We Are Named Among Most Reviewed IT Services Companies in Estonia

In early August, The Manifest released a list of the most reviewed B2B service providers in Estonia for the year 2023. The companies included in this list have successfully completed the platform's rigorous evaluation process. Trilight Security OÜ was specifically recognized among the highly reviewed IT services firms from Estonia.

Despite the country facing certain economic challenges, there is a positive outlook for the upcoming years. Notably, key players in various high-tech industries like IT services, cybersecurity, software development, and others are actively contributing to bolster the nation's resilience.

The "Most Reviewed Company" award by The Manifest emphasises the importance of cultivating strong relationships between service providers and their clients. The entities featured in this list were chosen based on the quantity of testimonials and endorsements they garnered over the past twelve months.

Yan Shmyhol, CEO of Trilight Security, commented: "We are delighted to have received this award, which attests to our position as significant players in Estonia's IT services market. Furthermore, it motivates us to set new objectives for the upcoming assessment period."

Lazarus is Back. $35 million Stolen from Atomic Wallet

Hackers from North Korea are causing trouble again, and this time they targeted Atomic Wallet. They managed to steal a whopping $35 million in crypto.

The experts at Elliptic, who know their way around blockchain, have connected the dots and linked the theft to the Lazarus group. They've been busy tracking the stolen funds as they were moved around different wallets and mixers, in attempts to cover the tracks.

This attack on Atomic Wallet happened just last weekend, and it left a lot of innocent wallets compromised and their funds snatched away. The total haul reached over $35 million. According to Elliptic, this is the first big crypto heist of the year for Lazarus. Don’t forget, they've already blown through $100 million from the Harmony Horizon Bridge hack in June 2022, and a mind-boggling $620 million from Axie Infinity in March 2022. Who knows what they're spending it on? Maybe North Korean rockets or their nuclear program?

You might be wondering how Elliptic can be so confident in their attribution. Well, it turns out that the laundering strategy used in this attack was the same as in their previous heists. They also used the Sinbad mixer again, and a good chunk of the stolen funds ended up in the same wallets that were linked to Lazarus before.

Even though laundering stolen cryptocurrency has become trickier lately, there are still some less scrupulous exchanges out there where these things can happen. That's why wallet developers and operators need to step up their cybersecurity efforts and seriously audit and test their code. Unless they want to unknowingly contribute to funding some dictator's science projects, right?

But here's the big question that keeps bugging some experts: Who the heck is behind the Lazarus group? The world is a curious place, so maybe there are some folks pretending to be North Koreans, flaunting their top-notch computer skills. Who knows, right?

Emotet: Look, Who's Back

The #emotet malware operation re-started its activity this Tuesday morning. It resumed sending out spam emails after a three-month break.

Emotet malware is distributed through emails containing malicious Microsoft Word and Excel document attachments. The user needs to open the document and activate macroses, so the Emotet DLL will be downloaded and loaded into memory.

One of the peculiar features of Emotet is that, initially, it is not active and waits until instructions are received from a remote command and control server. Then several options are possible, for instance, the victims’ emails and contacts will be stolen to be included in subsequent Emotet campaigns, or an additional payload will be downloaded to run a ransomware attack against the infected computer.

Back then, Emotet was one of the most widely distributed malware. Now it is less active, but there are still some evolutions, as the latest developments have shown.

This time spam includes docs using Red Dawn templates, and they are huge indeed, with sizes over 500MB. Previously spam messages used to be reply chains, now they pretend to be invoices. These ZIP archives contain inflated Word documents containing the data mostly used to make the files harder for being scanned and detected by antiviruses as malicious.

After downloading, Emotet will be saved to a random-named folder under %LocalAppData% and launched using regsvr32.exe. This is an evasion technique that proved to be quite successful. VirusTotal scan showed that only one out of 64 security vendors would detect this malware.

However, with recent changes by Microsoft, when it finally disabled macros by default, the current campaign might not be a success. At least additional payloads are not yet observed in action. We might expect that Emotet will move to exploit other files than .doc and .xls, such as ISO, JS, etc.

