Cyberattacks are evolving rapidly. As technology advances, so do the tools and techniques used by hackers, from AI-driven phishing schemes to highly targeted ransomware attacks. But despite this increasing sophistication, many successful breaches still rely on something shockingly simple:... Read More
Blog
Categories
Man-in-the-Middle (MITM) attack guide & defense tips
Imagine you’re overseeing your organization’s network security when suddenly you notice an unusual traffic pattern: packets flowing through a server that shouldn’t be there. What you’re witnessing could be a Man-in-the-Middle (MITM) attack in action, where an adversary stealthily... Read More
[Analysis] 16 billion passwords leaked – how much is recycled data?
Researchers recently uncovered a (seemingly) unprecedented aggregation of roughly 16 billion username–password pairs. However, there’s been some debate around how much of this is recycled data versus new. Similarly to the Rockyou2024 password list and ALIENTXTBASE data dump, our... Read More
Securing the service desk: Interview with an OffSec expert
Securing the service desk has become a priority for many organizations, especially after the spate of social engineering attacks in the UK linked to Scattered Spider. Attackers know the service desk can be an easy way to bypass MFA... Read More
HMRC phishing attack: How stolen credentials enabled tax fraud
His Majesty’s Revenue and Customs (HMRC) recently announced that it has been hit by a sophisticated phishing scam, which resulted in the theft of approximately £47 million ($63.76 million) from over 100,000 taxpayer accounts. The attack took place in... Read More
SIM-swap fraud: Scam prevention guide
SIM-swapping is quickly becoming a favorite form of attack for cybercriminals. According to the National Fraud Database, SIM-swap fraud jumped by over 1,000% in 2024. Hackers port a victim’s number onto a rogue SIM, so they can intercept SMS-based... Read More
Introducing Specops Service Desk for Cloud (Entra ID)
The service desk has become a prime target for sophisticated social‐engineering campaigns. It’s never been more important to arm frontline support teams with the tools they need to verify every caller from a potential liability into a confirmed identity.... Read More
Password encryption: What is it and how does it work?
As companies rapidly shift towards cloud-based environments, employees find themselves juggling multiple accounts across a variety of platforms, each one most likely safeguarded by a password. These digital keys are often the first (and sometimes only) line of defense... Read More
Credential harvesting: How it works & tips for prevention
Credential harvesting represents a serious threat to organizations of all kinds – particularly in today’s digital landscape, where virtually every enterprise depends on user credentials for access and security. According to IBM’s 2025 Threat Intelligence Index, nearly a third... Read More
[New research] FTP ports under attack: Which passwords are hackers using?
The Specops research team has analyzed passwords being used to attack FTP ports over the past 30 days, in live attacks happening against real networks. Our team have found the most common passwords being used in brute force attacks,... Read More