Addresses the tactics attackers use to steal login credentials and the countermeasures organizations can deploy. Topics include multi-factor authentication, credential monitoring, dark web surveillance, secure authentication protocols, and employee awareness training.
posts
A Single Reused Password Cost One Company Everything In 2021, the Colonial Pipeline ransomware attack shut down fuel distribution across the U.S. East Coast. The entry point? A single compromised password on a legacy VPN account that lacked multi-factor authentication. That's not a sophisticated nation-state exploit. That&
The CEO Who Wired $47 Million to a Threat Actor In 2016, Austrian aerospace manufacturer FACC fired its CEO after the company lost €42 million (roughly $47 million) in a business email compromise attack. A threat actor impersonated the CEO via email and convinced a finance employee to wire funds
Microsoft's security team reported that accounts protected by multi-factor authentication block over 99.9% of automated attacks. Yet according to the FBI's Internet Crime Complaint Center (IC3), credential theft and account compromise remain among the top reported cybercrime categories year after year. The gap between what
The Email That Cost One Company $37 Million In 2024, the FBI's Internet Crime Complaint Center reported that business email compromise — a sophisticated form of phishing — accounted for over $2.9 billion in adjusted losses. That's not a typo. Billions. And it all starts with a
A Phone Call From "Google" That Wasn't Google at All In late 2024, a Gmail user received a phone call from what appeared to be a legitimate Google support number. The caller warned of suspicious account activity, walked them through a fake recovery process, and captured
In March 2024, a finance director at a mid-size manufacturer in Ohio received an email from what appeared to be the company CEO. The message asked for an urgent wire transfer to close a confidential acquisition. The email looked flawless — correct logo, matching font, even a convincing signature block. She
In 2023, a single spear phishing email cost MGM Resorts an estimated $100 million in losses and recovery. The attacker didn't blast out a million generic messages — they researched one employee, crafted one convincing message, and made one phone call to the help desk. That's the
In March 2024, a finance employee at a UK-based engineering firm wired $25 million to threat actors after a deepfake video call. The attackers had spoofed the company's CFO — but the entire attack chain started with a single phishing email. That first message contained at least four classic
The 24 Billion Stolen Passwords Nobody Talks About In 2022, researchers at Digital Shadows found over 24 billion username-and-password pairs circulating on dark web marketplaces and criminal forums. That number has only grown. If you think your organization's credentials aren't in that pile, I'd
In 2024, a single set of stolen Snowflake credentials led to the breach of over 165 organizations — including Ticketmaster and AT&T — exposing hundreds of millions of customer records. The root cause wasn't some exotic zero-day exploit. It was reused passwords without multi-factor authentication. Every one of
