Hornetsecurity Blog

Get regular updates from the world of cloud security

In our blog, the Hornetsecurity team – especially the experts from the Security Lab – regularly report on IT security topics as well as on current innovations and events at Hornetsecurity.

Ransomware: Prices, Pressure and Protection

Ransomware: Prices, Pressure and Protection

Ransomware is the simplest way to monetize computer intrusions. Ransomware is thus the single greatest cyber-risk for corporations today. This blog post discusses ransomware prices, the pressure ransomware threat actors put on victims, and how companies can protect their assets.
Zloader email campaign using MHTML to download and decrypt XLS

Zloader email campaign using MHTML to download and decrypt XLS

Zloader malware is spreading via malspam using MIME encapsulation of aggregate HTML documents (MHTML) attachments. These MHTML files contain a Word document with VBA macros. The VBA macro code downloads and decrypts a password-protected XLS file, and after that, the XLS file decodes and executes the Zloader malware embedded within it.
BazarLoader’s Elaborate Flower Shop Lure

BazarLoader’s Elaborate Flower Shop Lure

Since 2021-01-20 Hornetsecurity observes a new malspam campaign using a fake flower shop in an elaborate social engineering lure to spread the BazarLoader malware. The campaign sends invoices from a fake flower shop in hopes that potential victims will manually find the fake flower shop website and download the BazarLoader malware.
Emotet Botnet Takedown

Emotet Botnet Takedown

On 2021-01-27 it was announced by Europol that an international worldwide coordinated law enforcement and judicial action has disrupted the Emotet botnet and investigators have taken control of Emotet’s infrastructure. If successful this could mean the end of Emotet, its botnet, malspam, and malware loader operation. While the situation is still developing, we can confirm that the Emotet botnet infrastructure is disrupted. Victims will be notified by responsible country CERTs and should take appropriate actions to clean their Emotet malware and secondary malware infections to prevent still active malware that was downloaded by Emotet to deploy ransomware.

The new Cyberthreat Report