For a reliable protection against malware, leverage reliable endpoint protection, vulnerability management, managed security, and data backup services, such as provided by #TrilightSecurity

Android 14 Offers Significant Security Enhancements

Google will soon release first developer preview for Android 14, which is going to be the next major version of the most popular mobile operating system. This one will offer significant security and privacy enhancements, among other things.

From now on apps will have to declare precisely the usage of certain phone features. The OS will also limit data exchange between them. Interestingly, all additional files downloaded by apps will be read-only. But the most important feature, maybe, is that Android 14 will block the installation of malicious apps that target older API levels. Let’s see how that will work.

With the "Runtime receivers," which enable apps to receive intents broadcast by the system or other applications, all apps targeting Android 14 will have to directly declare if they need information from other apps.

This feature continues the one called "Context.registerReceiver()" which was introduced in previous Android releases. It was created to prevent malicious apps on the device from intercepting or misusing broadcasts. This new security enhancement will prevent malware from intercepting intents sent from other apps.

Another feature of Android 14 is "safer dynamic code loading," which, as we mentioned above, will make all files downloaded by an application read-only, thus providing protection against code-injection scenarios.

Perhaps, the most important enhancement would be blocking the installation of apps that target SDK versions lower than 23 which belongs to Android 6.0. It’s usually utilized to achieve easier permissions abuse and bypass security and privacy protections such as permitting access to sensitive operations including the device's camera, microphone, GPS sensors, phone calls, and SMS.

Finally, users will not be able to install apps that haven't been updated for some time. However, those installed before the upgrade to Android 14 will continue to work.

Android 14’s second developer preview will be available in March 2023.

We Become Sophos Authorized Partner

Trilight Security OÜ has recently been designated as Sophos Reseller. This is a title which opens to us the new opportunities to bring intelligent and reliable cybersecurity solutions to the market. These premium security solutions allow our customers to enjoy various benefits which the next-gen security tools and endpoint protections Sophos offers.

In the first place, these are small and mid-sized business that will benefit from simplified cybersecurity management offered by Sophos solutions and Trilight Security team taking advantage of the in-depth training and support by partner vendor.

Through this partnership we will be able to provide our customers with comprehensive range of Sophos solutions, securing systems and data against modern cyber threats, minimizing the risks and inspiring confidence based on earned reputation of the vendor: Sophos is well known for going above and beyond to provide partners with best industry cybersecurity solutions and superior support.

Trilight Security offers a long range of Sophos products and can assist customers with consulting, selection, installation and management of its facilities.

About Trilight Security

Trilight Security is a Managed Security Service Provider based in Estonia, European Union. We work with customers from small and medium to enterprises, with focus on providing reliable and affordable cybersecurity services to SMB from EU and Associated Countries. Our qualified cybersecurity and IT experts detect, investigate, respond to threats before they disrupt business or take necessary steps to minimize their potential or real impact. More information is available at www.trilightsecurity.com

About Sophos

As a worldwide leader in next-generation cybersecurity, Sophos protects more than 400,000 organizations of all sizes in more than 150 countries from today's most advanced cyber threats. Powered by SophosLabs's global threat intelligence and data science team, Sophos' cloud-native and AI-powered solutions secure endpoints (laptops, servers and mobile devices) and networks against evolving cyberattack techniques, including ransomware, malware, exploits, data exfiltration, active-adversary breaches, phishing, and more. Sophos Central, a cloud-native management platform, integrates Sophos' entire portfolio of next-generation products, including the Intercept X endpoint solution and the XG next-generation firewall, into a single "synchronized security" system accessible through a set of APIs. Sophos has been driving a transition to next- generation cybersecurity, leveraging advanced capabilities in cloud, machine learning, APIs, automation, managed threat response, and more, to deliver enterprise-grade protection to any size organization. Sophos sells its products and services exclusively through a global channel of more than 53,000 partners and managed service providers (MSPs). Sophos also makes its innovative commercial technologies available to consumers via Sophos Home. More information is available at www.sophos.com.

