Blog
Insights on cybercrime, account takeover, ransomware, the criminal underground and more
Preventing Ransomware:
Top Trends from the 2023 Spycloud Ransomware Report
Read highlights from the 2023 SpyCloud Ransomware Report, including attack precursors, frequency, and costs affecting security teams & organizations.
The Hidden Costs of Ransomware Attacks
The cost of a ransomware attack isn’t just a payment – negative brand reputation and loss of customers can hurt the bottom line, while employees mitigating an attack can impact productivity.
Botnets: The Information Stealers Mama Never Warned You About
Get the lowdown on botnets, networks of computers infected by malware. See why they’re dangerous and how to protect yourself.
4 Top Takeaways from Black Hat 2023
Our team was busy on the floor at Black Hat 2023, but we also had some time to attend sessions and talk industry with colleagues and friends. Here’s what we’re taking away from one of cybersecurity’s best events.
The Bad News About Infostealer Malware: There’s No Silver Bullet (But There IS More You Can Do)
Find out what makes infostealer malware a unique threat, and how SOC teams should adjust traditional approaches to fully address the risk it poses.
Top Takeaways from IBM’s Cost of a Data Breach Report 2023
The cost of a data breach keeps rising but there are concrete approaches for mitigating costs that work. Read the key findings from this year’s IBM report.
SpyCloud Report: Gaps Still Loom in Malware Remediation
Key findings and insights from over 300 security & IT leaders and practitioners surveyed by SpyCloud regarding the growing threat of infostealer malware and what companies are missing when it comes to remediation.
Digging Deeper: More Perspectives on Key Challenges Facing CISOs
We uncovered a lot in feedback sessions with CISOs, so we offer even more insights around evolving authentication methods and ransomware defense vs. offense in the second blog in our series.
We Asked, They Answered: Hot Topics CISOs are Concerned About
In ongoing conversations with CISOs, several topics stood out as top-of-mind for security leaders. We discuss their emerging concerns, including malware infection response and critical SOC team blind spots.
2023 Cybersecurity Industry Statistics: Account Takeover, Ransomware, Data Breaches, BEC & Fraud
Updated stats on the prevalence and cost of common cyberattacks including ATO, ransomware, and fraud for organizations and individuals.
Key Takeaways from the Verizon 2023 Data Breach Investigations Report: A Look Back and A Way Forward
New year, same story: Credentials are king, ransomware is rampant, and human error prevails. We dig into the Verizon 2023 Data Breach Investigations Report and shed some light on what the future holds.
Ransomware May Be On Fire Now, But BEC Is Always Simmering
Despite being one of the oldest tricks in the cybercrime playbook, BEC scams continue to pose a significant threat to organizations, causing 64 times more losses than ransomware last year.
Plot Twist: Combolists Are Still A Threat
SpyCloud researchers break down the risk combolists provide to enterprises and security teams combating stolen credentials and how cybercriminals are still leveraging this age-old tactic.
Passkeys: Their Impact & Their Vulnerabilities
With the shift from passwords to passkeys, security posture stands a chance at optimization. But it’s still susceptible to compromise. We examine how.
Cyberattacks in a Passwordless World – The Emergence of Session Hijacking
A passwordless world is not one without cyberattacks. Session hijacking is one example that defeats passkeys. We examine its growing popularity.
Passwordless May Be The Future, But Is It a Cure-All?
Passwordless authentication feels like all the rage these days but it doesn’t come without its own challenges.
Corporate Darknet Exposure on the Rise Due to Malware
The dark web is crawling with compromised credentials and cookies from the largest companies in the US and UK. We cover takeaways from our reports on the Identity Exposure of the Fortune 1000 and FTSE 100.
5 Key Takeaways from RSAC 2023
RSAC’s 2023 theme of Stronger Together rang true throughout the event, with discussions on how to tackle and safely evolve AI’s impact on cybersecurity, third-party risk management, and the path forward for the industry.
