Coronavirus is also dangerous by email

Coronavirus is also dangerous by email

Hornetsecurity warns of phishing and malware attacks that pretend to be from global health organizations

Reports of new cases of Coronavirus infection are appearing rapidly. The pictures of sealed-off cities and people in quarantine suggest a horrifying scenario. But the virus is not only a risk in the analogue world: the growing fear is shamelessly exploited by cyber criminals with targeted phishing and malware campaigns. Sadly, there is now a Coronavirus infection risk via email.

Since the beginning of February, the Hornetsecurity Security Lab has observed an increased volume of emails sent in the name of the World Health Organization and the Centers for Disease Control and Prevention. The messages explicitly take advantage of people’s fear of the virus.

For example, a link provides an alleged list of new cases of infection in the immediate vicinity. The recipient would be able to access this list by entering an email address and a password. This is a classic phishing email that is intended to steal sensitive data. In other cases a download link or an attached document is offered. Both promise information on security measures to protect against infection.

If the link is clicked or the document is opened, a malicious file will be downloaded. There is a substantial risk that the IT system could be infected with a virus or ransomware.

Increase in attacks that reference current events

The experts at Hornetsecurity point out that more and more often, current events with a high emotional charge are being used as hooks for large-scale phishing and malware campaigns. By exploiting people’s emotions, cyber criminals know their emails will receive more attention and be seen as more credible. The probability that the messages will be opened increases.

The Coronavirus mailing is only one of many current cases. There have been similar mail attacks referencing the climate protests initiated by Greta Thunberg, GDPR and the bush-fires in Australia—all of these are actual exploits that have been intercepted by Hornetsecurity.

Since email communication in companies is still the number one gateway for cyber attacks, employees must be made aware of this issue in addition to setting up effective protection mechanisms. Detecting phishing emails is not easy – but not impossible either. To vet suspicious messages, the following areas should be checked:

  • The sender’s email address can provide information about the true origin of the message. If it is not plausible or contains spurious letters or cryptic symbols, this is a warning sign.
  • Large-scale phishing campaigns often only use a generic form of address for the recipient.
  • Incorrect spelling and grammar and an unprofessional layout are also an indication.
  • The use of pressure is a common tactic. This is intended to undermine critical thinking.
  • Cyber criminals often try to get the recipient to open a URL or attachment. Email attachments can present serious risks.
A journey through the history of cryptography – Part 1

A journey through the history of cryptography – Part 1

A never ending story? Data breaches at major companies dominate the headlines throughout the world’s newspapers. They have increasingly become a permanent topic in public reporting, but along with that, companies are also becoming more aware of the need to protect sensitive data from third-party access. The Ponemon Institute has observed a steady increase in the implementation of encryption strategies in companies over the past 14 years.

However, legal regulations, especially within Europe, force companies to use encryption. An important factor here is the General Data Protection Regulation (GDPR), which has been enforced since May of 2018. Personal data must be encrypted as soon as it is transmitted over the Internet or stored in the cloud, while encrypted communication was hardly considered at all a few years ago, it is currently “in vogue”.

It is important to note that encryption is not a modern invention. From a historical point of view, the beginnings date back for centuries of time, as we know the Roman commander Gaius Julius Caesar already exchanged encrypted messages with his military leaders. In this article, we will take a look back into the past to better understand today’s cryptography.

Before we enter our time machine, tighten our helmets and set off on a hunt for clues, we want to point out that side effects such as nausea, headaches and confusion can occur during this journey. We will attempt to provide the best possible service during your trip through the history of cryptography. Fasten your seat belts!

Historical cover-up – also known as: lemon juice on parchment

In the year 480, we are in the middle of the age of antiquity. Roman commanders compete for the rule of the Roman kingdom. Intrigues, murders and other fraudulent activities must be planned and executed. But how can such a planned assassination be transmitted to the contractor, undetected? Have you ever heard of lemon juice on parchment? It represents a classic secret communication channel.

The text is written on parchment using lemon juice. After the lemon juice has dried, the parchment gives the impression of a blank sheet. The recipient of the message can still decode the message very easily. For example, in those days he would hold a candle behind the parchment and thus be able to make the lemon juice visible and read the message.

