Phishing is the most common method for an attacker to gain an initial foothold in an educational organization, according to the just released Trustwave SpiderLabs report 2024 Education Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies. Why phishing? Simplicity is the primary reason.

In late January, the UK’s National Cyber Security Centre (NCSC) issued the draft of its Code of Practice on Cybersecurity Governance. The document's goal is to raise the profile of cyber issues with organizational directors and senior leaders and encourage them to shore up their defenses from cyber threats.

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s incumbent upon healthcare organizations to limit their exposure, and minimize the likelihood of cyberattacks.

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber weaknesses, especially when it comes to ransomware.

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow won’t impact ransomware overall. As in the past, another group will pick up the slack, or LockBit itself will reform and get back into business.

Ten years ago, Congress passed the "CAN-SPAM Act" (also known as theYou-CAN-SPAM Act, since it defined legal spam and supersedes any stricter state-antispam laws). One of the provisions of the act is that there must be a legitimate physical address in the email. Spammers have long tried different tactics to get around this.

Just weeks after Trustwave SpiderLabs reported on the Greatness phishing-as-a-service (PaaS) framework, SpiderLabs’ Email Security team is tracking another PaaS called Tycoon Group. The team found Tycoon Group during a regular investigation into a phishing incident, and its distinctive method of communication to its phishing server convinced the team to further explore this active PaaS operation.

Trustwave SpiderLabs is wrapping up a multi-month investigation into the threats facing the education sector, across higher education, primary and secondary schools. Trustwave will post the 2024 Education Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies report on February 22, but here are a couple of early findings along with a round-up of some of the higher-profile attacks on education targets that have taken place in the last year.

Many organizations downplay the critical aspect of whether their cybersecurity provider has the ability to properly vet a third-party vendor's cybersecurity posture. There are multiple reasons behind this and there are also considerations of where the cybersecurity vetting process can go off the rails during supply chain purchases.

For the fifth consecutive year, the leading channel publication CRN named Trustwave to its 2024 Managed Service Provider (MSP) 500 list in its Security 100 category. The Trustwave Global Channel Partner Program earned recognition for providing one of the industry's most extensive collections of security products and services. These offerings cater to enterprise requirements in threat detection and response, as well as vulnerability and risk management.