Hornetsecurity Blog

Get regular updates from the world of cloud security

In our blog, the Hornetsecurity team – especially the experts from the Security Lab – regularly report on IT security topics as well as on current innovations and events at Hornetsecurity.

SolarWinds SUNBURST backdoor assessment

SolarWinds SUNBURST backdoor assessment

On 2020-12-13 FireEye disclosed a backdoor in updates of the SolarWinds Orion Platform. Affected organizations should update to the fixed version immediately. The backdoor is part of a global espionage operation and used to access government and high profile private company networks. Hornetsecurity assessed its own situation and is not affected.
Hornetsecurity included in ‚Secure Email Gateway – Market Quadrant 2020‘

Hornetsecurity included in ‚Secure Email Gateway – Market Quadrant 2020‘

Most cyber attacks hit businesses via email, so it is extremely important to choose the right security solution. The new ‘Secure Email Gateway – Market Quadrant 2020’ from Radicati Group, which can be downloaded free of charge, provides helpful guidance. Hornetsecurity is highlighted in the market analysis as an innovative ‘Trail Blazer’ that stirs up the market with new technologies…
QakBot reducing its on disk artifacts

QakBot reducing its on disk artifacts

QakBot has been updated with more evasion techniques. QakBot’s configuration is now stored in a registry key instead of a file. The run key for persistence is not permanently present in the registry but only written right before shutdown or reboot, and deleted immediately after QakBot is executed again. QakBot’s executable is also not stored permanently on the file system anymore, but similarly to the run key registry entry, dropped onto the file system before reboots and deleted afterwards. This way security software can only detect QakBot artifacts on disk, right before system shutdown, and shortly after system boot. However, at that time security software itself is shutting down and booting up, hence may not detect QakBot’s new persistence method.
Phishing Technique Trends

Phishing Technique Trends

The basic idea behind phishing has not changed since the 90s, however, the delivery tactics and techniques are constantly evolving. In this article we outline current trends in phishing techniques. These include abuse of legitimate file hosting services, geo-fencing, automatically loading the victims company and/or email provider logo on the phishing website and asking the victim for the password multiple times.
Emotet Inviting Friends to your Halloween Extravaganza

Emotet Inviting Friends to your Halloween Extravaganza

Threat actors often try to bandwagon on current events to trick their victims into falling for their lures. To this end, Emotet also this year sending fake Halloween party invitations to potential victims. While the basic concept behind the fake Halloween party invitations this year is the same as last year, the variety in email texts has increased.
Hornetsecurity included in Gartner’s 2020 Market Guide for Email Security

Hornetsecurity included in Gartner’s 2020 Market Guide for Email Security

The new Market Guide for Email Security from leading research and advisory company Gartner has listed Hornetsecurity as Representative Vendor. With the Gartner Market Guide for Email Security, analysts Mark Harris, Peter Firstbrook and Ravisha Chugh provide comprehensive guidance on how to set up email security to meet changing circumstances. Especially because of the dramatic increase of phishing attacks, the rise of business email compromise (BEC) and the ongoing migration to cloud security, security managers need to ensure that the solutions they choose are appropriate….
Leakware-Ransomware-Hybrid Attacks

Leakware-Ransomware-Hybrid Attacks

Since December 2019, ransomware operators have been using leakware/ransomware hybrid attacks more and more often. These attacks combine the classic ransomware attack with a leakware attack. In a classic ransomware attack, the victim’s data is encrypted and is only decrypted back after the victim pays a ransom fee to the ransomware operators. In a leakware attack, the data is stolen, and the victim is blackmailed with the data being published publicly unless he pays a certain fee. In a leakware/ransomware hybrid attack, the data is first stolen, then encrypted. Then the victim is first asked to pay the ransom for decryption. If the victim declines to pay the ransom, the attackers threaten him to release the stolen data publicly. In some cases, business partners and/or customers of the victim are also contacted and informed of the impending data release to put even more pressure on the victim.

Sign Up Hornet News

The new Cyberthreat Report