Cybersecurity Special the automotive industry as a target of cyberattacks

Hornetsecurity Blog

Get regular updates from the world of cloud security

In our blog, the Hornetsecurity team – especially the experts from the Security Lab – regularly report on IT security topics as well as on current innovations and events at Hornetsecurity.

QakBot malspam leading to ProLock: Nothing personal just business

QakBot malspam leading to ProLock: Nothing personal just business

FBI and the German federal CERT [1][2] are warning of current QakBot malspam distributing ProLock ransomware. QakBot is spread via email. In the outlined campaign an email with a link to a ZIP archive containing a VBScript is used to download the QakBot Loader onto victim computers. From there the ProLock ransomware can potentially be loaded by the QakBot operators. The ProLock ransomware uses RC6 to encrypt files on the victims computer. It spares the first 8 KiB of all files. It appends a .proLock extension to encrypted files and leaves a ransom note stating that it is “[n]othing personal just business” and instructions on how to pay the ransom. However, the ransomware also deletes specific files ending with .bac or .bak extensions, so victims that pay will still loose those files.
New Service: Hornetsecurity launches Hornet.email

New Service: Hornetsecurity launches Hornet.email

With the 365 Total Protection Suite, Hornetsecurity has already launched a full security service to ensure email and data security for business customers of the international Microsoft 365 cloud service. Now Hornetsecurity is expanding its portfolio with the Hornet.email service, a cloud-based secure corporate communications platform that enables companies to combine additional mailboxes with Microsoft 365 within existing domains and tenants – or to use it as a standalone solution.
Trickbot Malspam Leveraging Black Lives Matter as Lure

Trickbot Malspam Leveraging Black Lives Matter as Lure

The Hornetsecurity Security Lab has observed a Malspam campaign distribution Trickbot that uses the Black Lives Matter movement as a lure to entice victims to open a malicious attachment. The Trickbot downloader document first injects shellcode into the WINWORD.EXE process. Then from that shellcode spawns a cmd.exe process into which it again injects more of the same shellcode. This cmd.exe process then downloads the Trickbot DLL and executes it via rundll32.exe.
Cybercrime threatens the future of the logistics industry

Cybercrime threatens the future of the logistics industry

As one of the world’s largest and most important industries, the logistics sector is increasingly being targeted by cyberattacks. But how vulnerable is it compared to other industries? What are the purposes of hackers’ attacks on specific companies? What attack techniques are the affected companies exposed to? In the “Cybersecurity Special – Cybercrime threatens the future of the logistics sector” the security experts from Hornetsecurity provide answers to these questions…
A Journey Through the History of Cryptography – Part 3

A Journey Through the History of Cryptography – Part 3

Our journey through the history of cryptography is coming to an end, but we still have a few last stations ahead of us. First we dealt with symmetric encryption and the encryption methods of Data Encryption Standard (DES) and Advanced Encryption Standard (AES), and in the last blog we introduced asymmetric encryption. In our final piece of the Cryptography triology, we will dive deeper into asymmetric encryption. Attack techniques such as man-in-the-middle attacks and brute force attacks will be examined. Finally, we will present a wide view into the future – keyword: quantum cryptography…

Sign Up Hornet News

The new Cyberthreat Report