Hornetsecurity Cyber Threat Report

Introduction and Chapter 1

Hornetsecurity recently published their Cyber Threat Report Edition 2021/22. This post will examine why cybersecurity, and the Cyber Threat Report, are relevant in today’s digital world.

Cybercrime ranks amongst the highest of threats worldwide. In the UK, we have experienced cyberattacks on public services such as healthcare and local authorities. Just looking up cyberattacks in the news confirms recent attacks on a wide range of industries, such as retail providers, snack companies, news corporations, research centres, political parties, and airlines.

The impact of these attacks is far and wide reaching. Individuals can be impacted by data breaches, fraud, and loss of products and services. On a national scale, society can be impacted by the loss of critical national infrastructure, underpinning things like financial services and emergency response services.

Chapter 1 of the Cyber Threat Report starts by examining the monetary cost of cybercrime on a global scale, which has increased by 345 billion US dollars in just 2 years. The author moves on to more thought provoking subjects: world affairs like a pandemic, global espionage, and even war, can all be accelerated by cyberattacks.

Public sector and private sector industries of all kinds have multiple attack vectors in common. The report makes the case that email is typically one such example. This can be as an ingress point for ransomware attacks, or as a means of hijacking business or official email addresses. The news search I mentioned earlier highlights the breach of an official email address within one of the world’s largest intelligence and security services. Clearly anything we use in day-to-day life with a digital footprint carries a risk of being compromised, and that’s why this report is so important.

Chapter 2

The second chapter starts to lift the lid on the risk of email; starting out by stating that around 300 billion emails are sent every day. This number is expected to rise by a further 61.6 billion over the next 2 years, leading to an exponential rise in threats.

By analysing the email traffic of the first half of 2021, the Hornetsecurity Security Lab concluded that 40% of emails sent were classified as undesired emails. That’s potentially 120 billion unsolicited emails sent every day.

Most of these emails will already be blocked in advance, using known spam filters, known bad sender’s lists, and identifying common traits. It’s obvious that executables will be rejected, and individuals are now savvier to opening links or Excel files from unknown senders. However, as education and cybersecurity protection improves, attackers themselves are becoming more sophisticated.

Embedding web pages, downloads, and links in HTML files or PDFs is now a common attack format. The Cyber Threat Report goes into the detail behind the most-used file types in malicious emails, really showing the wide range of tools attackers have adopted.

This same trend is echoed when it comes to both the industries affected, and the type of attacks carried out by cybercriminals. Examples include phishing, spearphishing, malicious attachments, blackmail, ransom leaks, and brand impersonation.

The global covid-19 pandemic accelerated a shift towards online services, for public services like healthcare, as well as private services like shopping and banking. Although digital enablement is a good thing, it does have potential to increase the attack surface. Brand impersonation is a great example, and it’s good to see the report call out the impact of the pandemic on this type of attack vector. As expected, impersonation of brands like Amazon, DHL, and Fedex are commonly used with malicious URLs.

The final section of the second chapter talks to the rise of as-a-service offerings on the dark web, which is something I was hoping would be called out. There is a growing market for Ransomware-as-a-Service, as well as for attackers to penetrate networks or systems, and then sell that access to the highest bidder. There are several use cases for this type of transaction, it could be selling secrets to competitors, opposing governments or nation states, for criminal or monetary extortion, and so on.

Chapter 3

The third chapter in the Cyber Threat Report breaks down Malware-as-a-Service (MaaS) further, with a compelling example. Emotet evolved from a banking trojan to a widely distributed MaaS operation, forming a network of cybercriminals. Before being disabled in early 2021, Emotet could infect a system and hijack email conversations, spreading amongst email contacts and mailbox recipients.

Emotet was eventually taken down by an international operation of law enforcement. In the aftermath, many other botnets have emerged, but none yet have the same scale. That said, the landscape is ever changing and as the report highlights, the existing customer base of Emotet’s MaaS operation still exists.

The final note for the ‘threat-highlights’ of 2021 is the Microsoft Exchange hack. Microsoft Exchange is perhaps one of the worlds widest used technologies, and an estimated 250,000 email servers were hit by attacks in March 2021.