8 Types of Common Cyberattacks and How to Protect Your Enterprise
Bad actors can target your organization in all sorts of ways. Read on for some of the most common types of cyberattacks that should be on your organization’s radar.
Preventing Cyberattacks in Government Supply Chains
Stolen credentials and malware infections put DIB suppliers at risk for account takeover and ransomware attacks. These organizations must take measures to secure credentials and meet CMMC requirements.
What Is 2FA and Why Does It Matter?
We explore two-factor authentication (2FA) and multi-factor authentication (MFA) and why these added layers of security are critical to protecting your organization.
How Infostealer Malware Helps Ransomware Operators Hide in Plain Sight
As malware attempts reach staggering heights, we dive into infostealer malware, including how it executes, the risks it poses, and how it can lead to follow-on attacks like ransomware.
A Rundown of Current Malware Trends From the Darknet
Our resident security research expert discusses malware trends – including why we’re finding screenshots of victims’ desktops among the exfiltrated data.
Why Identity is at the Core of a Federal Zero Trust Strategy
Key tenets of the government’s zero trust strategy include MFA and secure password policies. With identity at the core of zero trust, we offer recommendations for successful strategy implementation.
SpyCloud Annual Report: Malware is Making Its Mark on the Darknet
This year’s report focuses on the growing risk of malware infections. With half of the exposed credentials coming from botnet logs, our recaptured data shows a shift in cybercriminal trends.
SpyCloud Embraces Equity in Tech on International Women’s Day
In honor of International Women’s Day during Women’s History Month, female leaders at SpyCloud discuss their careers in technology and offer advice to other women entering the field.
Fraud Teams’ Most Critical Blind Spot: Malware-Infected Consumers
Data stolen from consumers’ malware-infected devices fuels account takeover and online fraud. Knowing what criminals know about your customers is the first step in protecting them and your bottom line.
7 Steps of a Complete Malware Incident Response Plan
We break down the steps that enable the shift from a machine-focused approach to malware infection response to an identity-focused approach that truly reduces the enterprise’s risk of ransomware.
What To Do When Your Password is Exposed in a Data Breach
When you’re alerted that your password was included in a data breach, what can you do to protect your accounts? Learn the implications of exposed credentials and 4 steps to exposed passwords.
It Ain’t Over Til It’s Over: Why Post-Infection Remediation Is Needed to Truly Resolve Malware Infections
As threats from malware infections slip through security defenses, a new approach to preventing ransomware is necessary. With SpyCloud Compass, security teams can now conduct complete Post-Infection Remediation.
What Motivates Cybercriminals to Run Malware Campaigns?
While money is a common and obvious motivation for malware campaigns, we examine various motivating factors behind malware, including hacktivism and notoriety.
2022 in Review: The Year of Ransomware
Ransomware has been a growing cyber threat for several years but with increased sophistication and methods it seems like 2022 was really the year it took off. Here we break down the trends and ways organizations can better prepare in 2023 and beyond!
Fool Me Once: How Botnets Help Malicious Actors Pose as Your Employees (And What Enterprises Can Do About It)
Botnets are one of the tools that enable bad actors to carry out extensive infostealer attacks. We discuss the risks of botnets, infostealers, and malware infections, and how to close ransomware visibility gaps.
Passwords, Passkeys, Cookies, MFA – Authentication Methods are Under Attack
Our survey of IT security leaders found organizations are investing in layers of defense against authentication-based attacks, but it still isn’t enough. Here we discuss the issues with passwords, passkeys, and MFA + additional steps beyond these measures security teams can take to close the gaps in their defenses.
Q&A with SpyCloud North American Channel Vice President
SpyCloud is excited to enhance our Partner Program. Stacy Hutchings, VP Channel-North America shares more about the program, its benefits, and why companies should partner with SpyCloud.
How to Avoid Getting Spooked by Ghost Accounts and Shadow IT
Unwitting insider threats create vulnerabilities that can lead to ransomware attacks. We discuss how ghost accounts and shadow IT impact enterprises and how to mitigate these risks.
