Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

When researching which managed detection and response (MDR) service provider to partner with, security professionals would do well to consider whether the provider also has experience with threat hunting, a topic we covered in a previous post. As with MDR, however, threat hunting offerings can vary dramatically, and an innovative, human-led form promises significant gains in terms of cyber protection: advanced continual threat hunting.

A little bit of background for those not familiar with chfn… “chfn (change finger) is used to change your finger information. This information is stored in the /etc/passwd file and is displayed by the finger program.

A Chief Information Security Officer is a person who is always in a tough spot. Not only is a CISO responsible for the day-to-day safety of their organization, but they must be able to explain to the C-Suite what is going on from a cybersecurity perspective and do so in language that the other executives understand. After all, what a CISO has to say is all about protecting the business from threats to its computer system and reducing risk, items that need to be on every corporate management agenda.

Trustwave has just launched OT Security Maturity Diagnostic, which is an assessment and advisory service centered on ensuring the security of industrial automation and control systems. OT Diagnostic by Trustwave is optimized to gain insight into an organization’s current state of OT security across people, processes, and technology.

Managed detection and response (MDR) is justifiably one of the fastest-growing areas of cybersecurity, with Gartner estimating 50 percent of organizations will be using MDR services by 2025. But in choosing an MDR service, security pros should take into consideration what kind of expertise the provider can bring to bear – and how that expertise should extend beyond the MDR service itself.

The analyst firm Frost & Sullivan awarded Trustwave the dual honors of being named 2023 Company of the Year for Managed and Professional Security in the Americas, Excellence in Best Practices, and as the Leading Innovator in the 2023 Frost Radar™: Americas Managed & Professional Security Services Market. Trustwave was also recently named a Top 5 Innovator in the Global MDR Radar Report.

In early March, one of the notorious botnets, Emotet, resumed its spamming activities after a 3-month period of inactivity. Recently, Trustwave SpiderLabs saw Emotet switch focus to using OneNote attachments, which is a tactic also adopted by other malware groups in recent months. This analysis is intended to help the cybersecurity community better understand the wider obfuscation and padding tricks Emotet is using.

Trustwave SpiderLabs uncovered a new strain of malware that it dubbed Rilide, which targets Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera. Rilide malware is disguised as a legitimate Google Drive extension and enables threat actors to carry out a broad spectrum of malicious activities, including monitoring browsing history, taking screenshots, and injecting malicious scripts to withdraw funds from various cryptocurrency exchanges.

Threat groups intending to cause widespread damage often opt to use a supply chain attack, as seen in the massive supply chain compromise that struck VOIP software provider 3CX on March 29. Trustwave SpiderLabs has issued a blog detailing the attack and upcoming steps to mitigate the problem. Striking an organization's supply chain simplifies the attack process by eliminating the need to strike multiple targets by instead focusing on breaching one organization that is key to many others.

On March 29, a massive supply chain compromise in 3CX software resulted in malware being installed globally across multiple industries. It is similar to the other high-profile supply chain attacks (like SolarWinds and Kaseya) in that rather than targeting a single organization, the criminals target a popular service or software provided to many large organizations. With one single compromise of the supplier, dozens and potentially hundreds of organizations may fall in turn.