Mastodawn

The Art of Deception: Why Phishing Remains the Predominant Threat to Enterprise Security

2,781 words, 15 minutes read time.

The Evolution of Social Engineering in a Hyper-Connected World

The digital landscape of 2026 presents a paradox where the most sophisticated technological defenses are frequently circumvented by the oldest trick in the book: deception. Phishing remains the primary initial access vector for cyber adversaries, not because of a lack of technical security, but because it targets the most unpredictable component of any network—the human user. Analyzing the 2025 Verizon Data Breach Investigations Report (DBIR) reveals that while vulnerability exploitation has surged, the human element still contributes to approximately 60% of all confirmed breaches. This persistence is rooted in the strategic shift from mass-scale, poorly drafted “spray and pray” emails to highly targeted, technologically augmented social engineering campaigns.

Modern phishing has transcended the era of obvious grammatical errors and generic “Nigerian Prince” solicitations, evolving into a streamlined industry known as Phishing-as-a-Service (PhaaS). This model allows even low-skilled threat actors to deploy professional-grade attack infrastructure, including pixel-perfect clones of corporate login portals and automated delivery systems. Consequently, the volume of reported phishing and spoofing incidents has reached staggering heights, with the FBI’s Internet Crime Complaint Center (IC3) documenting nearly 200,000 complaints in the last year alone. As these attacks become more subtle, often utilizing non-traditional channels like QR codes (Quishing) and SMS (Smishing), the boundary between legitimate communication and malicious intent continues to blur.

The stakes of failing to identify these scams have never been higher for the modern enterprise. Business Email Compromise (BEC), a specialized and highly lucrative form of phishing, accounted for nearly $2.8 billion in adjusted losses in the most recent reporting cycle, with a median loss of $50,000 per incident. These figures underscore a critical reality: phishing is no longer just an IT nuisance but a significant financial and operational risk. By understanding the psychological hooks and technical mechanics that drive these attacks, organizations can move beyond basic awareness and toward a posture of informed resilience.

The Anatomy of Deception: Why Human Psychology is the Ultimate Vulnerability

The efficacy of phishing lies in its ability to hijack the brain’s fast, instinctive decision-making processes, often referred to as “System 1” thinking. Attackers meticulously craft lures that trigger specific psychological responses—most notably urgency, fear, and respect for authority—to bypass the critical evaluation that would otherwise flag a message as suspicious. When a user receives an alert claiming their “payroll account has been suspended” or an “urgent invoice is past due,” the resulting stress response narrows their cognitive focus. This “amygdala hijack” prioritizes immediate action over logical verification, leading users to click links or provide credentials before their rational mind can intervene.

Furthermore, the principle of authority is a cornerstone of successful social engineering, as evidenced by the increasing frequency of executive impersonation. By spoofing the identity of a high-ranking official or a trusted third-party vendor, attackers leverage the social pressure to comply with requests from the top down. This tactic was notably exploited in the 2023 MGM Resorts breach, where attackers used basic reconnaissance from professional networking sites to impersonate an employee. By calling the IT help desk and projecting an authoritative yet distressed persona, the threat actors successfully manipulated support staff into resetting credentials, granting them administrative access to the entire environment.

Beyond immediate emotional triggers, cybercriminals exploit cognitive biases such as the “illusion of truth” and “pattern recognition.” We are conditioned to trust familiar interfaces; therefore, when an attacker presents a login screen that perfectly mimics a Microsoft 365 or Google Workspace portal, our brains subconsciously validate the request based on visual consistency. This reliance on “surface-level” legitimacy is what makes modern phishing so dangerous. Even as users become more skeptical, the sheer volume of digital notifications creates “decision fatigue,” increasing the likelihood that a malicious request will eventually slip through during a moment of distraction or high workload.

Analyzing the Technical Mechanics of Modern Phishing Frameworks

While the psychological lure gets the user to the “door,” modern technical frameworks ensure the door is wide open for the attacker. One of the most significant advancements in recent years is the rise of Adversary-in-the-Middle (AiTM) phishing. Unlike traditional phishing, which simply harvests a username and password, AiTM attacks deploy a proxy server between the user and the legitimate service. This allows the attacker to intercept not just the credentials, but also the Multi-Factor Authentication (MFA) session cookie in real-time. By the time the user has successfully “logged in” to the fake site, the attacker has already hijacked their active session, effectively rendering traditional SMS or app-based MFA obsolete.

