Crypto mining – From the gold rush in the digital world

Crypto mining – From the gold rush in the digital world

It has been more than a century since the so-called “Klondike Gold Rush” broke out in Alaska. Many tried their luck as treasure hunters and set out under the most difficult conditions in search of the coveted precious metal. Since then, a lot has happened and real gold diggers are mostly only to be found in adventure stories. For in the age of the Internet and with the development of digital currencies, new, much more attractive ways of supposedly making quick and big money have emerged. One of them has a surprising amount in common with the legendary Klondike Gold Rush: “crypto mining” or “digging cryptocurrencies”.

The procedure of illegal crypto mining

Cryptocurrencies have become established as a legitimate means of payment. Since the payment units called “Bitcoin” or “Monero” are neither issued by states nor banks, they have to be generated and transferred in a different way. This process, called “mining,” can be done by the users themselves, using computers. But it is not that simple: In order for the digital currencies to be generated, the systems must solve complex algorithmic tasks. The more units to be generated, the more complex the calculation tasks. The exchange of currencies is organized on a decentralized basis and can be handled directly between users via the blockchain using a peer-to-peer network.

The following motto for miners is derived from this: With more computing power, the tasks can be solved faster and at the same time this means more Bitcoins, Moneros and co. Here, lot of system resources are used, which is why the graphics card and the processor are put under considerable stress. In addition, the computationally intensive process brings with it immense power consumption. Conversely, this leads to high electricity prices and the heavy wear on hardware often makes crypto mining unprofitable – especially when the exchange rate is just not playing along.

High profit margins thanks to botnet

As a result, criminal crypto miners have developed various methods to circumvent the high electricity prices found in industrialized countries in particular. One variant is the large-scale mining of cryptocurrencies in countries with extremely low energy prices. For this purpose, entire data centers are set up in countries such as Iceland, Georgia and Venezuela, which are only used for the generation of cryptocurrencies.

Due to the immense power consumption, crypto mining, especially in this country, can only be deemed “lucrative” with the help of botnets. The idea behind this is that cybercriminals can combine the computing power of the computers embedded in a bot network and use them for free. Through a command-and-control server, they gain central control over all devices integrated in the bot network – but how do they do it?

How Cybercriminals send a crypto-miner into the system

In order to make a computer part of a botnet, cybercriminals first have to get “dropper” software into the computer. Regarding the distribution channels, there are no limits to the creativity of digital criminals. The dropper usually reaches the targeted devices via infected websites, but combining it with spam emails is also a popular distribution channel. Here, cybercriminals send spam to a large number of email addresses, hoping that recipients will click on the link contained in the email. On the infected web pages, the dropper is silently downloaded in the background and then executed. The dropper itself does not pose the real danger, because it first downloads the crypto miner and a special tool, which gives instructions to the miner.

For example, the tool can tell the crypto miner to slow down its activities as soon as a resource-hungry application starts. So it is less likely that the victim will notice the fraud. But that’s not all: Some versions of the malware even have the ability to disable antivirus programs and restore the miner when an application tries to remove it. IT security experts believe that some bot networks can sometimes bring in up to $200,000 per month.

What is the current threat situation?

As late as 2018, crypto miners were right at the top of cybercrime’s malware popularity scale – ahead of the well-known blackmail ransomware scam. A crypto miner is used in 9.7% of all recorded malware attacks overall, according to the cyberthreat report by Hornetsecurity. In numbers, that equates to around 29 million out of a total of 300 million malware attacks worldwide. At AV specialists GDATA, three versions of crypto miners were among the top 10 repelled malware programs. But currently the cryptocurrencies are weakening. In particular, the Bitcoin price is like a rollercoaster ride. As a result, the use of crypto mining for cybercriminals is of course not nearly as effective as the previous boom of Bitcoin and co. in December 2017 – but at the same time does this mean that illegal crypto mining is just a fad and the great hype is long gone?

Quite the contrary, because renowned financial experts are sure: At the moment, it is simply a bubble and as soon as it bursts, the investment in digital money will skyrocket again. Bitcoin expert Aaron Lasher goes even further: He believes that a Bitcoin could be worth about 200,000 euros in ten years.

Crypto Mining Infographic by Hornetsecurity

Harvard expert Dennis Porto, who has calculated that the Bitcoin price will rise in the next five years to up to 100,000 euros, backs this up. As crypto mining and the price of cryptocurrencies go hand in hand, illegal crypto mining activities are also likely to increase considerably with the occurrence of this scenario.

