Trustwave Holdings

Last updated
Trustwave Holdings, Inc.
Trustwave
Company type Subsidiary
Industry
Founded1995;29 years ago (1995)
Headquarters,
Area served
Worldwide
Key people
Eric Harmon, CEO [1]
RevenueUS $216 million [2]  (2014)
Number of employees
1,600+ [3]
Parent
  • Independent (1995–2015)
  • Singtel (2015–24)
  • The Chertoff Group (2024–present)
Website www.trustwave.com

Trustwave is an American [4] cybersecurity subsidiary of The Chertoff Group. It focuses on providing managed detection and response (MDR), managed security services (MSS), database security, and email security to organizations around the globe.

Contents

With customers in 96 countries, it has its international headquarters in downtown Chicago [5] and regional offices in London, São Paulo, and Sydney. The company also operates Security Operations Centers in Chicago, Denver, Manila, Minneapolis, Singapore, Sydney, Tokyo, Warsaw, and Waterloo, Ontario. [6]

As of 2015, the company was a standalone business unit [7] cybersecurity independent subsidiary and brand of multinational telecommunications company Singtel. [8] In January 2024, it was announced that The Chertoff Group had completed its acquisition of the firm for $205 million. [9]

History

In April 2011, Trustwave Holdings filed for its IPO, [10] though it never completed the process. In May 2014, Trustwave withdrew its application, [11] citing unfavorable market conditions. Trustwave's website says the company has more than 1,600 employees. [3]

In February 2014, Trustwave SVP Phillip. J. Smith offered expert testimony related to data breaches and malware as part of a Congressional hearing for The House Committee on Energy and Commerce. In his prepared testimony, he presented observations based on the company's experience investigating thousands of data breaches, ongoing malware and security research and other forms of threat intelligence. [12]

On April 8, 2015 (SGT), Singapore Telecommunications Ltd (Singtel) announced it had entered into a definitive agreement to acquire Trustwave Holdings, Inc. for a fee of $810 million—Singtel with a 98% stake in the company leaving 2% with Trustwave's CEO and President. [2] [13] According to media reports and Singtel filings on the Singapore Exchange, the enterprise value of Trustwave at the time of the deal was $850 million. [14]

In October 2021, Trustwave sold its PCI compliance business to cybersecurity firm Sysnet for $80 million. [15] The sale gave Trustwave the ability to invest more in its core capabilities of managed detection and response (MDR) and managed security services (MSS), according to research firm IDC. [16]

Significant Discoveries

In 2013 and again in 2014 Trustwave SpiderLabs did an analysis of primary Pony botnet controllers. The results of the analysis found that the botnets had gathered more than two million passwords and credentials for accounts on ADP payroll, Facebook, Twitter, Yahoo and more, [17] and over US $220,000 in crypto-currency like Bitcoin. [18]

In June 2020, Trustwave SpiderLabs discovered a new malware family, which they named GoldenSpy, embedded in tax payment software that a Chinese bank requires corporations to install to conduct business operations in China. [19] Trustwave said it was uncertain whether the malware was embedded in all of the tax software or if it was deployed against specific targets. The FBI sent a subsequent warning about this malware threat to companies in healthcare, chemical, and finance industries. [20]

Leading up to the 2020 U.S. presidential election, Trustwave SpiderLabs found a hacker selling info on 186 million U.S. voters during its Dark Web and cybercriminal forum research. [21] Trustwave turned this information over to the FBI. [22]

In February 2021, Trustwave SpiderLabs discovered two "severe" vulnerabilities in SolarWinds Orion. One of the flaws could’ve allowed a hacker to gain complete remote control of a targeted SolarWinds system. Patches were released January 25 and customers of SolarWinds were urged to patch immediately. [23]

Criticism

Trustwave operates an X.509 certificate authority ("CA") which is used as the top level of trust by many web browsers, operating systems, and other applications (a "trusted root CA").[ citation needed ] In 2011, Trustwave sold a certificate for a subordinate CA which allowed a customer to present SSL certificates identifying as arbitrary entities, in a similar mechanism to a "Man in the Middle Attack". This type of action is similar to the practice of running an SSL proxy on a corporate network, though in this case a public subordinate CA (valid anywhere) was used instead of an internal corporate-generated domain CA (valid only for machines that accept it as part of organizational policy), making the risk of abuse much higher.