The industrialization of these techniques through Phishing-as-a-Service (PhaaS) has fundamentally changed the threat landscape by lowering the cost and complexity of launching a campaign. These platforms provide attackers with sophisticated kits that include evasion features, such as “cloaking,” which shows legitimate content to security crawlers while displaying the phishing page to the intended victim. Additionally, many kits now feature dynamic branding, where the phishing page automatically adjusts its logos and background images based on the recipient’s email domain. This level of automation ensures that every lure feels personalized and legitimate, significantly increasing the conversion rate of the attack.

Furthermore, attackers are increasingly moving away from traditional email links to bypass automated Secure Email Gateways (SEGs). The surge in “Quishing”—phishing via QR codes—exploits a blind spot in many security stacks, as QR codes are often embedded as images that traditional link-scanners cannot easily parse. When a user scans a code on their mobile device, they are often moved off the protected corporate network and onto a personal cellular connection, where endpoint security may be weaker or non-existent. This multi-channel approach, combining email, mobile devices, and proxy infrastructure, demonstrates that phishing has evolved into a sophisticated technical discipline that requires equally sophisticated, layered defenses.

Case Study: The Ripple Effects of a High-Profile Credential Harvest

The devastating potential of modern phishing is perhaps best illustrated by the 2022 breach of Twilio, a major communications platform. This incident serves as a masterclass in how a single, well-executed smishing (SMS phishing) campaign can compromise a global technology provider. The attackers sent text messages to numerous employees, claiming their passwords had expired or their accounts required urgent attention. These messages contained links to URLs that utilized deceptive keywords like “twilio-okta” and “twilio-sso,” directing users to a landing page that perfectly mimicked the company’s actual sign-in portal. By leveraging the inherent trust users place in mobile notifications—which often bypass the scrutiny applied to traditional emails—the threat actors successfully harvested the corporate credentials of several employees.

Once the initial credentials were secured, the attackers did not simply stop at account access; they moved laterally through the environment to escalate their privileges. This specific campaign, attributed to a group known as “Oktapus,” was part of a broader coordinated effort that targeted over 130 organizations. By gaining a foothold in Twilio’s internal systems, the attackers were able to access the data of a limited number of customers and, more alarmingly, the internal console used by support staff. This allowed them to view sensitive account information and, in some cases, intercept one-time passwords (OTPs) intended for downstream users. The Twilio case highlights that the “initial click” is merely the tip of the spear, serving as the catalyst for a much deeper, more systemic compromise of the supply chain.

Analyzing the aftermath of such a breach reveals the immense operational and reputational costs associated with credential harvesting. Twilio was forced to undergo a massive incident response effort, notifying affected customers and re-securing thousands of employee accounts. Furthermore, the breach demonstrated that even tech-savvy employees at a major communications firm are not immune to sophisticated social engineering. The “Oktapus” campaign succeeded because it targeted the intersection of mobile convenience and corporate security protocols. It underscores the reality that in the modern threat landscape, the security of an entire organization often rests on the split-second decision of a single individual responding to a seemingly routine notification on their smartphone.

Identifying Sophisticated Red Flags: Beyond the Misspelled Subject Line

As cybercriminals refine their craft, the “red flags” of a phishing attempt have shifted from obvious linguistic errors to subtle technical anomalies that require a more discerning eye. One of the most prevalent techniques in contemporary phishing is typosquatting or “look-alike” domains, where an attacker registers a domain name that is nearly identical to a legitimate one. For example, an attacker might use “https://www.google.com/search?q=rnicrosoft.com” (using ‘r’ and ‘n’ to mimic an ‘m’) or “google-support.security” to deceive a hurried user. These deceptive URLs are often hidden behind hyperlinked text or buried within a long string of redirects, making them difficult to spot without hovering over the link to inspect the actual destination.

Advanced phishing analysis now requires an understanding of email headers and the underlying infrastructure of digital communication. A sophisticated lure might appear to come from a trusted colleague, but a closer look at the “Reply-To” field or the “Return-Path” in the email header often reveals a completely different, unauthorized address. Furthermore, attackers frequently use “URL padding” or “character encoding” to hide the malicious nature of a link. By including a legitimate domain at the beginning of a long URL string followed by hundreds of hyphens and then the actual malicious destination, attackers take advantage of the fact that many mobile browsers truncate long URLs, showing only the “safe” portion to the user.