In addition, there were several other methods that were used in antiquity. Slaves were used to shave the hair off their heads, tattoo the message on the back of their heads and wait for the hair to grow back to deliver the message to the rightful recipient. Without question, this was one of the more radical means of communication, and was not suitable for urgent messages either.

The procedures just described belong to steganography, which is clearly distinguishable from cryptography. Steganography is based on the hope that an outsider does not notice that two private parties are communicating with each other.

Beginnings of cryptography: Asterix and Obelix visiting Caesar

Opposite of steganography, cryptographic communication happens between two or more communication partners with language that may be visible, but remains confidential. Only the information itself is not visible to outsiders, through the encryption of the message.

Let us stay in Rome. Let’s immerse ourselves in the world of the Gauls and Romans.

A popular encryption technique was developed by a very well-known historical personality: Gaius Julius Caesar. Known today as the Caesar cipher, the later Roman emperor communicated with his military leaders through encrypted messages. Neither unauthorized persons nor the enemy, in this case the Gauls, knew the purpose of the coded texts. But as time passed, this encryption method could be cracked in quite a few simple ways.

The Caesar cipher is a simple symmetric encryption method, and is based on a substitution. This means that each letter used in the message is replaced by a new letter. The substituting letter results from a letter offset within the alphabet that is determined in advance. For example, a shift of three digits. In this case, “Thank you” becomes “Gdqnh”. For the decryption a cipher disk was often used to avoid having to constantly repeat the alphabet. With this type of encryption, the recipient only had to be informed in advance about the offset with a secret key.

An unauthorized person could not initially get anything out of the message without the key, but once he or she has spent some time on it, it is easy to decrypt the message after an average of 25 attempts. This is because they had to check the alphabet at a maximum of once to discover the correct letter offset. Today’s computers would take less than a second to do this. The Caesar cipher is therefore no longer considered secure and has been replaced by newer methods. All aboard, we’re off to France in the 16th century.

A journey through the history of cryptography - Part 1

From Rome to France

One of the methods that replaced the Caesar cipher as a more secure alternative was the one developed by French diplomat and cryptographer Blaise de Vigenère in the 16th century, also known as the Vigenère cipher. It is comparable to the Caesar cipher, and is also based on the substitution of letters, but it uses several ciphertext alphabets.

How many alphabets are used, is determined by a key. Instead of a number, a keyword is chosen, which is written under the encrypted message. The keyword specifies the letter offset for each letter. The first letter of the keyword defines the alphabet for the first letter of the clear text, the second letter of the keyword determines the alphabet for the second letter of the clear text.

Example Vigenère Chiffre

Keyword: Present | Message: We give Tom a voucher for his birthday



The “P” now gives a letter offset of sixteen letters, since the “P” is in the sixteenth position in the alphabet. The “R” shifts eighteen letters and so on. So the “WE” becomes a “MW”.

The safety of this encryption method is strongly related to the key length and whether the key is used multiple times. The keyword in our example is therefore not really secure.

However, some years later this encryption method turned out to be easily decoded. We will now take a look at another encryption method that was considered indecipherable for a long time.

Enigma and the Turing Machine

We make a stop in Germany in the 1930s. Similar to the Caesar cipher, encryption methods were mainly used in a military context. Therefore, it is hardly surprising that Germany also made use of encrypted communication during the Second World War. The special aspect of this type of encryption was that it was encrypted and decrypted by using a machine. The key was modified every day, so that it lost its validity after 24 hours. That machine is called Enigma.

Enigma was invented by Arthur Scherbius in 1918 as a special machine for routine cipher and decipher. The basic operating concept dated back to the years of the First World War. The First World War is considered the first war in which cryptography was systematically used. Already during the war and in the years after it, the first machines were developed which offered a significantly higher level of security than the manual methods. Enigma was offered for sale, but was met with very little interest from both the business community and government agencies. It was not until 1933, under Hitler, that Enigma became part of the standard equipment of the National Socialists. But how exactly does this odd machine work?

