Hanover (01.07.2019) – With the help of encrypted email attachments, cyber criminals are currently trying to circumvent classic antivirus programs. Encryption prevents filter mechanisms from detecting the underlying malware. Since the beginning of the year, for example, the ransomware GandCrab has been spreading this way. In view of the increasing threat situation, the cloud security provider Hornetsecurity has developed a unique feature that recognizes this procedure and blocks the malicious email before it arrives in the email inbox.
“Nowadays, companies are investing much more in IT security than they did 5 years ago. Through AI and other intelligent defense mechanisms, attackers can no longer reach their target with simple methods. Therefore, cybercriminals are increasingly developing more detailed strategies to circumvent these mechanisms. Hornetsecurity technology enables us to react to targeted attacks at any time”, says Daniel Hofmann, CEO of Hornetsecurity. “With the new function Malicious Document Decryption we react quickly to the systematic approach of cybercriminals. The capabilities of Malicious Document Decryption are unique to the market.”
So that the encrypted document can be opened by the selected recipients in order to install the underlying malware unnoticed in the system, the fraud email contains the corresponding password in plain text.
Malicious Document Decryption analyzes the content of incoming emails with encrypted attachments for the appropriate password to remove the encryption. Using static and dynamic analysis techniques, the behavior of the decrypted file is examined. This ensures that the underlying malware is detected immediately and does not reach the recipient’s email inbox.
The new feature is part of the Advanced Threat Protection service and complements the protection for secure email communication against particularly intelligent and systematic cyber attacks. Hornetsecurity customers who already use the ATP service can rest assured: The feature was already integrated and activated in the service for all ATP users since the beginning of June.