From Retail Rampages to 2FA Fails: Trustwave's Wild Ride Through the 2024 Cybersecurity Circus

As always in cybersecurity, hardly a dull day went by in 2024.

So much happened we thought it might be helpful to remind everyone what went down over the last 12 months. At least from a Trustwave SpiderLabs perspective.

Here are the top SpiderLabs’ blogs, as voted by viewer readership analytics:

1. Trustwave Rapid Response: Mitigate Windows TCP/IP RCE Vulnerability (CVE-2024-38063)
   Trustwave SpiderLabs’ in-depth analysis of the critical Windows TCP/IP remote code execution vulnerability (CVE-2024-38063) along with actionable steps for mitigation to protect your systems helped make it the second most read blog of the year.
2. Trustwave Transfers ModSecurity Custodianship to the Open Worldwide Application Security Project (OWASP)
   Trustwave’s decision to transfer the custodianship of ModSecurity to OWASP marks a significant step in the evolution of this important web application firewall. This post detailed the transition and its implications for the cybersecurity community.
3. Trusted Domain, Hidden Danger: Deceptive URL Redirections in Email Phishing Attacks
   Phishing attacks continued to evolve, with deceptive URL redirections becoming more sophisticated. Trustwave SpiderLabs explored how these tactics work and offers tips for recognizing and avoiding such threats.
4. Rockstar 2FA: A Driving Force in Phishing-as-a-Service (PaaS) Part 1 and Part 2 Rockstar 2FA Phishing-as-a-Service (PaaS): Noteworthy Email Campaigns 
   Two-factor authentication (2FA) is a critical security measure, but it’s not immune to exploitation. This two-part series examined how phishing-as-a-service (PaaS) operations targeted 2FA systems, with Part 1 focusing on the basics and Part 2 highlighting notable email campaigns.
5. CVE-2024-11477: 7-Zip Flaw Allows Remote Code Execution
   A newly discovered flaw in 7-Zip (CVE-2024-11477) allowed remote code execution, posing significant risks. Trustwave SpiderLabs provided a detailed analysis of the vulnerability and recommendations for safeguarding your systems.
6. Agent Tesla's New Ride: The Rise of a Novel Loader
   Trustwave SpiderLabs investigated and detailed how Agent Tesla, a well-known malware, has adopted a new loader to enhance its evasion techniques.
7. Search & Spoof: Abuse of Windows Search to Redirect to Malware
   Cybercriminals are exploiting Windows Search to redirect users to malicious sites. Trustwave SpiderLabs explained how these attacks are carried out and provides strategies for protecting against them.
8. Fake Advanced IP Scanner Installer Delivers Dangerous CobaltStrike Backdoor
   Trustwave SpiderLabs found that a fake installer was being used to deliver the CobaltStrike backdoor. In this post, the team detailed the attack method and offers guidance on how to avoid falling victim to this threat.
9. Apache ActiveMQ Vulnerability Leads to Stealthy Godzilla Webshell
   Trustwave SpiderLabs researched how an Apache ActiveMQ vulnerability was exploited to deploy the stealthy Godzilla webshell.
10. Threat Advisory: Snowflake Data Breach Impacts Its Clients
    On May 20, 2024, Live Nation discovered and disclosed an unauthorized activity in its third-party cloud database environment, which was eventually identified to be Snowflake. Trustwave SpiderLabs issued a threat advisory into the attackers tactics, techniques, and procedures.
    
    And one more for fun!
11. Breakdown of Tycoon Phishing-as-a-Service System
    Just weeks after Trustwave SpiderLabs reported on the Greatness phishing-as-a-service (PaaS) framework, SpiderLabs’ Email Security team began tracking another PaaS called Tycoon Group.

Trustwave SpiderLabs would like to thank all its readers and we hope we informed, inspired and maybe made you laugh a few times in 2024.

See you all next week in 2025.