Hornetsecurity Blog
Get regular updates from the world of cloud security
In our blog, the Hornetsecurity team – especially the experts from the Security Lab – regularly report on IT security topics as well as on current innovations and events at Hornetsecurity.
Phishing Technique Trends
The basic idea behind phishing has not changed since the 90s, however, the delivery tactics and techniques are constantly evolving.
In this article we outline current trends in phishing techniques. These include abuse of legitimate file hosting services, geo-fencing, automatically loading the victims company and/or email provider logo on the phishing website and asking the victim for the password multiple times.
Increase in cybercrime in the pre-Christmas season
New Infopaper gives tips on how to best protect your businessThe year is coming to an end, and the earliest shoppers are thinking about what to give their loved ones for Christmas. Online stores and local businesses in turn are preparing for the high-volume,...
Emotet Inviting Friends to your Halloween Extravaganza
Threat actors often try to bandwagon on current events to trick their victims into falling for their lures. To this end, Emotet also this year sending fake Halloween party invitations to potential victims.
While the basic concept behind the fake Halloween party invitations this year is the same as last year, the variety in email texts has increased.
Hornetsecurity included in Gartner’s 2020 Market Guide for Email Security
The new Market Guide for Email Security from leading research and advisory company Gartner has listed Hornetsecurity as Representative Vendor. With the Gartner Market Guide for Email Security, analysts Mark Harris, Peter Firstbrook and Ravisha Chugh provide comprehensive guidance on how to set up email security to meet changing circumstances. Especially because of the dramatic increase of phishing attacks, the rise of business email compromise (BEC) and the ongoing migration to cloud security, security managers need to ensure that the solutions they choose are appropriate….
Leakware-Ransomware-Hybrid Attacks
Since December 2019, ransomware operators have been using leakware/ransomware hybrid attacks more and more often. These attacks combine the classic ransomware attack with a leakware attack. In a classic ransomware attack, the victim’s data is encrypted and is only decrypted back after the victim pays a ransom fee to the ransomware operators. In a leakware attack, the data is stolen, and the victim is blackmailed with the data being published publicly unless he pays a certain fee.
In a leakware/ransomware hybrid attack, the data is first stolen, then encrypted. Then the victim is first asked to pay the ransom for decryption. If the victim declines to pay the ransom, the attackers threaten him to release the stolen data publicly. In some cases, business partners and/or customers of the victim are also contacted and informed of the impending data release to put even more pressure on the victim.
VBA Purging Malspam Campaigns
VBA purging is a recent office macro detection evasion technique. It removes the VBA macro `PerformanceCache` from malicious documents. While the VBA macro source code is only stored in compressed form in Office documents, this `PerformanceCache` caches the decompressed VBA source code in uncompressed plain text form. Because many security scanning solutions rely on this uncompressed plain text VBA macro source code to be present in order to detect malicious VBA macro code, their detection can be evaded by VBA purging.
QakBot distributed by XLSB files
The Hornetsecurity Security Lab has detected usage of XLM macros within XLSB documents to distributed the QakBot malware.
Because both XLM macros as well as the XLSB document format being uncommon these new malicious documents have a very low static detection rate by current anti-virus solutions.
BazarLoader Campaign with Fake Termination Emails
BazarLoader is a new malware loader attributed to a threat actor with a close relation to the TrickBot malware.
The loader is also aptly named KEGTAP, as in device used to open a beer keg, because it is used to “open” the network of victims for follow up malware in order to move laterally on the network and eventually deploy ransomware.
Sign Up Hornet News
The new Cyberthreat Report
Brand new – 2nd Cyberthreat Report in 2020
The brand new Cyberthreat Report tells you all about current cyberthreats and gives you access to exclusive numbers and statistics.