Protection in case of emergency: How do I effectively protect myself against crypto miners?

A traditional antivirus program is far from sufficient when protecting against complex malware. You are therefore advised to take other precautions. Since crypto miners can only start their work when an infected file or website is opened, access should be prevented ideally in advance.

This can be ensured in companies, in particular through the use of managed security services. To effectively close the gateway, a combination of spam filters, web filters and Advanced Threat Protection is advised. The spam filter ensures that suspicious emails containing links to infected websites are rigorously filtered out. This way the recipient cannot accidentally click on the malicious link, because the email does not even reach their email inbox.

Advanced Threat Protection intervenes when there is an infected file in the attachment of an email containing, for example, the “dropper” of a crypto miner. The intruder is quarantined and blocked from entering the email inboxes, just like spam emails. When surfing the Internet, a web filter provides security against harmful content. It reliably blocks access to dangerous sites, such as those on which a crypto miner is installed, and informs the user about the threat that lurks there.

The gold rush fever among cybercriminals does not simply have to be accepted like this. The worse it is for cryptocurrency prices and the more users hedge against crypto miners in advance, the less likely one is to fall victim to the scam.

Cybercrime: Ruthless, extremely complex and a never-ending story

Cybercrime: Ruthless, extremely complex and a never-ending story

No year before has made more headlines in digital crime than 2018. This is the conclusion of the latest edition of the Hornetsecurity Cyberthreat Report. Not only the quantity of crimes has increased rapidly, but also their quality. According to a spokesman for the State Criminal Investigation Office (LKA) Lower Saxony in response to a request from the German newspaper “Hannoversche Allgemeine Zeitung”, the number of criminal activities via the Internet alone has increased by 30% in recent years.

Cyberattacks such as Advanced Persistent Threats, Malware and Spam as well as the transfer of “typical” criminal activities to the online world are responsible for the rapid increase. These criminal activities include trading of weapons, drugs, illegal pornography and counterfeit papers. “The criminals use the possibilities of digitalization extensively, not only in communication”, says LKA spokesman Marius Schmidt. In particular, the Darknet is becoming increasingly significant.

The number of unreported cases is massive

According to the Cyberthreat Report cybercrime is the world’s third largest threat after environmental disasters and political tensions. In 2017, the Federal Criminal Police Office (BKA) was able to identify almost 86,000 cases of cybercrime in Germany – an increase of four percent compared to the previous year.

The cost of the damage caused by cybercrime increased just as rapidly. Whereas cybercrime in Germany caused economic damage of 50.9 million euros in 2016, 71.4 million euros were lost in 2017. The worst thing about these numbers: These are only financial damages caused by cases registered by the BKA. Experts estimate that this number represents only 9% of the total loss. That means there are more than 90% of unreported cases .

But why is the number so high? Experts assume that cyberattacks are often noticed far too late, or not at all. However, in many cases they are not even reported to the relevant authorities by the companies concerned. This is due to the concern about loss of reputation and image. The latest massive cyberattack on the Marriott hotel chain is a classic example of such an incident. For years, hackers stayed unnoticed in the network of the world’s third-largest hotel group and, among other things, captured credit card data from half a billion customers. The German industry association Bitkom comes to completely different results due to such cybercriminal incidents. It recorded an enormous amount of damage of 55 billion euros.

Advanced Persistent Threats still very popular

As in 2017, the popularity of Advanced Persistent Threats among cyber criminals continues uninterrupted. With the attack on the French construction company Ingérop, the hackers once again proved the significant threat potential of such sophisticated cyberattacks. They succeeded in transferring malware into the IT infrastructure by means of a professionally designed phishing campaign on employees of the Group. This served as a door opener for a large-scale data theft. The hackers captured a total of 65 gigabytes of sensitive data, including construction plans for nuclear facilities and high-security prisons. Furthermore, sensitive personal data of a total of 1,200 Ingérop employees were stolen.

Also, the German armament company Krauss Maffei recently experienced an attack of this kind. Hackers penetrated the company’s IT systems and infected it with malware. The production process had to be shut down for a week afterwards. This was followed by an extortion attempt with a ransom demand.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

Malware remains standard

Compared to Advanced Persistent Threats, malware is far less complex, but still very effective. In general, it is used to perform unwanted or harmful functions to users. The cyber criminals use malware to increase their income, for example. The great variety of malware makes it a very popular tool for hackers.

This popularity is also reflected in its distribution: between 2006 and 2017, the number of malware incidents increased constantly. Email communication is the main gateway to malicious file attachments. Office files are particularly popular as disguise. Every third malware sent disguised itself as a Word, Excel or PowerPoint file, as can also be read in the Cyberthreat Report.

Spam emails – threat potential increases

Spam is no longer as popular among cybercriminals as it was ten years ago. The Hornetsecurity Cyberthreat Report concludes that in 2018 not even every second email was a spam email. The situation was different back in 2009: At this time, it was almost 100 percent of all emails. Anyone who thinks that this trend is positive is unfortunately mistaken. Whilst ten years ago almost no spam email contained malware, today this is quite different. More and more emails are packed with malware such as viruses, Trojans, Ransomware or spyware.

To summarise: The battle is far from lost.

Even though the damage caused by cybercrime is steadily increasing and it is becoming increasingly difficult to cope with the complex threat situation, the final “battle” has not yet been fought. More and more companies are aware of the current threat situation and are implementing intelligent IT security concepts as well as effective Managed Security Services to prevent sophisticated cyberattacks.

While expenses for Managed Security Services added up to 4.27 billion US dollars in 2016, this amount will be doubled to 8.26 billion US dollars in 2021. Companies have realized that they need to prevent cyber threats from the very beginning. Once the threat has invaded the IT infrastructure, it’s already too late.

In our latest Cyberthreat Report you can find out in detail which trends and developments are currently particularly affecting the world of cybercrime and which dangers result from this.

Phishing emails – on a fishing trip at the data flow

Phishing emails – on a fishing trip at the data flow

The email from the principal bank came completely unexpected, its design very authentic, the content unsuspicious at first glance: ” We’ve detected a security breach in our systems. Please log into your account immediately to verify your identity”. – many recipients of such an email are not able to see its hidden fraud. That is because this is not a security breach or a well-intentioned advice from the credit institution, but a classic phishing email.

But how does phishing actually work and is a non-expert able to see through the scam? What happens after I fall for the fraud? Why are phishing emails called that way and how can I protect myself from these attacks? Questions about phishing are a dime a dozen. This blog post aims to shed some light on the abysses of phishing and shows not only how to uncover phishing emails with a few simple tricks, but also how not to let them into your mailbox in the first place.

YouTube

By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video

The name says it all

The word “phishing” established itself in the USA in the 1990s and has less to do with the open sea and its inhabitants, but parallels to the English word “fishing” can still be drawn. Because in phishing, cybercriminals literally “catch” the personal data of their victims in a fraudulent way.

The word “Phreaking” also influences the naming process. It describes the sneaking of free telephone calls by generating a 2600-hertz tone played into the handset that could mislead certain switching centres in the USA, France or Japan, for example, to set up telephone calls.The amusing thing about this is that exactly this 2600-hertz sound can be produced with a toy pipe that was once a promotional item for the “Captain Crunsh” cereals. However, modern switching technology no longer allows this method, although this procedure is the beginning of today’s well-known “hacking”. The term “phishing” is a neologism of the two words “fishing” and “phreaking”.

How does phishing work?

A phishing attack is a digital identity theft. The hackers send fraudulent emails, which for example imitate the design of well-known Internet service providers such as Amazon or PayPal as well as leading financial institutions.

With the help of insidious pretexts, the partly appearingly fraudulent messages try to lure their recipients to fake websites to have them reveal their personal data. They claim, for example, that there has been a hacker attack and that the supposedly affected account is no longer secure. Only if the user verifies his personal data on the website which can be reached via a link, the security of the account will be ensured.

The link embedded in the email is often very difficult to expose as a fraud. This is simply because the cyber criminals put a lot of value on the fact that the implemented links look as authentic as possible. By buying domains, such as “amazn.com”, which look almost similar to the original, the fraud is successful in most cases. According to the Anti-Phishing Working Group (APWG), nearly 114,000 of such phishing sites were online in March 2018.

In order to make the fraud perfect, this obviously also applies to the sender addresses of the phishing emails. The actual Amazon sender address moc.n1566716179ozama1566716179@ylpe1566716179ron1566716179 will then be changed to moc.n1566716179ozma@1566716179ylper1566716179on1566716179.

With certain email clients it is also possible to use a display name to cover up absurd sender addresses, such as moc.n1566716179imaod1566716179@rekc1566716179ah1566716179, which have nothing to do with – in our case – Amazon. Visually, this fraud can only be detected with a precise look and most victims do not notice the fake at all or at least when it is already too late. Once the victim has entered his or her personal data on the malicious website, the information is transferred directly to the cybercriminals.

