Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Threat actors who rely on email phishing scams as their primary method of gaining initial entry use a wide variety of social engineering lures to trick their victims. Trustwave SpiderLabs recently released the report Manufacturing Sector Deep Dive: Methods of Targeting and Breaching, which specifically calls out many noteworthy campaigns and methodologies used by the top-tier threat groups.

During an Advanced Continual Threat Hunt (ACTH) investigation conducted in early March 2025, Trustwave SpiderLabs identified a notable resurgence in malicious campaigns exploiting deceptive CAPTCHA verifications. These campaigns trick users into executing NodeJS-based backdoors, subsequently deploying sophisticated NodeJS Remote Access Trojans (RATs) similar to traditional PE structured legacy RATs.

Neglecting regulatory compliance obligations, whether intentional or not, is not just a procedural error but a direct invitation for significant financial penalties, operational disruption, and, in the case of a healthcare organization, creating a potentially life-threatening situation. These consequences were recently illustrated by the US Department of Health and Human Services (HHS), Office for Civil Rights (OCR).

The Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center issued the 25th edition of its annual report this month, again noting a jump in complaints and losses from phishing, ransomware, and data breaches among the leading cyber threats. Overall, the FBI’s 2024 IC3 reported $16.6 billion in losses, up from $12.5 billion in 2023, on 859,532 complaints received. This figure was down slightly from the 880,418 complaints received in 2023.

While it’s well-known that email represents a significant source of cybersecurity threats, it’s not just the text included in emails that’s worrisome; images can be malicious as well. What’s more, images in emails may also present a threat of a different kind, including data leaks and content that’s not suitable for the workplace.

SC Media and SC Media Europe have each named Trustwave's Managed Detection and Response (MDR) solution as a finalist for the publication's Best Managed Security Service awards. The 2025 SC Awards were judged across 33 specialty categories by a distinguished panel of cybersecurity professionals, industry leaders, and CyberRisk Alliance CISO community members.

How Trustwave’s FedRAMP Authorization Removes the Burden of CMMC Federal Compliance from Clients Navigating the labyrinth that is the US federal procurement system, particularly for Defense Industrial Base (DIB) companies, can be difficult. Particularly when these organizations should meet specific cybersecurity compliance standards like Cybersecurity Maturity Model Certification (CMMC).

While retail cybersecurity concerns only gain attention as the holiday shopping season approaches, the reality is retail is a 24/7/365 operation and so are its associated security issues. Recently, we sat down with Craig Searle, Director, Consulting & Professional Services in Pacific at Trustwave, to discuss the security moves retailers need to have in place. Question: Let's start off in your neighborhood and explore the Australian retail space for a moment. Is there anything unique to this region?

I think you’ll agree with me that growth in the AI landscape is pretty full-on at the moment. I go to sleep and wake up only to find more models have been released, each one outdoing the last one by several orders of magnitude, like some kind of Steve Jobs’ presentation on the latest product release, but on a daily loop. With these rapid developments, security must keep up or it will be left behind.

The phrase “humans are the weakest link in the security chain” is an oversimplification and lazy thinking. Why? Let’s break it down. Have you ever seen an advertisement for a product that promises to make life easier and thought, “I need that?” Choosing the simplest path to a desired outcome is not just human nature; it’s a principle of the entire animal kingdom. From an evolutionary standpoint, conserving energy for the greatest reward has always been advantageous.

Earlier this year SpiderLabs observed an increase in mass scanning, credential brute forcing, and exploitation attempts originating from Proton66 ASN targeting organizations worldwide that we are discussing in a two-part series. In the first part of this blog series, we investigated the malicious traffic associated with Proton66, revealing the extent of the mass scanning and exploit activities run by the SuperBlack ransomware-associated threat actors such as Mora_001.

For the second consecutive year, Trustwave has been named a Representative Vendor in the just-released 2025 Gartner Market Guide for Co-Managed Security Monitoring Services. "We believe that inclusion in this report is further validation that Trustwave's offerings continue to be aligned with the needs of the market. We feel honored to be recognized in this research out of the field of over 500 participants," says Jesse Emerson, SVP of Product Management & Solutions Engineering.

