Hornetsecurity Blog

Get regular updates from the world of cloud security

In our blog, the Hornetsecurity team – especially the experts from the Security Lab – regularly report on IT security topics as well as on current innovations and events at Hornetsecurity.

Emotet Inviting Friends to your Halloween Extravaganza

Emotet Inviting Friends to your Halloween Extravaganza

Threat actors often try to bandwagon on current events to trick their victims into falling for their lures. To this end, Emotet also this year sending fake Halloween party invitations to potential victims. While the basic concept behind the fake Halloween party invitations this year is the same as last year, the variety in email texts has increased.
Hornetsecurity included in Gartner’s 2020 Market Guide for Email Security

Hornetsecurity included in Gartner’s 2020 Market Guide for Email Security

The new Market Guide for Email Security from leading research and advisory company Gartner has listed Hornetsecurity as Representative Vendor. With the Gartner Market Guide for Email Security, analysts Mark Harris, Peter Firstbrook and Ravisha Chugh provide comprehensive guidance on how to set up email security to meet changing circumstances. Especially because of the dramatic increase of phishing attacks, the rise of business email compromise (BEC) and the ongoing migration to cloud security, security managers need to ensure that the solutions they choose are appropriate….
Leakware-Ransomware-Hybrid Attacks

Leakware-Ransomware-Hybrid Attacks

Since December 2019, ransomware operators have been using leakware/ransomware hybrid attacks more and more often. These attacks combine the classic ransomware attack with a leakware attack. In a classic ransomware attack, the victim’s data is encrypted and is only decrypted back after the victim pays a ransom fee to the ransomware operators. In a leakware attack, the data is stolen, and the victim is blackmailed with the data being published publicly unless he pays a certain fee. In a leakware/ransomware hybrid attack, the data is first stolen, then encrypted. Then the victim is first asked to pay the ransom for decryption. If the victim declines to pay the ransom, the attackers threaten him to release the stolen data publicly. In some cases, business partners and/or customers of the victim are also contacted and informed of the impending data release to put even more pressure on the victim.
VBA Purging Malspam Campaigns

VBA Purging Malspam Campaigns

VBA purging is a recent office macro detection evasion technique. It removes the VBA macro `PerformanceCache` from malicious documents. While the VBA macro source code is only stored in compressed form in Office documents, this `PerformanceCache` caches the decompressed VBA source code in uncompressed plain text form. Because many security scanning solutions rely on this uncompressed plain text VBA macro source code to be present in order to detect malicious VBA macro code, their detection can be evaded by VBA purging.
QakBot distributed by XLSB files

QakBot distributed by XLSB files

The Hornetsecurity Security Lab has detected usage of XLM macros within XLSB documents to distributed the QakBot malware. Because both XLM macros as well as the XLSB document format being uncommon these new malicious documents have a very low static detection rate by current anti-virus solutions.
BazarLoader Campaign with Fake Termination Emails

BazarLoader Campaign with Fake Termination Emails

BazarLoader is a new malware loader attributed to a threat actor with a close relation to the TrickBot malware. The loader is also aptly named KEGTAP, as in device used to open a beer keg, because it is used to “open” the network of victims for follow up malware in order to move laterally on the network and eventually deploy ransomware.
Hornetsecurity introduces new self-service module

Hornetsecurity introduces new self-service module

During the Corona crisis, communication via email has gained great importance. Cyber criminals take advantage of the insecurity of many citizens to obtain money by fraudulent emails. Despite current domain authorization through SPF Records, malicious emails can still get into the mailboxes of victims. Hornetsecurity’s new self-service module “Email Authentication” offers a solution to this problem: users can now choose how to deal with scanned malicious emails at the touch of a button…
Emotet in encrypted attachments – A growing cyber threat

Emotet in encrypted attachments – A growing cyber threat

The cybercriminals behind the banking Trojan Emotet are working hard to circumvent anti-virus filters with various tricks and spread the malware on many more systems. From email conversation thread hijacking, through changes of the web shells, to updating the Emotet-loader, which led to a huge increase in malware downloads. Now Emotet is again sending encrypted attachments via its malspam to further expand its botnet network…

Sign Up Hornet News

The new Cyberthreat Report