What is Session Hijacking and How Do You Prevent It?
Session cookies siphoned from unmanaged devices infected with malware pose a significant threat to enterprises. Learn how criminals use stolen web session cookies to access enterprises and launch cyberattacks.
Dark Web Market BidenCash: 30%+ of Credit Cards are Old News
An analysis of the newly launched underground carding marketplace data against SpyCloud’s recaptured data shows the leaked information existed on the dark web prior to its recent disclosure – but does that make it any less powerful in the hands of a criminal?
Outsourcing Initial Access: Ransomware Groups Don’t Break In, They Log In.
Monetizing network access is not a new scheme, but the emergence of Ransomware-as-a-Service (RaaS) operators has created a market for specialized actors called Initial Access Brokers (IABs).
Balancing Act: Tackling the Top Ecommerce Fraud Challenges
The question, ‘is this a legitimate customer or a criminal?’ can be answered with a new approach to preventing fraud that goes beyond identity verification.
70% Password Reuse: Password Security Needs a Forced Reset
The problem of password reuse demands a new framework for credential security – one in which users are blocked from choosing passwords that have ever been exposed.
Tips for Strong Passwords
With stolen credentials being the #1 entry point for cybercriminals, password security has never been more critical. We offer five tips for stronger passwords for users and enterprises alike.
The Most Overlooked Ransomware Defenses
We dig into key findings from our annual survey of more than 300 security leaders, including the role malware plays in ransomware attacks and the missing piece of incident response.
Roses Are Red(Line): Why Credential-Stealing Malware is Giving SOC Teams the Blues
One of the biggest challenges in ransomware prevention is the lack of visibility into credential-stealing malware. Get insights on how these infections work and why malware causes headaches for SOC teams.
Three Common Entry Points for Ransomware
Understanding ransomware entry points is critical to preventing attacks in the first place. We examine three common access points for ransomware and discuss how to close gaps in your prevention strategy.
Don’t Get Schooled by Cybercriminals: Back to School Cybersecurity Tips
The start of a new school year is the perfect time to freshen up on cybersecurity awareness. We offer insights on cyberattacks and breaches targeted at children and four back-to-school security tips.
Making the Internet a Safer Place: Celebrating Six Years of SpyCloud
In honor of SpyCloud’s 6th anniversary, we take a look at how we’re achieving our mission to make the internet a safer place and discuss the future of the fight against cybercrime.
Consumer or Fraudster? A Q&A with Fraud Prevention Experts
Fraud experts from SpyCloud and Aite-Novarica tackle recent trends, the rise in ATO, synthetic identities, and malware, and how to level the playing field against fraudsters.
Account Opening Fraud: High Risks and High-Risk Customers
Account opening fraud is a growing concern, especially for financial institutions. Being able to distinguish between legitimate users and fraudsters is critical to Know Your Customer (KYC) requirements.
CISOs Sound Off: Survey Shows CISO Challenges and Priorities
A survey of CISOs found key insights on challenges facing top security leaders, including protecting against ransomware, implementing Zero Trust models, and the need for automated solutions.
Stolen Credentials, Ransomware & Human Error, Oh My: Key Takeaways from the Verizon 2022 Data Breach Investigations Report
SpyCloud breaks down intriguing insights from Verizon’s annual analysis of data breach causes, techniques, and motives.
The Critical Need to Protect Critical Infrastructure: Spotlight on Utilities
The stakes are high when it comes to protecting critical infrastructure. See the latest thinking on thwarting ransomware attacks against Utilities – and the ATO that often precedes them.
Shining a Light on the Identity Exposure of Fortune 1000 and FTSE 100 Enterprises
SpyCloud’s annual analysis of data from the criminal underground tied to Fortune 1000 and FTSE 100 companies offers insights into trends including password security and PII exposure – along with the growing danger of malware-infected devices.