At first sight it resembles a classic typewriter, but inside it hides a rather complicated system. The operating principle is based on simple electric circuits, each of them connecting a letter key on the keypad to an electric light that illuminates a letter on the display. However, the “A” is not connected to the “A” on the display panel: all the rollers are interlocked according to a specific system. The message can therefore only be decoded if the recipient knows all the settings of the transmitting enigma.

Sounds like an insurmountable encryption, doesn’t it? But it was cracked by a British computer scientist in 1941. Alan Turing declared war on Enigma with a self-developed “Turing machine” and eventually won. Historians claim that this machine ended World War II prematurely and saved millions of lives.

Principle of modern cryptography

Before we now start our journey back to your offices, we would like to give you something to conclude:

As you have now learned at our various stations, even systems whose encryption algorithm was known only by the receiver and sender were able to be deciphered. One principle of modern cryptography, also known as Kerckhoff’s principle, therefore states that the reliability of a (symmetric) encryption method is based on the security of the key rather than on the secrecy of the algorithm. It is therefore advisable to use public algorithms that have already been sufficiently analyzed.

However, our journey into the history of cryptography is not over with this article, because one question remains open: Are there secure methods for encryption? To be continued …

Top 5 Cyberthreats expected in 2020

Top 5 Cyberthreats expected in 2020

We asked our Head of Product Management, Dr. Yvonne Bernard, to give us an expert assessment of cyberthreats that we should have on our radar in 2020. 

Being asked to predict what the next big threats are will always be ambivalent:  On the one hand, I have access to big data analysis tools which enable forecasts on a great level and our very own security lab gives me all types of technical details. On the other hand, predictions also require a combination of intuition, experience and self-confidence … But it is a great opportunity to warn people just by looking into your crystal ball, and I’m willing to take on the task.
My overall assumption is that email will remain attack vector no. 1, especially for the kind of business customers we protect daily. That said, my first threat prediction might astonish you:

1. Hacked IOT devices

I expect attacks on IOT devices to increase further in 2020. These devices are cheap and even useful in an industry 4.0 or digitalization scenario. They often lack patch management, and are based on standard open operating systems with well-known default users or admins (e.g. opeHAB for Raspberry Pi). My worry in such a setting that it is not just a Chinese hacker switching off your coffee machine: These millions of easily hacked devices from different IPs worldwide are the perfect breeding ground for botnets like reaper. DDoS and many more worldwide large-scale attacks can be directed to many small or large companies or critical infrastructure – using hacked IOT devices worldwide for free.

2. Big data exfiltration attacks with ransomware as a service

We’ve seen Ransomware as a Service before: People with no programming or hacking skills at all can build their own Malware. Malware build kits like Philadelphia (sell for $389) or the currently active Satan (via revenue share sales model).

This and similar simplifications of malware attacks could increase the attacks on SMB as it is now cheaper and easier than ever. Being a small company does not relieve you from being a potential victim of cybercrime – but being a large one does not either.

We see first hints that Data Exfiltration attacks based on ransomware will highly increase. The last big Ransomware extortion trend that is built to encrypt your data and blackmail the victim to pay for the decryption key is still out there … but data exfiltration grows rapidly: instead of tampering with the data, the data is stolen and extracted to external storages. Attackers (sometimes even providing proof of the data possession) then threaten to publish them if you do not pay. Stolen data can be private media as well as intellectual property, company secrets or customer data. This trend is quite new but expected to grow rapidly.

3. AI-enhanced malware

The usage of AI for cyberattacks will increase: Deepfakes e.g. to fool even new voice recognition have already been seen, also different techniques to improve the targeting of attacks. One of the major threats based on AI, is that malware becomes host-system aware:

New AI-enhanced malware is able to assess the system it is installed on and its vulnerabilities, especially which operating system it uses. It then learns about the systems patch status. Based on what vulnerabilities are found on the infected host, AI-enhanced malware downloads targeted modules from the Command and Control servers. The initial malware already knows the downloaded modules will succeed in execution, because it is designed to use the detected vulnerabilities of the host system.

4. Smart Phishing

Phishing emails will become smarter, more realistic and more automated. Thus, the amount of hard-to-determine phishing emails in inboxes will increase. For instance, many Social Networks offer APIs which enable them to scale Business Email Compromise to a whole new level – both real-looking and effortless – fully automated. Again, this scaling of realistic attacks might affect companies of all sizes.

5. Malware with hidden encrypted attachments

We have seen an increase of the amount of Malware hidden in encrypted attachments starting mid-2019 which is still growing. This sounds very abstract and unlikely, but imagine you are working in HR and receive an email with an application for a job you posted on stepstone. The applicant writes a perfectly matching cover letter and their resume is attached in the PDF which can be opened using password “yourjoboffer2020!”. Would you fall for it?


Office 365- is ‘Account Hijacking’ the number 1 security risk?

Office 365- is ‘Account Hijacking’ the number 1 security risk?

Currently there are about 180 million corporate customers reported by the international technology company Microsoft using their cloud service Office 365. With the end of support for Windows 7 on January 14 and the termination of support for Office 2010 in October this year, a significant increase in Microsoft Office 365 users is expected. Companies are now weighing the risks of cyber-attacks on cloud services against the technological opportunities. They are facing the choice of either storing their data in the cloud and upgrading their IT systems or being left behind by the competition of the future.

Microsoft is already countering the increasing number of cyber-attacks on Office 365 users with numerous security measures enabled to protect its customers’ important data and information from unauthorized access and insight. The main vector for malware and phishing attacks is email communication, for which Microsoft has integrated special security mechanisms. However, security experts recommend to not only rely on Microsoft’s safety measures, but to additionally secure Office 365 accounts with third-party solutions. Why? We will explain in the following blogpost.

Office 365 – ‘account hijacking’ vulnerability?

With greater flexibility, cost savings, outsourcing of storage capacity, relevant tools and the latest software available in seconds – all these factors point to the benefits of cloud computing. Already 73 percent of German companies rely on cloud services and see this as a growing market for the future. In upcoming years, other companies will no longer be able to avoid the upgrade of their systems – or they will be left behind by their competitors.

Microsoft is regarded as the major driver of the cloud movement, and has brought the world’s most widely used office suite to the cloud with Office 365. Critical and sensitive files are uploaded and exchanged daily by more than 100 million business customers in the Office Cloud … a fact that cyber-criminals are well aware of. Recently, Microsoft reported a 250 percent increase in targeted attacks on Office 365 accounts. Microsoft has already integrated some security features into Office 365 – but the question you should ask, are these measures really enough? What additional solutions can provide comprehensive security?

Increase in email attacks on Office 365

Attacks on Office 365 accounts increase from quarter to quarter

IT Security: What are the challenges with Office 365?

The key factor for migration to the cloud is the protection of personal data, in addition to comprehensive security, especially after implementation of GDPR. The worldwide increase in cyber-crime is placing the challenge of these factors even more clearly in focus.

Identifying an Office 365 user is very simple for an attacker, because the MX records and autodiscover entries are visible to the public online. Comprehensive security features are being implemented to prevent possible attacks from Office 365 accounts, but it must be kept in mind that the data in the cloud itself – even in the event of unauthorized access – can be accessed from anywhere. By using Office 365, an important security aspect is no longer available to companies: the firewall. If an attacker succeeds in gaining unauthorized access to an Office 365 account, all data is available to them without any restrictions.

Email communication is the main gateway for attacks

95 percent of all cyber-attacks on companies occur via email, because email is considered a central channel of communication by companies worldwide. A single mailbox often contains numerous email messages with personal data of other users, sensitive files and sometimes even internal confidential information. Attackers can enter a company’s IT directly via email without authentication. All it takes is for one user to interact with a piece of infected content or attachment that takes over the user’s account. If an administrator account has been taken over, the attacker is given the same rights as the account owner and has the opportunity to gain access to the data of all users within the company.

Office 365 Hijack Attacke

A Hijack attack specifically targeting Office 365 users

A new level of security is necessary

The focus of additional security features should primarily be on the area of email communication. It is important to secure Office 365 accounts with a third-party solution. Specialized providers hide Microsoft DNS and MX records, which means that Office 365 users are not easily identifiable to attackers and are therefore less likely to be targeted. In addition, they provide much better protection against targeted attacks on Office 365 accounts, which the attacker has successfully tested against the basic Microsoft protection mechanisms. In addition, a small number of providers allow full encryption of mailbox data stored within the cloud, which is then protects against spying even if an account hijacking was successful.

The IT market research institute Gartner predicts that this year already 50 percent of the organizations using Microsoft Office as SaaS will secure their email communication through third-party providers. 35 percent of all companies that switch to the Office 365 cloud will use such a solution from the very beginning.

Cybercrime: The threat is growing

Cybercrime: The threat is growing

The integration of technology into almost every component of human life not only opens up new possibilities, but also offers countless undefined gateways for criminal activities. New technologies are being introduced much faster than the security can be verified and guaranteed. Cyberspace is changing rapidly, and so are the methods used by hackers and fraudsters.

Why is cyber-crime one of the global threats, what role will artificial intelligence play in the future of cyber attacks and their defense, and why are hackers increasingly targeting Microsoft Office 365? These topics will be the subjects of the first Hornetsecurity Cyberthreat Report in 2020. In addition, current statistics and exclusive assessments by experts from the Hornetsecurity Security Lab provide a detailed insight into the threat landscape of the cyber world.

A global threat

What do droughts, tidal waves, drinking water crises and cyber-crime have in common? They are all among the global threats that endanger our lives, daily. Cyber-crime is now in its third consecutive year, as the increase in professional and targeted cyber attacks has revealed a growing potential threat to national and global security. In particular, the collapse of critical infrastructures caused by cyber attacks currently ranks second amongst the risks to our world.

The security of IT infrastructures is becoming increasingly important in people’s and companies’ minds – a full 92 percent of those surveyed in a TÜV study see cyber attacks as a serious threat … And rightly so. In addition to image damage, monetary losses also play a major role.

Critical infrastructures: When electricity no longer flows

Critical infrastructures are increasingly at risk of being hit with cyber attacks. According to an analysis by experts from the Hornetsecurity Security Labs, the energy industry has been the most attacked sector since the beginning of 2019! Where does this trend come from? A cyber attack on a utility company puts great pressure on operators because the consequences are devastating. A prolonged power failure, for example, not only leads to bottlenecks in the supply of food, but medicines can also no longer be cooled.  Due to their vulnerability and their impact on the public good, the cyber security of critical infrastructures deserves special attention.

Endangered industries

The IT experts from the Hornetsecurity Security Lab have come to an interesting conclusion: According to an analysis of the top 1000 domains with the largest e-mail volume, the energy sector in particular as already mentioned is a huge target, but also the logistics and automotive sectors are also major targets of cyber attacks. The attack vectors used by cyber-criminals are striking. For example, the Security Lab has found that attacks on the energy sector use particularly malicious links, as many anti-spam solutions can detect viruses even in the attachment. Cyber-criminals are using new methods to spread malware and circumvent old security features.

Ransomware & Emotet

In October 2019, the FBI warned of a wave of attacks with ransomware. The last time there was a report of this kind was in 2016, shortly before WannaCry and NotPetya. A successful attack with ransomware can lead to complete failures of entire networks and thus not only cause considerable disruptions to operations but also immense monetary losses. Ransomware is no longer just a simple Trojan – but is increasingly developing into a business model.

What is the most dangerous malware in the world? Emotet. Why? Since its first appearance in 2014, Emotet has been steadily developed. Now the malware no longer just reads contact relationships from the history, but even the content of emails. This provides cyber-criminals with a basis for targeted social engineering attacks.

Microsoft Office 365: The hacker’s favorite child

The outsourcing of IT infrastructures is becoming increasingly popular, especially with companies and organizations. In the future, it is likely that a large proportion of data traffic will be carried over the cloud. Microsoft’s Office 365 Cloud is one of the most popular services of this kind, with the number of subscribers increasing by 320 percent between 2015 and 2017.