In March 2014, Trustwave was named in a lawsuit filed by Trustmark National Bank and Green Bank N.A. The lawsuit alleges that Trustwave failed to provide the promised level of security to Target, and for failing to meet industry security standards. [24] [25] In April 2014, a notice of dismissal was filed by both plaintiffs, effectively withdrawing their earlier allegations. [26] [27]

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security is the protection of computer software, systems and networks from threats that can lead to unauthorized information disclosure, theft or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

Brian Krebs is an American journalist and investigative reporter. He is best known for his coverage of profit-seeking cybercriminals. Krebs is the author of a daily blog, KrebsOnSecurity.com, covering computer security and cybercrime. From 1995 to 2009, Krebs was a reporter for The Washington Post and covered tech policy, privacy and computer security as well as authoring the Security Fix blog.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

SolarWinds Corporation is an American company that develops software for businesses to help manage their networks, systems, and information technology infrastructure. It is headquartered in Austin, Texas, with sales and product development offices in a number of locations in the United States and several other countries. The company was publicly traded from May 2009 until the end of 2015, and again from October 2018. It has also acquired a number of other companies, some of which it still operates under their original names, including Pingdom, Papertrail, and Loggly. It had about 300,000 customers as of December 2020, including nearly all Fortune 500 companies and numerous agencies of the US federal government.

Trellix is a privately held cybersecurity company that was founded in 2022. It has been involved in the detection and prevention of major cybersecurity attacks. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks.

<span class="mw-page-title-main">Malwarebytes</span> Internet security company

Malwarebytes Inc. is an American Internet security company that specializes in protecting home computers, smartphones, and companies from malware and other threats. It has offices in Santa Clara, California; Clearwater, Florida; Tallinn, Estonia; Bastia Umbra, Italy; and Cork, Ireland.

Zeus is a Trojan horse malware package that runs on versions of Microsoft Windows. It is often used to steal banking information by man-in-the-browser keystroke logging and form grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009 security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, and BusinessWeek. Similarly to Koobface, Zeus has also been used to trick victims of technical support scams into giving the scam artists money through pop-up messages that claim the user has a virus, when in reality they might have no viruses at all. The scammers may use programs such as Command prompt or Event viewer to make the user believe that their computer is infected.

<span class="mw-page-title-main">Palo Alto Networks</span> American technology company

Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. The core product is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference. It is a partner organization of the World Economic Forum.

A cyberattack occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content.

<span class="mw-page-title-main">Seculert</span> Israeli cloud-based cyber security technology

Seculert was a cloud-based cyber security technology company based in Petah Tikva, Israel. The company's technology was designed to detect breaches and advanced persistent threats (APTs), attacking networks. Seculert's business was based on malware research and the ability to uncover malware that has gone undetected by other traditional measures.

<span class="mw-page-title-main">Gameover ZeuS</span> Peer-to-peer botnet

GameOver ZeuS (GOZ), also known as peer-to-peer (P2P) ZeuS, ZeuS3, and GoZeus, is a Trojan horse developed by Russian cybercriminal Evgeniy Bogachev. Created in 2011 as a successor to Jabber Zeus, another project of Bogachev's, the malware is notorious for its usage in bank fraud resulting in damages of approximately $100 million and being the main vehicle through which the CryptoLocker ransomware attack was conducted, resulting in millions of dollars of losses. At the peak of its activity in 2012 and 2013, between 500,000 and 1 million computers were infected with GameOver ZeuS.

Carbanak is an APT-style campaign targeting financial institutions, that was discovered in 2014 by the Russian cyber security company Kaspersky Lab. It utilizes malware that is introduced into systems running Microsoft Windows using phishing emails, which is then used to steal money from banks via macros in documents. The hacker group is said to have stolen over 900 million dollars, from the banks as well as from over a thousand private customers.

Cozy Bear is a Russian advanced persistent threat hacker group believed to be associated with Russian foreign intelligence by United States intelligence agencies and those of allied countries. Dutch signals intelligence (AIVD) and American intelligence had been monitoring the group since 2014 and was able to link the hacker group to the Russian foreign intelligence agency (SVR) after compromising security cameras in their office. CrowdStrike and Estonian intelligence reported a tentative link to the Russian domestic/foreign intelligence agency (FSB). Various groups designate it CozyCar, CozyDuke, Dark Halo, The Dukes, Midnight Blizzard, NOBELIUM, Office Monkeys, StellarParticle, UNC2452 with a tentative connection to Russian hacker group YTTRIUM. Symantec reported that Cozy Bear had been compromising diplomatic organizations and national governments since at least 2010. Der Spiegel published documents in 2023 purporting to link Russian IT firm NTC Vulkan to Cozy Bear operations.

<span class="mw-page-title-main">Itzik Kotler</span>

Itzik Kotler is an Israeli entrepreneur, inventor, and information security specialist who is the co-founder and CTO of SafeBreach, an Israeli cybersecurity firm. Kotler was previously the Security Operation Center Team Leader at Tel Aviv–based Radware. He has given multiple talks at DEF CON, the world's largest hacker convention.

The Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them since 2010. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

Dridex, also known as Bugat and Cridex, is a form of malware that specializes in stealing bank credentials via a system that utilizes macros from Microsoft Word.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

Cyclops Blink is malicious Linux ELF executable, compiled for the 32-bit PowerPC architecture. It targeted routers and firewall devices from WatchGuard and ASUS and adds them to a botnet for command and control (C&C). The malware is reported to be originated from the hacker group Sandworm.

Clop is a cybercriminal organization known for its multilevel extortion techniques and global malware distribution. It has extorted more than $500 million in ransom payments, targeting major organizations worldwide. Clop gained notoriety in 2019 and has since conducted high-profile attacks, using large-scale phishing campaigns and sophisticated malware to infiltrate networks and demand ransom, threatening to expose data if demands are not met.

References

  1. "Trustwave Leadership".
  2. 1 2 Aravindan, Aradhana (7 April 2015). "Singtel buying U.S. cyber security firm Trustwave for $810 million". Reuters . Retrieved 9 April 2015.
  3. 1 2 "Trustwave: Our Story" . Retrieved 25 May 2016.
  4. "Singtel acquires Trustwave in $810M security services deal". ZDNet .
  5. "Company Overview of TrustWave Holdings, Inc". Bloomberg . Retrieved 9 April 2015.
  6. "Trustwave security firm opens first Canadian security operations centre in Kitchener-Waterloo". Global News. 12 August 2015. Retrieved 30 September 2015.
  7. "Trustwave: Our History".
  8. "TRUSTWAVE PTE. LTD. (200616191R) - Singapore Business Directory". SGPBusiness.com. Retrieved 30 August 2017.
  9. "Chertoff Group Affiliate Completes Trustwave Acquisition". Dark Reading. Retrieved 2024-01-26.
  10. Lennon, Mike (22 April 2011). "Trustwave Files for IPO, Reveals Finances". SecurityWeek. Retrieved 8 April 2015.
  11. "Trustwave pulls filing for initial public offering". Reuters. 2 May 2014. Retrieved 14 April 2024.
  12. "Protecting Consumer Information: Can Data Breaches Be Prevented?" United States House Committee on Energy and Commerce. 5 February 2014. Retrieved 8 April 2015.
  13. "Singtel to Acquire Trustwave to Bolster Global Cyber Security Capabilities". Trustwave. 7 April 2015. Retrieved 9 April 2015.
  14. Shu, Catherine (7 April 2015). "Singtel Acquires Chicago-based Cybersecurity Firm Trustwave For $810M". TechCrunch. Retrieved 13 April 2015.
  15. Novinson, Michael (2021-10-24). "Trustwave Sells PCI Compliance Business To Sysnet For $80M". CRN. Retrieved 2022-04-27.
  16. "IDC Report | A Strategic Move to Make Trustwave Laser-focused in its Core Offerings". Trustwave. Retrieved 2022-04-27.
  17. "Two million stolen Facebook, Twitter, Yahoo, ADP passwords found on Pony Botnet server". ZDNet. 4 December 2013. Retrieved 21 April 2015.
  18. "'Pony' botnet steals bitcoins, digital currencies: Trustwave". Reuters. 24 February 2014. Retrieved 21 April 2015.
  19. "The Golden Tax Department and the Emergence of GoldenSpy Malware". Trustwave. Retrieved 2022-04-27.
  20. "FBI warns US companies about Chinese tax software embedded with hidden malware: Report". FOXBusiness. 2020-07-24. Retrieved 2022-04-27.
  21. "Massive US Voters and Consumers Databases Circulate Among Hackers". Trustwave. Retrieved 2022-04-27.
  22. "Cybersecurity company finds hacker selling info on 186 million U.S. voters". NBC News. 22 October 2020. Retrieved 2022-04-27.
  23. Brewster, Thomas. "'Severe' SolarWinds Vulnerabilities Allow Hackers To Take Over Servers". Forbes. Retrieved 2022-04-27.
  24. Schwartz, Mathew J. (26 March 2014). "Target, PCI Auditor Trustwave Sued By Banks". Darkreading. Retrieved 9 April 2015.
  25. Heun, David (25 March 2014). "Banks Sue Security Vendor Trustwave After Target Data Breach". American Banker. Retrieved 9 April 2015.
  26. Kirk, Jeremy (1 April 2014). "Banks withdraw data breach claim against Target". Computerworld . Retrieved 9 April 2015.
  27. "Security firm Trustwave says Target data breach claims baseless". Reuters. 29 March 2014. Retrieved 9 April 2015.