Phishing and its varieties

Regular phishing emails, like spam emails, are intended for mass mailing. Cybercriminals purchase large amounts of email addresses for this purpose or use data they have captured. These fraud messages are then usually sent to millions of different people. Even though for some phishing emails the focus is not on details, they can often achieve significant success rates – at least when you look at total figures. The situation is quite different with so-called spear phishing.

The method relies mainly on the traditional phishing scam, but in this case “spear phishing” is a targeted email fraud.It can be adapted to a specific company as well as to a specific person. The purpose is to steal sensitive financial or login data. Through social engineering, cybercriminals find out as much personal information about their tagret as possible in advance so they can fake deceptively real-looking email communication. In best case, the victim does not notice the fraud and is directed to a fake website, where he or she then reveals his or her data.

What do the digital pirates want to achieve?

In most cases, the information “obtained” by the cybercriminals is access data for online banking accounts or other web-based banking services, as well as credit card information in general being a popular target.

The motivation of the attackers can be quite different and ranges from financial enrichment in the sense of account robbery or the selling of data, up to hacker attacks on companies, which are accomplished by the information of the captured data.

I have been a victim of a phishing attack – what should I do now?

Despite all the security measures, it happened and you became the victim of a phishing attack. Often one notices this only when it is already too late. Now it’s time to stay calm and react quickly! It is best to inform the operator of the affected account about the phishing attack immediately so that he can initiate appropriate measures and make the fraud public. In some cases, you can also become active yourself by changing the access data of the relevant account or by locking it if possible.

How can I effectively protect myself from phishing?

The success rate of phishing emails is very high. In 2017, Trojaner-Info.de even reported about an extremely complex phishing attack against frequent flyers, which had an immensely high success rate of 90 percent. Becoming a victim of a phishing attack can happen faster than you think.This makes it all more important to be prepared in advance for potential phishing attacks. We have therefore listed the most important recommendations in the following section.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

1. Sensibilisation

First of all, the right sensibilisation to the defence against phishing emails is a good base.. Many users are not sufficiently aware of dangers hidden in their email inbox, such as phishing attacks.It is therefore difficult for them to identify malicious emails as such. However, the risk of a phising campaign can be reduced with a little prior knowledge.

If phishing is suspected, the first thing to be checked is whether the sender address actually matches the original domain or whether it contains additions or spelling mistakes. If this is the case, it may be a first indication of a phishing attack. A further hint may be impersonal greeting, such as “Dear Ladies and Gentlemen”. For example, a bank would always start its emails to customers with a personal salutation. In addition, you should never click on links or buttons placed in emails, since as a “normal user” it is unfortunately very difficult to check if the supposed link destination is actually correct.

If the address is similar to the original domain and seems unsuspicious at first, you can check this by matching both URLs. In addition, you should never reveal personal information in any email communication.

2. Active protection

Beyond awareness, there are things that can be done to actively defend against phishing attacks. In the email client, for example, the “run active content” function should be deactivated, as this can lead to harmful content being automatically run unnoticed.

If you don’t want phishing emails to be delievered to your inbox the first place, you shouldn’t miss out on a spam filter service. Hornetsecurity’s Managed Spam Filter Service reliably filters 99.9% of all email threats, including phishing emails.

Hornetsecurity Advanced Threat Protection is designed to detect even the most sophisticated phishing campaigns through a bundle of security mechanisms such as Fraud Attempt Analysis, Identity Spoofing Recognition or Targeted Attack Detection. This ensures that no employee accidentally falls for a phishing email – even with the most advanced security measures.

Example of a phishing email:

Phishing email example

Classic phishing email in which cybercriminals disguise themselves as credit institutions. Using the pretext that there have been unusual login activities on the account, the target person is forced to verify their account details. The design is indistinguishable from the regular design of the bank. The email does not contain any spelling mistakes and the formatting is correct. Advertisements in the email with links to the real website and the QR coder for the banking app round off the overall picture. Since it is a credit institution from South Africa, even the sender domain “abSaMail.co.za” is quite credible. Only the prefix “xiphaMe” looks strange and indicates a fraud.

Example of a spear phishing email:

Spear Phishing email example

Example of a perfidious spear phishing email*. The fraudsters used social engineering to find out the names, email addresses and most likely the relationship between two employees. They then used the captured information to recreate an email communication that was as authentic as possible. Trust is built through personal salutations and insider knowledge of the company’s lawyer. The email address of the alleged sender is also entered in the name field. This is to suggest that it is actually the correct sender address. The actual sender address only follows after this.

