Computer Security News and Insights
A Single Text Message Cost One Company $15 Million In 2022, Twilio disclosed that attackers used SMS phishing — smishing — to trick employees into surrendering their credentials. The threat actors sent text messages impersonating the company's IT department, directing staff to a fake login page. That single campaign compromised
The Phone Call That Cost One Company $25 Million In early 2024, an employee at engineering firm Arup joined a video call with what appeared to be the company's CFO and several colleagues. Every face on screen was a deepfake. The employee transferred $25 million across multiple transactions
The Attack That Didn't Need a Single Line of Code In September 2022, an 18-year-old allegedly breached Uber's internal systems. The method wasn't a zero-day exploit or some sophisticated malware. It was a text message. The attacker bombarded an Uber contractor with multi-factor authentication
In January 2024, a finance employee at Arup — the engineering firm behind the Sydney Opera House — joined a video call with what appeared to be the company's CFO and several colleagues. Every face on the screen was a deepfake. By the time anyone realized what happened, the employee
In 2023, MGM Resorts lost an estimated $100 million after a threat actor called the company's IT help desk, impersonated an employee found on LinkedIn, and convinced a technician to reset credentials. The entire breach started with a phone call and a convincing story. That story — the fabricated
The $4.88 Million Lesson Most Organizations Learn Too Late IBM's 2024 Cost of a Data Breach Report put the global average breach cost at $4.88 million. The Verizon 2024 Data Breach Investigations Report found that 68% of breaches involved a human element — someone clicked a phishing
The Breach That Started With a Single Click In January 2024, a finance department employee at a mid-size manufacturing firm opened what looked like a routine DocuSign notification. Within 72 hours, a threat actor had exfiltrated 1.2 million customer records and deployed ransomware across the company's entire
In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered the company's IT help desk with a ten-minute phone call. The attacker didn't exploit a zero-day. They didn't brute-force a password. They simply convinced a human being to hand over
One Click Cost This Company $36 Million In 2023, MGM Resorts lost an estimated $100 million after a threat actor socially engineered the company's help desk with a single phone call. The attacker impersonated an employee, convinced an IT worker to reset credentials, and from there pivoted through
The Breach That Started With a Single Click In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered a help desk employee with a ten-minute phone call. The attacker found an employee on LinkedIn, called the IT service desk, and convinced them to reset credentials. That&
