Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Trustwave, A LevelBlue Company, regularly writes about Managed Detection and Response (MDR) covering every aspect of our solution, the partners we work with, what industry analysts think, but sometimes it’s good to circle back and cover the basics. We’ll do that today breaking down what MDR is and why you need it. The number of threat actors and cyber threats are not likely to decrease any time soon, or even far down the road.

In recent months, Trustwave SpiderLabs, A LevelBlue Company, saw a significant increase in phishing URLs containing familiar patterns, similar phishing templates, and a resurgence in the use of email marketing platforms. The use of URL redirectors, along with the abuse of Amazon Web Hosting and Cloudflare services, was also widely observed. Trustwave operates a URL-scanning system that we call PageML.

Ransomware distributors are bad enough, but there should be a special place in the dark web's basement that only offers ISDN connections and no Wi-Fi, reserved for those groups that insist their attack was a benign cybersecurity service or those who only attack entities that they say deserve to be struck. At least based on their logic.

During a recent Advanced Continual Threat Hunt (ACTH) investigation, the Trustwave SpiderLabs Threat Hunt team identified a deceptive campaign that abused fake AI-themed content to lure users into executing a malicious, pre-configured ScreenConnect installer.

Security teams receive thousands of threat indicators daily. IP addresses, domain names, file hashes, and vulnerability advisories flood their inbox from multiple intelligence feeds. Yet when the next breach happens, you're still caught off guard. Sound familiar? The problem isn't a lack of information; it's a lack of context.

Trustwave, A LevelBlue Company, is a huge proponent of employing offensive security tactics to ensure a client is properly protected. For Trustwave, the reason is obvious. Offensive security is an effective approach to evaluate and enhance an overall security posture. We’ve written about this before (just check here, here, and here), but today we will explore the difference between an Authenticated Scan and an Unauthenticated Scan. Let’s set the stage by defining the two types of scans.

Trustwave, A LevelBlue Company’s Managed Detection and Response solution (MDR), has three elements that cannot be found at any other MDR provider. Together this triumvirate forms a powerful defense against the highly sophisticated cyber threats all organizations, from large to small, now face.

Trustwave, A LevelBlue Company, is proud to unveil D-Fence, a powerful new machine learning-based anti-phishing layer now seamlessly integrated into MailMarshal that captures 40% more phishing emails. This capability is needed now more than ever as phishing attacks are among the top three attack vectors, according to the FBI.

Today marks an exciting day for LevelBlue and for the broader cybersecurity industry. I’m pleased to announce that LevelBlue has completed its acquisition of Trustwave, a global leader in cybersecurity and managed detection and response (MDR). This is more than a business transaction; it’s a strategic leap forward in our mission to redefine what it means to be a trusted cybersecurity partner in an increasingly complex, high-stakes world.

Organizations across Australia and New Zealand are increasingly confronted with the challenge of bridging the cybersecurity talent shortage with 69 per cent of ICT professional occupations in shortage, a gap that compounds concern as the complexity of cyberthreats continues to evolve. Faced with a finite talent pool, businesses must find innovative ways to maintain their security posture without sacrificing operational efficiency or increasing strain on their resources.

First appearing in the late 1990s, the Managed Security Services Provider (MSSP) market is one of the most mature service offerings in the cybersecurity sector. However, this sector remains increasingly important and Trustwave is a continuous innovator in the space, as can be seen by Frost & Sullivan naming Trustwave 2024 Company of the Year in the Americas Managed Security Services Industry.

As security researchers, we actively monitor the latest CVEs and their publicly available exploits to create signatures. Beyond CVEs, we also hunt for malware on platforms such as MalwareBazaar, which enhances our visibility into attacks occurring across networks. Today, we'll demonstrate a simple workflow showing how researchers use various tools to collect indicators of compromise (IOCs) and develop appropriate signatures from detonated malware.

The importance of a cybersecurity vendor being Federal Risk and Authorization Management Program (FedRAMP) authorized cannot be understated. In February 2025, after a multi-year process, Trustwave achieved full FedRAMP authorization for its Government Fusion platform, becoming the first pure-play Managed Detection and Response (MDR) provider to do so.

The current trends in healthcare technology adoption present an interesting dynamic. Healthcare systems globally have been and continue to experience rapid digital transformation to the point where we now see increasingly embracing AI, internet-connected medical devices and telehealth solutions. Trustwave SpiderLabs captured what is taking place in its recent report Cybersecurity Challenges for Healthcare in 2025.

Trustwave SpiderLabs researchers have recently identified an EncryptHub campaign that combines social engineering with abuse of the Brave Support platform to deliver malicious payloads via the CVE-2025-26633 vulnerability. In this blog post, we will break down the techniques used in the campaign and highlight the new tools employed by the threat group.

Managed Detection and Response (MDR) services are experiencing significant growth due to the increasing sophistication and frequency of cyberthreats. As the cybersecurity landscape continues to evolve with more frequent, targeted, and sophisticated threats, organizations are increasingly turning to MDR to shore up their cyber defenses. But what exactly is behind the rising adoption of MDR security services, and what makes these services such a compelling option for modern enterprises?

The Trustwave SpiderLabs CTI team began correlating telemetry from multiple enterprise environments in response to a rapidly developing threat landscape involving the widespread exploitation of Microsoft SharePoint on-premises infrastructure. In this blog, we share key findings from several observed intrusions across our monitored environments.

As we see in the Trustwave SpiderLabs 2025 Manufacturing 2.0 Threat Report, the manufacturing sector is facing a rapidly increasing number of cyber threats with ransomware and phishing attacks being the attacker's primary weapon. The focus on this sector has resulted in the cost of a data breach in manufacturing jumping nearly $1 million to $5.6 million in 2024 compared to the previous year.

AWS DocumentDB by default is securely isolated within a VPC, unreachable from the public internet, what could be more secure? This security architecture can create unexpected challenges and complexity. The root cause? The very VPC isolation designed to protect DocumentDB can introduce a complex web of networking requirements, operational considerations, and architectural decisions that require careful management to maintain security.

This blog is the latest in a series that delves into the deep research conducted daily by the Trustwave SpiderLabs Threat Operations team on major threat actor groups currently operating globally. The Silver Fox threat actor group, also associated with attacks attributed to Void Arachne and Great Thief of the Valley, is a relatively new, most likely China-based threat group that has emerged as a significant player in advanced persistent threat (APT) campaigns.

It's not news that keeping an organization's information and communication technology (ICT) systems safe and sound is absolutely critical. That's where the Information Security Registered Assessors Programme (IRAP), run by the Australian Signals Directorate (ASD), comes in. It’s an excellent programme and one that Trustwave highly recommends. To help organizations align with this process, Trustwave now has an IRAP Assessment Service available.

Organizations are constantly seeking robust defenses to contend with the seemingly endless number of cyber threats arrayed against them. For many, Managed Detection and Response (MDR) services have emerged as a powerful solution. The reason why is pretty clear: MDR offers a significantly faster "time to value" compared to building an in-house Security Operations Center (SOC), which demands substantial investment in technology, talent, and years of refinement.