US Cyber Command Goes on the Offensive
December 10, 2021
Trustwave’s SpiderLabs shared commentary from cybercriminals that was collected from dark web forums. The communication revealed the criminals believe there are “secret negotiations on cybercrime between the Russian Federation and the United States.”
Russia may be collaborating with US to bring cyber criminals to heel
December 08, 2021
Trustwave’s SpiderLabs says its analysis of chatter on underground dark web forums suggest cyber criminals are starting to panic that formerly ‘friendly’ governments are on their case.
Trustwave Rolls Out New Cyber Supply Chain Risk Assessment Solution
December 08, 2021
Trustwave unveiled its new Managed Vendor Risk Assessment (MVRA), which is a cyber supply chain risk assessment solution for enterprises and SMBs. It’s now available globally and encompasses automated and specialist-led assessments. Nick Ellsmore, Trustwave’s global head of strategy, consulting and professional services commented: “MVRA is addressing one of the biggest issues across the cybersecurity environment right now: supply chain risk management.”
Four common shortcomings in cyber threat response
December 03, 2021
Through cybersecurity crisis simulation exercises, Trustwave’s Darren Van Booven identifies a series of common security shortfalls and steps organizations need to take to prepare for the next security crisis.
Four Best Practices for Advancing Bank Cybersecurity Programs for the Cloud Age
December 02, 2021
Cyber defense programs are having difficulty evolving against constant threats trying to enter organizations. Trustwave’s global director, cyber defense consultant, Kory Daniels covers the four best practices for advancing bank cyber programs for the cloud: develop a cloud-specific security strategy, test, security processes, leverage AI with a human-centric approach, and take a holistic approach.
How to Outplay the Ransomware Playbook
December 02, 2021
Many organizations are increasingly concerned with their own cybersecurity models and ransomware preparedness as there’s been a 64% increase in attacks from 2019 to 2020 (304 million attacks worldwide in 2020). Darren Van Booven, Trustwave’s global director, cyber defense consultant highlights how organizations can create a ransomware response plan for the full life cycle of an attack.
New Ransomware Variant Could Become Next Big Threat
December 01, 2021
Security teams will need to look out for Yanluowang, a ransomware threat that has been mounting attacks against US organizations. Just this week, Red Canary researchers reported observing a threat actor exploiting the ProxyShell set of vulnerabilities in Microsoft Exchange to deploy a new ransomware variant called BlackByte, which TrustWave's SpiderLabs recently warned about as well.
Prepare defend recover repeat – The vicious cybersecurity cycle in 2021
November 29, 2021
It’s fair to say that 2021 has been one of the most challenging years on record for business leaders and organisations. Ed Williams, EMEA Director of SpiderLabs, Trustwave, reflects on the past 12 months and suggests how we can move forward with strong cyber hygiene in place.
Phishing in the Iranian diaspora. Not your grandma and grandpa’s crytper. Malware-as-a-service. Proofs-of-concept (one is a zero-day). Apple sues NSO Group.
November 24, 2021
The CyberWire’s guest is Karl Sigler from Trustwave, who covers the results of the 2021 Trustwave SpiderLabs Telemetry Report.
Breaking news: GoDaddy’s managed WorldPress service hacked
November 22, 2021
Users of WordPress through GoDaddy are vulnerable after it’s been reported that phishing attacks have been successfully carried out through compromised emails and passwords. Ed Williams, director of Trustwave SpiderLabs comments: “A breach of this size is particularly dangerous around the holidays…Hackers try to take advantage of every new email address and password exposed in an attempt to launch phishing attacks and social engineering schemes. Enterprises, SMBs, and individuals using frequently targeted platforms like WordPress should ensure they are following strong password best practices: complexity, frequent password changes, not sharing passwords between applications, and multi-factor authentication. If possible, utilize an authenticator app to secure your account instead of traditional two-factor authentication via SMS, as hackers have recently been targeting users with specialized SMS phishing.”
GoDaddy WordPress data breach: A timeline
November 20, 2021
Ed Williams, EMEA Director of SpiderLabs, Trustwave, comments on the data breach: “Hackers try to take advantage of every new email address and password exposed in an attempt to try and launch phishing attacks and social engineering schemes.”
Cyber insurance expands in preparation of breaches fallout
November 17, 2021
The collaboration of the public and private sector could stem the growing tide of high-pact breaches. Kevin Kerr, lead security principal consultant for Trustwave, comments on the impact of multi-party breaches: “The financial impact to SolarWinds was significant, but who knows the actual financial impact…Right now, there is no centralized way to measure multi-party breach impact in costs, reputations, contracts. And each affected organization would measure that impact differently.”