GoodFirms Publishes Interview with Trilight Security CEO

The GoodFirms.co, a renowned B2B service suppliers reviews service has chosen Trilight Security CEO for the interview.

GoodFirms: Please introduce your company and give a brief about your role within the organization.

Trilight CEO: We are Trilight Security, a cybersecurity services provider. Basically, we are the MSSP and provide managed security service to our SMB customers and larger enterprises. I'm one of the co-founders of the company and currently perform CEO duties...

Read further on the GoodFirms.co

Trilight Security Featured as One of the Most Reviewed IT Services Companies in Estonia

This year marks an important milestone for Trilight Security as we are celebrating our first year in the IT industry! Over the past year, we've been working with small and mid-market businesses across industries such as financial services, information technology, business services, and more.

The Manifest recognized our efforts and named us a Most Reviewed IT Services Company in Estonia! This award is due to the numerous positive reviews we've received so far.

Our journey began in Tallinn, Estonia when Trilight Security was founded with the mission of providing world-class cybersecurity services. Since then, we've worked with various clients in Europe and beyond.

Our collaboration with organizations from aerospace industry demonstrates the scale and impact of our work. We partnered with the Ukrainian-based aerospace agency in 2020, and we conducted tests on their IT infrastructure. We simulated attacks and identified vulnerabilities in their system. Our work allowed the client to meet their country's IT requirements. They praised our superb knowledge throughout the process.

Positive feedback from such customers led the Manifest to include us on their list of Most Reviewed IT Services Companies in Estonia for 2021!

The Manifest is a B2B resource guide that analyzes and compiles industry data. Their website features leading companies to allow entrepreneurs and business managers to connect with the perfect agencies for their needs.

We're proud to receive this award from the Manifest. This recognition speaks to our expertise as an IT agency, and it affirms our dedication to our clients. Being recognized as an industry leader is no small feat, and with this award, we're only inspired to continue improving our technology and innovating our approaches.

Do you have any projects in mind? Contact us today, and let's discuss how we can work together to reach your goals!

Trilight Security Has Been Featured 4th Among Top 40 IT Service Companies in Estonia

The Manifest, a renowned business news and how-to website, a sister website of Clutch, which is a famous B2B ratings and reviews platform. The Manifest launched in February 2018 and since then won a reputation for the data-driven benchmarks, how-to guides and agency shortlist.

In August, 2021, The Manifest published its new shortlist TOP 40 IT SERVICES COMPANIES IN ESTONIA, where Trilight Security has been featured at high fourth place among top Estonian IT Services companies, and basically, the top company regarding cybersecurity specialization.

Trilight Security Team is proud to get yet another confirmation of its skills and efforts in cybersecurity field.

Read the shortlist on The Manifest

Trilight Security Featured among Top Cybersecurity Consulting Companies 2021 by Superbcompanies.com

Trilight Security is proud to announce that we were ranked in the list of top Cybersecurity Consulting Companies.

Superbcompanies.com is a portal that helps companies looking for IT, Cybersecurity, Software Development etc. service providers find reliable partner. To achieve this goal companies featured on Superbcompanies.com undergo thorough assessment based on such criteria as industry presence, expertise level, quality and reliability of services, and more.

Superbcompanies.com has more than 10 years of experience analyzing businesses and their qualification worldwide. Creating list of top providers of IT-related services, this portal helps potential customers make justified buying decisions.

Trilight Security was featured among Cybersecurity Consulting Companies due to recognition by existing customers and demonstrated ability to provide high-quality cybersecurity services such as Managed Security and more:

  • Penetration Testing
  • Vulnerability Analysis
  • Security Monitoring
  • Threat Analysis & Management
  • Incident Response
  • SOC-as-a-Service
  • Cybersecurity Audit
  • Cybersecurity Outsourcing & Outstaffing

Trilight Security is a Managed Security Services Provider (MSSP) with focus on customers from small and medium businesses. We also provide managed IT services and cloud services to have all IT assets of our customers running smoothly and protected reliably.

