Weapons-grade fuel for fraud
A major venture capital company called Insight Partners, which manages over $90 billion in assets, has expressed concern that unauthorized individuals may have gained access to confidential information regarding staff members, investment portfolios, stakeholders, and additional details….
In February, the company notified everyone about a “sophisticated social engineering attack” carried out by some troublemakers who managed to get into Insight’s servers. The firm discovered the security incident on January 16, after which they brought in external cybersecurity experts to figure out whether any information was compromised.
This week, Insight released an update stating, “Our ongoing investigation has revealed that the affected data could encompass specific details from funds, management companies, and portfolio firms, along with banking and tax information. Additionally, some personal data belonging to both present and past employees might have been compromised, alongside information pertaining to our limited partners.” In this context, limited partners refer to large-scale silent investors who channel capital into venture capitalists; these venture capitalists subsequently utilize those funds to identify and back emerging startups.
Many startup companies do not succeed, however, should even just one or two evolve into the next Google, everyone involved stands to gain significantly. Therefore, most venture capitalists aim to closely guard such lucrative financial details.
The statement from Insight does not clarify whether the data was actually taken or merely accessed. The company mentioned that they have already upgraded their current employees and loss prevention personnel, and plan to inform those impacted on an ongoing basis. They provided typical recommendations for people affected: update both individual and organizational passwords as a safety measure, adopt two-step verification, think about implementing a credit freeze, among other steps.
Over the years, this venture capital firm has maintained considerable investments in numerous technology companies like Twitter, Wiz, Hootsuite, SentinelOne, and Recorded Future. Details regarding these businesses along with information on possible future startup ventures might prove beneficial to rivals and other financiers. However, what’s even more concerning is that this data breach may enable attackers to execute complex business email compromise (BEC) schemes.
Globally, BEC constitutes a $55 billion issue, as reported by the FBI. This scam frequently begins with cybercriminals obtaining individuals’ workplace email addresses or contact numbers within an enterprise. Subsequently, these wrongdoers usually deceive staff members by impersonating high-ranking executives and instructing them to transfer money into dummy firms operated by the scammers. The greater the extent of data the assailants possess regarding a firm’s operations—such as bills, financial details, collaborators, vendors, et cetera—the more plausible their schemes become.
The emergence of AI-generated deepfakes has made these types of scams simpler to execute. The FCC released a statement last year highlighting an increase in the usage of highly realistic deepfake audio. In Hong Kong, a financial executive apparently fell for a deepfake video impersonating the firm’s Chief Financial Officer and transferred $25 million to unidentified individuals. Additionally, the expense associated with producing deepfakes continues to decrease.
