Computer Security News and Insights
In January 2024, a finance employee at engineering firm Arup wired $25 million to threat actors after joining a video call where every other participant — including the CFO — was a deepfake. The attackers had studied publicly available footage, cloned voices and faces, and orchestrated an elaborate social engineering attack that
In 2023, a finance employee at a multinational firm wired $25 million after a video call with someone they believed was their CFO. It wasn't. The entire call — every face, every voice — was a deepfake fabricated by threat actors who'd spent weeks building a detailed pretext.
In January 2024, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors after a deepfake video call convinced him his CFO had authorized the transfer. The employee had doubts. He hesitated. But the faces on screen looked real, the voices sounded right, and
The $4.88 Million Lesson Your Employees Haven't Learned Yet In January 2024, the SEC's own X (formerly Twitter) account was hijacked because someone fell for a SIM-swap attack. If the agency that regulates public companies can't keep its own accounts secure, what does
In January 2024, a finance employee at a multinational firm in Hong Kong transferred $25 million to threat actors after a deepfake video call convinced him his CFO had authorized the payment. No malware. No zero-day exploit. Just a well-trained employee who wasn't trained well enough. That incident
In January 2024, Microsoft disclosed that a Russian threat actor group — Midnight Blizzard — had breached executive email accounts using a simple password spray attack against a legacy test account that lacked multi-factor authentication. One of the most technically sophisticated companies on the planet, compromised by one of the oldest tricks
The Click That Cost MGM Resorts $100 Million In September 2023, a threat actor called Scattered Spider social-engineered an MGM Resorts help desk employee with a simple phone call. That one interaction led to a ransomware attack that shut down slot machines, hotel check-ins, and digital room keys across Las
October Ends. The Phishing Emails Don't. Every October, organizations plaster break rooms with cybersecurity posters, blast out a few reminder emails, and call it a win. Then November rolls around, and the same employees click the same malicious links. I've watched this cycle repeat for over
In 2023, the FBI's Internet Crime Complaint Center received over 880,000 complaints with potential losses exceeding $12.5 billion — a nearly 22% increase in losses over the previous year. A staggering share of those complaints came from small and midsize businesses. I've spent years helping
In 2023, a single employee at a 12-person accounting firm in Nevada clicked a link in what looked like a DocuSign email. Within four hours, every client file on the network was encrypted. The ransom demand was $250,000. The firm didn't have backups. They paid. That firm
