Of all the access security recommendations you come across, multi-factor authentication (MFA) is arguably the most consistent. And there’s good reason many best practice recommendations and compliance frameworks now place MFA at the top of the list of security... Read More
Credential-based Attacks
Categories
MGM Resorts hack: How attackers hit the jackpot with service desk social engineering
Hotel and entertainment giant MGM Resorts were left reeling in September 2023 after a serious cyber-attack that kicked off with a fraudulent call to their Service Desk. In the days after the attack, they struggled to get systems back... Read More
British law firms are under attack from ransomware. How should we upgrade our cyber defences?
Law firms across the UK have been given a stark warning in a recent report by the National Cyber Security Centre (NCSC): get serious about upgrading your cyber defences or risk your legally privileged information being stolen by ransomware... Read More
Hybrid password attacks: How they work and how to stop them
Cybersecurity measures force threat actors to get creative and come up with new and inventive ways to compromise user credentials. As the name suggests, hybrid password attacks involve combining two or more attack methods to carry out password cracking.... Read More
Brute force attacks: How they work & how to prevent them
Compromising login credentials is the goal of many modern cyber-attacks. According to Verizon’s 2025 Data Breach Investigations Report, 88% of web application attacks over the past year involved the use of stolen credentials, demonstrating how vulnerable password-based systems remain without... Read More
Active Directory honeypot accounts: How to keep attackers sweet
Monitoring and detecting account compromise is one of the most challenging tasks for IT admins and SecOps professionals. Once a legitimate account has been compromised, it can be difficult to detect an attacker’s activities until it’s too late and... Read More
Kerberoasting attacks: How to keep your Active Directory safe
A domain administrator account is the holy grail of privileged accounts in a Microsoft Active Directory environment. If an attacker can get their hands on a Domain Administrator account in the domain, they’ll have access to basically everything. Kerberoasting... Read More
MFA prompt bombing: How it works and how to stop it
User credentials are golden prizes for attackers. Weak or breached credentials provide an easy target for attackers looking to log in to a network instead of breaking in. Most businesses have caught on to the fact that multi-factor authentication... Read More
[New Research] How hard is the MD5 hashing algorithm to crack?
The Specops research team is publishing new data on how long it takes attackers to brute force guess user passwords with the help of newer hardware. They’ve been specifically looking at passwords protected by the popular MD5 hashing algorithm.... Read More
Password mask attacks explained: What are they & how do they work?
Credential-based attacks remain one of the most effective techniques used by cybercriminals to breach enterprise networks. In 2024 alone, 88% of web application attacks involved the use of stolen credentials, according to Verizon’s 2025 Data Breach Investigations Report. Among... Read More