Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Email Security Must Remain a Priority in the Wake of the LabHost Takedown and BEC Operator’s Conviction

Two positive steps were taken last month to limit the damage caused by phishing and Business Email Compromise (BEC) attacks when a joint action by UK and EU law enforcement agencies compromised the infrastructure of the phishing-as-a-service operation LabHost and a major BEC operator was convicted in US Federal Court.

While law enforcement operations are integral to defeating cybercrime, disrupting one or two adversary groups does not minimize the threat. Organizations must still be prepared to defend themselves with layered email security and employee education.


Disrupting LabHost

In April, London Metropolitan Police, with the support of Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT), raided 70 LabHost-associated locations worldwide, arresting 37 suspects and severely disrupting LabHost.

The investigation uncovered at least 40,000 phishing domains linked to LabHost, which had around 10,000 users globally and gave law enforcement access to a treasure trove of data that will be used to target those using the LabHost platform.

LabHost offered a three-tiered pricing structure, Standard, $179 per month; Premium, $249 per month; and World Membership, $300 per month. LabHost provided a range of customizable illicit services that could be deployed with just a few clicks. Depending on the subscription level, criminals were given access to an increasing scope of targets, including financial institutions, postal delivery services, and telecommunications providers. LabHost offered a selection of over 170 fake websites, enabling users to choose from a variety of convincing phishing pages.

LabHost's destructiveness was amplified by its integrated campaign management tool, LabRat. This feature allowed cybercriminals to monitor and control their attacks in real-time. LabRat was designed to capture two-factor authentication codes and credentials, enabling criminals to bypass enhanced security measures.


BEC Scammer Pays the Price

Separately, a federal jury in Connecticut convicted an extradited Nigerian citizen for operating a BEC scam responsible for more than $6 million in losses and intended losses, the FBI reported. While this single event will not stop the rising tide of email-based attacks, it does show the continued severity of the situation and highlights the need for organizations to take email security seriously and properly defend themselves.

According to the FBI, Okechuckwu Valentine Osuji and his co-conspirators conducted a classic BEC operation targeting specific individuals and businesses by masquerading as trustworthy entities in electronic communications to obtain money.

The BEC scams operated for multiple years, during which numerous victims were tricked into transferring funds into bank accounts the victims believed were under the control of legitimate recipients of the funds as part of normal business operations, when in reality, Osuji and his co-conspirators controlled the bank accounts, the FBI said. As a result of the scheme, losses and intended losses totaled over $6.3 million.


How Trustwave MailMarshal Secures Your Email

Trustwave MailMarshal is optimized to detect and stop phishing attacks before they are delivered to an employee’s inbox, where the odds of a mistaken click increase greatly. Unfortunately, when it comes to phishing, the human factor remains the most vulnerable and even more so now as Large Learning Modules, such as ChatGPT, make it easy to create accurate and believable social engineering messages.

MailMarshal’s abilities were recently recognized by email security analyst firm Radicati Group, which named MailMarshal a Trail Blazer in its Secure Email Market Quadrant 2024 report.

The report cited Trustwave MailMarshal’s advanced email encryption, malware analysis sandbox, advanced threat protection, image analyzer, and antivirus software support as features that helped the MailMarshal solution stand out from its competitors.

“Trustwave MailMarshal addresses email and cybersecurity threats through a single platform that offers advanced protection leveraging proprietary threat intelligence and research, policy configuration, and in-depth data security and compliance management,” the report noted. “The latest version includes an improved Management Console with enhanced email inspection and reporting.”


The Benefits of Trustwave MailMarshal

  • Over 12,000 unknown pieces of malware are detected each day by MailMarshal’s artificial intelligence and machine learning engines.
  • Protects against ransomware attacks, Business Email Compromise (BEC), phishing scams, malware, and Zero-Days.
  • Zero clients reported ransomware infection in 20+ years.
  • More than 99.999% malware and exploit capture rate.
  • < 0.001% spam false positives.
  • Layered threat intelligence powered by telemetry from 5,000+ global MSS/ MDR clients and ML-powered algorithms.
  • Granular control of internal SMTP traffic.
  • Decades of leadership in email security supported by Trustwave SpiderLabs’ elite threat detection security team.
  • Deploy on-prem or hybrid cloud.
  • Complements Microsoft 365 and other cloud email solutions.

Trustwave MailMarshal

Begin your journey to improved email security here.

Latest Trustwave Blogs

How Deepfakes May Impact Upcoming Elections Worldwide

The common fear regarding election interference is that a threat actor will gain access to either ballot machines or the networks that tally votes. However, there is a much easier method a person...

Read More

Get to Know MXDR: A Managed Detection and Response Service for Microsoft Security

The Microsoft 365 E5 license gives users entitlements to numerous Microsoft Security products—so many, in fact, that as companies deploy the Microsoft Security suite, they may need a managed...

Read More

Trustwave eBook Now Available: 8 Experts on Offensive Security

It is now obvious that defensive measures alone are no longer sufficient to protect an organization from cyberattacks. Threat actors are increasing their capacity at such a rate that merely sitting...

Read More