The vulnerabilities were made up of 4 separate types, impacting multiple versions of Microsoft Exchange Server. Although an unscheduled security update was released, breaches were widespread before the patch could be fully rolled out.

It is believed the attack was carried out by a Chines state-sponsored hacker group, and in the clean-up that followed even the FBI were involved in removing traces from corporate networks to take out the risk of further attacks.

Chapter 4 and Summary

The report closes by highlighting the increase in digitalisation, as well as the number of devices and accounts, all providing opportunities for cybercrime to continue across borders and continents. As predicted, a huge increase in ransomware attacks is already starting to materialise. We’ve read throughout the report of the many and evolving attack options for cybercriminals, and the role in which email plays.

Microsoft 365 is an Office 365 suite with over 258 million active users, it provides Microsoft Exchange and other Microsoft products as Software-as-a-Service (SaaS). Whilst SaaS in general can help reduce the manual overhead of securing IT infrastructure, it doesn’t in any way rule out cyberattacks.

According to Hornetsecurity, every fourth business that uses Microsoft 365 has been affected by an email security vulnerability. Reading the Cyber Threat Report is really an eye opener for both individuals and business as to the risks we encounter, and often don’t even see, every time we carry out any form of digital interaction.

The Cyber Threat Report Edition 2021/22 from Hornetsecurity is available to download and read now.

365 Total Protection for Microsoft 365


Over the past few years, an increasing number of organisations have chosen to implement cloud computing, distributed system architectures, and as-a-service or subscription based operating models throughout their IT environments. The most popular example is Microsoft 365 (M365); providing SaaS (Software-as-a-Service) based versions of Microsoft’s productivity suite, which is embedded into the processes and technology stack of many businesses.

Due to the internet-hosted nature of the service, and its global popularity spanning nearly all sectors, Microsoft 365 is a common target for cyber security attacks. Email has long been the easiest and most successful attack vector for cyber criminals, using phishing attacks to either deploy malware and ransomware, or steal login credentials. Once attackers have penetrated corporate networks or resources using these methods, they can steal sensitive data, carry out malicious activities, impersonate people and systems, or simply monitor traffic and behavioural patterns over time to plan out a longer, sustained attack.

Securing a company from such attacks generally comes down to implementing layers of security, without restricting employees or users in such a way that they take measures to bypass security processes. Third-party tools can play a positive role in an organisation’s overall security posture.

Hornetsecurity’s 365 Total Protection, is specifically designed for Microsoft 365 security, protecting your business from malicious emails and files before they reach the users mailbox. 365 Total Protection integrates seamlessly with M365 by connecting directly into the service in just 30 seconds. You select the security policies and protection to apply, without having to install and manage agents, servers, or other components.

365 Total Protection comes in two editions to enhance the security of your M365 accounts, and the wider organisation:

  • 365 Total Protection Business is a comprehensive security package providing email and data security for M365 accounts.
  • 365 Total Protection Enterprise builds on the functionality above, by adding AI-based advanced forensic analysis and intelligence, along with business continuity and legally compliant email archiving.  

365 Total Protection Business

When a user’s mailbox is secured by 365 Total Protection Business, they have a full overview of all emails for which they are the intended recipient. With real-time mail flow analysis, and Email Live Tracking, the user has at their fingertips an extensive list of filters and self-service actions to secure their email and data, without impacting productivity.

365 Total Protection is built upon a multi-stage, in-depth Threat Intelligence system, that analyses and filters new attacks or threats before they reach the users mailbox. Hornetsecurity’s Threat Blocking system will statistically block 99% of attempts to deliver spam, with the Threat Intelligence feature guaranteeing a detection rate of 99.99% for spam, and 99.9% for viruses. In both cases emails blocked or quarantined will not reach the users mailbox. The spam and malware protection systems are constantly learning and improving, through Hornetsecurity’s Security Lab and AI/ML based algorithms.