*The example shown is a real spear phishing email. For data protection reasons, all personal information has been changed.

Malware – Cybercriminal’s favourite

Malware – Cybercriminal’s favourite

When the question is brought up as to what the term “malware” is all about, most people do not understand what the term is about. Often words like “virus” or “Trojan” are used. This is not necessarily wrong, but also not actually right. After all, the topic is much more complex and is not just about viruses and Trojans.

This blog post gives an insight into the world of malware and explains what the term actually stands for, why cybercriminals use malware and what kind of security measures are available.

More than just viruses and Trojans

“Malware” is a neologism composed of the two English words “malicious” and “software”. Mistakenly, malware is often used synonymously for the words virus or trojan, but the world of malware is much larger and more complex. In fact, malware is simply a collective term for various malicious programs, which in addition to viruses and Trojans also include “exploits”, “backdoors”, “spyware”, “worms” and “ransomware” – to name just a few of the most important representatives.

According to a study by av-test.org, trojans made up the majority of widespread malware on Windows with 51.48 percent. Far behind rank viruses with 18.93 percent followed by scripts with 10.56 percent. All other types of malware, such as ransomware, only play a minor role in the frequency of their occurrence.

Percentage of malware types

%

Trojans

%

Viruses

%

Scripts

Viruses, Trojans and worms – what are the differences?

Computer viruses are the classic type of malware and were already developed in the early 1970s. They are designed to infect other files and can spread from one computer system to another and contaminate it as well. Viruses cannot be activated without human intervention because the compromised file must be executed first.

A Trojan, on the other hand, is not a virus, but a malicious program that disguises itself as a good-natured application – which is why it is often referred to as a “Trojan horse”. Unlike viruses, Trojans do not replicate themselves. They allow hackers to take control of the infected system via a so-called “backdoor”.

Computer worms differ from viruses in their ability to spread without any intervention. By using a data interface, the malicious program can spread automatically. Since the worm can replicate itself within the system, there is a danger that not only one worm but hundreds or even thousands of copies will be sent. In the final instance, this can result in a system having to provide so many resources that no response or only extremely slow feedback occurs.

Spyware – The Spy in the System

spyware is considered the spy among malware types. It is out to record and steal entered user data. For example, it records logins in social media accounts or spies on account data during online banking. The captured data is then transferred to the hackers, who either resell it or misuse it for their own, mostly financial, interests.

Spyware can appear in different ways. On the one hand, it is possible that a so-called “keylogger” is used, which records keystrokes. On the other side, “Screencast” can be used to monitor the user’s screen activity. Hackers can also use a “browser hijacker”

 

Ransomware – When the computer demands ransom money

Ransomware is a form of malware that is able to prevent access to all data stored on a computer. The hackers encrypt the files stored on the hard disk and after a successful infection usually leave a message on the screen of the victim with the demand a ransom. If this doesn’t happen, it is threatened that the encrypted files – depending on the implementation of the Ransomware – will not be decrypted or even deleted.

There are plenty of ways to infect computers with ransomware. By far the most common gateway, however, is email communication. The cybercriminals often use social engineering to impersonate a well-known organization or a familiar person in order to suggest trust.

to impersonate a well-known organization or a familiar person in order to suggest trust.
In many cases, the Ransomware is contained in an Office document that is sent as an attachment. A pretext is used to persuade the recipient to open the file. In this case, all data on the hard disk is encrypted. Especially in recent years, there have been massive Ransomware attacks, known as „WannaCry“ or „Petya“. Even if Ransomware only appears rarely in the frequency of occurrence: The damage that can be caused by the aggressive cryptotrojans should never be underestimated! Measured in absolute figures, one percent of total malware worldwide is still a significant number.

 

 

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

 

Exploits and Backdoors – The ace up the sleeve

Exploits are a popular tool used by hackers to exploit vulnerabilities or security gaps in software and use them to enter computer systems. An exploit can be a simple theoretical description of a vulnerability or a directly runable program code.

The range of different types of exploits is so wide that there is the right exploit for almost every occasion. They differ not only in the type of attack, but also in their effects. Depending on its type, the malicious program can write or read data, for example, or even crash a system. Well-known exploit types are the zero-day attack and the denial of service exploit (DoS exploit).

