Globalscape Active Threat |link| -

Every hour, PaceLine exchanged 15,000 sensitive shipping manifests with customs brokers. This traffic flowed through a Globalscape EFT server. Unbeknownst to the IT team, a junior developer had accidentally left an hardcoded in a legacy script three years ago. That credential had just appeared on a dark web leak site.

In the world of MFT, most breaches happen after the login. Passwords fail. Users click things. The active threat model assumes the perimeter is already dead. By the time Void realized he was in a honeypot, the real data was already rotated and the FBI had his SSH fingerprint. globalscape active threat

At 3:14 AM, an attacker—let’s call him "Void"—used a botnet in Vietnam to launch a low-and-slow brute force attack. He wasn't hammering the server; that would trigger alarms. He tried one password every 90 seconds. Globalscape’s Active Threat module, which runs as a real-time policy engine inside EFT, woke up. That credential had just appeared on a dark web leak site

Because the engine didn't just block the IP (which the attacker would change), it allowed the attacker to stay in a sandboxed environment, wasting his time while collecting his TTPs (Tactics, Techniques, and Procedures). Users click things

Unlike traditional antivirus that scans signatures, the Active Threat engine watches . At 3:47 AM, Void succeeded. He logged in as that legacy admin user.