How The Company's Cybersecurity Threats Evolve

Hornetsecurity’s report contains interesting information on the evolution of cyber threats. Forecasts on future scenarios with the cloud are increasingly targeted by ransomware and, in general, by criminals interested in the value of data and the business that gravitates around them. There is as much talk of ransomware attacks and attacks that target large companies as much as smaller ones.

As we have seen in the genesis of a computer attack, loading the harmful payload of any malware component and the subsequent diffusion within the corporate network certainly does not happen by chance. An infection or ransomware attack occurs due to some problem in the security of the company infrastructure.

It is the result of human error, in the failure to protect the perimeter, in the use of software that has vulnerabilities left unresolved, in the download of malicious files, or in the opening of malicious files by some employee or collaborator. Examining the report published by Hornetsecurity, one of the leading providers of data backup and security solutions, we learn that as many as 40% of all incoming emails represent a potential threat.

It is an enormous value that clearly shows how email remains the lever cybercriminals love to use and remains largely effective for launching attacks against professionals and companies. Hornetsecurity experts explain that phishing, the insertion of malicious links in email messages, and sending emails containing harmful attachments (which often lead to the settlement of ransomware ) remain highly topical.

Impersonating the branding of the best-known and most respected companies remains the basis of the best-orchestrated phishing attacks. Cybercriminals copy the design of a company’s pages and logos using URLs that less attentive users cannot distinguish from the original, legitimate versions. The URLs inserted in an email often contain references to domain names which may differ in the presence of one character more or less: in another article, we presented a quiz to recognize phishing.

The Hornetsecurity Cyber Threat Report, which can be downloaded for free upon registration, explains that Amazon and DHL are among the companies that the authors of phishing campaigns “imitate” most often to mislead users. This is because eCommerce has grown dramatically, never reaching peaks during the pandemic.

Thus, cybercriminals send scam emails referring to Amazon and DHL shipments: the message is usually short. It takes advantage of the fact that the victim often does not ask himself about the origin of the communication if he were waiting for a package to arrive. Clicking on the link downloads a malicious object or opens a web page that is used to collect other people’s login credentials.

Ransomware Danger Hand In Hand With Email Attacks

The need to adequately secure incoming mail has become ever more pressing. As mentioned, emails remain among the primary vehicles of infections. Opening a malicious attachment or file downloaded from the Internet can be costly, and this carelessness is often the preferred gateway for ransomware infections.

As we have seen, some ransomware is very fast in encrypting users’ data and then asking for a ransom. Among all, LockBit highlights itself compared to other threats. Some time ago, Hornet Security researchers predicted the increase in ransomware that attempts to extort money by threatening victims to divulge personal data and confidential information.

As the company points out, this trend has considerably intensified in the last period. For example, think of a company that has successfully implemented a multi-level backup strategy (for example, a 3-2-1 backup policy) that, in the event of a ransomware infection, is in a position to restore its data without having to pay no ransom.

The fact is that some ransomware, before encrypting everything, copies the victims’ data to cyber criminals’ servers. The hacker groups have developed a thriving business around extortion: if the attack victim does not pay, her data is published online, usually on servers that respond to .onion addresses, and accessible via the Tor network.

LockBit 3.0 is the ransomware that has been reaping the most victims in the last period: it exploits the dual mechanism of data encryption combined with the threat of publishing confidential data. The modern techniques used by LockBit 3.0 to spread are also symbolic: known and appreciated red teaming software tools are used to carry out an actual attack on an organization’s systems, study their weaknesses and maximize the effects of the aggression.

The Security Of The Company Passes Through The Protection Of Emails

More than 300 billion emails are sent daily, and forecasts indicate that the number of those sent and received for private and business purposes will rise to 362 billion by 2024. As highlighted above, according to Hornetsecurity, 40% of email messages are dangerous or potentially dangerous. Of the blocked emails, Hornetsecurity’s email security solutions successfully blocked approximately 95% right away by classifying them as spam or “unsolicited” messages.

The rest of the emails (overall almost 5%) are indicated by Hornetsecurity as real threats or even as advanced attacks.The artificial intelligence that Hornetsecurity offers its customers, thanks to its cloud platform, also integrates an effective Advanced Threat Protection system. Advanced Threat Protection ( APT ) refers to technologies that allow you to detect and respond to targeted attacks directed at a specific organization.

Among them, we remember the scam of the CEO (the cybercriminal pretends to be the administrator of the company or, in any case, another figure of the management, often inserting itself in pre-existing email conversations), spear phishing (scam addressed to a person or a company specification that induces the sharing of sensitive data by leveraging already known information and social engineering) or attacks based on new types of malware, some of which are still unknown.

Hornetsecurity notes that cybercriminals constantly seek new ways to evade detection by centralized security solutions. The software that protects company email accounts could therefore miss out on some threats and still reach users’ inboxes.

For this reason, Hornetsecurity presents cloud-based solutions that evolve and adapt to the new methodologies adopted by cybercriminals.For example, many companies have decided to embrace Microsoft 365, the platform for business productivity and collaboration that moves workflow management to the clou

Used today by around 400 million users worldwide, Microsoft 365 allows managing Office documents in the cloud, using Teams, and managing company mail accounts and each user’s calendars. By connecting Microsoft 365 with a personalized domain name, the company can manage the emails of employees and collaborators by relying on a single supplier and without making expensive on-premise investments.

Assuming that a platform like Microsoft 365 is managed by the Redmond company using European servers, it is assumed that protection against threats, phishing attacks, and ransomware is total and included “in the package.”Nothing is wrong.

Moving to the cloud or using a hybrid approach allows the company to use the most effective tools to protect its data. Microsoft’s primary responsibility is to keep its cloud platform reachable, functional, and performing. Backup of data stored in Microsoft 365 and proper email management is the sole responsibility of each administrator.

Hornetsecurity 365 Total Protection protects corporate email on Microsoft 365 thanks partly to a neural network that evolves with the changing landscape of cyber threats. This way, 365 Total Protection can ensure maximum effectiveness against all types of malware distributed via email, including zero-day threats and new attacks.

Hornetsecurity notes that there have already emerged cases of ransomware encrypting and rendering unusable files stored on platforms such as Microsoft 365. Before authorizing access to the content of your cloud accounts, it is advisable to carefully check the identity of the app requesting an authorization token because the consequences could be dramatic.

Phishing is always around the corner, even in the “cloud era,” and fraudulent campaigns will increasingly target professionals and companies that rely on services provided “on the cloud.” Effective backup policies, creation of images of single systems, data replication on multiple NAS or the cloud, network segmentation with good rules, use of strong passwords,

Correct assignment of rights for access to shared resources, the use of firewalls, the verification of the open ports on the router and the reduction of the attack surface, the adoption of centralized anti-malware tools for the protection of the endpoints which also integrate the management of the security patches and the status of each system remain essential activities to complement the protection of email accounts.