The emergence of QR code phishing, or “Quishing,” has added a physical dimension to these digital threats. Because QR codes are essentially “black box” URLs—meaning the destination is invisible until the code is scanned—they are an ideal delivery mechanism for malicious content. Attackers place these codes on physical posters, in PDF attachments, or even on fake “multi-factor authentication” prompts. When scanned, these codes often lead to AiTM proxy sites designed to harvest session tokens. Spotting these scams requires a shift in mindset: users must treat every unsolicited QR code with the same level of suspicion as an unexpected .exe attachment. The absence of traditional email markers like “suspicious sender” makes these attacks particularly effective at bypassing standard mental filters.

The Infrastructure of Defense: Technical Controls to Mitigate Human Error

Relying solely on user education is a recipe for failure; a robust cybersecurity posture requires technical “guardrails” that reduce the impact of inevitable human mistakes. The first line of defense in the email ecosystem is the implementation of a rigorous DMARC (Domain-based Message Authentication, Reporting, and Conformance) policy. When combined with SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), DMARC allows organizations to specify how receiving mail servers should handle messages that fail authentication. By moving to a “p=reject” policy, an organization can effectively prevent unauthorized third parties from spoofing their domain, ensuring that only legitimate, signed emails ever reach a recipient’s inbox.

Beyond email authentication, the industry is moving toward “phishing-resistant” Multi-Factor Authentication as the ultimate technical solution to credential theft. Traditional MFA methods, such as SMS codes or “push” notifications, are increasingly vulnerable to interception or “MFA fatigue” attacks, where a user is bombarded with prompts until they inadvertently approve one. FIDO2-compliant hardware security keys, such as YubiKeys, eliminate this risk by utilizing public-key cryptography. In a FIDO2 workflow, the security key will only authenticate with the specific domain it was registered to. If a user is tricked into visiting a phishing site, the hardware key will recognize that the domain does not match and will refuse to provide the credentials, effectively neutralizing even the most convincing AiTM attack.

Finally, the integration of AI-driven “Computer Vision” and “Natural Language Processing” (NLP) into Secure Email Gateways (SEGs) provides a dynamic layer of protection. These modern tools don’t just look for known malicious links; they analyze the sentiment and intent of an email. If a message from an external sender uses high-pressure language (“Action Required Immediately”) or mimics the visual style of a known brand without proper authentication, the system can automatically flag the message, strip the links, or move it to a secure sandbox. By automating the detection of “intent” rather than just “indicators,” organizations can stay ahead of the rapidly changing tactics used by Phishers-as-a-Service.

Institutional Resilience: Moving from “Awareness” to “Security Culture”

The historical approach to phishing—characterized by once-a-year compliance videos and “gotcha” style simulations—has largely failed to produce lasting behavioral change. To build true institutional resilience, organizations must shift from a model of passive awareness to a proactive “security culture” that treats every employee as a sensor in a distributed network. Research from the NIST “Phish Scale” suggests that when simulations are too difficult or punitive, they create “security fatigue,” leading users to ignore even legitimate security alerts. Conversely, an effective culture incentivizes the reporting of suspicious emails through a “no-fault” policy, where a user who clicks a link but immediately reports it is praised for their transparency rather than reprimanded for their mistake.

A critical component of this culture is the implementation of a streamlined reporting pipeline, often facilitated by a “Report Phishing” button directly within the email client. When a user flags a message, it should trigger an automated workflow that correlates the report against other identical messages across the entire organization. This “crowdsourced” intelligence allows security teams to identify a campaign in its infancy, pulling malicious emails from all inboxes before a second user has the chance to interact with them. This transition from a reactive stance (cleaning up after a breach) to a protective stance (neutralizing a threat based on a single user’s report) is what separates resilient organizations from those that remain perpetually vulnerable.

Furthermore, the language of security within an organization must evolve to reflect the sophistication of modern threats. Instead of simply telling employees to “look for typos,” training should focus on the context of requests. Employees should be empowered to verify out-of-band requests—such as a sudden change in vendor wire instructions or an urgent request for sensitive HR data—through a secondary, trusted channel like a known phone number or a verified internal chat. By codifying these “human-in-the-loop” verification steps into standard operating procedures, the organization creates a friction point that social engineering tactics struggle to overcome, regardless of how technically perfect the phishing lure may be.

Conclusion: The Constant Vigilance Required for Modern Digital Hygiene

The battle against phishing is not a technical problem to be “solved,” but a persistent risk to be managed through a strategy of Defense in Depth. As we have explored, the convergence of high-level psychological manipulation and advanced technical frameworks like AiTM and PhaaS means that no single control—whether it be an email filter or a training seminar—is sufficient on its own. A modern defense-in-depth posture must integrate hardened email authentication protocols (DMARC/SPF), phishing-resistant hardware (FIDO2), and a robust, supportive security culture. This multi-layered approach ensures that even when one layer is bypassed, subsequent controls are in place to prevent a single click from escalating into a catastrophic data breach.

