Botnets are one of the tools that enable bad actors to carry out extensive infostealer attacks. We discuss the risks of botnets, infostealers, and malware infections, and how to close ransomware visibility gaps.
Our survey of IT security leaders found organizations are investing in layers of defense against authentication-based attacks, but it still isn’t enough. Here we discuss the issues with passwords, passkeys, and MFA + additional steps beyond these measures security teams can take to close the gaps in their defenses.
SpyCloud is excited to enhance our Partner Program. Stacy Hutchings, VP Channel-North America shares more about the program, its benefits, and why companies should partner with SpyCloud.
Unwitting insider threats create vulnerabilities that can lead to ransomware attacks. We discuss how ghost accounts and shadow IT impact enterprises and how to mitigate these risks.
Session cookies siphoned from unmanaged devices infected with malware pose a significant threat to enterprises. Learn how criminals use stolen web session cookies to access enterprises and launch cyberattacks.
Updated stats on the prevalence and cost of common cyberattacks including ATO, ransomware, and fraud for organizations and individuals.
An analysis of the newly launched underground carding marketplace data against SpyCloud’s recaptured data shows the leaked information existed on the dark web prior to its recent disclosure – but does that make it any less powerful in the hands of a criminal?
Monetizing network access is not a new scheme, but the emergence of Ransomware-as-a-Service (RaaS) operators has created a market for specialized actors called Initial Access Brokers (IABs).
The question, ‘is this a legitimate customer or a criminal?’ can be answered with a new approach to preventing fraud that goes beyond identity verification.
The problem of password reuse demands a new framework for credential security – one in which users are blocked from choosing passwords that have ever been exposed.
With stolen credentials being the #1 entry point for cybercriminals, password security has never been more critical. We offer five tips for stronger passwords for users and enterprises alike.
We dig into key findings from our annual survey of more than 300 security leaders, including the role malware plays in ransomware attacks and the missing piece of incident response.
One of the biggest challenges in ransomware prevention is the lack of visibility into credential-stealing malware. Get insights on how these infections work and why malware causes headaches for SOC teams.
Understanding ransomware entry points is critical to preventing attacks in the first place. We examine three common access points for ransomware and discuss how to close gaps in your prevention strategy.
The start of a new school year is the perfect time to freshen up on cybersecurity awareness. We offer insights on cyberattacks and breaches targeted at children and four back-to-school security tips.
In honor of SpyCloud’s 6th anniversary, we take a look at how we’re achieving our mission to make the internet a safer place and discuss the future of the fight against cybercrime.
Fraud experts from SpyCloud and Aite-Novarica tackle recent trends, the rise in ATO, synthetic identities, and malware, and how to level the playing field against fraudsters.
Account opening fraud is a growing concern, especially for financial institutions. Being able to distinguish between legitimate users and fraudsters is critical to Know Your Customer (KYC) requirements.
A survey of CISOs found key insights on challenges facing top security leaders, including protecting against ransomware, implementing Zero Trust models, and the need for automated solutions.
SpyCloud breaks down intriguing insights from Verizon’s annual analysis of data breach causes, techniques, and motives.
The stakes are high when it comes to protecting critical infrastructure. See the latest thinking on thwarting ransomware attacks against Utilities – and the ATO that often precedes them.
SpyCloud’s annual analysis of data from the criminal underground tied to Fortune 1000 and FTSE 100 companies offers insights into trends including password security and PII exposure – along with the growing danger of malware-infected devices.
Synthetic identity fraud is a $20B problem, but it’s not impossible to prevent. We break down the 2 telltale signs. As it turns out, too much information is just as suspicious as not enough when it comes to detecting constructed identities.
The latest version of PCI DSS standards feature more robust requirements for passwords and authentication. We break down some of the requirements and how they could impact your organization.
When your password is exposed in a data breach, immediate action is necessary. We offer remediation steps and tips for creating strong passwords to secure online accounts.
Criminals are going omni-channel with Organized Retail Crime. Learn more about this type of fraud and see how the digital and physical worlds can collide to solve ORC cases.
Leaders in fraud prevention share insights and experiences about how fraud teams enable revenue and foster collaboration from our MRC 2022 panel discussion.
The SpyCloud Research team takes an in-depth look at anti-detect browsers and how they are being leveraged alongside stolen credentials and cookies to bypass MFA and easily log into targeted accounts.
Credential exposure. Ransomware. Password reuse. Malware. This year’s report spotlights key trends our research team found from analyzing 15 billion credentials and PII assets we recaptured from the criminal underground in 2021.
As online shopping continues to boom, both consumers and retailers should be aware of triangulation fraud. Learn more about this tactic, how it works, and how you (and your business) can avoid getting caught up in it.
Stolen data helps criminals sidestep fraud prevention measures. Now, SpyCloud can help enterprises use that same data to stop hard-to-detect fraud.
