Background Press Release

Ransomware and CEO fraud interceptor

Written by Hornetsecurity / 04.10.2016 /
Home » Blog » Ransomware and CEO fraud interceptor

The email gateway has now been permanently closed to attackers: Hornetsecurity Advanced Threat Protection (ATP) now provides companies with effective protection against sophisticated attacks.

Most importantly: The service detects phishing attacks, espionage attempts and ransomware from the first email and ensures that they cannot cause any damage. For this purpose, Hornetsecurity ATP relies on a unique package of protection mechanisms such as sandboxing, URL rewriting, URL scanning and freezing as well as several forensics systems. The package also includes real-time notifications – immediate, automatic notification of the customer in case of attack: Forewarned is forearmed.

The president of the German Federal Criminal Office estimates the extent of the damage caused by cybercrime at 50 billion euros in Germany alone. A significant part of these damages was caused via the email transport route, which is why it is imperative for companies to close this gateway to attacks. Although classic spam filters do help protect against the most common attacks via email, they do not provide sufficient protection against the increasingly frequent personalized attacks, ransomware or CEO fraud, at least in the early stages of an attack. Hornetsecurity ATP, in contrast, is already effective against the first malicious email, thus ensuring end-to-end security.

The forensics package on a variety of filters, which is unique in the market, is especially good at detecting CEO fraud: The filters use Intention Recognition System, Fraud Attempt Analysis, Identity Spoof Recognition, Spy Out Detection or Feign Facts Identification to check the email communication of individuals requiring special protection in a company, such as managing directors, authorized officers or accountants. Hornetsecurity also makes use of ATP Freezing. Here the system retains suspicious emails over a period of time, in order to subsequently re-scan them with updated signatures. Another important defensive tool is URL scanning, which opens links in file attachments that must not be modified and automatically scans them for malicious links.

Hornetsecurity ATP is also equipped with defense mechanisms like sandboxing and URL rewriting: the service uses sandboxing to check suspicious file attachments by opening them in a secure environment. The service then observes the actions the attachment performs and checks whether only one file opens or if it contains hidden links as well as whether the attachment performs malicious activities and accesses generally unneeded systems. Hornetsecurity ATP also replaces all links contained in an email with its own URL and then redirects the user to the intended target website via the Hornetsecurity Webfilter Service. This prevents the email recipient from accidentally surfing to a malicious website or downloading malware.

Another feature of Hornetsecurity ATP is the automatic notification in case of attacks: As soon as the service detects an attack, the customer’s security manager receives a detailed information email, allowing them to quickly warn their colleagues and issue a call for increased caution.

“We have packed more highly effective and multilayered defenses into Hornetsecurity ATP than any other ATP product offers,” says Daniel Hofmann, managing director of Hornetsecurity. “And the demand speaks for itself: We received numerous trial inquiries even before the release. And the customers already testing the Hornetsecurity ATP are full of praise about the product!”

You might also be interested in