Trustwave SpiderLabs continuously tracks a range of malicious activities originating from Proton66 ASN, including vulnerability scanning, exploit attempts, and phishing campaigns leading to malware infections. In this two-part series, SpiderLabs explores the malicious traffic associated with Proton66, revealing the extent and nature of these attacks.

The UK’s ambition to become a global leader in artificial intelligence (AI) marks a transformative era. However, the foundation of this progress—the energy sector—has emerged as a prime target for cybercriminals. While AI-driven technologies offer greater efficiency and resilience, they also heighten the sector’s vulnerability to cyberattacks. To sustain the nation’s AI advancements, ensuring the security of the energy infrastructure must be a critical priority.

The Tycoon 2FA phishing kit has adopted several new evasion techniques aimed at slipping past endpoints and detection systems. These include using a custom CAPTCHA rendered via HTML5 canvas, invisible Unicode characters in obfuscated JavaScript, and anti-debugging scripts to thwart inspection. This blog takes a closer look at these methods to better understand how this kit is evolving and what defenders should be aware of.

The threat facing healthcare organizations worldwide is being recognized at the highest level, with the United Nations calling for international cooperation to combat the issue. The international organization has asked its members to support fellow member nations by providing technical assistance and guidelines to bolster the resilience of health infrastructure against attack.

Ever thought an image file could be part of a cyber threat? The Trustwave SpiderLabs Email Security team has identified a major spike in SVG image-based attacks, where harmless-looking graphics are being used to hide dangerous links. This blog post analyzes the various techniques cybercriminals are using to cleverly weaponize these image files in phishing attacks and what your organization can do to prevent these pixel-perfect tricks.

After covering the importance of unique usernames in yesterday's blog, we would be remiss not to take a look at the second half of most login credentials: passwords. These are important because, despite increasingly sophisticated cybersecurity technologies and methodologies, 86% of breaches still involve stolen credentials.

In February 2025, the cybersecurity community witnessed an unprecedented leak that exposed the internal operations of Black Basta, a prolific ransomware group. Trustwave SpiderLabs has taken an in-depth look at the leaked contents, which spell out in detail how the group thinks and operates, revealing discussions on tactics and the effectiveness of various attack tools. Even going so far as to debate the ethical and legal implications of targeting Ascension Health.

Using “123456” for a password isn’t the only mistake people make when creating login credentials, although this bit tends to get all the press due to the generally absurd choices made. What many people forget or overlook is the importance a unique username plays in keeping accounts secure.

A strong email security posture is as much about culture as it is about technology. In the 2022-23 financial year, 78% of Australian businesses offered annual cybersecurity training to their entire workforce; however, only 39% of these businesses provided specialized training for privileged users who are authorized to perform security-relevant functions that ordinary users are not.

The Department of Health and Human Services (HHS) will be implementing sweeping and crucial updates to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to enhance the protection of electronic protected health information (ePHI). These changes aim to address modern cybersecurity threats and ensure resilience in healthcare data management. In this blog, we will explore the key updates and their implications for healthcare providers and their business associates.

Trustwave MailMarshal fortified its position as a leading secure email gateway by being named a Top Player in Radicati’s Secure Email Market Quadrant 2025 report. This is the second consecutive year that Radicati has recognized Trustwave MailMarshal for its ability to protect organizations from email-based attacks.

Organizations today face an array of cyber-security challenges. While external threat actors, such as nation-states and cyber-criminals, account for a significant portion of these attacks, a critical and often overlooked vulnerability exists within business walls: the insider threat. An insider threat refers to a cyber-threat originating from within the organization. This internal risk factor, though less sensationalized, presents a significant risk to an organization’s security posture.

An investigation that started with a tip from one of our threat intel sources about the revival of the Babuk (figure 1) threat group has led Trustwave SpiderLabs to uncover what appears to be a paradigm shift in the ransomware landscape. Figure 1. SpiderLabs telemetry (January 2025 events). Figure 1A. February to March events. Figure 1B. SpiderLabs telemetry (March 2025 events).