Too Much, Too Little, or Just Right: How to Spot the Signs of Synthetic Identity Fraud
Synthetic identity fraud is a $20B problem, but it’s not impossible to prevent. We break down the 2 telltale signs. As it turns out, too much information is just as suspicious as not enough when it comes to detecting constructed identities.
Keeping Up with Compliance: New PCI DSS 4.0 Authentication Standards and What They Mean for You
The latest version of PCI DSS standards feature more robust requirements for passwords and authentication. We break down some of the requirements and how they could impact your organization.
What is a Data Breach
When your password is exposed in a data breach, immediate action is necessary. We offer remediation steps and tips for creating strong passwords to secure online accounts.
Connecting the Dots: Fight Organized Retail Crime (ORC) With Recaptured Data
Criminals are going omni-channel with Organized Retail Crime. Learn more about this type of fraud and see how the digital and physical worlds can collide to solve ORC cases.
Lessons Learned From the Front Lines in the Fight Against Fraud
Leaders in fraud prevention share insights and experiences about how fraud teams enable revenue and foster collaboration from our MRC 2022 panel discussion.
Dusting for Fingerprints: How New Anti-Detect Browsers Spoof Real Users with Stolen Digital Fingerprints
The SpyCloud Research team takes an in-depth look at anti-detect browsers and how they are being leveraged alongside stolen credentials and cookies to bypass MFA and easily log into targeted accounts.
Top 5 Takeaways from SpyCloud’s Annual Identity Exposure Report
Credential exposure. Ransomware. Password reuse. Malware. This year’s report spotlights key trends our research team found from analyzing 15 billion credentials and PII assets we recaptured from the criminal underground in 2021.
Three’s a Crowd: Breaking Down Triangulation Fraud
As online shopping continues to boom, both consumers and retailers should be aware of triangulation fraud. Learn more about this tactic, how it works, and how you (and your business) can avoid getting caught up in it.
4 Ways Underground Data Helps Criminals Sneak Past Fraud Controls – And What You Can Do About It
Stolen data helps criminals sidestep fraud prevention measures. Now, SpyCloud can help enterprises use that same data to stop hard-to-detect fraud.
Putting Breach Data to Work in Fraud Prevention
For years, criminals have stolen and exploited consumers’ personal data. It’s time we make that same data work for us in the fight to prevent fraud.
Risky Business: Why a Strong Security Culture Should Be a Top Priority for All Bosses
Enterprise leaders and boards of directors are constantly juggling the multitude of responsibilities they have to the business. Our CEO, Ted Ross, explains why cybersecurity should be at the top of the list.
The Future of Passwordless Authentication Is…Probably More Passwords
We’d like to believe that passwords are just a hop-skip-jump away from being obsolete but the truth is, we’re still not quite ready for a passwordless world.
2021 Ransomware Defense Report: Breaking Down Key Findings
A summary of key findings from 250 U.S. Enterprise Security Leaders about the state of Ransomware Defense. Spoiler Alert: It’s not all bad news.
Rethinking Trust: Adapting to the Reality of Supply Chain Compromise
In an interconnected business world where organizations depend on hundreds of separate technologies and vendors, third-party access offers a reliably weak spot in any security posture.
Password Hygiene: A Prerequisite for Higher Education
Poor cybersecurity hygiene has made colleges & universities prime targets for ransomware. How can these institutions make security an educational priority?
5 Years of Risk: How Cybersecurity Threats Continue to Evolve
A look back at the threat landscape that experts were predicting over the last five years to see how the industry has changed – and what could be ahead.
Ransomware: A Global Threat with Local Consequences
As the U.S. federal government addresses the ransomware scourge, state and local governments are left unprepared and caught in the crosshairs.
As Cybersecurity Spending Balloons, So Do False Economies
Cybercrime and cybersecurity budgets are both on the rise. And yet, the largest security gaps for most organizations – solving for password reuse and remediating stolen credentials – are left wide open.
Trends in MFA in a WFH World
Increased adoption of MFA is a good thing for cybersecurity, especially as remote work grows in popularity – and preference – but humans remain the weakest link.
I Just Called to Say… I’ve Taken Over Your Account
When it comes to identity theft, stolen phone numbers are often shrugged off. But the truth is, criminals want your phone numbers just as much as they want your passwords.
One for the Money, Two for the Show, $4.4M for the Ransomware Gang That Used ATO
Ransomware has reached crisis levels across all business sectors and across the globe. What’s fueling it? Two words: stolen credentials.
Everyone Loves Credentials: Highlights from the Verizon 2021 Data Breach Investigations Report
The use of stolen credentials obtained from other breaches and/or credential reuse was a consistent thread throughout most criminal activity last year.
Telecom Companies Face Highest Risk for Cyber Attacks
Telecom companies are rich in data and have huge numbers of customers, both of which make them valuable targets for fraudsters. They’re also heavily exposed in data breaches.
Was It a Breach or Credential Stuffing?
We’ve noticed a trend where media headlines equate data breaches & credential stuffing. The difference is critical for companies like Zoom, Nintendo, and Spotify, who made headlines in 2020 for the wrong reasons & suffered brand damage as a result.
Breaking Down the SolarWinds Supply Chain Attack
It will be years – maybe decades – before we know the true extent of the fallout from the SolarWinds Orion software supply chain compromise. Based on what we know so far, SpyCloud has broken down the stages of this targeted, identity-based attack.
2021 Annual Credential Exposure Report
Surprise: If your password includes a keyword like “covid,” “election,” or “sourdough,” you’re in good company. Find out what else we’ve learned from the 1.5 billion stolen credentials our researchers have recovered over the last year.
3 Bad Habits That Increase Your Account Takeover Risk
Human nature makes us vulnerable to account takeover. Let’s dig into 3 very common bad habits and how they play into criminals’ hands.
2021 Report: Breach Exposure of the Fortune 1000
SpyCloud analyzed over 543 million breach assets tied to Fortune 1000 employees to illustrate the challenges enterprises face in preventing account takeover.
The 2021 Remote Workforce Security Report
Findings from our 2021 Remote Workforce Security Report: how companies are tackling the top threat vectors facing remote workers.
Make Better Password Habits One Of Your New Year’s Resolutions
Let’s try something different from the usual losing weight and eating better. Here are 5 tips for stronger passwords in 2021.
2021 Cybersecurity Prediction: The Mingling of Work & Personal Accounts Will Lead to a Rise in Vulnerability
See why password reuse and shared devices – so common in 2020 – will create cybersecurity headaches well into 2021.
Is Multi-Factor Authentication Like a Splinter in Your Mind?
MFA keeping you up at night? It probably should. Check out these common MFA bypass techniques and why another layer of account protection is necessary.
Cryptography of the Cracking World
Dictionaries, combolists, rainbow tables…We explain the terms used within online “cracking communities” and what they mean for us as defenders.
The Merchant’s Prep Guide to 2020 Holiday Delivery Fraud
We dive into the creative ways criminals are targeting the convenient ecommerce features that were designed to benefit customers during the pandemic. At the core of it all is stolen data.
Out with the Old: It’s Time to Abandon Outdated Active Directory Password “Best Practices”
Many years’ worth of accumulated best practices have mostly helped strengthen Active Directory security, but a few long-standing beliefs about enforcing password policies are actually outdated.
Never Waste a Crisis: Best Practices for Managing Large-Scale Data Breaches
Questions to ask yourself as you prepare breach prevention & response plans, based on our conversations with CISOs who have survived major breaches that exposed customer data.
SpyCloud Recognized as a Gartner Cool Vendor for Identity Access Management and Fraud Detection
See why Gartner thinks we’re a Cool Vendor – and more about how we’re applying breach data to new use cases beyond ATO prevention.
Credential Stuffing vs. Password Spraying
Dig into the differences between these two common attack types, and how you can prevent account takeovers that stem from either one.
