Hornetsecurity Advanced Threat Protection closes the email gateway for highly complex and sophisticated attacks
Hanover, 18.08.2016 – Incidents are piling up. These include so-called CEO fraud attacks whereby unknown scammers, masquerading as senior members of staff, seek to arrange funds transfers or to obtain access details to particular accounts, often causing substantial damage to the companies concerned. Encryption Trojans are also being used more and more to attack companies, causing a great deal of direct damage to those affected. In general terms, all of these types of attack are difficult to detect, and manage to get through the majority of commonly-used protection systems unnoticed. Hornetsecurity’s Advanced Threat Protection (ATP) Service now offers a way of providing protection specifically against these types of highly complex and sophisticated attacks. Hornetsecurity ATP will be available from the end of September.
In order to defend against CEO fraud, Hornetsecurity ATP concentrates on identifying groups of people who need specific protection, such as managing directors, authorized signatories and accountants. A number of forensic systems specifically focus on these groups’ email communications, in order to provide the best possible protection. The individual measures taken are as follows.
- The Intention Recognition System can determine the intention behind an incoming email, i.e. whether it is simply passing on information or whether it relates to a payment request. If the content is determined to be critical, the system generates a warning.
- Fraud Attempt Analysis checks the authenticity of incoming messages as well as the integrity of metadata and email content, as fraudsters deliberately alter these parameters in order to achieve their objective, namely diverting payments.
- Identity Spoof Recognition spots when attackers are using false identities or sending emails under someone else’s name, and prevents the message from being delivered.
- Spy Out Detection intercepts attacks seeking to acquire passwords, company secrets or other information. Hornetsecurity ATP recognizes both known and completely new patterns as soon as these emails come in, blocks them and immediately posts a notification.
- Feign Facts Identification carries out non-identity-based content analyses to recognize messages that employ fictitious facts to encourage the email recipient to carry out a particular action, such as giving out information.
- Targeted Attack Detection recognizes attacks targeted at individual persons. These can also be one-off attacks.
Hornetsecurity ATP also closes other loopholes that traditional spam and virus filters are unable to block, as these always require a certain amount of time to react. The service provides protection against ransomware attacks such as Locky, Tesla and Petya, filters out phishing emails and defends against so-called blended threats. Hornetsecurity ATP employs a range of recognition mechanisms in order to accomplish this, making use not only of a sandbox
but also of URL rewriting
and URL scanning
. The “freezing”
of suspicious emails is also an integral part of Hornetsecurity ATP.
Swift notification of attack
is another crucially important element. Regardless of the nature of the attack, once Hornetsecurity ATP detects a harmful email it immediately sends automatic notification to the customer’s administrator. Somewhat later, an ex-post warning is also made available in case an attack is not detected until after the event, in which case the administrator immediately receives an information email containing the details. Notifications allow companies to make their employees aware of the existence of an attack and to appeal for increased vigilance, as attackers whose efforts using communication channels prove unsuccessful often attempt to achieve their objectives by other means.
“Regardless of what you want to call attacks on senior employees and colleagues in central and key positions, CEO fraud, whaling and spear phishing attacks are extremely sophisticated and are virtually unpreventable using conventional methods”, said Daniel Hofmann, Managing Director of Hornetsecurity. “That’s why we developed Hornetsecurity ATP. And the initial results show how right we were to do so. A number of major customers who have been making partial use of Hornetsecurity ATP on a test basis up to now are expected to conclude contracts with us in the near future.”