Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The threat groups Qilin and Akira together conducted about one-quarter of the 402 ransomware attacks tracked by Trustwave SpiderLabs in September, with the manufacturing and technology sectors receiving the brunt of these efforts. This information was derived from a new SpiderLabs ransomware tracking tool that gathers information from a variety of open intelligence sources and our own proprietary research.

The Quadient DS-700iQ is a high-volume folder-inserter machine designed for automating the process of assembling, folding, and inserting mail into envelopes for large mailing operations. It features a modular design that can handle complex mailing jobs, supports multiple feeders and enclosures, and offers integration with barcode/OMR/2D scanning for document integrity and sorting.

In cybersecurity, several related but divergent meanings have been ascribed to the phrase “red flags”. The phrase has roots in fraud and insurance, popularized by the Federal Trade Commission as part of the 2003 Red Flags Rule under the Fair and Accurate Credit Transactions Act, requiring credit issuers to build programs that detect identity theft via warning signs of fraud.

REDCap, developed by Vanderbilt University, is a secure platform designed for data collection in research studies and operations. REDCap is popular within scientific institutions and universities that require strict compliance with government regulations and data privacy laws when conducting data collection for research purposes. It is particularly useful for managing studies that often contain sensitive or private information.

Managed Detection and Response (MDR) is a security service that has become a cornerstone of modern cybersecurity strategies. It’s designed to provide 24/7 threat monitoring, detection, and response capabilities, especially for organizations that lack the resources for an in-house security operations center (SOC). But while many have heard of MDR, there are still some common misconceptions and little-known facts about this powerful service.

The Secret Service’s takedown in New York shines a light on a type of threat that is technically fascinating and deeply concerning for national security: large-scale cellular interception networks leveraging cell-site simulators (CSS), also known as IMSI catchers or Stingrays. The news comes as New York City hosts the annual United Nations General Assembly, gathering heads of state from around the world and creating an incredibly target-rich environment for attackers.

Managing a cybersecurity program is hard, but also very meaningful, work. Continuously managing the cybersecurity posture of your organization’s supply chain vendors can at times feel near impossible, afterall ensuring the cybersecurity of your suppliers is an order of magnitude leap in difficulty. Yet, criminals are demonstrating that despite these difficulties, this task requires our immediate attention, given the trending success in exploiting our businesses' trusted relationships.

Public sector organizations face unprecedented cybersecurity challenges as artificial intelligence reshapes how adversaries launch attacks. Threat actors now use AI to execute large-scale, highly personalized phishing campaigns, automate the discovery of vulnerabilities, and evade detection faster than traditional defenses can respond.

A piecemeal security strategy almost like having no strategy at all. Simply having a collection of disparate security tools and services isn't enough to protect your organization. The real power lies in seamlessly integrating them into a unified and cohesive defense. Trustwave, a LevelBlue Company, understands that the value of Managed Detection and Response (MDR) is unlocked when it’s not just a standalone service, but the central nervous system of a comprehensive security ecosystem.

This blog is the latest in a series that delves into the deep research conducted daily by the Trustwave SpiderLabs Threat Operations team on major threat actor groups currently operating globally. Trustwave SpiderLabs Cyber Threat Intelligence team has developed a new detailed analysis of Storm-2603, the threat group associated with the recent exploitation of security flaws in Microsoft SharePoint Server.

Security leaders are well acquainted with Shadow IT; the unsanctioned apps, services, and even devices employees adopt to bypass bureaucracy and accelerate productivity. Think rogue cloud storage, messaging platforms, or unapproved SaaS tools. These all often slip past governance until they trigger a breach, compliance issue, or operational failure. Now, a more complex threat is emerging - Shadow AI.

No organization likes to contemplate being successfully hit with a cyberattack, but turning a blind eye to the possibility is the exact wrong thing to do. Digital Forensics and Incident Response (DFIR) planning and retainers, like car, home, and health insurance, are a necessity in case the unthinkable happens.

In a day and age when cyber threats are top of mind, it may be difficult for an organization to shift gears and take its physical security precautions into consideration. This is to protect not only a firm’s physical assets but direct access to networks and information that an attacker could use at a later date for a cyberattack.

Delivering safe and reliable power around the clock is a huge challenge. A task made even more difficult by the sharp rise in cyberattacks on the energy and utilities sector. Recent research from Trustwave SpiderLabs found that cyber threats against the sector have surged by 80% year-over-year, costing organizations nearly half a million dollars more per breach than the cross-industry average of $4.8 million.

Trustwave's Security & Compliance Team is aware of the Salesloft vulnerability affecting Drift chatbot integrations. Trustwave, A LevelBlue Company, and its affiliated entities do not utilize Drift, and Salesforce has confirmed the incident did not impact clients without this integration. Based on current information, we confirm there has been no exposure or impact to us or our clients.

AI agents (utilizing LLMs and RAG) are being used within SOCs and SIEMS to both help identify attacks and assist analysts with working more efficiently; however, I’ve done a little bit of research one sunny British afternoon and found that these agents can be abused by attackers and made to go rogue. They can be made to modify the details of an attack, hide attacks altogether, or create fictitious events to cause a distraction while the real target is attacked instead.

There is nary a government that does not have a long list of acronym-heavy compliance requirements on its books, which can be difficult to meet without the help of a Managed Detection and Response (MDR) solution on your side. This means that whether you operate in healthcare, finance, critical infrastructure, or any sector handling sensitive data, adhering to standards like HIPAA, FedRAMP, DORA, CMMC, GDPR, and others is a legal imperative. And, a good practice.

The advent and continuing widespread adoption of artificial intelligence for basic research, document creation, code writing, or any other purpose increases an organization’s threat level if done incorrectly. However, when an organization implements AI as a tool in a thoughtful and well-considered manner, it can be a great benefit.

The digital interdependence of today’s healthcare supply chain has created new systemic risks. Cybersecurity is no longer limited to internal systems, but vulnerabilities in the innumerable third-party suppliers can now expose entire networks to disruption. From patient records stored in the cloud to diagnostic tools and logistics platforms, every element is a potential entry point for attackers.