Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

25 Years of Threats: How Cybersecurity Has Evolved Since 1995

To celebrate the 25th anniversary of Trustwave, we wanted to look back at how our profession has changed – specifically in regard to the evolution of threats, attacks and scams. As the leader of the renowned Trustwave SpiderLabs global security research team, Ziv Mador was the perfect person to interview for this topic. Find his full perspective below:

Q: How long have you been involved with cybersecurity?

Ziv: 24 years – soon to be 25! I joined the Microsoft R&D team in the summer of 1996. After I got my master’s degree, I started working on security related projects right away – so my entire career has really revolved around cybersecurity, although we didn’t use that term back then.

I started by joining a team that developed enterprise firewall products, then moved to Redmond and joined the Microsoft anti-malware team. That’s how I got exposed to this fascinating world of cybercrime – and I saw how upset organizations and people got as cybercriminals figured out how to exploit the early versions of Windows, which was being attacked by worms like Blaster, Slammer and Code Red. I was there when the famous Trustworthy Computing Memo was sent to all Microsoft employees, which really helped spur the development of the cybersecurity industry: looking for vulnerabilities, educating developers and collaborating with governments, developing testing standards, and all the many things we needed to figure out back then.

Q: What are some of the biggest security developments of the past 25 years, in your opinion?

Ziv: Well, let’s start with the cybercriminals, because they evolved first. Firms like Trustwave evolved in response, in a sense. 25 years ago, the biggest threats were spam, simple phishing and very simple malware. There were hardly any targeted attacks.

Even when people did develop malware, it really was kind of like the “garage workshop” version of malware – people were mostly trying to develop proofs of concept. If there was a vulnerability in Windows or other products, they wanted to develop code that would exploit it, but those exploits often were not reliable. Blaster used to crash so often that it was a warning sign of an infected computer. And because it was crashing so much, it was self-defeating.

The change in modern times is tremendous; malware currently is very reliable and very well constructed. Cybercriminals even distribute documents that show how to build malware. Cybercriminals now run robust and scalable operations for distributing malware and have figured out many ways to monetize their activities. It has become a very profitable illicit industry

Q: What’s the most memorable event you’ve been personally involved in?

Ziv: For me, it was the Conficker worm, from 2008. That was really a game-changer for the industry. I was part of the Microsoft team that responded to it. It’s not the only worm I’ve ever worked on, but the way the industry responded – and the potential that we all saw for something really bad to happen – was unique.

Conficker was the fastest spreading exploit ever, at the time. So, we created a working group, which included many security vendors from the industry, and we worked together on weekly and sometimes daily phone calls to discuss the malware and all of its evolutions. The exploit was using a Domain Generation Algorithm (DGA) to register a new domain every day – so the infected computers were constantly shifting to a new target, and that made it very hard to take down. But by working together we managed to decrypt the algorithm and started holding the URLs with registrars, so that when traffic was sent to those URLs, it was actually under our control. That helped us disrupt the botnets ability to do real harm, but also allowed us to collect telemetry. Eventually, the criminals completely abandoned the botnet.

Q: Over its history, what research items from Trustwave SpiderLabs do you think have been the most significant? 

Ziv: We’ve had many accomplishments, and some really interesting findings. SpiderLabs grew organically from about 5 people in 2005, to over 250 people today, and our capabilities have grown tremendously. Some of our most significant accomplishments, in my mind, have been:

  • The finding of enormous databases for sale on criminal forums ahead of the 2020 U.S. election, containing personally identifying information on almost every voter and almost every consumer in the United States and several other countries.
  • The GoldenSpy finding, which was a new malware family embedded in tax payment software that a Chinese bank required foreign corporations to install.
  • COVID-19 scams, which included stimulus payment schemes and used a variety of social engineering techniques, among other techniques.
  • In early 2019, we found government sites outside of the United States that had been hacked.
  • Beginning in 2015, we found multiple instances of exploit kits that were being used to develop malware, including Angler, Blackhole and others.
  • In 2016, we found an unknown zero day exploit for Windows for sale on the Dark Web for $90,000.
  • Carbanak was a massive cybergang that targeted banks, and was responsible for the “billion dollar bank hack.”
  • Cherry Picker was a targeted point of sale (POS) malware that we were the first to discover.
  • Pony was a massive password stealer that we foiled.
  • In 2012, the Zeus trojan banker process was thoroughly analyzed.

Learn more about the 25 year history of Trustwave and how we have become a global leader in threat detection and response.

Latest Trustwave Blogs

Phishing: The Grade A Threat to the Education Sector

Phishing is the most common method for an attacker to gain an initial foothold in an educational organization, according to the just released Trustwave SpiderLabs report 2024 Education Threat...

Read More

Unlocking Cyber Resilience: UK’s NCSC Drafts Code of Practice to Elevate Cybersecurity Governance in UK Businesses

In late January, the UK’s National Cyber Security Centre (NCSC) issued the draft of its Code of Practice on Cybersecurity Governance. The document's goal is to raise the profile of cyber issues with...

Read More

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More