Addresses the tactics attackers use to steal login credentials and the countermeasures organizations can deploy. Topics include multi-factor authentication, credential monitoring, dark web surveillance, secure authentication protocols, and employee awareness training.
posts
In 2023, MGM Resorts lost an estimated $100 million after a threat actor bypassed their security by social engineering the help desk into resetting an employee's credentials — credentials that lacked properly enforced multi-factor authentication at critical junctures. That single phone call cascaded into one of the most expensive
In September 2023, MGM Resorts lost roughly $100 million after a threat actor called Scattered Spider bypassed the company's authentication controls using a simple social engineering phone call. The attackers didn't crack a password vault or exploit a zero-day. They convinced a help desk employee to
The 59-Second Crack That Cost a Hospital Chain Everything In 2023, CommonSpirit Health disclosed a ransomware attack that disrupted operations across more than 140 hospitals. Post-incident analysis pointed to compromised credentials as a key factor. The password in question wasn't "password123" — it was a seemingly reasonable
The Threat Already Inside Your Building In January 2023, the FBI arrested a former GE Aviation employee who had spent years downloading thousands of proprietary turbine technology files and transferring trade secrets to a competing business in China. The insider had legitimate access. He passed every background check. He sat
The Ivanti Breach Changed How I Think About VPNs In early 2024, CISA issued an emergency directive after threat actors exploited vulnerabilities in Ivanti Connect Secure VPN appliances to infiltrate multiple federal agencies. The attackers didn't brute-force passwords. They didn't trick users with phishing emails. They
A Single Phish Email Cost One Company $37 Million In 2024, Orion SA disclosed that a single employee fell for a business email compromise scheme and wired approximately $60 million to a threat actor's accounts. The company recovered some funds, but the net loss still exceeded $37 million.
The Breach That Started With a Single Unpatched Server In 2023, the MOVEit Transfer vulnerability (CVE-2023-34362) let the Cl0p ransomware gang compromise thousands of organizations worldwide — including federal agencies and major financial institutions. The root cause wasn't exotic malware or a sophisticated zero-day chain. It was a known
The MOVEit Breach Started With One Overlooked Web Flaw In 2023, a single SQL injection vulnerability in the MOVEit Transfer web application led to one of the largest mass exploitation events in history. Over 2,600 organizations were compromised. Sensitive data from government agencies, banks, and healthcare providers was exfiltrated
The Hiring Manager Doesn't Care Where You Sat in Class I've reviewed over a thousand resumes for security analyst and incident response roles. Not once — not a single time — have I rejected a candidate because their online computer security degree wasn't earned in a
Updated for 2026 A Single Email Cost This Company $121 Million In 2019, Rubin Schron's Cammeby's International Group wired $121 million to a fraudulent account after receiving what appeared to be a routine email from their attorney. The email was a phish. No malware. No zero-day
