A third party has accessed the systems of venture capital firm Insight Partners, which has invested in over 500 companies.
This week, Insight Partners, one of the major venture capital firms, confirmed that the company was targeted by an attack.
On January 16, the company detected an unauthorized third party accessing its information systems through what the firm described as a sophisticated social engineering attack.
“As soon as this incident was detected, we moved quickly to contain, remediate, and start an investigation within a matter of hours,” Insight Partners said in a statement.
It added that the firm is currently examining the incident with the help of experts and stated that there should not be any material impact on its portfolio companies, funds, or other stakeholders.
Insight Partners manages over $90 billion in assets and has invested in over 500 companies in various industries, including cybersecurity.
According to the firm, its investments in cybersecurity startups and scale-ups are over $5 billion and include companies like Wiz, Armis, Checkmarx, Island, Laminar, and Abnormal Security.
Significant threats for users
Breaches like this one can expose sensitive business information and put many individuals at risk of social engineering attacks, says Karolis Arbačiauskas, Head of Business Product at NordPass, developed by Nord Security.
“This poses a significant threat not only to the businesses involved but also to individuals, as cybercriminals often impersonate trusted entities, such as IT support staff of reputable companies or representatives of well-known VC firms,” Arbačiauskas says.
In social engineering attacks, threat actors manipulate emotions rather than target technical vulnerabilities, which can lead anyone to reveal sensitive data.
Arbačiauskas emphasizes that while no one is fully immune to social engineering attacks, awareness and proper training can significantly reduce the risks.
Emails promising too-good-to-be-true promotions, invitations, or gifts, as well as suspicious links, are obvious signs of a scam.
Dirk Schrader, VP of Security Research at Netwrix, points out that the nature of Insight Partners’ business at this scale involves numerous interactions with barely known or completely unknown contacts, as well as a massive volume of sensitive messages sent and received.
“This creates a vast opportunity for attackers to infiltrate these exchanges, posing as a known contact and urging urgent action to prevent harmful consequences for the organization,” he says.
Attacks like this underscore that the first and best line of defense is well-trained employees who can validate suspicious messages.
Organizations are advised to establish secure communication channels with partners to verify such messages they receive.
“Technical methods to mitigate the impact of social engineering attacks on an organization’s sensitive data include implementing privileged access management (PAM) and multi-factor authentication (MFA) tools,” