CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

SpiderLabs – The Year in Review

It’s not exactly a secret that 2020 hasn’t been a year to remember fondly – to put it mildly. But as we begin to look ahead, not only to a new year but to what we all hope is an approaching return to normalcy, there are a few key takeaways from that really stand out to me.    

#1. One of the biggest impacts of this year, in large part thanks to the changes that the COVID event have forced on all of us, will be that every day, non-cybersecurity folks truly understand how the digital landscape is a part of their everyday lives. My parents now know how to use Zoom, order food on demand, and do anything online. Average businesses, across almost all verticals, are now immediately dependent on remote or virtual options. Sure, we would all love to be at a restaurant right now, but because of the circumstances, many folks have now been exposed to how to live life digitally – and for many it’s going to become a much more permanent shift. Organizations of all kinds will need to learn to adjust to that.

#2. In security testing, what surprised me the most was that the circumstances impelled cybercriminals to create a lot of really novel and inventive attacks. But those attacks have mimicked the form of the technology as we’ve had to move from inside the office to outside. So, we’ve seen attacker innovation around bypassing multi-factor authentication, around exploiting API’s (which is how organizations and applications speak to each other in a rapid manner), and some very cutting-edge attacks around authentication mechanisms for cloud services.

When everything is behind a firewall, inside the offices, the security testing that should take place needs to mimic the attackers. Now, with attackers completely changing their modus operandi,  a lot of the changes to cybersecurity will be here to stay. Our lives – as businesspeople and as consumers – are going to become a lot more digitally focused, and that’s going to create permanent changes in security testing as we respond to new threat profiles.

For example, this year the Trustwave SpiderLabs team has worked on a record number of red team exercises, which are really adversary simulations, all around the world. What’s really interesting is that so many organizations have been coming to us asking… what just happened to us as we suddenly moved to a full remote posture? Can an attacker go to our CEO’s administrator’s house and gain access to sensitive data? How much infrastructure was left up in an office building that literally no one is now going to? Red teaming has really been helpful to many organizations in terms of finding and closing those vulnerabilities which can lead to full remote access.  We’ve also helped a number of organizations answer some very tough, and very unexpected questions, like how susceptible to ransomware are we? Finally, we’ve tested how the psychological impact, in addition to the change to a remote work force, has expanded organizations' risk for successful phishing attacks.

Another challenge this year for organizations has involved the rapid deployment of application security, from protecting new digital payment systems, communicating virtually for business,  and beyond. We’ve conducted a record number of application security tests, which I suspect was due to this rapid shift. As complex as application testing can be, we have still assisted organizations in answering the question: “How can we do the basics better to make sure we’re not struggling on the low-hanging fruit side of things?”

On the Digital Forensics and Incident Response (DFIR) side of the house, we’ve seen that attackers have completely changed their methods because of COVID, where they’ve moved from physical attacks to completely virtual attacks, for example with the Best Buy gift card attacks. On the GoldenSpy finding, our threat hunting teams were showing how they could start to find those needles in the haystacks that can really help keep organizations safe – and I think the intelligent use of automation with great vendor technology to free up your cybersecurity resources has really helped make that possible. These were two great examples of detecting and responding for never-before-seen threats! And to cap it all off, some our criminal underground research has really been groundbreaking.

#3. Many organizations are going to permanently embrace some of the unexpected benefits of this sudden shift to work from home postures. Workers have realized quality of life enhancements, corporate leaders are realizing cost savings from being able to reduce physical footprints, and many of those cost-savings are already being put to use in other areas. That trend will continue and even accelerate. CISO’s should not miss out on this opportunity to divert those cost savings to their security program.

Looking forward to 2021, here’s how I’m advising my clients to prepare:

In 2020, many organizations had to figure out how to enact what amounted to a 3-year digital transformation – in a matter of months. It was very reactive by necessity, and it was open-ended due to no one knowing when the COVID pandemic would end. Organizations have figured out how to survive the initial shock, but the time now is to start preparing for the future. How should your budgets change? How should your networks change?

But most importantly, what so many organizations need to figure out is: where is your data? Is it in the cloud? Is it at someone’s home? Was some of it left relatively undefended in a remote office somewhere that no one has been to in 6 months? Finding all of that data, and protecting it, is probably the most important priority for most organizations as we begin this new year.


16795_once-future-cover-image
EBOOK

Once and Future Threats: What Security Testing Is and Will Be

To protect organizations from cybersecurity compromises, security testing needs to constantly evolve. This e-book defines some of the most common and lesser known security testing techniques and how they can be used to benefit your organization. It presents some of what Trustwave security experts learned about significant threats that organizations will face in the near future and discusses how best to mitigate those risks.

 

 

Latest Trustwave Blogs

The Power of Red and Purple Team Drills in Enhancing Offensive Security Programs

Despite investing in costly security solutions, keeping up with patches, and educating employees about suspicious emails, breaches still occur, leaving many organizations to wonder why they are...

Read More

Balancing Innovation and Security: How Offensive Security Can Help Navigate the Tech Industry’s Dual Challenges

Two of the greatest threats facing technology-focused organizations are their often-quick adoption of new technologies, such as artificial intelligence (AI), without taking security measures into...

Read More

Trustwave Government Solutions (TGS) Salutes New Mexico’s New Cybersecurity Executive Order

New Mexico Governor Michelle Lujan Grisham issued an Executive Order to shore up the state’s cybersecurity readiness and better safeguard sensitive data by conducting a state-wide security assessment...

Read More