Looking ahead, the role of Generative AI in phishing will only increase the speed and scale of these attacks. Large Language Models (LLMs) allow threat actors to generate perfectly composed, contextually relevant lures in any language, effectively eliminating the “poor grammar” red flag that has served as a primary detection method for decades. In this environment, the “Zero Trust” philosophy—never trust, always verify—must extend beyond the network architecture and into the daily habits of every digital citizen. Vigilance is no longer an optional skill for IT professionals; it is a fundamental requirement for anyone navigating the modern web.

Ultimately, the goal of understanding phishing 101 is to move from a state of fear to a state of informed confidence. By recognizing the psychological triggers used by attackers and understanding the technical safeguards available, individuals and organizations can reclaim the upper hand. Cybersecurity is a shared responsibility, and while the tactics of the adversary will continue to evolve, the principles of skeptical inquiry, technical hardening, and rapid reporting remain our most effective weapons. In a world where the next threat is only one click away, the most powerful security tool remains an informed and empowered mind.

Call to Action

If this breakdown helped you think a little clearer about the threats out there, don’t just click away. Subscribe for more no-nonsense security insights, drop a comment with your thoughts or questions, or reach out if there’s a topic you want me to tackle next. Stay sharp out there.

D. Bryan King

Sources

Disclaimer:

The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.

Bryan King Feb 24

The Dark Web Exposed: Cybercrime’s Hidden Marketplace

1,918 words, 10 minutes read time.

When people hear “dark web,” they often imagine a digital underworld where hackers trade stolen identities, malware, and secrets under layers of unbreakable encryption. While that image contains kernels of truth, it’s heavily distorted by media dramatization and technical misunderstanding. In reality, the dark web is neither a monolithic criminal empire nor an impenetrable fortress—it’s a technically specific segment of the internet designed for anonymity, used by journalists, activists, and privacy advocates as much as by cybercriminals. Yet its role in enabling large-scale cybercrime is undeniable. Stolen credentials, ransomware tools, and corporate data routinely surface in hidden marketplaces long before breaches make headlines. For defenders, ignoring this space means missing early warnings of compromise. The goal isn’t to chase every rumor in obscure forums but to understand how adversaries operate so we can build more resilient systems. This isn’t about fear—it’s about foresight.

Demystifying the Dark Web: Separating Fact from Fiction

To engage with the dark web intelligently, we must first clarify what it actually is. The internet consists of three conceptual layers: the surface web, the deep web, and the dark web. The surface web includes everything indexed by search engines—news sites, public blogs, e-commerce stores. The deep web encompasses all non-indexed content: private databases, medical records, internal company portals, and subscription-based academic journals. Neither of these is inherently illicit; in fact, the deep web constitutes the vast majority of online data. The dark web, by contrast, refers specifically to websites hosted on anonymizing networks like Tor or I2P, accessible only through specialized software and identifiable by unique domains such as .onion. These sites prioritize user and host anonymity through multi-layered encryption and randomized routing, making traffic analysis extremely difficult.

This technical foundation has been wildly misrepresented in popular culture. Movies and TV shows depict the dark web as a neon-lit bazaar where anyone can instantly buy passports or hire assassins with a few clicks. In truth, navigation is cumbersome, services are unstable, and trust is scarce. There’s no Google for the dark web; users rely on curated link directories, forum posts, or word-of-mouth referrals to find active sites. Many marketplaces vanish overnight due to law enforcement action or exit scams, forcing users to constantly rebuild their networks. Moreover, while anonymity tools like Tor provide strong protections, they’re not foolproof. Operational security failures—such as reusing usernames across platforms, leaking metadata, or connecting without proper firewall rules—have repeatedly led to arrests. The myth of invincibility serves cybercriminals by discouraging scrutiny, but the reality is far more fragile. Recognizing this helps shift focus from sensationalism to signal: instead of fixating on the “mystery” of the dark web, defenders should monitor for concrete indicators, like employee email addresses appearing in credential dumps or proprietary documents listed for sale.

