Skip to Content

Investors Go Phishing For Gold In Cybersecurity—Cyber Saturday

Investors go 'phishing' for gold in the cybersecurity market.Investors go 'phishing' for gold in the cybersecurity market.
Investors go 'phishing' for gold in the cybersecurity market.picture alliance via Getty Images

Greetings. This is Jonathan Vanian, filling in for Robert Hackett and Jeff John Roberts.

Investors see a potential gold mine in combating one of the oldest tricks by hackers.

Three cybersecurity startups specializing in technology to prevent phishing attacks raised nearly $140 million in venture capital in the past week, according to Crunchbase. In a phishing attack, criminals send legitimate-looking emails that trick people into clicking on the links in them and compromising their online security.

Despite several decades of phishing attacks, analysts say the scams are still the most effective way for hackers to breach corporate networks. All the spending on complicated tools that monitor network security is wasted if an unsuspecting worker responds to a shady email masquerading as a legitimate message from the boss.

Venture capitalists, hungry for the cybersecurity industry’s next big breakthrough, are excited about the rise of artificial intelligence as a possible solution to phishing attacks. All three startups that landed funding— Valimail, IronScales, and Vade Secure—use machine learning in their products to sift through data and try to stop attacks before they happen.

Valimail, for instance, uses machine learning to separate the legitimate sources of email from the bad ones. IronScales and Vade Secure, which works specifically with Microsoft Office 365, use machine learning to scan for anomalies hidden in email messages.

Whether these tools can prevent the next big corporate hack remains to be seen. As Amy Chang, head of strategic intelligence and cybersecurity operations for JPMorgan Chase, said during Fortune’s Brainstorm Finance conference this past week, hackers are increasingly updating their phishing schemes to bypass security tools and prey on their victims.

Chase cited how a criminal called an employee at an unspecified financial services firm and convinced the worker to access a scam email that compromised the business’s security. This type of phishing attack is called “vishing,” which is a mix of “voice” and “phishing,” and it’s becoming more common, she noted.

Maybe the next big cybersecurity bet by venture capitalists will involve startups that specialize in A.I. that detects hackers, merely by listening to their voices.

Jonathan Vanian
@JonathanVanian
jonathan.vanian@fortune.com

THREATS

Paying off the ransom. City officials at Riviera Beach, Fl. decided to pay a hacker 65 bitcoins, the equivalent of $600,000, to regain access to the city’s computer systems, which were compromised by the hacker. CNN reports that the city’s troubles began when an “employee clicked on a malicious email link three weeks ago.”

Oregon’s big data breach. Oregon’s Department of Human Services notified 645,000 people that their personal data was compromised in a data breach, reported KTVC in central Oregon. Hackers were able to compromise the department’s computers via a phishing attack. “Nine employees opened the phishing email and clicked on an Internet link that gave the sender access to their email accounts,” the report said.

That’s not a real Department of Homeland Security message. The Cybersecurity and Infrastructure Security Agency is urging the public to be on the lookout for shady emails appearing to be sent by the Department of Homeland Security (DHS). “The email campaign uses a spoofed email address to appear like a National Cyber Awareness System (NCAS) alert and lure targeted recipients into downloading malware through a malicious attachment,” the DHS said in a notice.

Phishing comes to Google Calendar. Security firm Kaspersky said that its researchers discovered a phishing scam that targets Google Calendar users. “The fraud occurs when the perpetrator sends an unsolicited calendar invitation carrying a link to a phishing URL,” Kaspersky said. “A pop-up notification of the invitation appears on the smartphone’s home screen, and the recipient is encouraged to click on the link.”

 

ACCESS GRANTED

Let’s get serious. The White House under President Donald Trump is not doing enough to protect the U.S. from cyber attacks, writes cybersecurty expert Ishan Mehta in Wired. Mehta, who is a policy advisor for the national security program at the Third Way think tank, writes that hackers targeting the U.S. “fear no consequences from the harm they impose on Americans,” because of a weakened U.S. cybersecurity policy.

In fact, the Trump administration is actively undoing the progressive cybersecurity policy of past administrations. The role of the White House Cyber Coordinator was eliminated by John Bolton in order to consolidate power at the National Security Council. Former secretary of state Rex Tillerson removed the Office of the Coordinator for Cyber Issues, which had served as an important diplomatic arm for US cyber diplomatic efforts.

FORTUNE RECON

Artificial Intelligence Is About to Make Ransomware Hack Attacks Even Scarier by Bernhard Warner

Hackers Used a Cheap Raspberry Pi Computer to Breach NASA by Alyssa Newcomb

Security Tokens Will Be the ‘Killer App’ of Cryptocurrency, Overstock CEO Says by Jeff John Roberts

KKR Mints a New Cybersecurity Unicorn by Rey Mashayekhi

Welcome to the Next Generation of Corporate Phishing Scams by Jonathan Vanian

YouTube Faces Its Next Big Reckoning: How to Handle Children’s Privacy by Alyssa Newcomb

Facebook Cryptocurrency: Calibra’s Privacy Implications by Robert Hackett

ONE MORE THING

Japan’s about face. Japanese companies that make security equipment like surveillance cameras want to capitalize on current trade tensions between the U.S. and China, The Wall Street Journal reports. Toshifumi Yoshizaki, who leads the security business of Japanese tech giant NEC, said that the trade war is “a huge opportunity—unprecedented.”

Specifically, NEC believes it can benefit from selling facial-recognition technology to U.S. businesses, potentially stealing customers from companies like Microsoft and Chinese A.I. companies like Sensetime and Yito Technology.

NEC, traditionally a maker of equipment for phone companies, says facial recognition could be a billion-dollar business for it in a few years, several times the current level.

“Facial recognition is the key to a rapidly expanding market that spans security, marketing and hospitality,” Mr. Yoshizaki said.