Media Coverage

This time of year, CISOs want to have an understanding of what’s to come. Ziv Mador, vice-president of security research at Trustwave SpiderLabs, predicts “the advent and increasing frequency of attacks that use a ransomware-as-a-service (RaaS) offering indicate that such attacks will not slack off during the coming year.”

Trustwave GM of Pacific Jason Whyte outlines the top cybersecurity tips for keeping things safe at the office during Australia/New Zealand’s long holiday break.

As the saying goes, hope for the best and plan for the worst. In the aftermath of a ransomware attack, it’s easy to get caught up in the immediate challenge of getting the business beck on its feet. However, response plans need to include long term actions to mitigate the risk of a delayed or repeat attack.

Researchers are warning that attackers are actively exploiting the newly publicized unauthenticated remote code execution vulnerability in Log4j, the Java-based logging tool from Apache. Karl Sigler, Senior Security Research Manager, Trustwave SpiderLabs comments: “Any java application using the affected log4j versions and accessible over the network can be exploited, and many of those applications are likely third-party and out of the user's hands administratively.”

A vulnerability has been discovered in Log4j, an open-source Apache logging library. The threat from this vulnerability can enable attackers to access and control devices remotely. Karl Sigler, senior security research manager at Trustwave SpiderLabs explains, “Since this vulnerability is a component of dozens if not hundreds of software packages, it could be hiding anywhere in an organization’s network, especially enterprises with massive environments and systems.”

Trustwave’s SpiderLabs shared commentary from cybercriminals that was collected from dark web forums. The communication revealed the criminals believe there are “secret negotiations on cybercrime between the Russian Federation and the United States.”

Trustwave’s SpiderLabs says its analysis of chatter on underground dark web forums suggest cyber criminals are starting to panic that formerly ‘friendly’ governments are on their case.

Trustwave unveiled its new Managed Vendor Risk Assessment (MVRA), which is a cyber supply chain risk assessment solution for enterprises and SMBs. It’s now available globally and encompasses automated and specialist-led assessments. Nick Ellsmore, Trustwave’s global head of strategy, consulting and professional services commented: “MVRA is addressing one of the biggest issues across the cybersecurity environment right now: supply chain risk management.”

Through cybersecurity crisis simulation exercises, Trustwave’s Darren Van Booven identifies a series of common security shortfalls and steps organizations need to take to prepare for the next security crisis.

Cyber defense programs are having difficulty evolving against constant threats trying to enter organizations. Trustwave’s global director, cyber defense consultant, Kory Daniels covers the four best practices for advancing bank cyber programs for the cloud: develop a cloud-specific security strategy, test, security processes, leverage AI with a human-centric approach, and take a holistic approach.

Many organizations are increasingly concerned with their own cybersecurity models and ransomware preparedness as there’s been a 64% increase in attacks from 2019 to 2020 (304 million attacks worldwide in 2020). Darren Van Booven, Trustwave’s global director, cyber defense consultant highlights how organizations can create a ransomware response plan for the full life cycle of an attack.

Security teams will need to look out for Yanluowang, a ransomware threat that has been mounting attacks against US organizations. Just this week, Red Canary researchers reported observing a threat actor exploiting the ProxyShell set of vulnerabilities in Microsoft Exchange to deploy a new ransomware variant called BlackByte, which TrustWave's SpiderLabs recently warned about as well.

It’s fair to say that 2021 has been one of the most challenging years on record for business leaders and organisations. Ed Williams, EMEA Director of SpiderLabs, Trustwave, reflects on the past 12 months and suggests how we can move forward with strong cyber hygiene in place.

The CyberWire’s guest is Karl Sigler from Trustwave, who covers the results of the 2021 Trustwave SpiderLabs Telemetry Report.

Users of WordPress through GoDaddy are vulnerable after it’s been reported that phishing attacks have been successfully carried out through compromised emails and passwords. Ed Williams, director of Trustwave SpiderLabs comments: “A breach of this size is particularly dangerous around the holidays…Hackers try to take advantage of every new email address and password exposed in an attempt to launch phishing attacks and social engineering schemes. Enterprises, SMBs, and individuals using frequently targeted platforms like WordPress should ensure they are following strong password best practices: complexity, frequent password changes, not sharing passwords between applications, and multi-factor authentication. If possible, utilize an authenticator app to secure your account instead of traditional two-factor authentication via SMS, as hackers have recently been targeting users with specialized SMS phishing.”

Ed Williams, EMEA Director of SpiderLabs, Trustwave, comments on the data breach: “Hackers try to take advantage of every new email address and password exposed in an attempt to try and launch phishing attacks and social engineering schemes.”

The collaboration of the public and private sector could stem the growing tide of high-pact breaches. Kevin Kerr, lead security principal consultant for Trustwave, comments on the impact of multi-party breaches: “The financial impact to SolarWinds was significant, but who knows the actual financial impact…Right now, there is no centralized way to measure multi-party breach impact in costs, reputations, contracts. And each affected organization would measure that impact differently.”

SolarWinds is an example of ripple breaches, which are increasing 20% per year. Lead security principal consultant, Kevin Kerr, points to a recent attack to a central bank in Denmark where a trusted entity passed malware on to unsuspecting users.

The black market value of healthcare records has shot up, according to a Trustwave report. Healthcare data records may now be valued up to $250 per record.

Findings from Radoslaw Zdonczyk at Trustwave have shown there will be login attempts to databases and internet servers before IP addresses are listed by scanners similar to Shodan, leading to an increase in vulnerabilities.

Trustwave SpiderLabs’ Ed Williams shared his insights on how secure Windows 11 is for a feature article from UK journalist Davey Winder for Forbes

A free decryptor for BlackByte ransomware was released by Trustwave SpiderLabs researchers after they cracked the crypto-locking malware's encryption

Trustwave SpiderLabs’ latest research blog detailing the researchers’ findings on the BlackByte ransomware strain as well providing the decryptor so that victims might be able to use it to reverse the malware's damage

Trustwave SpiderLabs’ Ed Williams participates in a video interview with Danny Palmer at ZDNet discussing the ins and outs of a ransomware attack, how cyber criminals get into networks and what they actually do once inside

In this episode Trustwave’s Ed Williams and journalist Stephen Pritchard look at the 30 days after a ransomware attack, the impact of ransomware attacks on operations and reputation, and how businesses can recover

Twenty percent of this year’s new vulnerabilities were given a ‘high severity’ scoring by the NVD and given the speed with which malicious actors can start exploiting these vulnerabilities, researchers at Trustwave investigated and reported on how quickly industry patches them.

Karl Sigler, senior security research manager at Trustwave SpiderLabs, points to reasons why the number of disclosed vulnerabilities is trending upward.

To help organizations get a better handle on their patch management, Trustwave says organizations should assign an individual or a team to design a security program that covers risk management and policy, provide training, and implement an effective incident response plan.

Graeme Slogrove on how the ubiquity and resilience of email poses a cybersecurity threat many aren't paying attention to.

Trustwave provides insight into the two main drivers behind recent cyber attacks on manufacturing companies.