Breach ripple effect leads to exponentially greater financial damage
October 27, 2021
SolarWinds is an example of ripple breaches, which are increasing 20% per year. Lead security principal consultant, Kevin Kerr, points to a recent attack to a central bank in Denmark where a trusted entity passed malware on to unsuspecting users.
The urgent need for the healthcare industry to develop cyber-resiliency
October 25, 2021
The black market value of healthcare records has shot up, according to a Trustwave report. Healthcare data records may now be valued up to $250 per record.
Secure your databases against opportunistic attackers
October 19, 2021
Findings from Radoslaw Zdonczyk at Trustwave have shown there will be login attempts to databases and internet servers before IP addresses are listed by scanners similar to Shodan, leading to an increase in vulnerabilities.
Security Expert Warns Windows 11 Could Yet Become Vista 2.0
October 16, 2021
Trustwave SpiderLabs’ Ed Williams shared his insights on how secure Windows 11 is for a feature article from UK journalist Davey Winder for Forbes
BlackByte: Free Decryptor Released for Ransomware Strain
October 15, 2021
A free decryptor for BlackByte ransomware was released by Trustwave SpiderLabs researchers after they cracked the crypto-locking malware's encryption
'Clumsy' BlackByte Malware Reuses Crypto Keys Worms Into Networks
October 15, 2021
Trustwave SpiderLabs’ latest research blog detailing the researchers’ findings on the BlackByte ransomware strain as well providing the decryptor so that victims might be able to use it to reverse the malware's damage
This is what happens when you’re hit by a ransomware attack
October 14, 2021
Trustwave SpiderLabs’ Ed Williams participates in a video interview with Danny Palmer at ZDNet discussing the ins and outs of a ransomware attack, how cyber criminals get into networks and what they actually do once inside
Ransomware: dealing with the aftermath
October 06, 2021
In this episode Trustwave’s Ed Williams and journalist Stephen Pritchard look at the 30 days after a ransomware attack, the impact of ransomware attacks on operations and reputation, and how businesses can recover
Telemetry Report Shows Patch Status of High-Profile Vulnerabilities
September 30, 2021
Twenty percent of this year’s new vulnerabilities were given a ‘high severity’ scoring by the NVD and given the speed with which malicious actors can start exploiting these vulnerabilities, researchers at Trustwave investigated and reported on how quickly industry patches them.
50% of Servers Have Weak Security Long After Patches Are Released
September 29, 2021
Karl Sigler, senior security research manager at Trustwave SpiderLabs, points to reasons why the number of disclosed vulnerabilities is trending upward.
Why organizations are slow to patch even high-profile vulnerabilities
September 29, 2021
To help organizations get a better handle on their patch management, Trustwave says organizations should assign an individual or a team to design a security program that covers risk management and policy, provide training, and implement an effective incident response plan.
The network effect and the search for resilient email security
September 28, 2021
Graeme Slogrove on how the ubiquity and resilience of email poses a cybersecurity threat many aren't paying attention to.
Manufacturers are too vulnerable to cyber attacks: bigger steps are needed
September 21, 2021
Trustwave provides insight into the two main drivers behind recent cyber attacks on manufacturing companies.
The Great Data E-Scrape
September 15, 2021
Eric Pinkerton explains how to safeguard personal data on social media platforms, in light of multiple data scrapes in 2021 alone.
Microsoft Azure Cosmos DB Incident Underscores the Need to Closely Watch Cloud Data
August 30, 2021
Following the significant vulnerability found in Microsoft’s Azure Cosmos DB service, companies are reminded that even the Big Three cloud providers can make mistakes and that organizations have to still worry about cloud database security.
A five-point strategy for taking on ransomware
August 23, 2021
Grayson Lenik of Trustwave Government Solutions shares how organizations can defend themselves against growing ransomware threats by training employees in security best practices, vetting the supply chain, implementing layers of defense and hacking their own organization in a byline article for SC Magazine.
Global MDR and MSS Leader Trustwave Sees 2x Demand In Ransomware Preparedness Services
August 19, 2021
With the surge in ransomware over the past year, Trustwave has seen a 2x demand for its ransomware preparedness services. The increase in demand has been driven by CEO and board-level interest in cyber resilience and preparedness, according to Darren Van Booven, Lead Principal Consultant at Trustwave and former CISO of the U.S. House of Representatives.
Six steps to stop manufacturers becoming the next ransomware headline
August 11, 2021
Trustwave’s lead principal consultant, Darren Van Booven, shares advice for the manufacturing industry on how to protect against ransomware attacks in a byline article for Information Age