Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Spider Tales: The Top 9 SpiderLabs Stories of 2019

From malware reverse-engineering projects and breach investigations to thousands of penetration tests conducted, the Trustwave SpiderLabs team is one of the elite cybersecurity units known around the globe. One reason why they’ve constantly garnered more attention and acclaim is through sharing the wealth of knowledge they obtain through the SpiderLabs blog.

Attracting more than a half-million annual readers, it’s considered one of the security community’s go-to destinations for technical breakdowns of the latest threats, vulnerability disclosures, in addition to announcements on open-source tools released by the Spiders.

After a slew of big events in 2019, we’ve decided to compile a list of the top nine SpiderLabs posts of the year that feature insights on malware, penetration testing tools and techniques and one major vulnerability disclosed.

9. Hardcoded Credentials in Uniguest Kiosk Software Lead to API Compromise

Hotels are always looking for ways to make their operations more efficient. If you’ve traveled within North America at all, chances are you’ve come across shared kiosk machines in hotel lobbies. In July, the SpiderLabs team shared some serious vulnerabilities in Uniquest software found in these machines that could result in exposed credentials.

8. Tracking the Chameleon Spam Campaign

Spam campaigns always come and go, but when they’re discovered chances are they’ve already wreaked tremendous havoc. In September, the SpiderLabs team wrote on a high-volume spam campaign that was found to be very prominent in their spam traps. The messages in the campaign included randomized headers, thus earning it the moniker, “Chameleon.”

7. Digging Deep into Magecart Malware Part II

Online miscreants are always looking for ways to monetize their nefarious deeds online, which is why online shopping cart systems are the perfect target. The Magecart hacker group reached notoriety by compromising these systems. In this second installment of a two-part series focusing on the malware they leveraged, the SpiderLabs team takes a close look at a domain used. To exfiltrate data by attackers.

6. Digital Canaries in a Coal Mine: Detecting Enumeration with DNS and AD

Given that Domain Name Services (DNS) are a fundamental part of any network, cyber attackers will likely want to enumerate computers in Active Directory and connect them, resulting in them interacting with the DNS as well. In this technical post, Trustwave SpiderLabs Principal Security Consultant Stephan Borosh writes on using DNS and Active Directory to detect. Adversarial enumeration.

5. AttackSurfaceMapper – Automate and Simplify the OSINT Process

The primary goal for any security professional today is to present less of a target-rich environment for the slew of cyber swindlers aiming to compromise critical assets. That’s why penetration testing comes in handy for organizations. This article outlines an open-source tool created by the SpiderLabs team for intended. To speed up and simplify the reconnaissance process for pen testers.

4. Digging Deep Into Magecart Malware

Following a PCI forensic triage on a website by the SpiderLabs team, the first post on the Magecart group’s tactics provided a deep breakdown of the malware used by the threat actors. The inner workings of the malware drummed up a lot of attention.

3. Double-Loaded Zip File Delivers Nanocare

Seeing as more malware is sent via emails and is package in archives such as ZIP, RAR, and (7-Zip), they can be clever in how these malicious archives are crafted. This article examines an example of an oddly formatted ZIP archive hiding the NanoCore malware.

2. BEC Payroll Scam: Your Salary is Mine!

If a tactic works for attackers, chances are they’ll glom onto it until it doesn’t. That’s the case with Business Email Compromise (BEC) attacks. They’ve been working for years and they continue to do so. This post examines one successful plot that takes aim at an organization’s HR department.

1. Fake Windows Update Spam Leads to Cyborg Ransomware and Its Builder

If you’re an employee at a business and are told to pay attention to updates, then you’ll likely be paying attention if one comes across your screen, or into your inbox. That’s what attackers took advantage of in this campaign that posed as an email from Microsoft that claims to be “critical update,” but really results in downloading a nasty piece of ransomware.
 

To learn more about the SpiderLabs team or read more archived material that provides information on emerging threats and also be sure to tune into the next post hitting the blog soon!

Marcos Colón is the content marketing manager at Trustwave and a former IT security reporter and editor.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More