Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

September 2023

Trustwave Attains Two Microsoft Partner Milestones

Trustwave has achieved two highly sought-after achievements from Microsoft, reaching Microsoft Verified Managed Extended Detection and Response (MXDR) Solution status and becoming a FastTrack Ready Partner for Microsoft 365. These achievements will allow Trustwave to utilize the skills of its elite SpiderLabs team to better secure clients and deeper security solutions and integration with Microsoft Sentinel and Defender.

Amazon (AWS) S3 Bucket Take Over

Let’s try something a bit different and take a look at some of Trustwave SpiderLabs’ Open Source Intelligence (OSINT) research findings, and exploitation of vulnerable buckets and domains. I published this research internally on February 3, 2023, and here are my findings. Today, I will share with you how deleted S3 buckets could become a liability or threat to your organization and highlight the importance of cybersecurity in data and asset management.

The Beauty of a Red Team Exercise: When One Discovery Leads to Potentially Saving Lives

What started out as a standard Red Team test designed to check the security capabilities of several Australian hospitals, led to a chain of events that eventually uncovered serious security flaws in remote-capable insulin pumps that, if abused could have had disastrous consequences. The hospitals, all of which are part of a connected healthcare system, had contracted with Trustwave to conduct the Red Team tests against several of their facilities.

A Comprehensive Guide to Securing Data in the Digital Age

In today's rapidly evolving digital landscape, data stands as the linchpin of modern business operations. However, safeguarding sensitive data has grown into a formidable challenge for enterprises in recent times. The surge in data volume and escalating threats are not the sole culprits; the pivotal shift toward digitalization has prompted organizations to migrate their data and IT infrastructure to a diverse blend of private and public clouds.

Multiple Command and Control (C2) Frameworks During Red Team Engagements

When conducting Red Team engagements, more than one Command and Control (C2) framework would typically be used as part of our delivery process and methodology. We would be unintentionally limiting our options if we only had one Command and Control framework to depend upon, which would be less realistic when comparing it to an attack from real threat actors who seem to have infinite time and resources available. The use of multiple Command and Control frameworks is essential.

ChatGPT Update: How Security Teams and Threat Actors are Using Artificial Intelligence

ChatGPT and other Large Learning Modules have been in use for less than a year, yet these applications are transforming at an almost exponential rate. The changes taking place present an odd duality for the cybersecurity world. It is both a boon and a danger to security teams. In some cases, enabling teams to do more with less.

Stealthy VBA Macro Embedded in PDF-like Header Helps Evade Detection

In the ever-evolving landscape of malware threats, threat actors are continually creating new techniques to bypass detection. A recent discovery by JPCERT/CC sheds light on a new technique that involves embedding a malicious Word document within a seemingly benign PDF file using a.doc file extension.

Insider Threats: Ensuring Angry Employees and Innocent Do-Gooders Don't Derail Your Organization

Threats that arrive from outside an organization are difficult to deal with, but at least business leaders understand that they exist and prepare a proper defense. However, many managers don’t expect one of their employees to cause a problem from the inside. Sure, there will always be a worker who steals money from the cash register or walks out with a few reams of printer paper, but the true insider threat is much more dangerous. The U.S.

MSSP Alert Names Trustwave to 2023 Top 250 MSSPs List

For the seventh consecutive year, Trustwave has been named a Top 10 Managed Security Services Provider by MSSP Alert. Trustwave placed 10th on MSSP's 2023 list, indicating the company's status as an industry leading managed security service provider. MSSP Alert noted that the list identifies and honors the top MSSPs worldwide. The rankings are based on MSSP Alert’s 2023 readership survey combined with the site’s editorial coverage of MSSP, MDR, and MSP security providers.

Cybercrime Never Takes a Vacation. Cybersecurity in the Hospitality Industry

The Trustwave SpiderLabs team conducted a multi-month investigation into the cyber threats facing the hospitality industry worldwide and has released a detailed report displaying how threat actors conduct attacks, the methodologies used, and what organizations can do to protect themselves from specific types of attacks.

To OSINT and Beyond!

Open-Source Intelligence (OSINT) can be valuable for an organization and penetration testing engagements in several ways. Today, let me highlight two areas: Leaked Credentials and Files. As part of any security engagement, it is ideal, if not essential, that we look up our target’s leaked credentials and files, as many clients do not have a high level of visibility or awareness in this area.

A Multinational Effort Takes Down the Qakbot Banking Trojan

In late August, the FBI took down and dismantled Quakbot, a banking Trojan that primarily spread through spam and phishing emails and has been active and continuously updated since 2008. Trustwave SpiderLabs has tracked Qakbot for years and has worked hard to counter the malware’s efforts, including publicly releasing the encryption algorithm Qakbot used to encrypt registry keys, enabling victims to recover from an attack.

Trustwave SpiderLabs Research: Cybersecurity in the Hospitality Industry

The Trustwave SpiderLabs team conducted a multi-month investigation into the cyber threats facing the hospitality industry worldwide and has released a detailed report displaying how threat actors conduct attacks, methodologies used, and what organizations can do to protect themselves from specific types of attacks.

Trustwave SpiderLabs Releases Actionable Cybersecurity Intelligence for the Hospitality Industry

The Trustwave SpiderLabs team conducted a multi-month investigation into the cyber threats facing the hospitality industry worldwide and has released a detailed report displaying not only how threat actors conduct attacks, methodologies used, but what organizations can do to protect themselves from specific types of attacks.

Trustwave Honored by Brandon Hall Group for Best Advance in Corporate Culture Transformation

The human resources firm Brandon Hall Group honored Trustwave for "Best Advance in Corporate Culture Transformation" in its coveted 2023 HCM Excellence Awards™. The Brandon Hall Group Excellence Awards recognize best practices for initiatives in Learning and Development, Talent Management, Leadership Development, Talent Acquisition, Human Resources, Sales Performance, Diversity, Equity & Inclusion, and the Future of Work.

A Bucket of Phish: Attackers Shift Tactics with Cloudflare R2 Public Buckets

In our previous blog, we found a lot of phishing and scam URLs abusing Cloudflare services using pages.dev and workers.dev domains, respectively. We’re now seeing a lot of phishing emails with URLs abusing another Cloudflare service which is r2.dev.

CISO's Corner: Cybersecurity Best Practices: Securing Employee Smartphones

Arguably, the most used device by an organization’s employees is their smartphone. Ensuring that anyone, from the CEO to a newcomer being onboarded, knows how to keep this device safe should be paramount. Why? Globally, more than 2 million attacks on mobile devices are reported each month, according to Statista. While the number of attacks has dropped precipitously from its peak of 6.5 million in October 2020, it is still dangerously high and a favorite threat actor attack vector.