 

 

A backdoor, on the other hand, represents an alternative, mostly hidden access to a software or hardware system. This enables the provider and its partners (e.g. secret services) but also hackers to circumvent the access protection and gain access to the system. As already mentioned, Trojans also have a backdoor, but it has to be clearly defined: The Trojan only serves as a means to an end, since it pretends to be a useful program and ensures that the computer can be compromised via the built-in backdoor. The backdoor ifself does not require a Trojan, as it can be installed in the system from the very beginning.

 

 

Many types of malware, one solution?

The professionalism of malware attacks is increasing day by day. In particular, attacks through ransomware are very popular among cybercriminals. Those who think that there is THE solution to the problem of malware are unfortunately mistaken. Rather, a company should have a sophisticated security concept with many different measures. In the following we will describe in detail which measures can be considered.

Many components must work well together to achieve an optimum of protection against malware. However, the most important point is to increase the awareness of employees against cyber attacks. A company’s employees must be conscious of the threats caused by malware. Information about the various malware distribution channels should therefore be integrated into the daily work routine in regular training courses, for example.

To be on the safe side, companies are advised to use a spam filtering service to prevent malicious emails from reaching employees’ email inboxes in the first place. In the unlikely event that a malware program should ever be able to infect an employee’s computer, then an antivirus program is still a useful method of defeating the invader.

Also updates should not only be common for antivirus programs. It is advisable to establish a process that regularly reviews the actuality of the programs used, in order to update them if necessary. Those who stick to these tips are at least less likely to become a victim for cybercriminals.

 

 

Additional information:

 

 

Email archiving and GDPR – the biggest myths at a glance

Email archiving and GDPR – the biggest myths at a glance

Citizens of the European Union have reason to relax: The introduction of the General Data Protection Regulation (GDPR) since May 2018 significantly strengthens the protection of personal data and at the same time initiates a new era of European data protection. But one man’s meat is another man’s poison. Not everyone agrees with the “strictest data protection law in the world”. Companies and organizations that have to implement numerous new policies and guidelines, are annoyed by the significant additional effort and the partly non-transparent regulations.

Since the GDPR also has a direct effect on the handling of emails, there are a few things to consider as well – especially with regard to the issue of email archiving. We show how the GDPR and legally compliant email archiving can be combined and explain the most important myths.

The devil is in the detail

As a company, do I really have to archive all emails and if so, for how long at all? These are typical questions asked by those responsible for implementing the GDPR. At this point, the GoBD (principles for proper management and storage) [only in Germany] play an important role. These principles specify how long emails with certain contents must be archived. It is not uncommon for archiving to be confused with backup, but clear differences must be made here.

While a backup ensures the temporary availability of data and its recovery, archiving has a different function: it guarantees the long-term storage of data on a separate storage medium for documentation purposes. According to the GoBD, an email always has to be archived if it operates instead of a commercial or business letter or a booking document. If the email is only a means of transport and contains, for example, an accounting document as an attachment, only the attached file as such must be retained, but not the email itself. However, a printout of the invoice is not sufficient.

Hornetsecurity News


Stay in touch

Sign up to get the latest News about Cloud Security.

The required retention period for business emails is six to ten years. However, small businesses are excluded from this regulation. The exact storage obligations for the different types of documents can be found in the tax code as well as in the commercial code. The situation is different with private emails: Companies, in which the private use of emails is at least tolerated, may under no circumstances monitor or store the private email communication of employees.

The GoBD also specifies that emails must be archived unmodified. This means that a simple storage of digitized documents at this point is not sufficient. Another misbelief is the storage via the email client. Simply creating a folder and manually moving all emails, that are required to be archived, is not sufficient either. The proper protection against loss or theft is simply missing here. But how can a company implement all these regulations as cost-effectively as possible and save time and resources?

The solution lays in the cloud

If you want to be on the safe side, you can rely on modern email archiving via the cloud. Cloud-based email archiving solutions offer several advantages for companies: they are fully automated, legally compliant and operate without the intervention of internal IT.

Hornetsecurity’s email archiving service, for example, ensures that emails are transferred to the archive fully automatically. A very precise distinction is made between clean mails and spam as well as info mails. The latter of course do not end up in the email archive. The complicated and time-consuming search for archived emails is also prevented by Hornetsecurity’s email archiving service.

Thanks to perfectly coordinated search algorithms, emails can be easily retrieved and filtered via the Hornetsecurity Control Panel. The administration is made easy for IT managers: Only a few clicks are required to manage Aeternum – regardless of whether this involves the import or export of emails or basic settings for the duration of archiving.

Additional information: