Hornetsecurity Blog

Get regular updates from the world of cloud security

In our blog, the Hornetsecurity team – especially the experts from the Security Lab – regularly report on IT security topics as well as on current innovations and events at Hornetsecurity.

Emotet Botnet Takedown

Emotet Botnet Takedown

On 2021-01-27 it was announced by Europol that an international worldwide coordinated law enforcement and judicial action has disrupted the Emotet botnet and investigators have taken control of Emotet’s infrastructure. If successful this could mean the end of Emotet, its botnet, malspam, and malware loader operation. While the situation is still developing, we can confirm that the Emotet botnet infrastructure is disrupted. Victims will be notified by responsible country CERTs and should take appropriate actions to clean their Emotet malware and secondary malware infections to prevent still active malware that was downloaded by Emotet to deploy ransomware.
SolarWinds SUNBURST backdoor assessment

SolarWinds SUNBURST backdoor assessment

On 2020-12-13 FireEye disclosed a backdoor in updates of the SolarWinds Orion Platform. Affected organizations should update to the fixed version immediately. The backdoor is part of a global espionage operation and used to access government and high profile private company networks. Hornetsecurity assessed its own situation and is not affected.
Hornetsecurity included in ‚Secure Email Gateway – Market Quadrant 2020‘

Hornetsecurity included in ‚Secure Email Gateway – Market Quadrant 2020‘

Most cyber attacks hit businesses via email, so it is extremely important to choose the right security solution. The new ‘Secure Email Gateway – Market Quadrant 2020’ from Radicati Group, which can be downloaded free of charge, provides helpful guidance. Hornetsecurity is highlighted in the market analysis as an innovative ‘Trail Blazer’ that stirs up the market with new technologies…
QakBot reducing its on disk artifacts

QakBot reducing its on disk artifacts

QakBot has been updated with more evasion techniques. QakBot’s configuration is now stored in a registry key instead of a file. The run key for persistence is not permanently present in the registry but only written right before shutdown or reboot, and deleted immediately after QakBot is executed again. QakBot’s executable is also not stored permanently on the file system anymore, but similarly to the run key registry entry, dropped onto the file system before reboots and deleted afterwards. This way security software can only detect QakBot artifacts on disk, right before system shutdown, and shortly after system boot. However, at that time security software itself is shutting down and booting up, hence may not detect QakBot’s new persistence method.
Phishing Technique Trends

Phishing Technique Trends

The basic idea behind phishing has not changed since the 90s, however, the delivery tactics and techniques are constantly evolving. In this article we outline current trends in phishing techniques. These include abuse of legitimate file hosting services, geo-fencing, automatically loading the victims company and/or email provider logo on the phishing website and asking the victim for the password multiple times.

Sign Up Hornet News

The new Cyberthreat Report