Integration of Hosted Spam Filtering and Malware Protection into the Email Management System

Emails quarantined as potentially unwanted can be released by the user, who can also manage their own safe and blocked sender lists, and crucially, see comprehensive detail on the status of each email communication. This helps a user to understand how a mail has been classified, for example spam, and the reason for the classification. Daily reports can help collate and stop marketing or info mails, with the user able to whitelist those relevant to them. Of course, the level of flexibility afforded to the user is defined by the company directive and policies configured.

Administrators can configure compliance filters and content control, for example to remove unwanted or unauthorised file attachments depending on the file type, content, or recipient. Outgoing emails can be encrypted, with granular control over the encryption method, and automated certificate management, protecting email communication from being viewed or changed by anybody other than the intended recipient. Where specific recipients are unable to provide email encryption the Websafe mailbox delivers a way of securely communicating with those external parties.

Finally, the implementation of a global mail security solution such as 365 Total Protection Business enables standardisation and enforcement of email signatures and company disclaimers. If desired, intelligent ads and social media buttons can also be embedded for external corporate communication.

365 Total Protection Email Live Tracking

365 Total Protection Enterprise

365 Total Protection Enterprise builds on the features outlined above, including further Forensic Analyses mechanisms to review and detect malicious behavioural patterns, fraud, spoofing attempts, targeted attacks, and identification of spy-out attacks and feign facts or click-bait. URL Malware control checks and secures all internet links and downloads, to protect against blended attacks, while the Advanced Threat Protection (ATP) Sandbox Engine adds a safe, sandpit environment to analyse suspect files. All activities can be monitored in real-time using the Real Time Threat Report.

Integration of Advanced Threat Protection into the Email Management System

In addition to ATP and the advanced threat capabilities, 365 Total Protection Enterprise provides GDPR-compliant email archiving, with a retention period up to 10-years. The email archive can be accessed by auditors on-demand using the web based front-end, taking advantage of the eDiscovery service for fast, complex queries or search filters.

As mentioned earlier, 365 Total Protection has a guaranteed spam detection rate of 99.9% and virus detection rate of 99.99%, with a false positive rate of only 0.00015. However, as cyber security professionals will attest, additional layers should act as a failsafe to mitigate risk as much as possible. 365 Total Protection Enterprise also caters for malware ex post alert and deletion, so that if a malicious mail has already been delivered then the threat can be quickly contained.

In the event of a Microsoft 365 service outage, 365 Total Protection Enterprise also enables users to carry on working with its Email Continuity Service, as a stand-by system. Furthermore, where 365 Total Protection Enterprise is in place, users can uplift to 365 Total Protection Enterprise Backup. This bolsters business continuity by adding automated backup and recovery, for user M365 mailboxes, Teams, OneDrive, SharePoint data, and Windows-based endpoints.


In summary, the advanced threat analysis and detection capabilities of 365 Total Protection make it a worthy addition to any security tool kit, with the logging, reporting, and business continuity capabilities affording extra peace of mind.

Whilst securing mailboxes and data, above all 365 Total Protection provides improved user experience with self-service flexibility. This dynamic approach means that the implementation is more likely to be successful in its aim to secure the organisation. As threats and attackers grow over time, the Security Labs and Threat Intelligence algorithms continue to adapt for future trends and attack vectors. The best way to see if 365 Total Protection adds value to your business is to get hands on and try it out yourself using the free trial.

Securing Enterprise Mailboxes with Hornetsecurity


In 2020 Microsoft reported over 258 million monthly commercial users of its Office 365 productivity suite. For decades Microsoft has been powering business with software like Outlook, Word, and Excel. As technology and connectivity have improved, so has functionality and user requirements. Now, over 75 million people use Microsoft Teams every month for virtual meeting experiences. Consumers of Microsoft technology have moved away from self-managed instances of services like Microsoft Exchange for email communication, and instead shifted to Software-as-a-Service (SaaS) hosted directly through Microsoft’s cloud services.

