When it comes to choosing a manufacturer to target for attack, threat groups have a healthy list of tools from which to choose. All of which are made more powerful due to this industry’s complex cybersecurity posture, driven by the increasing integration of IT/OT environments.

The line between Information Technology (IT) and Operational Technology (OT) has been blurring for years and what once were two distinct realms — IT managing data and networks, and OT controlling physical processes on the production floor — are now converging to drive smarter, more efficient manufacturing.

As the manufacturing sector continues to modernize and develop deeper and wider connections to the Internet, the industry has opened itself up to a broad range of sophisticated cyberattacks designed to take advantage of this sector’s still-developing cyber defenses. Trustwave SpiderLabs explains these and other issues facing manufacturers in its just released 2025 Trustwave Risk Radar Report: Manufacturing Sector, and offers a list of protective mitigations organizations can adopt.

The European Union (EU) Network and Information Security Directive 2 (NIS2) introduces stricter cybersecurity requirements than its predecessor, the original NIS Directive. With the compliance deadline fast approaching, in-scope organizations must take proactive steps to ensure they have enacted NIS2 requirements, thereby strengthening their security posture.

In the first part of Trustwave SpiderLabs’ Russia-Ukraine war blog series, we gave a brief look at our major findings as well as the main differences between how Russia and Ukraine wage attacks in the digital frontlines. In this part of our series, we shed light on how both countries target government entities, defense organizations, and even human targets as part of their overall strategy to win the war.

Trustwave is set to unveil the 2025 Trustwave Risk Radar: Manufacturing Sector - a deep dive into the most pressing cybersecurity risks facing the industry - on February 26 as part of Trustwave SpiderLabs’ multi-year research into the particularly unique set of cybersecurity threats positioned against the manufacturing sector. Pre-register now to be among the first to receive this comprehensive research plus additional deep dives and expert-led webinar overviews of the materials.

Trustwave has attained authorized status by the Federal Risk and Authorization Management Program (FedRAMP) for its Government Fusion platform. This announcement follows Trustwave being named last year as an official StateRAMP-authorized vendor. These achievements cap a multi-year journey through the FedRAMP process and make Trustwave the only pure-play Managed Detection and Response (MDR) provider recognized by FedRAMP.

There was once a famous advertising tagline used in TV commercials. "But wait, there's more!" This line was used to sell knives that could cut through a soda can and stay sharp enough to slice a tomato, but now there is a more up-to-date situation where the line is still applicable. "You bought Microsoft 365, great!

The Payment Card Industry Data Security Standard (PCI DSS) has long been recognized as the gold standard for payment security, establishing rigorous protocols for organizations that handle credit and debit card data. Designed to bolster defenses and minimize the risk of costly data breaches, PCI DSS is now poised for a major evolution. With the introduction of PCI DSS 4.0, new compliance requirements will become mandatory starting March 31, 2025.

In a statistical report published in September 2024 by the Federal Bureau of Investigation (FBI), it was revealed that more than US$55 billion was lost to business email compromise (BEC) attacks between October 2013 and December 2023. This profitability drives attackers to further their techniques and adapt to security filters. BEC is a highly sophisticated and researched scam that aims to bait a specific type of employee or department in a company.