Hornetsecurity Blog
Get regular updates from the world of cloud security
In our blog, the Hornetsecurity team – especially the experts from the Security Lab – regularly report on IT security topics as well as on current innovations and events at Hornetsecurity.
BazarLoader’s Elaborate Flower Shop Lure
Since 2021-01-20 Hornetsecurity observes a new malspam campaign using a fake flower shop in an elaborate social engineering lure to spread the BazarLoader malware. The campaign sends invoices from a fake flower shop in hopes that potential victims will manually find the fake flower shop website and download the BazarLoader malware.
Emotet Botnet Takedown
On 2021-01-27 it was announced by Europol that an international worldwide coordinated law enforcement and judicial action has disrupted the Emotet botnet and investigators have taken control of Emotet’s infrastructure.
If successful this could mean the end of Emotet, its botnet, malspam, and malware loader operation.
While the situation is still developing, we can confirm that the Emotet botnet infrastructure is disrupted. Victims will be notified by responsible country CERTs and should take appropriate actions to clean their Emotet malware and secondary malware infections to prevent still active malware that was downloaded by Emotet to deploy ransomware.
On its way becoming a fully comprehensive security provider for Microsoft 365
It’s becoming a tradition: Hornetsecurity is off to a flying start in the new year, announcing another successfully completed acquisition. With this announcement, Hornetsecurity takes over 100% of the shares of Altaro, the fast-growing international provider of backup solutions…
Hornetsecurity announces new partnership with emt Distribution
Europe’s leading Cloud Email Security Provider, Hornetsecurity, is partnering with emt Distribution, an award-winning specialist in IT security, IT management and analytic solutions, to expand in the APAC and META markets.
365 Total Protection honored with Computing Security Award 2020
On 10.12.2020 the time finally arrived: The winners of this year's Computing Security Awards were announced via livestream on YouTube. Hornetsecurity has reason to celebrate, as its 365 Total Protection service was named as the winner in the "Editor's Choice"...
SolarWinds SUNBURST backdoor assessment
On 2020-12-13 FireEye disclosed a backdoor in updates of the SolarWinds Orion Platform. Affected organizations should update to the fixed version immediately. The backdoor is part of a global espionage operation and used to access government and high profile private company networks. Hornetsecurity assessed its own situation and is not affected.
Hornetsecurity included in ‚Secure Email Gateway – Market Quadrant 2020‘
Most cyber attacks hit businesses via email, so it is extremely important to choose the right security solution. The new ‘Secure Email Gateway – Market Quadrant 2020’ from Radicati Group, which can be downloaded free of charge, provides helpful guidance. Hornetsecurity is highlighted in the market analysis as an innovative ‘Trail Blazer’ that stirs up the market with new technologies…
QakBot reducing its on disk artifacts
QakBot has been updated with more evasion techniques. QakBot’s configuration is now stored in a registry key instead of a file. The run key for persistence is not permanently present in the registry but only written right before shutdown or reboot, and deleted immediately after QakBot is executed again. QakBot’s executable is also not stored permanently on the file system anymore, but similarly to the run key registry entry, dropped onto the file system before reboots and deleted afterwards. This way security software can only detect QakBot artifacts on disk, right before system shutdown, and shortly after system boot. However, at that time security software itself is shutting down and booting up, hence may not detect QakBot’s new persistence method.