How Cybercrime Actually Works Underground

Beneath the myths lies a highly structured, almost bureaucratic ecosystem of cybercrime. Modern dark web operations function less like chaotic black markets and more like legitimate SaaS businesses—complete with customer support, service-level agreements, and reputation systems. The infrastructure relies on three pillars: anonymizing networks, cryptocurrency, and modular marketplace design. Tor remains the dominant access layer, though some actors are migrating to alternatives like I2P or private Telegram channels to evade increasing scrutiny. On top of this, cybercriminal marketplaces replicate the user experience of Amazon or eBay: vendors list products with descriptions, pricing, and reviews; buyers rate sellers; and disputes are mediated by platform administrators. This mimicry isn’t accidental—it builds trust in an environment where betrayal is common.

Cryptocurrency is the lifeblood of these transactions. While Bitcoin was once the default, its traceability has pushed many toward privacy-focused coins like Monero, which obfuscate sender, receiver, and transaction amounts. Payments typically flow through escrow systems: the buyer sends funds to a wallet controlled by the marketplace, and the seller receives payment only after delivery is confirmed or a dispute window closes. This reduces fraud and encourages repeat business—a critical factor in sustaining underground economies. Beyond marketplaces, private forums serve as collaboration hubs where threat actors share tactics, dissect new defensive technologies, and even auction access to compromised corporate networks. Some of these forums operate on subscription models, charging monthly fees for real-time breach data or custom exploit development. This professionalization reflects a broader shift: cybercrime is now industrialized. Roles are specialized—coders develop ransomware, affiliates conduct phishing campaigns, money mules launder proceeds—and profits are shared via affiliate programs. The result is a scalable, resilient threat model that doesn’t rely on lone geniuses but on distributed, redundant networks. Understanding this reveals why perimeter defenses alone fail: the adversary isn’t just bypassing firewalls—they’re leveraging economic incentives and user behavior at scale.

Real Breaches, Real Consequences: Case Studies from the Front Lines

The abstract mechanics of dark web markets become starkly real when examined through actual breaches that originated or escalated within these hidden channels. Take the Colonial Pipeline ransomware attack in May 2021—a single compromised password, allegedly purchased on a dark web marketplace, enabled the REvil-affiliated group to cripple fuel distribution across the U.S. East Coast. Investigators later confirmed that the initial access credential belonged to a legacy VPN account with no multi-factor authentication, and that the password had been circulating in underground forums for months after earlier data breaches. Colonial’s systems weren’t breached by a zero-day exploit or a nation-state actor; they were unlocked with a reused credential sold for less than $50 in Monero. This incident underscores a brutal truth: many catastrophic breaches begin not with sophisticated intrusion techniques, but with the commodification of negligence—poor password hygiene, unpatched remote access tools, and lack of identity monitoring.

Similarly, the 2023 MGM Resorts cyberattack, which disrupted hotel operations, casino floors, and booking systems for over ten days, traces back to social engineering tactics refined in dark web communities. The attackers, linked to the Scattered Spider group, impersonated an employee to trick an IT help desk into resetting credentials—a technique openly discussed and even scripted in underground forums. Once inside, they moved laterally using legitimate administrative tools, exfiltrated data, and deployed destructive ransomware. Within hours of the breach, internal documents and customer records began appearing on dark web leak sites, used as leverage to pressure the company into paying a ransom. Notably, threat intelligence firms had already flagged Scattered Spider’s growing activity in private Telegram channels and invite-only forums weeks before the attack, yet without proactive monitoring, MGM had no early warning. These cases demonstrate that the dark web isn’t just a passive repository of stolen data—it’s an active planning ground where tactics are stress-tested, tools are refined, and targets are selected based on perceived weaknesses. The lag between intelligence availability and organizational response remains one of the most exploitable gaps in modern cybersecurity.

What Organizations Can Do: Practical Defense Strategies

Given this reality, what can defenders actually do? The answer lies not in attempting to “shut down” the dark web—that’s a law enforcement mission—but in integrating dark web awareness into existing security programs in a pragmatic, risk-based way. First and foremost, organizations should implement continuous dark web monitoring for their digital footprint. This doesn’t mean scanning every .onion site; rather, it involves subscribing to reputable threat intelligence feeds that track known marketplaces, paste sites, and forums for mentions of corporate domains, executive names, or employee email addresses. Services like those offered by Recorded Future, Flashpoint, or even CISA’s Automated Indicator Sharing (AIS) program can provide timely alerts when credentials associated with your organization surface. When such data appears, it’s not just evidence of a past breach—it’s a flashing red indicator that those credentials may still be active and usable.

