Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI agents (utilizing LLMs and RAG) are being used within SOCs and SIEMS to both help identify attacks and assist analysts with working more efficiently; however, I’ve done a little bit of research one sunny British afternoon and found that these agents can be abused by attackers and made to go rogue. They can be made to modify the details of an attack, hide attacks altogether, or create fictitious events to cause a distraction while the real target is attacked instead.

The advent and continuing widespread adoption of artificial intelligence for basic research, document creation, code writing, or any other purpose increases an organization’s threat level if done incorrectly. However, when an organization implements AI as a tool in a thoughtful and well-considered manner, it can be a great benefit.

The digital interdependence of today’s healthcare supply chain has created new systemic risks. Cybersecurity is no longer limited to internal systems, but vulnerabilities in the innumerable third-party suppliers can now expose entire networks to disruption. From patient records stored in the cloud to diagnostic tools and logistics platforms, every element is a potential entry point for attackers.

Trustwave, A LevelBlue Company, regularly writes about Managed Detection and Response (MDR) covering every aspect of our solution, the partners we work with, what industry analysts think, but sometimes it’s good to circle back and cover the basics. We’ll do that today breaking down what MDR is and why you need it. The number of threat actors and cyber threats are not likely to decrease any time soon, or even far down the road.

In recent months, Trustwave SpiderLabs, A LevelBlue Company, saw a significant increase in phishing URLs containing familiar patterns, similar phishing templates, and a resurgence in the use of email marketing platforms. The use of URL redirectors, along with the abuse of Amazon Web Hosting and Cloudflare services, was also widely observed. Trustwave operates a URL-scanning system that we call PageML.

Ransomware distributors are bad enough, but there should be a special place in the dark web's basement that only offers ISDN connections and no Wi-Fi, reserved for those groups that insist their attack was a benign cybersecurity service or those who only attack entities that they say deserve to be struck. At least based on their logic.

During a recent Advanced Continual Threat Hunt (ACTH) investigation, the Trustwave SpiderLabs Threat Hunt team identified a deceptive campaign that abused fake AI-themed content to lure users into executing a malicious, pre-configured ScreenConnect installer.

Security teams receive thousands of threat indicators daily. IP addresses, domain names, file hashes, and vulnerability advisories flood their inbox from multiple intelligence feeds. Yet when the next breach happens, you're still caught off guard. Sound familiar? The problem isn't a lack of information; it's a lack of context.

Trustwave, A LevelBlue Company, is a huge proponent of employing offensive security tactics to ensure a client is properly protected. For Trustwave, the reason is obvious. Offensive security is an effective approach to evaluate and enhance an overall security posture. We’ve written about this before (just check here, here, and here), but today we will explore the difference between an Authenticated Scan and an Unauthenticated Scan. Let’s set the stage by defining the two types of scans.

Trustwave, A LevelBlue Company’s Managed Detection and Response solution (MDR), has three elements that cannot be found at any other MDR provider. Together this triumvirate forms a powerful defense against the highly sophisticated cyber threats all organizations, from large to small, now face.