From malware reverse-engineering projects and breach investigations to thousands of penetration tests conducted, the Trustwave SpiderLabs team is one of the elite cybersecurity units known around the globe. One reason why they’ve constantly garnered more attention and acclaim is through sharing the wealth of knowledge they obtain through the SpiderLabs blog.
Attracting more than a half-million annual readers, it’s considered one of the security community’s go-to destinations for technical breakdowns of the latest threats, vulnerability disclosures, in addition to announcements on open-source tools released by the Spiders.
After a slew of big events in 2019, we’ve decided to compile a list of the top nine SpiderLabs posts of the year that feature insights on malware, penetration testing tools and techniques and one major vulnerability disclosed.
9. Hardcoded Credentials in Uniguest Kiosk Software Lead to API Compromise
Hotels are always looking for ways to make their operations more efficient. If you’ve traveled within North America at all, chances are you’ve come across shared kiosk machines in hotel lobbies. In July, the SpiderLabs team shared some serious vulnerabilities in Uniquest software found in these machines that could result in exposed credentials.
8. Tracking the Chameleon Spam Campaign
Spam campaigns always come and go, but when they’re discovered chances are they’ve already wreaked tremendous havoc. In September, the SpiderLabs team wrote on a high-volume spam campaign that was found to be very prominent in their spam traps. The messages in the campaign included randomized headers, thus earning it the moniker, “Chameleon.”
7. Digging Deep into Magecart Malware Part II
Online miscreants are always looking for ways to monetize their nefarious deeds online, which is why online shopping cart systems are the perfect target. The Magecart hacker group reached notoriety by compromising these systems. In this second installment of a two-part series focusing on the malware they leveraged, the SpiderLabs team takes a close look at a domain used. To exfiltrate data by attackers.
6. Digital Canaries in a Coal Mine: Detecting Enumeration with DNS and AD
Given that Domain Name Services (DNS) are a fundamental part of any network, cyber attackers will likely want to enumerate computers in Active Directory and connect them, resulting in them interacting with the DNS as well. In this technical post, Trustwave SpiderLabs Principal Security Consultant Stephan Borosh writes on using DNS and Active Directory to detect. Adversarial enumeration.
5. AttackSurfaceMapper – Automate and Simplify the OSINT Process
The primary goal for any security professional today is to present less of a target-rich environment for the slew of cyber swindlers aiming to compromise critical assets. That’s why penetration testing comes in handy for organizations. This article outlines an open-source tool created by the SpiderLabs team for intended. To speed up and simplify the reconnaissance process for pen testers.
4. Digging Deep Into Magecart Malware
Following a PCI forensic triage on a website by the SpiderLabs team, the first post on the Magecart group’s tactics provided a deep breakdown of the malware used by the threat actors. The inner workings of the malware drummed up a lot of attention.
3. Double-Loaded Zip File Delivers Nanocare
Seeing as more malware is sent via emails and is package in archives such as ZIP, RAR, and (7-Zip), they can be clever in how these malicious archives are crafted. This article examines an example of an oddly formatted ZIP archive hiding the NanoCore malware.
2. BEC Payroll Scam: Your Salary is Mine!
If a tactic works for attackers, chances are they’ll glom onto it until it doesn’t. That’s the case with Business Email Compromise (BEC) attacks. They’ve been working for years and they continue to do so. This post examines one successful plot that takes aim at an organization’s HR department.
1. Fake Windows Update Spam Leads to Cyborg Ransomware and Its Builder
If you’re an employee at a business and are told to pay attention to updates, then you’ll likely be paying attention if one comes across your screen, or into your inbox. That’s what attackers took advantage of in this campaign that posed as an email from Microsoft that claims to be “critical update,” but really results in downloading a nasty piece of ransomware.
To learn more about the SpiderLabs team or read more archived material that provides information on emerging threats and also be sure to tune into the next post hitting the blog soon!
Marcos Colón is the content marketing manager at Trustwave and a former IT security reporter and editor.