But why is the Microsoft Office Cloud so vulnerable? Around 100 million business customers use the Microsoft Office 365 Suite – sensitive data, company secrets and personal information are exchanged and stored there. But the high user numbers also attract cybercriminals. As early as 2018, for example, a considerable increase in attacks was identified. According to Recorded Future, Microsoft ranked eight places on the top ten list of most exploited vulnerabilities – six of these vulnerabilities in Office applications.

What’s next?

One thing is clear: the threat posed by cybercriminals is growing – for private individuals or companies. The new Hornetsecurity Cyberthreat Report gives a detailed insight into the current threat situation, shows statistics on spam and phishing and provides many more exclusive assessments from the IT experts of the Hornetsecurity Sec Lab. Request the report now for free!

Expansion continues: Hornetsecurity acquires long-standing British distribution partner EveryCloud

Expansion continues: Hornetsecurity acquires long-standing British distribution partner EveryCloud

Hannover (January 6, 2020)A successful start into the new year: Hornetsecurity completes the acquisition of the British distribution partner and email security provider EveryCloud. Since 2009, EveryCloud has sold the services of the German market leader for cloud security solutions exclusively under its own branding in the UK and later also in the USA.
After the acquisition of Avira’s spam filter division in 2018 and the takeover of the Spanish market leader Spamina in January 2019, the Hornetsecurity Group is thus expanding its European market leadership rapidly.

Since its launch in 2009, EveryCloud has served as Hornetsecurity’s local representative in the UK and the USA and gained significant market share in the email security segment. The distribution partner has earned a 1st class reputation for excellent cloud email security solutions and service with over 250 Five-Star Reviews on the tech platform Spiceworks.

From now on, with the business running jointly under the Hornetsecurity Group, EveryCloud’s 9,000 customers and over 400 resellers worldwide will continue to rely on the platform they know and trust but will also have access to Hornetsecurity’s many other services. These include the comprehensive Security and Compliance Suite for the Microsoft Office 365 Cloud, 365 Total Protection, as well as the 365 Total Encryption service for encrypting emails in Office 365 and the recently released SIEM Connector. Daniel Hofmann, CEO of Hornetsecurity, affirms, “Thanks to combined strengths, EveryCloud customers can expect even more comprehensive products, services and benefits. This deal has been designed so there is zero disruption for EveryCloud customers and partners who will simply continue using the same platform they’ve always used”.

The experienced team of Everycloud’s CEO, Graham O’Reilly, will remain. He takes over his new responsibilities for the US and UK markets within the Hornetsecurity group. “Joining forces means we can aim higher than ever in our markets by leveraging Hornetsecurity’s resources and scale, plus get even closer to the product offering,” Graham O’Reilly points out.  
Hornetsecurity übernimmt EveryCloud
The Merging will enable Hornetsecurity to compete even more effectively in the global marketplace and to protect businesses in the US and UK with its email security services. “EveryCloud has successfully competed against large competitors in the English-speaking markets and has become an established brand. Hornetsecurity will build on this success and the experience that the team has gained over the years and continue to significantly invest in these markets and thus further accelerate growth,” explains Daniel Blank, COO of Hornetsecurity. “We see the key to gaining and maintaining new customer relationships in country-based, local sales, technical and support teams to ensure the highest possible quality. The acquisition of EveryCloud is a significant step in our global strategy.

About the Hornetsecurity Group

Hornetsecurity is the leading German cloud email security provider in Europe, which protects the IT infrastructure, digital communication and data of companies and organizations of all sizes. The security specialist from Hannover provides its services worldwide via 9 redundant, secured data centers. The product portfolio covers all important areas of email security, including spam and virus filters, legally compliant archiving and encryption, as well as defense against CEO fraud and ransomware. With around 200 employees, Hornetsecurity is represented globally at 10 locations and operates in more than 30 countries through its international distribution network. The premium services are used by approximately 40,000 customers including Swisscom, Telefónica, KONICA MINOLTA, LVM Versicherung, DEKRA and Claas.

About EveryCloud

The british email security provider EveryCloud was founded in 2009 with the mission to secure corporate communications using state-of-the-art security technology and outstanding service. Over 9,000 customers – mainly from the UK, USA and Australia – rely on EveryCloud.