Acceleration of such services has been increased through a shift to remote working and migration to the cloud. As such, data centre and network architectures have changed to accommodate both distributed users and systems. Cyber criminals are more advanced than ever, and organisations security posture is now a priority at every board level. Financial and reputational damage from security breaches can be a huge uphill task to recover from, and in-depth security defence systems are often built-in layers to protect digital corporate assets like data. The challenge with security has always been that despite an abundance of technical solutions and investment, there are often weaknesses in the chain disguised as legitimate day to day work requirements. Email is one such example.

Email is perhaps the most widely used tool across companies, both internally and externally. It’s also the easiest and most common penetration point for multiple attack vectors. A quick internet search demonstrates eye watering statistics around the number of companies suffering security breaches, email breaches, and Office or Microsoft 365 breaches. Microsoft recorded an increase of cyber-attacks of 250% on Microsoft 365 users in the last two years, with 57% of SMBs falling victim to phishing emails in the last year. Sometimes excessive security hardening and configuration can be completely bypassed by the actions of a user acting upon what they believe to be a genuine email.

365 Threat Monitor

Hornetsecurity has released a brand new free mobile app, available from the iOS and Android store. In just a few steps, 365 Threat Monitor can be enabled on Office or Microsoft 365 enterprise mailboxes, adding monitoring, and alerting for malicious or suspicious emails that have made it through the built-in standard defences. Further email security helps provide protection against malware (ransomware, viruses, spyware), phishing, spoofed senders and content, targeted attacks on specific data or people, and spam or unwanted advertisements.

The 365 Threat Monitor app is based on key areas of Hornetsecurity’s proprietary technologies. Threat Defense and Forensic Analyses detect attacks through real-time scanning for harmful content, heuristic filtering, and authenticity and integrity verification. In Threat Monitor customer administrators gain transparency through a detailed UI about the types of threats their users and whole organisation are facing including statistics. From within the app itself administrators can immediately delete malicious emails upon detection, deflecting or containing harmful content.

To setup 365 Threat Monitor, sign up to receive a link to the free app, or download the app from the app store and sign up during the process. Once the app is installed, follow the steps on-screen to connect your Microsoft 365 administrator account. Now you’re up and running, when 365 Threat Monitor detects a suspicious email, an alert is sent directly to your phone. Information is provided on the mailbox and the context of the threat detected, with the option to delete in just 1 click. The great thing about this process is that 365 administrators can try out the functionality, examine the number of threats detected and the need for a solution, carry out end to end testing, and then scale out the product if required.

The mobile app presents information in a clear and concise format, with a clean and colourful interface. IT administrators are generally part of an on-call team to protect the organisation from security threats and outages 24/7. Providing advanced email security functionality through a mobile app is another option in the IT team’s toolkit to respond quickly and easily, without needing to open a laptop or log into a company VPN.

Customers may decide after successfully implementing 365 Threat Monitor across their enterprise mailboxes to upgrade or activate the 14-day free trial for 365 Total Protection Enterprise. 365 Total Protection Enterprise can block threats even before they reach end user mailboxes, and wraps around additional features like attachment content control, allow and deny lists, compliance filter rule engine, and email archiving with up to 10-year retention. Equally, customers may decide that the 365 Threat Monitor app, which stays completely free forever with manual and limited deletions, offers sufficient protection and visibility into their Microsoft 365 mailboxes. Either way, whether it’s a pre-cursor to a wider security rollout, or an enhancement on the default Exchange Online security, the 365 Threat Monitor app is worth running to improve potential blind-spots in security within your user mailboxes and behaviours.


In summary, the 365 Threat Monitor mobile app is a welcome addition for Microsoft 365 administrators concerned with protecting valuable company assets like data and information, much of which either resides in, or is accessible from, corporate mailboxes. Common threats we see day to day in the news, like ransomware, and targeted phishing attacks on high-risk roles such as C-level, HR, or finance, all keep security professionals up at night. 365 Threat Monitor delivers validation that the person in the email is who they say they are, and the content or links you click on are not incorporating underhand tactics to divert you elsewhere. The ease and speed of initial setup means that even just trying this software out is time well spent. Straight away you’re protected with real-time scanning, and will see your overall and individual threat levels, delivering some welcome peace of mind for many! The 365 Threat Monitor can be downloaded directly from Hornetsecurity here.