The new ATP feature: Malicious Document Decryption
The latest risk from cybercrime is critical: hackers are increasingly using encrypted email attachments to infiltrate corporate systems with malware.
Classic anti-virus programs cannot detect the malware hidden by this encryption. Malicious Document Decryption adds another essential feature to Advanced Threat Protection: encrypted email attachments are decrypted using appropriate text modules. The decrypted document is then subjected to an in-depth virus scan. This keeps your mailbox safe from even this advanced threat.
Significant sales losses
Increasing threat from ransomware
Ransomware is one of the most popular methods of cyber crime in terms of both profitability and scope of (financial) damage to the victims. If the blackmailer’s software infiltrates a company system, all sensitive and confidential files are encrypted and are only released in exchange for a ransom in the form of Bitcoins. Unfortunately, there is no guarantee the files will actually be released after payment has been made.
Hackers’ favorite targets are large companies and government institutions, as well as critical infrastructure. In the worst case scenario, an attack could lead to insolvency. But considerable sales losses are also among the potential effects.
A strong alliance against all methods of attack
The variety of attack vectors means defense mechanisms must be able to cope with a multitude of methods in order to ward off all potential threats. That’s why Hornetsecurity uses freezing, URL scanning, rewriting and sandboxing to keep threats away from your IT infrastructure.
Protection against CEO fraud – Targeted Fraud Forensics gives social engineering no chance
The human in front of the PC is still considered one of the biggest security loopholes in a system, and cybercriminals are well aware of this fact. Hackers exploit this vulnerability through personalized attacks such as CEO fraud and spear phishing. Advanced Threat Protection uses innovative detection mechanisms such as spy-out detection, fraud attempt analysis and intention spoofing recognition to detect and prevent targeted social engineering attacks on employees. For this reason, incoming emails are examined for certain content patterns that indicate malicious intentions. This includes, for example, payment requests or requests for data output.
Comprehensive risk analyses with Sandbox Engine: Dangerous types of malware
Advanced Threat Protection – detailed risk analyses in the sandboxDangerous types of malware such as Emotet, Hancinator and Trickbot often hide behind file attachments in emails and therefore remain undetected at first. However, as soon as an infected document is opened, the malware enters a company’s system and can cause millions of dollars of damage. The Sandbox Engine scans email attachments for potential malware by running the file in a virtual, isolated test environment where any potentially harmful effects can be safely identified.
If the document sent turns out to be malware, the emails are quarantined directly, and the company’s IT security team is notified.
Emails that cannot be classified definitively straight away but are suspicious are held back for a short time by freezing them. The email is re-scanned – as soon as the virus detection engines get a hit, the email is moved directly into quarantine. Ransomware, blended attacks and phishing attacks will never get into your email inbox again!
Security with every click with URL rewriting URL rewriting secures all Internet access from emails via the Web Filter Engine. When you click on a link in an email, it is replaced by a secure URL. The user is then forwarded to the secured website via the Hornetsecurity web filter. The websites leading from the target page are also secured by URL rewriting.
This means that no malicious code can be downloaded to the computer unnoticed. Downloads from the web are also analyzed via the Sandbox Engine, which immediately aborts the download when malware is detected.
No getting through for harmful links thanks to URL scanning
Documents attached to an email (e.g. PDF, Microsoft Office) often contain further links. However, these cannot be replaced as this would violate the integrity of the document. The URL scanning engine leaves the document in its original form and only checks the target of these links to rule out possible malware damage and prevent phishing attacks.
Hornetsecurity Real Time Alerts notify your IT security teams in real time about acute attacks on your company. This up-to-date information can be used directly by the company for countermeasures, so that you can close your security loopholes in the shortest possible time and set up additional protective measures.
With the ex-post alert, your IT security team receives an automatic notification if an email that has already been delivered is subsequently classified as malicious. You will receive a detailed evaluation of the attack so that you can immediately initiate measures such as checking systems and raising the awareness of your own employees.
If a virus or infected link is detected in ATP analysis tools such as the Sandbox Engine or URL scanning, the system automatically sends an alert. In addition, the administrator is informed about the attempted intrusion into the IT structure. This alert contains detailed information about the type and extent of the attack.
Tips for identifying malicious emails
Tips for identifying malicious emails
Professional cyber attacks via email are very difficult to detect, but there are a few clues for detecting fraud. First of all, if a fraudulent email is suspected, Verify whether the sender address actually matches the original domain. Consider carefully whether the sender is really an acquaintance or business partner of yours or whether the email address only resembles that of the actual person. Check for spelling and grammar mistakes, especially if the email is supposed to come from a reputable company. An impersonal form of address in the cover letter, such as “Dear Ladies and Gentlemen,” is another clue. Be careful with links or buttons placed in emails, because as a “normal user” it is very difficult to check whether the apparent link target is actually correct. In case of doubt, it is safest not to click on any attached link.
Integration of Advanced Threat Protection into the email management system
Hornetsecurity Advanced Threat Protection extends the filtering mechanisms for spam and malware protection.Emails that have passed this initial check are subjected to further analysis by ATP.Among other things, Advanced Threat Protection executes suspicious attachments and examines their behavior in detail.