The creator of the Have I Been Pwned data breach alert website is once again urging Internet users to check his site to see if their data has been caught up in yet another high-profile security incident — the incident, this time, being a botnet called Emotet, which the European Union’s law enforcement arm has described as “the world’s most dangerous malware.”
What happened: Emotet has been rampaging all over the Internet since 2014, but it was finally taken down by a joint law enforcement effort earlier this year between the US, Canada, and Europe. The botnet had ended up harvesting a few million email addresses, and the FBI thought the best way to let those people know about the issue was to give the 4.3 million addresses to Have I Been Pwned creator Troy Hunt’s service, which is regarded as a gold-standard resource for checking to see if your data has potentially been compromised or is in danger of being compromised thanks to the litany of leaks, stolen credentials, hacks, data breaches and the like that now occur on a pretty regular basis.
“This strain of malware dates back as far as 2014, and it became a gateway into infected machines for other strains of malware ranging from banking Trojans to credential-stealers to ransomware,” Hunt wrote in a blog post on his site. Emotet was extremely destructive and wreaked havoc across the globe before eventually being brought to a halt in February.”
Hunt says the 4.3 million email addresses that law enforcement agencies provided actually came from two data sets. One included email credentials stored by Emotet for sending spam via victims’ mail providers, while the other included web credentials harvested from browsers that stored them to expedite subsequent logins. The stolen email addresses, he adds, also span a wide range of countries and domains.
In addition to checking Have I Been Pwned to see if your email address is listed among the harvested accounts, Hunt says that these common-sense best practices are some of the steps you should take going forward to keep your data safe.
Keep your security software including anything you use for antivirus protection up to date.
And change your email password….
DUBLIN–(BUSINESS WIRE)–Apr 23, 2021–
This research service analyzes the global email security market.
Email remains the number one threat vector. It is the primary mode of corporate communication and the de facto standard for B2B and B2C communications. During the COVID-19 pandemic, email continues to be the chief channel for business communication, and this trend is driven by the surging trend of working from home.
Over the past few years, the complexity and the volume of threats have increased significantly. Email-based threats have become big business; specific verticals and individuals within organizations are targeted. Threat vectors continue to evolve, and the need for secure email has never been stronger. Attackers are more focused on people and less on systems. Business email compromise (BEC) fraud continues to affect organizations, both large and small. Consequently, traditional security solutions that are designed to protect systems and infrastructure are now inadequate.
Sophisticated and highly targeted email-borne attacks are on the rise, and many of these attacks use social engineering techniques. For businesses of all sizes, this is a serious problem as the legitimate communication channel they rely on extensively, email, is also the channel of choice to deliver malware and malwareless attacks. Advanced attacks combine email and cloud accounts. Cybercriminals are also leveraging pandemic-driven fears and uncertainties to launch their attacks.
The most significant trend in the market is the acceleration of the migration to the cloud. Customers are adopting cloud-based mailbox services and moving their email security to the cloud from on-premise appliances. The substantial adoption of Microsoft Office 365 has caused the biggest loss of email security posture for organizations.
As a result, organizations are looking for integrated solutions to increase operational efficiencies while gaining stronger and more comprehensive security. In such a competitive environment, email security vendors must be able to differentiate themselves.
- Executive Summary – Market Engineering Measurements
- Executive Summary – CEO’s Perspective
- Introduction to the…
SonicWall’s email security solution is supposed to help protect customers from phishing attacks, business email compromise, ransomware and other email related threats. However, it appears some attackers have been using previously unknown cybersecurity vulnerabilities in the very same product to break into victim networks.
Yesterday, the company announced three zero-day vulnerabilities found in SonicWall Email Security. They include a damaging bug that allows an unauthorized user to create administrative accounts on a network (CVE-2021-20021) and two others that allow an already-authenticated attacker to read (CVE-2021-20023) and upload (CVE-2021-20022) files on the victim’s remote host. Together they can be used to access and read a victim’s files or emails, plant malware and conduct other post-compromise activities.
SonicWall said the flaws were discovered during “standard collaboration and testing” and there is evidence at least one of those vulnerabilities is being actively exploited by attackers. A report by Mandiant issued on the same day claims that they first disclosed them to SonicWall on March 26. There are patches available now for all three vulnerabilities.
“In at least one known case, these vulnerabilities have been observed to be exploited ‘in the wild,’” the company said on April 20. “It is imperative that organizations using SonicWall Email Security hardware appliances, virtual appliances or software installation on Microsoft Windows Server immediately upgrade” to patched versions.
According to a report from the Mandiant team at FireEye, which helped identify the vulnerabilities, an unnamed threat actor leveraged these zero-days along with “intimate knowledge” of SonicWall’s application code in March to plant a backdoor on a victim organization’s network, gain access to emails and files and use it as a foothold to move to other parts of the network. The threat intelligence firm found web shells on a fully-patched, internet-connected version of the email security solution that indicated post-exploitation…