Blog

Not quite…the Twitter accounts of several high-profile influencers were accessed to facilitate a widespread social engineering attack. Not everyone is who they say they are. Real-world example: 2020 Twitter Bitcoin Scam In July 2020, attackers gained access to Twitter’s internal tools and compromised several high-profile accounts, including those of Elon Musk, Jeff Bezos, Barack Obama, […]

A great example of a phishing attack is a “spoofed email from a trusted company.” Below is a detailed scenario: Example “Your Bank Account Needs Verification” Scenario An attacker sends an email that appears to come from a legitimate bank, like Wells Fargo or Chase. The email is designed to exploit the recipient’s trust by […]

Believe it…there are many types of cyberattacks where https could have prevented or mitigated the attack, primarily those involving Man-in-the-Middle (MITM) attacks. Real-world example: The Firesheep Attack What Happened? Firesheep was a browser extension that allowed attackers to hijack user sessions on websites that did not enforce https for all communications. The Mechanism Firesheep exploited […]

Not quite…ignoring warnings and failing to apply patches to your system can lead to devastating consequences. Target found out the hard way. Real-World Example: Target Breach One well-documented breach caused by failure to patch vulnerabilities is the Target data breach in 2013, which exposed the credit and debit card information of over 40 million customers. […]

Believe it…exploits created by our national security agencies are used by criminals to steal information and disrupt operations for money. Real-World Example: EternalBlue One of the most infamous real-world zero-day exploits is EternalBlue, a vulnerability discovered in Microsoft’s implementation of the Server Message Block (SMB) protocol. Here’s a detailed overview: Discovery and Nature of the […]

Believe it…flimsy financial firewalls permitted a huge breach of customers’ data. Firewalls don’t always prevent breaches. Layered security is important, and humans play a critical part The Great Financial Breach of 2022 In 2022, a mid-sized financial services firm, “GreenCrest Capital”, faced a catastrophic data breach. Despite investing in a state-of-the-art firewall, they became the […]

Believe it…attackers use “trusted” brand names to launch their attacks Real world example: The Case of the “Google Docs” Phishing Scam One of the most intriguing and widespread phishing scams occurred in May 2017, when attackers launched a sophisticated attack disguised as a Google Docs invitation. This attack not only fooled thousands of users but […]

Believe it…gamers denied retailers thousands of pounds of revenue The Dyn Attack: The Day the Internet Broke On October 21, 2016, a massive DDoS attack targeted Dyn, a major DNS (Domain Name System) provider. DNS acts like the internet’s address book, translating domain names (like example.com) into IP addresses that computers can understand. When Dyn […]

Could Cyber Behaviours be the Key to Unlocking Human Development? Background While it is known that developing countries are the least cyber-safe (Świątkowska, 2020, UN, 2011), the relationship between a country’s cyber security risks and their human development is yet to be fully understood. Here, we seek to strengthen existing ties between these two aspects. […]

A New framework for Digital Resilience On 10 November 2022, the European Parliament approved two pieces of legislation; DORA and NIS2 Directive. This legislation will set the new framework for digital resilience and cybersecurity across EU financial services and more broadly. At a time when digital finance, data and technology such as cloud computing present […]