Explore strategies and tools to defend against credential theft attacks, including password spraying, keylogging, and credential stuffing. This tag covers best practices for safeguarding login credentials, implementing multi-factor authentication, and detecting compromised accounts before attackers exploit them.
posts
The Industry That Can't Afford a Single Mistake In November 2023, the SEC fined several financial advisory firms a combined total of nearly $750,000 for cybersecurity failures following credential theft incidents that exposed thousands of customer records. The firms had the basics — firewalls, antivirus — but lacked the
Colonial Pipeline shut down 5,500 miles of fuel infrastructure last month because of a single compromised password. One password. No multi-factor authentication. That's the state of security for system administrators in 2021 — and it's a wake-up call that keeps echoing across every industry. I'
Colonial Pipeline just shut down 5,500 miles of fuel infrastructure this week. One compromised password. That's all it took. While forensic details are still emerging, the early reporting points to a single set of stolen credentials — likely obtained through a social engineering attack on an employee. If
In 2020, the FBI's Internet Crime Complaint Center received 19,369 business email compromise complaints. The adjusted losses? A staggering $1.8 billion — making BEC the single most financially devastating cybercrime category in the FBI IC3 2020 Internet Crime Report. That's more than ransomware, more than
In March 2021, a single employee at a water treatment plant in Oldsmar, Florida, watched someone remotely take control of their screen and attempt to increase sodium hydroxide levels to dangerous concentrations. The attacker got in through a shared TeamViewer password. No advanced exploit. No zero-day. Just poor cybersecurity awareness
In December 2020, SolarWinds disclosed that threat actors had compromised its Orion software platform, ultimately breaching at least nine U.S. federal agencies and over 100 private companies. The attack went undetected for months. It wasn't a zero-day exploit that got them in — it was a compromised build
In February 2024, a threat actor compromised a single employee's SMS-based multi-factor authentication at a major financial services firm. The method? A SIM swap that took under ten minutes. The attacker intercepted the one-time passcode, drained customer accounts, and left the company facing regulatory action. This wasn'
In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered their way past the help desk with a single phone call. One conversation. No malware payload, no zero-day exploit, no sophisticated code. Just a human being who wasn't prepared for the moment. That'
The Email That Cost One Company $37 Million In 2024, a finance employee at a multinational firm joined a video call with what appeared to be the company's CFO and several colleagues. Every face on that call was a deepfake. The employee authorized $25.6 million in transfers
One Click Cost Them $100 Million In 2023, MGM Resorts was brought to its knees — not by a sophisticated zero-day exploit, but by a phone call. A threat actor called the help desk, impersonated an employee found on LinkedIn, and gained access to internal systems. The resulting ransomware attack cost
