The most popular Trustwave blog posts in 2021 were indicative of the year itself in cyber. There was a steady drumbeat of cybersecurity headlines along with several widespread attacks that caught mainstream news attention. Organizations also increased their understanding of how managed detection and response services can help protect critical data in the age of advanced threats and complex cloud environments.
Check out the 2021 year in review through the top Trustwave blogs:
Trustwave's Action Response: Log4j Zero-Day Vulnerabilities CVE-2021-44228 and CVE-2021-45046
Just as we thought we might escape 2021 without another major exploit, Trustwave security and engineering teams became aware of the Log4j zero-day CVE-2021-44228 on December 9. They then found the additional CVE-2021-45046 vulnerability on December 14. We immediately investigated the vulnerabilities and potential exploits. Trustwave's infrastructure was not adversely affected by the vulnerability / exploit and our teams immediately jumped into action to protect our clients and inform them of the threat.
How I Hacked A Nuclear Power Plant
In a Q&A blog posted in March, Charles Hamilton, Principal Security Consultant at Trustwave SpiderLabs, discussed how he hacked into a nuclear power plant while conducting a penetration test. The pentest found several vulnerabilities, including the facility using long-outdated Windows NT 4.0 management software and having weak security on a WIFI hotspot. The latter issue allowed Hamilton to access the corporate network gaining domain-level privilege.
Trustwave's Action Response: Kaseya VSA Zero-Day Ransomware Attack
On the afternoon of July 2, reports indicated that the REvil ransomware gang was actively targeting managed service providers (MSPs) who use Kaseya Virtual System/Server Administrator (VSA) with a zero-day attack. Trustwave immediately jumped into action to protect our clients, actively responded to threats, and shared top mitigations.
The Trustwave SpiderLabs team quickly followed up with a further analysis of the attack.
The Aftermath of a Ransomware Attack: How to Recover and Better Prepare
The Kaseya VSA ransomware attack in July compromised about 60 Managed Service Providers and 1,500 of their respective clients' systems, resulting in more than 1 million individual lockups. Shawn Kanady, Director, Threat Fusion & Hunt at Trustwave, blogged just after the attack that Kaseya's situation should have given all organizations ample reason to remain vigilant and be prepared to handle an attack and its aftermath. In the blog, he listed three steps companies should keep in mind while they recover from an incident.
Nobelium Targeting Resellers and Service Provers
In October, the Russia-based cyber gang Nobelium, which analysts believe to be responsible for the December 2020 SolarWinds attack, was on the move again, targeting resellers and IT service providers attempting to infiltrate their customers' systems, according to a Microsoft report. Karl Sigler, Senior Security Research Manager at Trustwave, found it interesting that during this recent spate of attacks Nobelium no longer used a vulnerability to gain initial access. Instead, the group resorted to more common tactics such as password spraying and phishing to steal legitimate credentials and gain privileged access.
In today’s hyper-connected world, cyberattack risks have never been more pronounced. Threat actors continue to develop malicious, ingenious tricks and techniques to stay one step ahead of security systems and response specialists. As a result, a more focused and proactive approach to detecting, investigating, and responding to threats is required. In this guide, we break down the comparison between Managed Detection and Response (MDR) and Managed Security Services (MSS) and how to determine what to look for in providers.
What You Need To Know About the New Essential 8 Mitigation Strategies
In July 2021, the Australian Cyber Security Centre (ACSC) released that agency's Essential 8 (the E8) maturity model. This notification was an update of a list originally published in 2017. In a September blog post, Trustwave Principal Security Advisors Arun Raghu and Eder Plansky looked at the key changes made in the new list. These include redefining the E8 maturity levels, moving to a stronger risk-based approach to implementation, and applying the mitigation strategies as a package.
Defining EDR, XDR and MDR: Understanding the Components Behind Threat Detection and Response
Leaders must have a firm understanding of what tools are available to implement proper security at their organization. To that end, in a June blog, Trustwave broke down Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), and Managed Detection and Response (MDR) to help facilitate and inform decision-makers.
World-Class MSS DNA Makes MDR All the More Powerful
Tom Powledge, Chief Product Officer and Senior Vice President of Managed Security Services at Trustwave, in a March blog, discussed Trustwave being named a leader in the Forrester Wave for Managed Security Services. He noted that the key component of this leadership position is due to the company's ability to successfully integrate its elite Trustwave SpiderLabs team and its world-class threat intelligence into our core MSS offerings.
Trustwave 2021 Email Threat Report Highlights Critical Trends in Email Security in the Age of Advanced Threats
In May, Trustwave issued its 2021 Email Threat Report. Some highlights included:
- Microsoft Excel file attachments were the single most significant attachment type utilized by attackers in 2020, representing 39% of malicious attachments, up from 7 percent in 2019.
- 43% of malicious Excel attachments made use of Excel 4.0 macros.
- Longer-term attacks seem to lead as the preferred method of email attack.
- Over 50% of BEC emails come from Gmail accounts.
- Phishers increasingly used free cloud infrastructure to host phishing pages and files for sending emails, hosting phishing pages, storing files and more.
Trustwave 2021 Network Security Report Shows How Threats Have Evolved in a Remote Workforce World
The COVID-19 pandemic created enormous challenges for businesses worldwide – and cybersecurity challenges were prominent among them. Employees transitioning to a remote work environment created new vulnerabilities in network systems designed for a centralized, in-office workforce. As a result, there was a subsequent spike in cybercriminal activity, as bad actors hastened to take advantage of the situation, along with an increase in malware attacks and other network security threats.
To give organizations a better view of how the network security landscape has evolved, Trustwave SpiderLabs utilized its internal and external network vulnerability scanning systems and threat intelligence to discover which threats were most pervasive. They compiled their findings in the 2021 Network Security Report.
2021 Network Security Report
There’s been no shortage of malicious attacks and bad actors the past year – and no signs of the threat landscape slowing down. Trustwave compiled a report of popular network attack methods and suggested mitigation tactics for organizations to prepare their defenses. Read our 2021 Network Security Report for an overview of the prevalent threats over the last several months and proactive security measures you should take.