Computer Security News and Insights
In February 2024, Change Healthcare — the largest medical claims processor in the United States — was hit by the ALPHV/BlackCat ransomware group. The attack disrupted billing systems at hospitals and pharmacies nationwide for weeks. The entry point? Stolen credentials used on a remote access portal that lacked multi-factor authentication. One
In 2023, MGM Resorts lost roughly $100 million after a social engineering phone call — a single phone call — gave threat actors the foothold they needed to deploy ransomware across the company's entire infrastructure. If you Google "cybersecurity definition," you'll get a tidy textbook answer
A Single Click Cost One Hospital $28 Million In 2024, Change Healthcare — a unit of UnitedHealth Group — suffered a ransomware attack that started with compromised credentials and insufficient access controls. The fallout disrupted healthcare claims across the United States for weeks. The company paid a $22 million ransom, and total
In 2020, threat actors compromised SolarWinds' Orion software and used it to breach dozens of U.S. government agencies. The attackers moved laterally through networks for months because once they were inside the perimeter, those networks trusted them. That single breach rewrote how the federal government thinks about network
A Single Fake Email Cost Facebook and Google $100 Million Between 2013 and 2015, a Lithuanian man named Evaldas Rimasauskas sent a series of fake email messages to employees at Facebook and Google. He impersonated a legitimate hardware vendor, attached fraudulent invoices, and directed payments to bank accounts he controlled.
In January 2024, a finance employee at a multinational engineering firm in Hong Kong wired $25 million to threat actors after a video call with what appeared to be the company's CFO. The call was a deepfake. But the attack started weeks earlier — with a single spear phishing
In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $120 million from Google and Facebook using a sophisticated man in the middle attack scheme. He impersonated a legitimate hardware vendor, intercepted invoice communications, and redirected payments to bank accounts he controlled. The scheme ran for two
The Breach That Started With a Single Click In 2023, MGM Resorts lost an estimated $100 million after a threat actor called Scattered Spider social-engineered a help desk employee with a ten-minute phone call. The attacker didn't exploit a zero-day vulnerability. They didn't crack an encryption
A $38 Million SIM Swap Should Settle This Debate In January 2024, the SEC's official X (formerly Twitter) account was hijacked. The attacker used a SIM swap to intercept SMS verification codes, then posted a fake announcement about Bitcoin ETF approval that briefly moved markets. The most powerful
The 6-Character Password That Cost a Company $4.88 Million IBM's 2024 Cost of a Data Breach Report pegged the global average breach cost at $4.88 million. In my experience analyzing post-breach forensics, weak or reused passwords remain the single most common entry point for threat actors.
