The most popular Trustwave blog posts in 2021 were indicative of the year itself in cyber. There was a steady drumbeat of cybersecurity headlines along with several widespread attacks that caught mainstream news attention. Organizations also increased their understanding of how managed detection and response services can help protect critical data in the age of advanced threats and complex cloud environments.
Check out the 2021 year in review through the top Trustwave blogs:
Just as we thought we might escape 2021 without another major exploit, Trustwave security and engineering teams became aware of the Log4j zero-day CVE-2021-44228 on December 9. They then found the additional CVE-2021-45046 vulnerability on December 14. We immediately investigated the vulnerabilities and potential exploits. Trustwave's infrastructure was not adversely affected by the vulnerability / exploit and our teams immediately jumped into action to protect our clients and inform them of the threat.
In a Q&A blog posted in March, Charles Hamilton, Principal Security Consultant at Trustwave SpiderLabs, discussed how he hacked into a nuclear power plant while conducting a penetration test. The pentest found several vulnerabilities, including the facility using long-outdated Windows NT 4.0 management software and having weak security on a WIFI hotspot. The latter issue allowed Hamilton to access the corporate network gaining domain-level privilege.
On the afternoon of July 2, reports indicated that the REvil ransomware gang was actively targeting managed service providers (MSPs) who use Kaseya Virtual System/Server Administrator (VSA) with a zero-day attack. Trustwave immediately jumped into action to protect our clients, actively responded to threats, and shared top mitigations.
The Trustwave SpiderLabs team quickly followed up with a further analysis of the attack.
The Kaseya VSA ransomware attack in July compromised about 60 Managed Service Providers and 1,500 of their respective clients' systems, resulting in more than 1 million individual lockups. Shawn Kanady, Director, Threat Fusion & Hunt at Trustwave, blogged just after the attack that Kaseya's situation should have given all organizations ample reason to remain vigilant and be prepared to handle an attack and its aftermath. In the blog, he listed three steps companies should keep in mind while they recover from an incident.
In October, the Russia-based cyber gang Nobelium, which analysts believe to be responsible for the December 2020 SolarWinds attack, was on the move again, targeting resellers and IT service providers attempting to infiltrate their customers' systems, according to a Microsoft report. Karl Sigler, Senior Security Research Manager at Trustwave, found it interesting that during this recent spate of attacks Nobelium no longer used a vulnerability to gain initial access. Instead, the group resorted to more common tactics such as password spraying and phishing to steal legitimate credentials and gain privileged access.
In July 2021, the Australian Cyber Security Centre (ACSC) released that agency's Essential 8 (the E8) maturity model. This notification was an update of a list originally published in 2017. In a September blog post, Trustwave Principal Security Advisors Arun Raghu and Eder Plansky looked at the key changes made in the new list. These include redefining the E8 maturity levels, moving to a stronger risk-based approach to implementation, and applying the mitigation strategies as a package.
Leaders must have a firm understanding of what tools are available to implement proper security at their organization. To that end, in a June blog, Trustwave broke down Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), and Managed Detection and Response (MDR) to help facilitate and inform decision-makers.
Tom Powledge, Chief Product Officer and Senior Vice President of Managed Security Services at Trustwave, in a March blog, discussed Trustwave being named a leader in the Forrester Wave for Managed Security Services. He noted that the key component of this leadership position is due to the company's ability to successfully integrate its elite Trustwave SpiderLabs team and its world-class threat intelligence into our core MSS offerings.
In May, Trustwave issued its 2021 Email Threat Report. Some highlights included:
- Microsoft Excel file attachments were the single most significant attachment type utilized by attackers in 2020, representing 39% of malicious attachments, up from 7 percent in 2019.
- 43% of malicious Excel attachments made use of Excel 4.0 macros.
- Longer-term attacks seem to lead as the preferred method of email attack.
- Over 50% of BEC emails come from Gmail accounts.
- Phishers increasingly used free cloud infrastructure to host phishing pages and files for sending emails, hosting phishing pages, storing files and more.
The COVID-19 pandemic created enormous challenges for businesses worldwide – and cybersecurity challenges were prominent among them. Employees transitioning to a remote work environment created new vulnerabilities in network systems designed for a centralized, in-office workforce. As a result, there was a subsequent spike in cybercriminal activity, as bad actors hastened to take advantage of the situation, along with an increase in malware attacks and other network security threats.
To give organizations a better view of how the network security landscape has evolved, Trustwave SpiderLabs utilized its internal and external network vulnerability scanning systems and threat intelligence to discover which threats were most pervasive. They compiled their findings in the 2021 Network Security Report.
RESEARCH REPORT
2021 Network Security Report
There’s been no shortage of malicious attacks and bad actors the past year – and no signs of the threat landscape slowing down. Trustwave compiled a report of popular network attack methods and suggested mitigation tactics for organizations to prepare their defenses. Read our 2021 Network Security Report for an overview of the prevalent threats over the last several months and proactive security measures you should take.
