Short Summary:
Trustwave investigated an unauthorized access incident leading to the deployment of Mallox ransomware in a client’s cloud-based environment. The attack exploited a misconfiguration that allowed unauthorized access, resulting in significant data encryption and threats of data leaks. Mallox ransomware has evolved to target various industries and employs double extortion tactics to pressure victims into paying ransoms.…
Threat Intelligence, or just TI, is sometimes criticized for possibly being inaccurate or outdated. However, there are compelling reasons to incorporate it into your cybersecurity defense strategy. Let’s present some ways to use TI effectively as part of your security operations lifecycle.…
Recent research by Trustwave SpiderLabs, detailed in their newly published report “2024 Professional Services Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies,” reveals a surge in ransomware, supply chain, and technologically sophisticated attacks aimed at the professional services industry.…
Trustwave SpiderLabs has detected a sophisticated malware campaign that leverages the Windows search functionality embedded in HTML code to deploy malware. We found the threat actors utilizing a sophisticated understanding of system vulnerabilities and user behaviors. Let’s break down the HTML and the Windows search code to better understand their roles in the attack chain.…
On May 20, 2024, Live Nation discovered and disclosed an unauthorized activity in its third-party cloud database environment, which was eventually identified to be Snowflake, in its SEC filing. The database contains information regarding the company, primarily from its Ticketmaster subsidiary. Following this filing and in the following days, analysts discovered multiple clients of Snowflake have had data posted on the Dark Web for sale.…
Trustwave SpiderLabs’ 2024 Public Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies report details the security issues facing public sector security teams as they try to strike a balance between supplying needed services and deploying the cybersecurity necessary to protect data placed in their charge.…
Malware loaders, critical for deploying malware, enable threat actors to deliver and execute malicious payloads, facilitating criminal activities like data theft and ransomware. Utilizing advanced evasion techniques, loaders bypass security measures and exploit various distribution channels for extensive impact, threat groups enhance their ability to download and execute various malware types as demonstrated by Smoke Loader and GuLoader, highlighting their role in extensive malware distribution.…
Generative AI exploded in popularity not too long ago but its influence on text and media creation is already undeniable. AI content is becoming ubiquitous on the internet, and this technology is slowly seeping into real life, impacting sectors such as healthcare, finance, agriculture, and education.…
Updated March 8: Based on our experience, we believe that BlackCat’s claim of shutting down due to law enforcement pressure is a hoax. We anticipate their return under a new guise or brand after their hiatus. This scam tactic serves as a means for them to execute one final significant scam before resurfacing with less scrutiny.…