Explore strategies and tools to defend against credential theft attacks, including password spraying, keylogging, and credential stuffing. This tag covers best practices for safeguarding login credentials, implementing multi-factor authentication, and detecting compromised accounts before attackers exploit them.
posts
In March 2021, a single employee at a water treatment plant in Oldsmar, Florida, watched someone remotely take control of their screen and attempt to increase sodium hydroxide levels to dangerous concentrations. The attacker got in through a shared TeamViewer password. No advanced exploit. No zero-day. Just poor cybersecurity awareness
In December 2020, SolarWinds disclosed that threat actors had compromised its Orion software platform, ultimately breaching at least nine U.S. federal agencies and over 100 private companies. The attack went undetected for months. It wasn't a zero-day exploit that got them in — it was a compromised build
In February 2024, a threat actor compromised a single employee's SMS-based multi-factor authentication at a major financial services firm. The method? A SIM swap that took under ten minutes. The attacker intercepted the one-time passcode, drained customer accounts, and left the company facing regulatory action. This wasn'
In 2023, MGM Resorts lost an estimated $100 million after a threat actor social-engineered their way past the help desk with a single phone call. One conversation. No malware payload, no zero-day exploit, no sophisticated code. Just a human being who wasn't prepared for the moment. That'
The Email That Cost One Company $37 Million In 2024, a finance employee at a multinational firm joined a video call with what appeared to be the company's CFO and several colleagues. Every face on that call was a deepfake. The employee authorized $25.6 million in transfers
One Click Cost Them $100 Million In 2023, MGM Resorts was brought to its knees — not by a sophisticated zero-day exploit, but by a phone call. A threat actor called the help desk, impersonated an employee found on LinkedIn, and gained access to internal systems. The resulting ransomware attack cost
In 2024, the average cost of a data breach in the financial sector hit $6.08 million — the second-highest of any industry, trailing only healthcare. That number comes straight from IBM's Cost of a Data Breach Report. I've spent years working with banks, credit unions, and
