Hornetsecurity Blog
Get regular updates from the world of cloud security
In our blog, the Hornetsecurity team – especially the experts from the Security Lab – regularly report on IT security topics as well as on current innovations and events at Hornetsecurity.
The webshells powering Emotet
The Hornetsecurity Security Lab presents details on the webshells behind the Emotet distribution operation, including insights into payload downloads and how from 2020-07-22 to 2020-07-24 Emotet payloads on Emotet download URLs were replaced with HTML code displaying GIFs. The analysis shows that the number of downloads of the malicious content behind the Emotet download URLs is significant and has been observed peaking at 50,000 downloads per hour. Highlighting that Emotet emails do get clicked. The analysis further shows that compromised websites are not just compromised once but multiple times by different actors and cleanup efforts by the website administrators are often insufficient leading to re-enabling of the malicious Emotet downloads.
Privacy Shield: The end of transatlantic data exchange?
On 16.07.20 the European Court of Justice (ECJ) overturned the data protection framework between the USA and Europe. Although this does not immediately mean the end of data transfer between the two continents, it does have far-reaching consequences. Let’s take a quick...
Providence Strategic Growth and Verdane Invest in Hornetsecurity
LONDON, OSLO, AND HANOVER – [23] JULY 2020 – Providence Strategic Growth (“PSG”), the growth equity affiliate of premier asset management firm Providence Equity Partners (“Providence”), and Verdane, the specialist Northern European growth equity investor, today announced that they have entered into a definitive agreement for an investment in Hornetsecurity Group (“Hornetsecurity”), a leading European provider of cloud-based email security and data protection, whereby affiliates of PSG become new shareholders in the Company whereas Verdane re-invests.
Emotet is back
On 2020-07-17 the Hornetsecurity Security Lab detected the return of Emotet malspam. The reemerging Emotet malspam was already blocked by existing detection rules. The current Emotet malspam wave again uses malicious macro documents spread either via attachments or via malicious download links. As usual, the VBA macros in the document download the Emotet loader that the Hornetsecurity Security Lab has previously analyzed.
Deepfakes – A New Threat to Organizations
A hacker is smart, much smarter than the average. With just a few clicks and a few key combinations, he’s hacked into the systems of governments, government agencies and large corporations. He avoids the public and acts in secret. His skin is pale, he always wears dark clothes and works late into the night – that’s what Hollywood tells us. And the stereotypes created by the film industry remain in our consciousness…But who is behind the ingenious attacks that frighten whole companies?
Clop, Clop! It’s a TA505 HTML malspam analysis
In this article Hornetsecurity’s Security Lab outlines one of the current infection chains by the operators behind the Clop ransomware. The outlined infection chain starts from an email with a malicious HTML attachment. This attachment redirects the victim to an XLS document containing the Get2 loader. This loader then installs a remote access trojan (RAT) on the system, which is used to prepare the victims network for the deployment of the Clop ransomware. The goal of the attack is to encrypt as many systems in the victims organization as possible in order to extort the highest possible ransom. To this end, the attackers also threaten to publish stolen data if the ransom is not paid.
Cyber attacks on automotive sector picking up speed
Autonomous driving, electromobility, connected cars and car sharing – the automotive industry is in a state of upheaval. New technologies and digitalized processes bring numerous advantages to automotive companies, enabling them to meet new customer needs on the one hand and to remain competitive on the other. However, the ongoing digitalization of the industry not only offers advantages, but also provides hackers with an ever greater target for attacks. And cyber criminals are trying to exploit these intensively: The security analysts of the Hornetsecurity Security Lab discovered that the automotive sector, after the energy and logistics industry, is one of the most attacked industries worldwide in the past year…
Hornetsecurity signs first UK distributor contract with Brigantia
Hornetsecurity, the German company which is Europe’s leading email cloud security provider, is expanding its presence in the UK through a strategic partnership with cybersecurity distributor Brigantia. The new partnership – which follows Hornetsecurity’s acquisition of the Poole-based email security provider Everycloud in January – will give it access to Brigantia’s network of resellers throughout the UK and Ireland and support its plans to become the UK market leader within 12 months…
Sign Up Hornet News
Stay in touch and sign up to get the latest News about Cloud Security.The new Cyberthreat Report
Brand new – 1st Cyberthreat Report in 2020
The brand new Cyberthreat Report tells you all about current cyberthreats and gives you access to exclusive numbers and statistics.