Second, credential hygiene must be elevated from a best practice to a core security control. Enforce strict password policies, eliminate shared accounts, and mandate multi-factor authentication (MFA) everywhere—especially on remote access systems like VPNs, RDP, and cloud admin portals. More importantly, integrate identity threat detection and response (ITDR) capabilities that can flag anomalous login behavior, such as logins from unusual geolocations or at odd hours, even if valid credentials are used. Assume that some credentials are already compromised; your goal is to render them useless through layered verification and rapid rotation. Third, treat employee awareness as a technical control, not just a compliance checkbox. Train staff to recognize social engineering attempts—particularly vishing (voice phishing) and help desk impersonation—which are increasingly orchestrated using scripts and playbooks traded on the dark web. Simulated attacks based on real-world TTPs (tactics, techniques, and procedures) observed in underground forums can harden human defenses more effectively than generic phishing quizzes.

Finally, avoid overpromising on dark web monitoring ROI. It won’t prevent all breaches, nor should it replace foundational hygiene like patching and network segmentation. But when integrated thoughtfully, it provides context that transforms reactive incident response into proactive risk mitigation. Seeing your company’s name in a ransomware leak post isn’t just alarming—it’s actionable intelligence that can trigger immediate credential resets, enhanced logging, and executive briefings. In an era where adversaries operate with the efficiency of startups and the patience of predators, visibility into their planning grounds isn’t optional. It’s part of the new baseline for resilience.

Conclusion: Seeing Clearly in the Shadows

The dark web will never be fully eradicated. As long as there is demand for anonymity—whether for whistleblowing or weaponized data theft—the infrastructure will adapt, migrate, and reemerge under new protocols. Law enforcement takedowns, while symbolically powerful, often produce only temporary disruption; markets fragment, actors regroup, and new platforms rise within weeks. This isn’t a reason for despair, but for recalibration. Instead of viewing the dark web as an unknowable abyss, we should treat it as another layer of the threat landscape—one that reveals adversary intent, capability, and timing with remarkable clarity if we know where to look. The criminals don’t want you to understand this. They rely on mystique to obscure their methods and on organizational inertia to delay defensive action. By demystifying the dark web, grounding our understanding in verified incidents, and embedding practical monitoring into our security posture, we strip away that advantage. In cybersecurity, visibility is power. And in the shadows, even a little light goes a long way.

Call to Action

D. Bryan King

Sources

Disclaimer:

#OnionSites #AlphaBay #anonymizingNetworks #Bitcoin #breachPrevention #CaaS #Chainalysis #CISA #ColonialPipelineHack #credentialStuffing #cryptocurrency #cyberAttribution #cyberDefense #cyberResilience #cyberThreatLandscape #cybercrime #cybercrimeAsAService #cybercriminalForums #cybersecurity #DarkWeb #darkWebEconomics #darkWebMonitoring #darknetMarkets #dataBreach #digitalFootprintMonitoring #escrowSystems #Europol #FBICybercrime #identityTheft #identityThreatDetection #INTERPOL #ITDR #KrebsOnSecurity #lawEnforcementTakedowns #leakedData #MFA #MGMResortsBreach #MITREATTCK #Monero #multiFactorAuthentication #NCSC #operationalSecurity #passwordHygiene #pasteSites #phishingKits #privateForums #proactiveSecurity #ransomware #SilkRoad #socialEngineering #stolenCredentials #TelegramCybercrime #threatIntelligence #TorNetwork #undergroundMarketplaces #vendorRatings #VerizonDBIR #vishing

Bob Carver May 2, 2025

Inside the Breach: What the 2025 Verizon DBIR Warns About Our Failing Cyber Defenses
https://youtu.be/7xmFp-R2l0w #cybersecurity #VerizonDBIR #breaches #malware #nationstate #ransomware #spies #GenAI

- YouTube

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

Tom Eston

May 20, 2024

🤔It takes an average of 55 days for organizations to remediate 50% of their critical vulnerabilities!

Join us on this week’s episode of the @sharedsecurity podcast as we break down the key findings from the 2024 Verizon Data Breach Investigations Report (DBIR).

Watch on YouTube:
https://youtu.be/mWSXvQ3iF40

Listen and subscribe on your favorite podcast app:

https://sharedsecurity.net/subscribe

https://sharedsecurity.net/2024/05/20/new-tracker-warning-features-on-iphones-androids-2024-verizon-data-breach-investigations-report/

#podcast #cybersecurity #verizondbir #vulnerabilities