Addresses the tactics attackers use to steal login credentials and the countermeasures organizations can deploy. Topics include multi-factor authentication, credential monitoring, dark web surveillance, secure authentication protocols, and employee awareness training.
posts
The Email That Cost One Company $100 Million In 2019, Toyota Boshoku Corporation lost $37 million in a single business email compromise attack. A threat actor impersonated a senior executive, sent a convincing email, and an employee wired the funds. No malware. No zero-day exploit. Just one phishing email that
In 2023, a single reused password gave threat actors access to 23andMe's credential stuffing attack, ultimately exposing the genetic data of 6.9 million users. The attackers didn't exploit a zero-day vulnerability. They didn't deploy sophisticated malware. They simply tried known username-password combinations from
The Threat Already Inside Your Network In 2023, Tesla disclosed that two former employees had leaked the personal data of more than 75,000 workers to a German news outlet. It wasn't a sophisticated hack. It wasn't a nation-state threat actor. It was people who already
A Single Home Router Opened the Door to a $4.88M Breach In 2024, IBM's Cost of a Data Breach Report pegged the global average breach cost at $4.88 million — the highest ever recorded. A significant chunk of those breaches involved remote workers. That number isn'
In 2019, a Lithuanian national named Evaldas Rimasauskas pleaded guilty to stealing over $100 million from Google and Facebook using nothing more than a series of fake email messages. He impersonated a legitimate hardware vendor, sent invoices from a lookalike domain, and two of the most technologically sophisticated companies on
The Breach That Started With "Company2024!" In January 2024, a mid-size healthcare company lost 2.3 million patient records. The root cause wasn't a sophisticated zero-day exploit. It wasn't a nation-state threat actor. It was an employee who reused the same password across their
In 2023, the FBI's Internet Crime Complaint Center reported that business email compromise — the category that includes fakeemail schemes — caused over $2.9 billion in adjusted losses across roughly 21,489 complaints. That made it the single most financially damaging cybercrime category in the IC3's annual
In 2023, a single reused password gave a threat actor access to 23andMe's credential-stuffing attack that exposed the data of nearly 7 million users. The attacker didn't exploit a zero-day vulnerability or deploy sophisticated malware. They just tried stolen passwords from other breaches — and millions of
In 2023, a single spear phishing email cost MGM Resorts an estimated $100 million in losses. The attacker didn't blast a million inboxes with a generic "Your account has been suspended" message. They researched an employee on LinkedIn, called the IT help desk impersonating that person,
In 2023, a finance employee at a multinational firm in Hong Kong wired $25 million to threat actors after receiving what appeared to be a legitimate video call and email chain from the company's CFO. It was all fake — the video was a deepfake, and the emails were
