People have always been susceptible to a deal that is too good to be true. In the 1800s, American con man George C. Parker was best known for his repeated successes in "selling the Brooklyn Bridge” to the unwary. Then, in the 1900s it became popular to sell "valuable" Florida real estate that turned out to be swampland.

The booming e-commerce industry, with its projected $5 trillion in sales by 2025, has become a prime target for cybercriminals, a fact highlighted in the new Trustwave SpiderLabs report, Retail Sector Deep Dive: Rise of E-Commerce Threats.

The holiday shopping season is almost here, and according to the 2024 Trustwave Risk Radar Report: Retail Sector, threat actors have honed their skills and are prepared to use ransomware and phishing attacks that leverage well-known online brands to conduct direct attacks and fraud operations against retailers and consumers. Skills they will then use to infiltrate retail organizations of all types throughout the rest of the year.

As the holiday shopping season approaches, the 2024 Trustwave Risk Radar Report: Retail Sector reveals that cybercriminals have sharpened their tactics, utilizing ransomware and phishing attacks that exploit well-known online brands to target retailers and consumers directly. These skills will likely be employed to infiltrate various retail organizations throughout the year.

As Cybersecurity Awareness Month 2024 draws to a close, let’s take a few minutes and cover one more topic. The need to be cybersecurity aware 24/7/365. Attacks happen all day every day so having cybersecurity as a top-of-mind subject for just a month out of the year means that for the other 11 months, attackers have the advantage. Here are just a few reasons organizations and their employees need to remain hyper vigilant.

Security information and event management (SIEM) systems are crucial to collecting and analyzing incoming cyber threats, but many companies need help to tune and monitor them properly. These firms enlist a security service provider to do it for them. That often leads to the question of whether a managed detection and response (MDR) service is also necessary. In short, yes, adding MDR is a strong move as it adds deep threat investigation, threat hunting, and response actions at the endpoint.

For eight consecutive years, MSSP Alert has named Trustwave as one of the Top 10 Managed Security Services Providers worldwide. Trustwave placed 10th on MSSP's 2024 Top 250 MSSP list, indicating the company's status as a leading provider of managed security services.

Trustwave SpiderLabs on October 29 will launch its second deeply researched look into the threats facing the retail sector. The 2024 Trustwave Risk Radar Report: Retail Sector will cover in detail the threats facing the industry, the most prominent adversaries in the field, and the commonly used methods to attack retailers. The main report is supported by two supplementary pieces.

It’s Cybersecurity Awareness Month and you know what that means. We spend every spare hour waiting for The Great Pumpkin. As many of us know, (and we’re going to stretch this analogy to the limit) Linus actively created an environment that would attract The Great Pumpkin by establishing the sincerest pumpkin patch in the neighborhood. Furthermore, he went on the offensive to attract others to his belief that The Great Pumpkin would appear on Halloween night.

Previously, Trustwave SpiderLabs covered a massive fake order spam scheme that impersonated a tech support company and propagated via Google Groups. Since then, we have observed more spam campaigns using this hybrid form of cyberattack with varying tactics, techniques, and procedures (TTP). Between July and September, we witnessed a 140% increase in these spam campaigns. In this blog, we will showcase the different spam techniques used in these phishing emails.

At the end of every year, the Trustwave content team asks its in-house experts what cybersecurity topics they predict will be top of mind in the coming 12 months, and inevitably the top answer is more ransomware. Instead of waiting an extra couple of months, we thought why not get ahead of the curve, pretend that ransomware will again be an issue, because it will, and proceed to the part of the story where we go through the problem and mitigation methods.

In the perpetually evolving field of cybersecurity, new threats materialize daily. Attackers are on the prowl for weaknesses in infrastructure and software like a cat eyeing its helpless prey.

Cybersecurity teams are in a tough spot these days. They are stuck between the pace of change in technology, the shortage of security professionals, and an overabundance of security tools all demanding their attention. It's a combination that should make the all-encompassing Microsoft Security product suite a compelling idea – if you can determine a migration strategy that makes sense for your company.

It’s Cybersecurity Awareness Month and you know what that means. Christmas decorations have been out for a month at Home Depot. At Trustwave, it means it’s time for the next installment in our Cybersecurity Awareness Month series.

In the healthcare industry, safeguarding patient data is not just a regulatory requirement but a moral imperative. With the increasing digitization of health records and the rise in cyber threats, healthcare organizations need robust security solutions. Microsoft E5 offers a comprehensive suite of security features designed to protect sensitive healthcare data. Coupled with Trustwave’s Microsoft expertise, organizations can get the most out of their E5 investments.

The need for an iron-clad email security solution is once again making headlines. On October 3,the US Department of Justice (DoJ) reported that, working with Trustwave partner Microsoft, it had disrupted a Russian government-based scheme to steal Americans’ sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials.

This report is the latest in a series that will delve into the deep research the Trustwave SpiderLabs Threat Intelligence team conducts daily on the major threat actor groups currently operating globally. The information gathered is part of a data repository that helps Trustwave SpiderLabs identify possible intrusions as it conducts threat hunts, vulnerability scans, and other offensive and defensive security tasks.

Trustwave's Threat Intelligence team has discovered a new malware dubbed Pronsis Loader, with its earliest known variant dating back to November 2023. This loader shares similarities with the D3F@ck Loader , which surfaced in January 2024. Pronsis Loader has been observed delivering different malware variants, including Lumma Stealer and Latrodectus as its primary payloads. Additionally, the team identified infrastructure linked to Lumma Stealer during the investigation.

It’s Cybersecurity Awareness Month and you know what that means. Pumpkin spice versions of Trustwave Managed Detection and Response (MDR) solutions are now available! Well, not really, but pumpkin spice season is the perfect time to raise awareness about the importance of cybersecurity and ensuring that individuals and organizations are equipped to protect themselves against cyber threats.

Healthcare organizations face increasing challenges in safeguarding patient data. With the rise of cyber threats and stringent regulatory requirements and potential patient impact, it’s crucial to have a robust security framework in place. Trustwave offers comprehensive solutions tailored to the unique needs of the healthcare sector and has the in-house ability to manage any organization’s security apparatus.

The U.S. Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) 2.0 has passed through the Office of Information and Regulatory Affairs and is now on its way to Congress, set to become law by Q4 2024. With the CMMC becoming official law, its full implementation in defense contracts will occur through a phased approach over three years starting in 2025.