Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

2020 and Cybersecurity - A Perspective

As the leader of the Trustwave SpiderLabs global security research team, I spend my days exploring some of the darkest corners of the web, searching for vulnerabilities, gathering threat intelligence and generally doing whatever I can to help thwart cybercrime.

In this year alone, Trustwave SpiderLabs made two of the biggest discoveries in our history, with the discovery of massive voter and consumer databases for sale on hacker forums and the discovery of GoldenSpy, a malware installed in a tax reporting software that foreign companies operating in China were required to use.  

Additionally, we have discovered vulnerabilities in a variety of products and services that we report responsibly to vendors while helping them confirm the patches address the discovered issues. Examples include Schneider Electric PLC, SAP ASE and IBM DB2 databases and Microsoft Teams, among many others.

Looking back at all the work we have done in 2020, there are a few key insights on global cybersecurity that stand out to me, along with trends that organizations should be aware of – and begin preparing for – in the year to come.

Cybercrime Is Becoming More Innovative  

In 2020, cybercriminals continued demonstrating creativity and relentless persistence in creating social engineering attacks and other cyberattacks. Cybercriminals who try to distribute malware and phishing in masses (e.g. distributing general ransomware) continuously create new variants and mutations to evade detection. New formats are used with malicious URLs to make it difficult to detect and block them. Cybercriminals who are financially motivated identified some cybercrime "cash cows" such as ransomware and BEC. They are used heavily and will continue to be.

Attacks Are More Sophisticated

Cybercriminals that conduct targeted attacks, especially advanced persistent threats (APTs) and nation-state actors, continue to demonstrate an incredibly high level of sophistication. That's also true for targeted ransomware attacks, where the requested ransom payments from corporations (which are often paid) add up to millions of dollars.

Just recently we were given another chilly reminder of the sophistication used in APT attacks. Certain actors, whose identity is still unknown at this time, have managed to compromise large numbers of organizations and corporations, including some government entities and major vendors, by installing malicious files through the update mechanism of SolarWinds, an IT management software. As the story unfolds, we see the determination of those actors, for example in stealing hundreds of attack and evaluation tools that were developed and used by the cybersecurity vendor FireEye.

We also saw that just before the 2020 elections in the United States, the FBI and Department of Justice confirmed that several countries obtained detailed voters' lists and could use them. We discovered at that time that such voter databases and massive databases with information about consumers in the US and in other countries circulate in certain hacker forums. The level of details about citizens in those databases was huge and beyond what many would expect.

COVID Showed That Nothing Is Off Limits

When the COVID-19 situation started, cybercriminals quickly realized that they could monetize the opportunity. They launched numerous scams that leveraged this unprecedented global catastrophe, including malicious Corona maps, phishing sites that exploited the distribution of stimulus and relief funds in various countries, scams targeting people who switched to working from home, or scams that targeted people who were left without income and were desperately looking for a new job.

While we have seen that there is a kind of code of honor among some cybercriminals, seeking to profit from a pandemic that has killed over a million people is sadly not covered by that code – organizations of all kinds, but especially in the health care sector, should be aware, and plan accordingly.

Working from Home Is A Vulnerability

As we’ve previously covered, the COVID-19 pandemic forced an enormous and almost instant switch to massive work from home postures. Unfortunately, that meant cybercriminals were able to target our workforce more easily. There is less scrutiny when people work from home. As the work from home trend is projected to continue, even after the pandemic ends, that will require companies and organizations to keep educating their users about the risks and how to be vigilant.

Looking Ahead to 2021

I expect continuous efforts of cybercriminals to attack consumers, corporations, and a variety of organizations with different motives in mind. Most cybercriminals are after financial profits and therefore financially motivated attacks will continue with increased intensity – but as the FireEye breach has shown, national and political motivations will also play a huge role.

Forums on the dark web will continue to be used to sell and buy stolen information such as user credentials, credit card information, remote access into hacked networks and more. Therefore, we will continue seeing phishing and sniffing attacks that capture that information. The sad reality is, since most cybercriminals can conduct activity very profitably, with minimal physical risk, it will continue to attract more and more players.

APTs will intensify their attacks on corporations and government targets and demonstrate increasing levels of sophistication. No target is excluded from or immune to these attacks. Organizations should continuously examine their security posture and educate their users about the risks.

Remember – your assumption should always be that it’s not a question of whether or not you’re going to be hacked, but when you will be hacked. Using recurrent proactive threat hunting and penetration testing is vital!

 
16254_the-underground-economy-coverEBOOK

The Underground Economy

What happens after cyber thieves successfully compromise businesses? If you think siphoning sensitive data instantly leads to money in their account, you're wrong. What proceeds is series of anonymous paths they can take to ultimately reap their reward. In this comprehensive guide, the Trustwave SpiderLabs team provides you with a view into the deep abyss of the dark web--where the criminally minded operate to hide their tracks from law enforcement.

 

 

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More