Tag

Social Engineering

Learn how attackers use psychological manipulation to trick people into revealing sensitive information or performing unsafe actions. Topics include pretexting, baiting, tailgating, vishing, and real-world social engineering case studies that expose common human vulnerabilities.

posts

Trojan Horse Malware

Trojan Horse Malware: What It Is and How to Stop It

In July 2021, the REvil ransomware gang exploited a vulnerability in Kaseya's VSA software and dropped a trojan payload onto the systems of roughly 1,500 businesses worldwide. The attack didn't arrive as an obvious virus. It masqueraded as a legitimate software update — the textbook definition

Carl B. Johnson Sep 03, 2021 7 min read
Keylogger Attack

Keylogger Attack: How Hackers Steal Every Keystroke

In March 2021, security researchers discovered that the Agent Tesla keylogger had become one of the most prevalent malware families in the wild, appearing in phishing campaigns targeting organizations across every sector. This wasn't some exotic zero-day. It was a commodity keylogger attack tool that anyone could buy

Carl B. Johnson Sep 03, 2021 7 min read
Man in the Middle Attack

Man in the Middle Attack: How Hackers Steal Data

In January 2021, the FBI warned that cybercriminals were actively exploiting telecommuters by intercepting unencrypted network traffic — a textbook man in the middle attack. The shift to remote work didn't just expand the attack surface. It handed threat actors a golden opportunity to sit between employees and corporate

Carl B. Johnson Sep 03, 2021 7 min read
DNS Spoofing Attack

DNS Spoofing Attack: How Hackers Hijack Your Traffic

In April 2018, attackers hijacked the DNS records for Amazon's Route 53 service, redirecting traffic meant for MyEtherWallet.com to a malicious server in Russia. Users who typed the correct URL into their browsers still landed on a fake site. Within two hours, attackers stole roughly $150,000

Carl B. Johnson Sep 03, 2021 7 min read
Phishing Awareness

How to Spot a Phishing Email Before It Costs You

In July 2021, a single phishing email gave attackers access to an employee's credentials at a Florida managed service provider, which cascaded into the massive Kaseya VSA ransomware attack affecting up to 1,500 businesses worldwide. One click. One employee who didn't know how to spot

Carl B. Johnson Aug 31, 2021 8 min read
Phishing

What Is Phishing? The Attack Behind 36% of Breaches

In March 2021, a massive phishing campaign impersonating Microsoft Office 365 hit over 10,000 mailboxes across the financial services sector in a single week. The emails were nearly flawless — correct logos, legitimate-looking sender domains, and urgent language about password expiration. Dozens of employees handed over their credentials before anyone

Carl B. Johnson Aug 31, 2021 7 min read
Medusa Ransomware

Medusa Ransomware Gang Phishing Campaigns Explained

A Ransomware Group That Starts With Your Inbox In June 2021, a mid-sized manufacturer discovered every file server in their environment encrypted. The ransom note was signed "Medusa." The entry point? A single phishing email that harvested an employee's VPN credentials. The Medusa ransomware gang phishing

Carl B. Johnson Aug 31, 2021 7 min read
Fake Email

Fake Email: How to Spot, Stop, and Survive One

A Single Fake Email Cost Facebook and Google $120 Million Between 2013 and 2015, a Lithuanian man named Evaldas Rimasauskas sent a series of fake email messages to employees at Facebook and Google. He impersonated a legitimate hardware vendor, complete with forged invoices and contracts. By the time both companies

Carl B. Johnson Aug 31, 2021 7 min read