Surviving a Data Breach at Anthem: A CISO’s Perspective
The cost of a data breach in the healthcare industry is now at an all-time high: $7.13M. Roy Mellinger, former Anthem CISO, shares his perspective & lessons learned from their 2015 breach – takeaways that are relevant for security leaders from all industries.
Modernize Your Password Security Policy with Latest NIST Guidelines
Confused by the lastest NIST password guidelines? We’ve condensed the recommendations from NIST into an easy-to-follow guide to help you protect your employee and consumer accounts. Plus, learn how SpyCloud’s newest offering can help.
Unemployment Fraud: Who is Using Your Identity to Collect?
Criminals are using stolen credentials and PII to impersonate unemployed workers, diverting the funds from benefit claims into their own pockets. With $26 billion at risk, we provide recommendations for government agencies, fraud teams, employers and individuals on how to stop the bleed.
The New Cracking Tools That Automate Credential Stuffing & Account Takeover
Here’s what you need to know about popular cracking tools including Vertex, Sentry MBA, SNIPR, and OpenBullet, along with custom and target-specific account checkers – plus how you can protect your users and yourself from attacks.
Discord’s Dark (Web) Side
Displaced darknet communities have found a new home on Discord. See what’s being sold and traded – and learn what to do if you happen to come across these activities.
The Latest from DoD’s Katie Arrington on CMMC – and Next Steps for DIB Suppliers Awaiting CMMC Audits
Recap of the takeaways from Ms. Arrington’s latest keynote + concrete advice from expert panelists on what to do now, before auditing begins.
A Deep Dive into the Verizon 2020 Data Breach Investigations Report
Stolen credentials are the top hacking tactic – for the fourth year running. Examine this + other trends from the 13th edition of the Verizon Data Breach Investigations Report.
Fact vs. Hype: Zoom Credential “Leak” Analysis
The alleged credential “leaks” of Zoom accounts were created using textbook credential stuffing attacks & old compromised 3rd-party databases. See how Zoom responded to what we discovered.
Technical Analysis: Nintendo Account-Checking Crimeware
Since early April, attackers have compromised 160,000 Nintendo accounts. SpyCloud researchers have identified source code for an account checker tool that was custom-built to target Nintendo customers.
Analyzing 136,000 New Domains with COVID-19 Themes
SpyCloud researchers have compiled, enriched, and analyzed a list of over 136,000 hostnames and fully qualified domain names with COVID-19 or coronavirus themes from a variety of publicly-available feeds.
White House Issues Guidance on Remote Worker Security
For employees working from home, how does our new (hopefully) temporary situation introduce risk, including data theft? Password security is more critical than ever.
SpyCloud Research: Breach Exposure of the Fortune 1000
We were able to tie more than 412 million breach assets within the SpyCloud database to employees within the Fortune 1000, providing a snapshot of the breach exposure affecting major enterprises.
PSA: 9 Ways Attackers Are Capitalizing on COVID-19
Cybercriminals are profiting off of coronavirus fears. SpyCloud summarizes 9 tactics security professionals should be aware of.
Mobile Device Security, A Multi-Faceted Approach
Shedding light on mobile threats as well as potential solutions including mobile threat defense, zero trust frameworks, and account takeover prevention measures.
Ransomware Paralysis? Attacks Against Local Governments on the Rise While Prevention Efforts Lag
Ransomware attacks against local governments and utilities continue to pile up, and hackers are putting pressure on victims by threatening to leak data to the public domain.
The Challenges of Multi-Factor Authentication in Your Security Program
Understand MFA implementation and adoption challenges and learn steps you can take to strengthen its effectiveness.
SpyCloud Research: Analyzing 515,000 Leaked Telnet Credentials
SpyCloud researchers have obtained and analyzed a set of over 515,000 Telnet credentials and IP addresses associated with vulnerable hosts that were leaked on a popular criminal forum.
2020 Annual Credential Exposure Report
Our 2020 report shows that password reuse continues to be a serious problem, leaving enterprises and their customers vulnerable to account takeover (ATO).
