Blog

Believe it…despite the best technical defences, if the human is not secure then the system isn’t either Real-world example: 2016 Democratic National Committee (DNC) hack. Phishing Tactics Hackers sent phishing emails to several DNC staff members, masquerading as Google security warnings. • The emails claimed there was suspicious activity on their Google accounts and urged […]

Believe it…your data is at risk, so be careful who you choose to share it with. Real-world example: 2020 MGM Resorts Data Breach In 2020, hackers obtained a database containing the personal information of over 142 million MGM Resorts guests and posted it for sale on a dark web marketplace. The data included names, addresses, […]

Not quite…the Twitter accounts of several high-profile influencers were accessed to facilitate a widespread social engineering attack. Not everyone is who they say they are. Real-world example: 2020 Twitter Bitcoin Scam In July 2020, attackers gained access to Twitter’s internal tools and compromised several high-profile accounts, including those of Elon Musk, Jeff Bezos, Barack Obama, […]

A great example of a phishing attack is a “spoofed email from a trusted company.” Below is a detailed scenario: Example “Your Bank Account Needs Verification” Scenario An attacker sends an email that appears to come from a legitimate bank, like Wells Fargo or Chase. The email is designed to exploit the recipient’s trust by […]

Believe it…there are many types of cyberattacks where https could have prevented or mitigated the attack, primarily those involving Man-in-the-Middle (MITM) attacks. Real-world example: The Firesheep Attack What Happened? Firesheep was a browser extension that allowed attackers to hijack user sessions on websites that did not enforce https for all communications. The Mechanism Firesheep exploited […]

Not quite…ignoring warnings and failing to apply patches to your system can lead to devastating consequences. Target found out the hard way. Real-World Example: Target Breach One well-documented breach caused by failure to patch vulnerabilities is the Target data breach in 2013, which exposed the credit and debit card information of over 40 million customers. […]

Believe it…exploits created by our national security agencies are used by criminals to steal information and disrupt operations for money. Real-World Example: EternalBlue One of the most infamous real-world zero-day exploits is EternalBlue, a vulnerability discovered in Microsoft’s implementation of the Server Message Block (SMB) protocol. Here’s a detailed overview: Discovery and Nature of the […]

Believe it…flimsy financial firewalls permitted a huge breach of customers’ data. Firewalls don’t always prevent breaches. Layered security is important, and humans play a critical part The Great Financial Breach of 2022 In 2022, a mid-sized financial services firm, “GreenCrest Capital”, faced a catastrophic data breach. Despite investing in a state-of-the-art firewall, they became the […]

Believe it…attackers use “trusted” brand names to launch their attacks Real world example: The Case of the “Google Docs” Phishing Scam One of the most intriguing and widespread phishing scams occurred in May 2017, when attackers launched a sophisticated attack disguised as a Google Docs invitation. This attack not only fooled thousands of users but […]

Believe it…gamers denied retailers thousands of pounds of revenue The Dyn Attack: The Day the Internet Broke On October 21, 2016, a massive DDoS attack targeted Dyn, a major DNS (Domain Name System) provider. DNS acts like the internet’s address book, translating domain names (like example.com) into IP addresses that computers can understand. When Dyn […]