Hornetsecurity Blog

Get regular updates from the world of cloud security

In our blog, the Hornetsecurity team – especially the experts from the Security Lab – regularly report on IT security topics as well as on current innovations and events at Hornetsecurity.

SolarWinds SUNBURST backdoor assessment

by Security Lab | December 17, 2020 | Threat Research

On 2020-12-13 FireEye disclosed a backdoor in updates of the SolarWinds Orion Platform. Affected organizations should update to the fixed version immediately. The backdoor is part of a global espionage operation and used to access government and high profile private company networks. Hornetsecurity assessed its own situation and is not affected.

Hornetsecurity included in ‚Secure Email Gateway – Market Quadrant 2020‘

by Micha Beyersdorf | December 16, 2020 | Press releases

Most cyber attacks hit businesses via email, so it is extremely important to choose the right security solution. The new ‘Secure Email Gateway – Market Quadrant 2020’ from Radicati Group, which can be downloaded free of charge, provides helpful guidance. Hornetsecurity is highlighted in the market analysis as an innovative ‘Trail Blazer’ that stirs up the market with new technologies…

QakBot reducing its on disk artifacts

by Security Lab | December 15, 2020 | Threat Research

QakBot has been updated with more evasion techniques. QakBot’s configuration is now stored in a registry key instead of a file. The run key for persistence is not permanently present in the registry but only written right before shutdown or reboot, and deleted immediately after QakBot is executed again. QakBot’s executable is also not stored permanently on the file system anymore, but similarly to the run key registry entry, dropped onto the file system before reboots and deleted afterwards. This way security software can only detect QakBot artifacts on disk, right before system shutdown, and shortly after system boot. However, at that time security software itself is shutting down and booting up, hence may not detect QakBot’s new persistence method.

Phishing Technique Trends

by Security Lab | November 26, 2020 | Threat Research

The basic idea behind phishing has not changed since the 90s, however, the delivery tactics and techniques are constantly evolving. In this article we outline current trends in phishing techniques. These include abuse of legitimate file hosting services, geo-fencing, automatically loading the victims company and/or email provider logo on the phishing website and asking the victim for the password multiple times.

Increase in cybercrime in the pre-Christmas season

by Julia Sempf | November 24, 2020 | Security information

New Infopaper gives tips on how to best protect your businessThe year is coming to an end, and the earliest shoppers are thinking about what to give their loved ones for Christmas. Online stores and local businesses in turn are preparing for the high-volume,...

Emotet Inviting Friends to your Halloween Extravaganza

by Security Lab | October 30, 2020 | Threat Research

Threat actors often try to bandwagon on current events to trick their victims into falling for their lures. To this end, Emotet also this year sending fake Halloween party invitations to potential victims. While the basic concept behind the fake Halloween party invitations this year is the same as last year, the variety in email texts has increased.

Hornetsecurity included in Gartner’s 2020 Market Guide for Email Security

by Micha Beyersdorf | October 28, 2020 | Press releases

The new Market Guide for Email Security from leading research and advisory company Gartner has listed Hornetsecurity as Representative Vendor. With the Gartner Market Guide for Email Security, analysts Mark Harris, Peter Firstbrook and Ravisha Chugh provide comprehensive guidance on how to set up email security to meet changing circumstances. Especially because of the dramatic increase of phishing attacks, the rise of business email compromise (BEC) and the ongoing migration to cloud security, security managers need to ensure that the solutions they choose are appropriate….

Leakware-Ransomware-Hybrid Attacks

by Security Lab | October 23, 2020 | Security information, Security Information

Since December 2019, ransomware operators have been using leakware/ransomware hybrid attacks more and more often. These attacks combine the classic ransomware attack with a leakware attack. In a classic ransomware attack, the victim’s data is encrypted and is only decrypted back after the victim pays a ransom fee to the ransomware operators. In a leakware attack, the data is stolen, and the victim is blackmailed with the data being published publicly unless he pays a certain fee. In a leakware/ransomware hybrid attack, the data is first stolen, then encrypted. Then the victim is first asked to pay the ransom for decryption. If the victim declines to pay the ransom, the attackers threaten him to release the stolen data publicly. In some cases, business partners and/or customers of the victim are also contacted and informed of the impending data release to put even more pressure on the victim.

« Older Entries

Next Entries »

Search site

Sign Up Hornet News

Stay in touch and sign up to get the latest News about Cloud Security.