VC giant Insight partners confirmed that they have been pwned in a cyberattack. From their statement:
On January 16, 2025, Insight Partners detected that an unauthorized third-party accessed certain Insight information systems through a sophisticated social engineering attack.
As soon as this incident was detected, we moved quickly to contain, remediate, and start an investigation within a matter of hours. We notified stakeholders connected to Insight in January to alert them and encourage vigilance and tightened security protocols irrespective of having shared data compromised. We also notified law enforcement in relevant jurisdictions.
There is no evidence that the threat actor was present after January 16, 2025. Further, there has been no additional disruption to Insight’s operations as a result of the incident.
Christian Geyer, founder and CEO of Actfore had this to say:
“While socially engineered cyberattacks are not new, the tactics involved with these attacks have evolved. For example, in the past, with these attacks, it was easier to tell from bad grammar, tone of voice, or other clues like lack of sophistication within the phishing email, or poor presentation in a baiting attempt that the perpetrator was not who they claimed to be. Now, with the advent of new AI technologies, generative AI chat bots, hackers can craft a more polished presentation that are harder to identify. This levels up the sophistication factor to make baiting or phishing attacks, to name a few socially engineered tactics, harder to spot with more detrimental and widespread effects. With the global average cost per data breach reaching $4.88 million U.S. dollars in 2024, it’s critical that organizations focus on proactive security measures, not just post-breach actions and remediation to help combat these and other kinds of cyber attacks.
Other proactive measures organizations should include the creation and maintenance of an up-to-date incident response playbook that clarifies roles and responsibilities during a crisis, so they have a preexisting plan of action in place once a cyber-attack or breach happens. Tabletop exercises can refine these playbooks to address real-world scenarios effectively. Proactive security measures should also include regular patching, vulnerability scans, continuous monitoring, and meticulous data hygiene to minimize risk further. As good practice, organizations should also have quality backups of corporate data. Implementing immutable backups—similar in concept to audit logs—can act as a safeguard against modification or deletion of data for a defined period. This immutability makes them resistant to tampering, encryption, or corruption. By preventing unauthorized changes, immutable backups provide organizations with a clean copy of their data to restore from, reinforcing their ability to recover quickly.”
This highlights the need to train users to be vigilant so that they don’t fall victim to social engineering attacks. That on top of doing simulated attacks to make sure that users learn and act accordingly to ward of a real attack.
Related
This entry was posted on February 20, 2025 at 2:50 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Insight Partners pwned in a cyberattack
VC giant Insight partners confirmed that they have been pwned in a cyberattack. From their statement:
On January 16, 2025, Insight Partners detected that an unauthorized third-party accessed certain Insight information systems through a sophisticated social engineering attack.
As soon as this incident was detected, we moved quickly to contain, remediate, and start an investigation within a matter of hours. We notified stakeholders connected to Insight in January to alert them and encourage vigilance and tightened security protocols irrespective of having shared data compromised. We also notified law enforcement in relevant jurisdictions.
There is no evidence that the threat actor was present after January 16, 2025. Further, there has been no additional disruption to Insight’s operations as a result of the incident.
Christian Geyer, founder and CEO of Actfore had this to say:
“While socially engineered cyberattacks are not new, the tactics involved with these attacks have evolved. For example, in the past, with these attacks, it was easier to tell from bad grammar, tone of voice, or other clues like lack of sophistication within the phishing email, or poor presentation in a baiting attempt that the perpetrator was not who they claimed to be. Now, with the advent of new AI technologies, generative AI chat bots, hackers can craft a more polished presentation that are harder to identify. This levels up the sophistication factor to make baiting or phishing attacks, to name a few socially engineered tactics, harder to spot with more detrimental and widespread effects. With the global average cost per data breach reaching $4.88 million U.S. dollars in 2024, it’s critical that organizations focus on proactive security measures, not just post-breach actions and remediation to help combat these and other kinds of cyber attacks.
Other proactive measures organizations should include the creation and maintenance of an up-to-date incident response playbook that clarifies roles and responsibilities during a crisis, so they have a preexisting plan of action in place once a cyber-attack or breach happens. Tabletop exercises can refine these playbooks to address real-world scenarios effectively. Proactive security measures should also include regular patching, vulnerability scans, continuous monitoring, and meticulous data hygiene to minimize risk further. As good practice, organizations should also have quality backups of corporate data. Implementing immutable backups—similar in concept to audit logs—can act as a safeguard against modification or deletion of data for a defined period. This immutability makes them resistant to tampering, encryption, or corruption. By preventing unauthorized changes, immutable backups provide organizations with a clean copy of their data to restore from, reinforcing their ability to recover quickly.”
This highlights the need to train users to be vigilant so that they don’t fall victim to social engineering attacks. That on top of doing simulated attacks to make sure that users learn and act accordingly to ward of a real attack.
Share this:
Like this:
Related
This entry was posted on February 20, 2025 at 2:50 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.