2020 Prediction: The Death of the Password Rotation Policy
Periodic forced password changes are frustrating for users and counterproductive for security. Here’s why they’ll go the way of the dinosaurs in 2020.
Reduce Supply Chain Account Takeover Risk with SpyCloud Third Party Insight
SpyCloud’s latest product offering helps you reduce your risk of a data breach by monitoring your third party relationships for breach exposures and sharing that data to aid remediation efforts.
How to Boost Employee Engagement in Your Security Awareness Program
To commemorate National Cybersecurity Awareness month, we’re sharing 9 practical tips from enterprise CISOs on how to increase participation in security awareness programs.
The Dark Web Is as Innovative as Ever
The largest dark markets may have been seized, but they always seem to persist. Fortunately, they’re run by humans and humans make mistakes.
Detect and Reset Compromised Passwords with Active Directory Guardian
SpyCloud has released a new & improved version of Active Directory Guardian that makes it easier for organizations to align with NIST password guidelines and reset exposed passwords automatically.
Is Account Takeover an Underrated Risk?
According to a recent study, many security leaders are focused on the wrong risks. Account takeover is a primary risk that deserves more attention.
How long would it take to crack your password?
Our survey of IT security leaders found organizations are investing in layers of defense against authentication-based attacks, but it still isn’t enough. Here we discuss the issues with passwords, passkeys, and MFA + additional steps beyond these measures security teams can take to close the gaps in their defenses.
SpyCloud Wins Best in Show at Digital Banking 2019
Financial services institutions are searching for a more effective solution to prevent consumer account takeover, awarding SpyCloud Best in Show at Digital Banking 2019.
The Unavoidable Side Effect of BYOD
BYOD has its benefits, but it can also have serious implications. Learn how to defend your organization from the risks.
These Fraudsters Are Hungry for Account Takeover
Lower-tier criminals are taking over fast food accounts to reap hot and fresh rewards–on your dime. By now you’ve probably heard us talk at length
Would You Like Pepper on That Hash?
To laymen, the strange lexicon surrounding password security only makes the topic less approachable. What is a salt? What is a hash? And better yet,
How SpyCloud Plans to Spend $21 Million in New Series B Funding
We recently announced $21 million in new capital led by M12, Microsoft’s venture fund. Here’s how we plan to grow.
2018 Annual Credential Exposure Report
2018 was a busy year for hackers. Interested to see just how busy, our annual credential exposure report breaks all the breaches down by the numbers.
Our Perspective on the “Collection” Combo Lists
Just how big was the so called Collections #1 “superbreach”? Turns out it was only 1 of 7 totalling more than 8B username and password records, and we’ve got the data on all the records.
How the Grinch Carded Your Customers
This year, credit card fraud is down even though millennials are scoring more deals online. Here’s what that means for your organization.
The New Identity Crisis
Weak or reused passwords still pose a huge risk factor for account takeover but as newer authentication techniques evolve, criminals are adapting.
The Anatomy of Credential Stuffing
Credential stuffing attacks are on the rise. Learn more about how they’re done and what you can do to protect your organization.
Business Email Compromise (BEC) and Stolen Credentials
Business email compromise (BEC), has been used to defraud businesses out of over $3 billion. Know what to look for in these types of scams.
Why Old Passwords Still Matter
Old exposed passwords can do harm long after the initial compromise. Learn why you should be looking at old data, too.
What Is Corporate Account Takeover and What Can You Do to Prevent It?
Corporate account takeover is growing at an alarming rate. Find out what you should and shouldn’t do to prevent it.
Do Dark Web Monitoring Tools Work?
Do you ever wonder how the dark web works? Do you know what tools provide protection from what can happen in the dark web? We’ll break it down.
New Sextortion Scams Leverage Password Reuse
In a recent phishing attack, men around the globe are receiving a realistic email that could cost them thousands if they fall for it.
