisory company Gartner has listed Hornetsecurity as Representative Vendor. With the Gartner Market Guide for Email Security, analysts Mark Harris, Peter Firstbrook and Ravisha Chugh provide comprehensive guidance on how to set up email security to meet changing circumstances. Especially because of the dramatic increase of phishing attacks, the rise of business email compromise (BEC) and the ongoing migration to cloud security, security managers need to ensure that the solutions they choose are appropriate….
Email Conversation Thread Hijacking
You should only open email attachments and links from senders you know is an advice often given when it comes to preventing email-based malware and phishing attacks. However, in this article we outline an attack technique called email conversation thread hijacking, which uses victim’s existing email conversations and thus trust-relationships to spread to new victims. Against this attack the previous advice will not help. We explain how email conversation thread hijacking is used by attackers, and why it dramatically increases the likelihood for victims to open malicious links or malicious attachments.
Emotet Update increases Downloads
The Hornetsecurity Security Lab observed a 1000 % increase in downloads of the Emotet loader. The increase in Emotet loader downloads correlates with Emotet’s packer change, which causes the Emotet loader to be less detected by AV software.
Our gathered data suggests that the increase in Emotet loader downloads stems from the loader being detected less and thus also the Emotet loader download URLs being blocked less by security mechanisms. Our data, however, also suggests that AV vendors are already closing the detection gap and the detection of the Emotet loader should increase again and thus the number of downloads decreasing again. This analysis is a good display of the impact of the changes to the Emotet loader’s packer.
The webshells powering Emotet
The Hornetsecurity Security Lab presents details on the webshells behind the Emotet distribution operation, including insights into payload downloads and how from 2020-07-22 to 2020-07-24 Emotet payloads on Emotet download URLs were replaced with HTML code displaying GIFs. The analysis shows that the number of downloads of the malicious content behind the Emotet download URLs is significant and has been observed peaking at 50,000 downloads per hour. Highlighting that Emotet emails do get clicked. The analysis further shows that compromised websites are not just compromised once but multiple times by different actors and cleanup efforts by the website administrators are often insufficient leading to re-enabling of the malicious Emotet downloads.
Privacy Shield: The end of transatlantic data exchange?
+++ INFORMATION +++ Currently, it is recommended that affected data flows be identified and switched to alternatives that meet the required level of protection under GDPR. We would therefore like to assure you that Hornetsecurity's cloud email security services are...
Awaiting the Inevitable Return of Emotet
Emotet is probably the most prolific of the recent malware distribution operations. They often change their malware to ensure it is not detected by any anti-virus software. Even though the Emotet botnet is on “spam break” recent changes in a component of the malware has prompted Hornetsecurity’s Security Lab to take a look at the latest version of Emotet in order to be prepared for its next steps. Emotet has added new code obfuscation techniques. But the Security Lab explains how it can still be analyzed…
“Zoom-bombing” Attacks during COVID-19: How can I protect myself?
The video conferencing software Zoom is enjoying enormous popularity because of the current mass practice of working from home. Unfortunately, concerns about the security of the tool have arose. It was possible for uninvolved parties to join other people’s meetings and contribute unwanted or repulsive content – the phenomenon was given the name of “Zoom- bombing”.
The new Backup Bible
Discover
The Backup Bible
For complete guidance, get our comprehensive Backup Bible, which serves as your indispensable resource containing invaluable information on backup and disaster recovery.
