Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Fact: An organization of any size has employees that receive email. Fact: Threat actors, with the help of apps like ChatGPT, are becoming more efficient at creating compelling phishing emails. Fact: The law of averages mandates an attack will succeed when a staffer is fooled and opens a malicious email or clicks on the wrong link. Fact: A robust email security strategy, which includes a Secure Email Gateway, is a must to protect against email-borne attacks.

Over the last few months, the topic of email bombing has been brought to our attention multiple times, mostly queries from customers that go something like this: “I have a few users experiencing some sort of spam attack, where they are receiving thousands of random registration or subscription emails. What do I do, and why is it occurring? Help!” This scenario is known as email or subscription bombing.

As 2024 comes to a close, we went around the room and asked some of Trustwave’s top executives what cybersecurity issues and technology they saw playing a prominent role in 2025. Here is the latest installment. As we look ahead to 2025, the landscape of cyber threats continues to evolve, presenting new challenges for cybersecurity professionals.

... At least according to a recent report posted by the password manager firm NordPass. NordPasses 2024's Top 200 Most Commonly Used Passwords list reflects the sad truth that many people don't take password security seriously and believe codes like "123456" are acceptable. Then some figure, "Hey, the bad guys will never figure it out if I add a couple more digits", and use "123456789". Finally, we have those who seemingly just gave up all hope and used "password".

As we look ahead to 2025, the cybersecurity landscape is poised for significant shifts and challenges. Here are some key predictions that I believe will take place or start to happen in the coming year.

Salt Typhoon is a Chinese-speaking threat actor that the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have tied to a series of attacks that breached and exfiltrated data from several of the world's most prominent telecommunications companies. Trustwave SpiderLabs has created a deep analysis of the threat group Salt Typhoon, detailing the group's history, techniques, tactics, and procedures (TTP), and preferred targets.

As we look ahead to 2025, the cybersecurity landscape is poised for significant shifts and challenges. Here are some key predictions that I believe will take place or start to happen in the coming year.

The FBI issued an advisory on December 3rd warning the public of how threat actors use generative AI to more quickly and efficiently create messaging to defraud their victims, echoing earlier warnings issued by Trustwave SpiderLabs. The FBI noted that publicly available tools assist criminals with content creation and can correct human errors that might otherwise serve as warning signs of fraud.

It was a cold and wet Thursday morning, sometime in early 2006. There I was sitting at the very top back row of an awe-inspiring lecture theatre inside Royal Holloway's Founder’s Building in Egham, Surrey (UK) while studying for my MSc in Information Security. Back then, the lecture in progress was from the software security module. The first rule of software security back then was never to trust user inputs.

IDC has positioned Trustwave as a Major Player in the just released IDC MarketScape Worldwide Cloud Security Services in the AI Era 2024–2025 Vendor Assessment (IDC, November 2024) for its comprehensive set of offensive and defensive cloud security services. IDC said organizations should consider Trustwave when “Enterprises with varying levels of security maturity that require customized hybrid approach and depth of offensive and defensive security capabilities should consider Trustwave.