Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Since September 2023, Trustwave’s Threat Intelligence Team has been tracking a large-scale phishing campaign distributed via email, attributed to "Storm-1575". Storm-1575 is known for developing and distributing a PhaaS platform with adversary-in-the-middle (AiTM) capabilities, known as "Dadsec". The team’s recent investigations have revealed that the infrastructure used by Dadsec is also connected to a new campaign leveraging the "Tycoon2FA" Phishing-as-a-Service (PhaaS) platform.

The FBI has issued an alert on a wave of phishing attacks targeting Middle Eastern students who are studying in the US. The campaign has targeted students from the United Arab Emirates (UAE), Saudi Arabia, Qatar, and Jordan. The scammers impersonate government officials and claim there is an issue with the student’s visa.

Marbled Dust exploits a zero-day vulnerability in Output Messenger, a sophisticated phishing campaign uses Horabot malware, and TA406 shifts its targeting behavior.

Trustwave has introduced MailMarshal Integrated Cloud. A new email security offering which is designed to deliver advanced, layered protection for organizations using Microsoft 365. MailMarshal Integrated Cloud is a cloud-native solution that provides a seamless, API-led security layer that enhances resilience against sophisticated email threats, making it even easier for organizations operating in a Microsoft 365 environment to create a layered defense.

Commodity phishing kits are increasingly serving dynamically generated phishing pages, according to researchers at ESET. These kits allow unskilled threat actors to launch sophisticated attacks tailored to individual users. ESET describes one of these attacks, using a phishing email that informed the user of an unfamiliar sign-in to their account.

Amazon Simple Email Service (Amazon SES) is a cloud-based provider for sending transactional, marketing, and newsletter emails. Because of its role as a source of communication for organizations, Amazon SES has become a primary tool for phishing campaigns. Our latest threat roundup includes a key finding that Amazon SES is a common target in the initial stages of a cloud control plane attack.

Most of us have encountered suspicious emails or messages; a missed delivery notification, a security alert from a bank, or an unexpected prize win. Even when these messages raise red flags, it’s not uncommon for people to open them out of curiosity or concern. This is precisely what phishing relies on. Phishing refers to a type of cybercrime where attackers use fraudulent emails, text messages, or phone calls to deceive individuals.

Business email compromise (BEC) attacks and funds transfer fraud (FTF) accounted for 60% of cyber insurance claims in 2024, according to a new report from Coalition. “Business email compromise is an event in which cyber criminals gain access to an organization’s email account to execute a cyber attack,” the cyber insurance provider explains. “Attackers often leverage email access to find sensitive data, including login credentials, financials, and other private information.