Mar 15 2023
Welcome to Gone Phishing, your daily newsletter that raises eyebrows like the Spring Budget.
Today’s hottest cyber security stories:
We’re sure you’ve heard about the latest banking mishap over in California. SVB (Silicon Valley Bank) made a couple of bad bets and when investors saw the quarterly report, they panicked to the tune of withdrawing $42 billion in 24 hours.
This ‘increased activity’, to use banking lingo, left poor old SVB with a negative balance of $958 million by close of play Thursday (March 9th).
Now, what you may not be aware of with regard to the secondary effects of the collapse is the potential impact this could have on budding cybersecurity startups.
Often it’s these more independent startups that end up being ahead of the curve when it comes to keeping up to date with the latest scams and phishing expeditions. It’s easy for the larger corporations to become bloated and, in tune, less effective.
Rob Ackerman, founder and managing director of AllegisCyber Capital, said: “Financial support in the form of lines of credit and venture debt is going to become much more difficult [for startups] to come by.”
“SVB was the leading source of that financing and with them gone, the slope of the hill for young startups just became that much more difficult.”
Why can’t cybersecurity startups just go to other more established (and hopefully more reliable!) banks for capital? Well, they can try but because SVB was specifically geared toward tech startups, including cybersecurity companies, it was well versed in the ebbs and flows of such companies.
These sorts of companies typically experience more volatility and more traditional banks may not put up with that as SVB did.
Forrester analyst Jeff Pollard said: “In addition, many founders may not be US citizens, which can create its own set of issues when trying to establish accounts.”
Meanwhile, we’re sorry to report that the cybercrime business is booming, as illustrated by our two accompanying stories below. We knew the fight wouldn’t be easy!
Gosh, here’s hoping none of these disgruntled out-of-pocket cybersecurity startups turn to a life of crime!
However, if they do, one of these kits could be their ticket in…????????????
That’s phishing, folks, not fishing. Crazy concept which we’re seeing more and more: criminals offering their generic hacking tools and programs like services/products that can be popped in your basket as though you’re buying milk and eggs at Tesco.
This phishing kit is a licensing fee ($300 or $1000 for VIP!) that goes out monthly. Like hmm yeah, let me see: about ten pounds for Netflix, £8.99 for Amazon Prime… “Honey, don’t forget phish-kit payment goes out tomorrow!”
“Thanks babe, I’ll move some money over!”
Strange times, indeed. So, what is this kit and what does it do? This particular kit from DEV-1101 comes with features that make it possible to set up phishing landing pages mimicking Microsoft Office and Outlook, not to mention manage campaigns from mobile devices and even use CAPTCHA checks to evade detection.
Indeed, Microsoft said it has detected numerous high-volume phishing campaigns spanning millions of phishing emails per day from various actors that leverage the tool.
Stay safe out there, folks!
To be fair to the cybercriminals, they consistently have their thumbs on the pulse of ‘the culture’.
As such, they appear to be capitalising on the buzz surrounding ChatGPT, the artificial intelligence service that’s become a nationwide (global) talking point since its release in November.
They’ve developed an imposter app called “Quick Access to Chat GPT” which is being widely advertised on Facebook and does actually deliver what it promises. The only problem is it also steals your data
The browser add-on is promoted through Facebook-sponsored posts, and while it offers the ability to connect to the ChatGPT service, it’s also engineered to surreptitiously harvest cookies and Facebook account data using an already active, authenticated session.
Bitdefender said: “Unfortunately, the success of the viral AI tool has also attracted the attention of fraudsters who use the technology to conduct highly sophisticated investment scams against unwary internet users,” Bitdefender disclosed last week.
These scammy apps are so difficult to spot, the only way to be in the know is to know exactly what you’re looking for (so you can avoid it!). And the only to do that is to subscribe to newsletters like ours!
Seriously, be careful out there – the scammers seem to be working overtime lately!
So long and thanks for reading all the phish!