Thank you to the Superbcompanies team.

How to Choose MSSP?

When you decide to find a Managed Security Services Provider (MSSP) which will meet your technological needs and business requirements, the most important thing is to develop a list of criteria to make a proper selection. MSSPs come to stay with you for a long period of time so you should better minimize the number of known unknowns to avoid risks and build successful partnership.

To find a good fit among various MSSPs pay attention to the following:


Customer references will always be the ultimate measure for B2B solutions and services providers. The easiest way is to check whether online reviews of the company in question are available for you. Go to Clutch, GoodFirms, etc or at least use Google and you will definitely find enough pro (or contra) information.

Such references can give you rather realistic idea of how relations with MSSP will develop. In addition, there is always a chance to find some secondary technical or business details which might prove to be valuable exactly for you.

The more sources offer references about your potential partner the better it is for you.

Internal Security

As we all know by now, even cybersecurity companies have no guarantee against cyber attacks. Attacking cybersecurity vendor or service provider may open backdoors to IT assets of dozens and hundreds of their customers. So, a mandatory requirement to every cybersecurity company, including but not limited to MSSPs, is that they have an extremely reliable internal cybersecurity program.

Just get clear and concise answers from MSSP to such questions as where your data will be stored, what kind of encryption is used and what backup and restore policy/solutions are used by MSSP itself and for its customers. As you are going to have nearly the same level of security for your data with this provider.

When MSSP has respective certification, such as ISO 27001, is a very good sign. However, as a rule, they are not mandatory for MSSPs and quite expensive to get. For these reasons they are usually obtained by large MSSPs, but not mid-sized or small. With smaller MSSPs you should first check personal certificates of employees.


Once again, MSSPs can have or can have no certifications from ISO or vendors. If they have, that's great, but do not forget to check their authenticity at websites of issuing bodies. Just to make sure :).

This is a rare occasion that some unscrupulous group of people calling themselves MSSP will forge such certificates. Still, there is sense in going to vendors' sites and checking existence of the partnership status in question.

As far as vendor partnership suggest partner agreements with certain obligations as to selling, MSSP will not necessarily have such statuses. Their managed security provision platforms for surely will be based on solutions and products by some vendors. But MSSP can very well just use them, not sell, as partnership suggests. How will you check credibility of MSSP in such a case? Again, go for personal certificates. All-in-all, it is the MSSP team that guarantees your security, and not simply a set of cybersecurity solutions.


MSSP will have its cybersecurity services platform based on carefully selected and integrated solutions. In most cases the customers will also have their cybersecurity solutions. Sometimes, MSSP might accept your solutions and integrate them into managed security services delivery process. This might simplify transition to partnership for you and increase ROI of your cybersecurity program.

In most cases it will be a preferred scenario for you as a customer, yet MSSP might decline your existing cybersecurity infrastructure because it is outdated compared to its platform, or its platform is perfectly sufficient for selected package of services and MSSP doesn't want additional efforts (and expenses for both of you). Sometimes, MSSP will suggest an alternative to cybersecurity solutions currently used by you. Anyway, if you already have implemented cybersecurity infrastructure, discuss its destiny with your potential managed security provider.


When signing agreement with MSSP it must define, in addition to different SLA aspects, such thing as frequency of communications under normal conditions, when no attack is in progress or no incidents require immediate attention.

Always ask for clearly defined schedule of communications with MSSP. Those can be quarterly, monthly or weekly reports of number of vulnerabilities discovered and removed, incidents handled and so on, weekly video conferences with fixed duration, just to make sure that joint cybersecurity process goes on the way it has to.

Make sure that emergency communications are clearly defined as well, as this is what you are partnering with MSSP for. Readiness of MSSP to meet your expectations in this area will be a clear sign of smooth communications after the contract is signed.