Phishing-as-a-Service (PaaS) platforms have become the go-to tool for cybercriminals, to launch sophisticated phishing campaigns targeting the general public and businesses, especially in the financial services sector. PaaS operates much like other subscription-based malware models, where cybercriminals offer phishing kits, including spam tools, phishing pages’ templates, bulletproof servers, and victim databases to less-experienced attackers.

Security Colony may not have the name recognition of some of Trustwave’s other security products and services, but when experts discuss and measure Trustwave's strengths, this repository of knowledge is almost inevitably brought up in the conversation. For example, over the last several years, the industry analyst firms IDC, Frost & Sullivan, and ISG have all called out Security Colony as a primary reason why each selected Trustwave for various accolades.

An offensive security program is an excellent component of a mature cybersecurity program, but kicking off that process can be overwhelming for some organizations. After all, offensive security has several components, such as Penetration Testing, Red Team exercises, incorporating threat intelligence, etc., so it can be hard to decide where to start. The answer to this dilemma starts with Managed Vulnerability Scanning (MVS).

ALPHV, also known as BlackCat or Noberus, is a sophisticated ransomware group targeting critical infrastructure and various organizations, including being the most active group used to attack the financial services sector. ALPHV first appeared in November 2021 and operates on a Ransomware-as-a-Service (RaaS) model, allowing affiliates to use its malware for their own attacks in exchange for a cut of the ransom payments.

IT teams are the unsung heroes of today’s fast-paced digital world, tirelessly toiling behind the scenes to keep data safe and systems running smoothly. One tool that’s presented a major shift for many IT departments is the Microsoft Defender Suite. Let’s explore how this powerful suite of tools is transforming IT security and making life easier for IT professionals.

For companies with the Microsoft 365 E3 license, the decision on whether to upgrade to 365 E5 is likely taken into consideration, and security should certainly be included. With E5, companies will likely find security upgrades in three key areas: identity management, endpoints, and cloud. So says David Broggy, Trustwave's Senior Solutions Architect, Implementation Services, and a 2024 recipient of the Microsoft MVP Award, in a recent webinar on transitioning from Microsoft E3 to E5.

Phishing remains the favored and most successful method of obtaining an initial foothold in a targeted organization. So it should come as no surprise that threat actors have developed turnkey solutions that enable even low-skilled hackers to conduct successful email attacks.

Financial services organizations already face a dizzying array of external threats, but just as dangerous and often harder to spot are the threats posed by people inside their firm, according to the Trustwave SpiderLabs' Financial Services Deep Dive: Insider Threat. The report noted that insider threat attacks have become more common over the past year, with 40% of organizations reporting more frequent insider threat attacks compared to previous years.

The 2024 Trustwave Risk Radar Report: Financial Services Sector underscores the escalating threat landscape facing the industry. Deepfakes, highly realistic synthetic media, and the increasing adoption of cryptocurrencies are providing cybercriminals with new avenues to compromise financial institutions. These emerging threats are augmenting the already prevalent ransomware and phishing campaigns, creating a complex and dynamic threat environment.

Around two years ago, memN0ps took the initiative to create one of the first publicly available rootkit proof of concepts (PoCs) in Rust as an experimental project, while learning a new programming language. It still lacks many features, which are relatively easy to add once the concept is understood, but it was developed within a month, at a part-time capacity.