For years, criminals have stolen and exploited consumers’ personal data. It’s time we make that same data work for us in the fight to prevent fraud.
Enterprise leaders and boards of directors are constantly juggling the multitude of responsibilities they have to the business. Our CEO, Ted Ross, explains why cybersecurity should be at the top of the list.
We’d like to believe that passwords are just a hop-skip-jump away from being obsolete but the truth is, we’re still not quite ready for a passwordless world.
A summary of key findings from 250 U.S. Enterprise Security Leaders about the state of Ransomware Defense. Spoiler Alert: It’s not all bad news.
In an interconnected business world where organizations depend on hundreds of separate technologies and vendors, third-party access offers a reliably weak spot in any security posture.
Poor cybersecurity hygiene has made colleges & universities prime targets for ransomware. How can these institutions make security an educational priority?
A look back at the threat landscape that experts were predicting over the last five years to see how the industry has changed – and what could be ahead.
As the U.S. federal government addresses the ransomware scourge, state and local governments are left unprepared and caught in the crosshairs.
Cybercrime and cybersecurity budgets are both on the rise. And yet, the largest security gaps for most organizations – solving for password reuse and remediating stolen credentials – are left wide open.
Despite being one of the oldest tricks in the cybercrime playbook, BEC scams comprised 43% of all losses in the US last year compared to 1% from ransomware.
Increased adoption of MFA is a good thing for cybersecurity, especially as remote work grows in popularity – and preference – but humans remain the weakest link.
When it comes to identity theft, stolen phone numbers are often shrugged off. But the truth is, criminals want your phone numbers just as much as they want your passwords.
Ransomware has reached crisis levels across all business sectors and across the globe. What’s fueling it? Two words: stolen credentials.
The use of stolen credentials obtained from other breaches and/or credential reuse was a consistent thread throughout most criminal activity last year.
Telecom companies are rich in data and have huge numbers of customers, both of which make them valuable targets for fraudsters. They’re also heavily exposed in data breaches.
We’ve noticed a trend where media headlines equate data breaches & credential stuffing. The difference is critical for companies like Zoom, Nintendo, and Spotify, who made headlines in 2020 for the wrong reasons & suffered brand damage as a result.
It will be years – maybe decades – before we know the true extent of the fallout from the SolarWinds Orion software supply chain compromise. Based on what we know so far, SpyCloud has broken down the stages of this targeted, identity-based attack.
Surprise: If your password includes a keyword like “covid,” “election,” or “sourdough,” you’re in good company. Find out what else we’ve learned from the 1.5 billion stolen credentials our researchers have recovered over the last year.
Human nature makes us vulnerable to account takeover. Let’s dig into 3 very common bad habits and how they play into criminals’ hands.
SpyCloud analyzed over 543 million breach assets tied to Fortune 1000 employees to illustrate the challenges enterprises face in preventing account takeover.
Findings from our 2021 Remote Workforce Security Report: how companies are tackling the top threat vectors facing remote workers.
Get the lowdown on botnets, networks of computers infected by malware. See why they’re dangerous and how to protect yourself.
Let’s try something different from the usual losing weight and eating better. Here are 5 tips for stronger passwords in 2021.
See why password reuse and shared devices – so common in 2020 – will create cybersecurity headaches well into 2021.
MFA keeping you up at night? It probably should. Check out these common MFA bypass techniques and why another layer of account protection is necessary.
Dictionaries, combolists, rainbow tables…We explain the terms used within online “cracking communities” and what they mean for us as defenders.
We dive into the creative ways criminals are targeting the convenient ecommerce features that were designed to benefit customers during the pandemic. At the core of it all is stolen data.
Many years’ worth of accumulated best practices have mostly helped strengthen Active Directory security, but a few long-standing beliefs about enforcing password policies are actually outdated.
Questions to ask yourself as you prepare breach prevention & response plans, based on our conversations with CISOs who have survived major breaches that exposed customer data.
See why Gartner thinks we’re a Cool Vendor – and more about how we’re applying breach data to new use cases beyond ATO prevention.
Dig into the differences between these two common attack types, and how you can prevent account takeovers that stem from either one.
The cost of a data breach in the healthcare industry is now at an all-time high: $7.13M. Roy Mellinger, former Anthem CISO, shares his perspective & lessons learned from their 2015 breach – takeaways that are relevant for security leaders from all industries.
Confused by the lastest NIST password guidelines? We’ve condensed the recommendations from NIST into an easy-to-follow guide to help you protect your employee and consumer accounts. Plus, learn how SpyCloud’s newest offering can help.
Criminals are using stolen credentials and PII to impersonate unemployed workers, diverting the funds from benefit claims into their own pockets. With $26 billion at risk, we provide recommendations for government agencies, fraud teams, employers and individuals on how to stop the bleed.