In Depth: The New Dark Markets
New markets on the dark web represent a shift in how underground goods are bought and sold. What does history have to say about how new markets will fare?
SpyCloud Hires CFO, Demonstrates Rapid Growth
Greater than 950 percent YoY rise in revenue indicates ATO prevention is a high priority for enterprises.
CISO Recipe for Peaceful Sleep
As CISO, your job may keep you up at night worrying about your employees’ and customers’ leaked credentials. There’s plenty to worry about, but you can take proactive steps to find more restful sleep.
What We Learned at The 2018 RSA Conference
Curious about the main takeaways at this year’s RSA Conference? David Endler, president and co-founder of SpyCloud offers his take.
Six Reasons for a False Sense of Security – ATOs
Think your account takeover prevention strategies give you 100% protection? We’ll show you why you should be skeptical.
Insights: Verizon 2018 Data Breach Report
Verizon released this year’s data breach report and not surprisingly, stolen credentials top the list. SpyCloud evaluates the findings with recommendations to every organization.
NIST Guidelines For Password Strength
Passwords need not be hard to remember. They just need to be hard to guess. NIST sets forth new guidelines to make creating strong passwords a bit easier.
Customer Account Takeover Can Be Prevented
What Is ATO and Why Should You Care? Because of widespread password reuse, Account Takeover (ATO) attacks have become an extremely lucrative business for cybercriminals.
2017 Annual Credential Exposure Report
2017 was a busy year for hackers. Interested to see just how busy, our annual credential exposure report breaks all the breaches down by the numbers.
Our Perspective – 1.4 Billion Clear Text Credentials
We’ve been asked to provide our point of view regarding 4iQ’s recent article advertised as “Largest Credential Breach Exposure”.
How the Grinch Stole Your Customer’s Account
As early deal-hunters strategize ahead of Black Friday and Cyber Monday, so too, are cyber criminals strategizing to exploit the fact that security teams will be taking time off.
Taringa: Over 28 Million Users Exposed in Massive Data Breach
Over 28 million records were compromised as a result of the Taringa breach. See what your organization can do to ensure you’re not next.
SpyCloud Wins Best of Show Award for ATO Prevention at Finovate Fall 2017
We’re pleased to announce that SpyCloud has won the “Best of Show” award at Finovate Fall 2017!
SpyCloud Appoints Cisco and Thales e-Security Executives to its Board of Directors
SpyCloud welcomes two cybersecurity industry veterans to the team!
SpyCloud Chosen to Demo Cutting-Edge Account Takeover Prevention at FinovateFall 2017
SpyCloud, pioneers in breach discovery and credential recovery, showcased its solution at the 2017 FinovateFall conference.
SpyCloud Adds Industry Veterans to Leadership Team
SpyCloud expands their team by adding Alen Puzic as Chief Technology Office, and Jason Lancaster as Director of Security Research.
CyberDefenses Integrates SpyCloud into New Credential Tracking Service
CyberDefenses Inc. new Credential Tracking Service (CTS) integrates SpyCloud’s early-warning breach technology into its existing solution.
Criminals are using these tools to “crack” your website
Custom-built “cracking” tools are making it easier than ever for criminals to automate credential stuffing.
Press Release: SpyCloud Emerges From Stealth Mode
SpyCloud announces that it is coming out of stealth mode, after receiving $2.5 Million is seed funding.
SpyCloud is Named a Winner of NATO’s Defense Innovation Challenge
We’re proud to share that SpyCloud was the only US winner of the NATO Innovation Challenge. The challenge is aimed at accelerating transformational, state-of-the-art technology solutions in support of NATO’s cyber capabilities.
SpyCloud New Feature: Most Recent Alerts
Our development team is constantly pumping out new features, and we’re excited to highlight one that our customers have been asking for: Recent Records Alerts!
SpyCloud at the RSA Cybersecurity Conference
We had a great time exhibiting at the 2017 RSA cybersecurity conference in San Francisco, meeting new friends and reconnecting with many security industry brethren.