Stolen credentials remain the #1 hacking tactic used to perpetrate data breaches. DIB suppliers must take strong measures to secure credentials and meet CMMC requirements.
Here’s what you need to know about popular cracking tools including Vertex, Sentry MBA, SNIPR, and OpenBullet, along with custom and target-specific account checkers – plus how you can protect your users and yourself from attacks.
Displaced darknet communities have found a new home on Discord. See what’s being sold and traded – and learn what to do if you happen to come across these activities.
Recap of the takeaways from Ms. Arrington’s latest keynote + concrete advice from expert panelists on what to do now, before auditing begins.
Stolen credentials are the top hacking tactic – for the fourth year running. Examine this + other trends from the 13th edition of the Verizon Data Breach Investigations Report.
The alleged credential “leaks” of Zoom accounts were created using textbook credential stuffing attacks & old compromised 3rd-party databases. See how Zoom responded to what we discovered.
Since early April, attackers have compromised 160,000 Nintendo accounts. SpyCloud researchers have identified source code for an account checker tool that was custom-built to target Nintendo customers.
SpyCloud researchers have compiled, enriched, and analyzed a list of over 136,000 hostnames and fully qualified domain names with COVID-19 or coronavirus themes from a variety of publicly-available feeds.
For employees working from home, how does our new (hopefully) temporary situation introduce risk, including data theft? Password security is more critical than ever.
We were able to tie more than 412 million breach assets within the SpyCloud database to employees within the Fortune 1000, providing a snapshot of the breach exposure affecting major enterprises.
Cybercriminals are profiting off of coronavirus fears. SpyCloud summarizes 9 tactics security professionals should be aware of.
Shedding light on mobile threats as well as potential solutions including mobile threat defense, zero trust frameworks, and account takeover prevention measures.
Ransomware attacks against local governments and utilities continue to pile up, and hackers are putting pressure on victims by threatening to leak data to the public domain.
Understand MFA implementation and adoption challenges and learn steps you can take to strengthen its effectiveness.
SpyCloud researchers have obtained and analyzed a set of over 515,000 Telnet credentials and IP addresses associated with vulnerable hosts that were leaked on a popular criminal forum.
Our 2020 report shows that password reuse continues to be a serious problem, leaving enterprises and their customers vulnerable to account takeover (ATO).
Periodic forced password changes are frustrating for users and counterproductive for security. Here’s why they’ll go the way of the dinosaurs in 2020.
SpyCloud’s latest product offering helps you reduce your risk of a data breach by monitoring your third party relationships for breach exposures and sharing that data to aid remediation efforts.
To commemorate National Cybersecurity Awareness month, we’re sharing 9 practical tips from enterprise CISOs on how to increase participation in security awareness programs.
The largest dark markets may have been seized, but they always seem to persist. Fortunately, they’re run by humans and humans make mistakes.
SpyCloud has released a new & improved version of Active Directory Guardian that makes it easier for organizations to align with NIST password guidelines and reset exposed passwords automatically.
If your password has been compromised in a data breach, what can you do to protect your accounts? Learn the 5 steps to remediate password exposure.
According to a recent study, many security leaders are focused on the wrong risks. Account takeover is a primary risk that deserves more attention.
Our survey of IT security leaders found organizations are investing in layers of defense against authentication-based attacks, but it still isn’t enough. Here we discuss the issues with passwords, passkeys, and MFA + additional steps beyond these measures security teams can take to close the gaps in their defenses.
Financial services institutions are searching for a more effective solution to prevent consumer account takeover, awarding SpyCloud Best in Show at Digital Banking 2019.
BYOD has its benefits, but it can also have serious implications. Learn how to defend your organization from the risks.
Lower-tier criminals are taking over fast food accounts to reap hot and fresh rewards–on your dime. By now you’ve probably
To laymen, the strange lexicon surrounding password security only makes the topic less approachable. What is a salt? What is
We recently announced $21 million in new capital led by M12, Microsoft’s venture fund. Here’s how we plan to grow.
2018 was a busy year for hackers. Interested to see just how busy, our annual credential exposure report breaks all the breaches down by the numbers.
Just how big was the so called Collections #1 “superbreach”? Turns out it was only 1 of 7 totalling more than 8B username and password records, and we’ve got the data on all the records.
This year, credit card fraud is down even though millennials are scoring more deals online. Here’s what that means for your organization.
Weak or reused passwords still pose a huge risk factor for account takeover but as newer authentication techniques evolve, criminals are adapting.
Credential stuffing attacks are on the rise. Learn more about how they’re done and what you can do to protect your organization.
Business email compromise (BEC), has been used to defraud businesses out of over $3 billion. Know what to look for in these types of scams.
Transforming recaptured data to protect your business.
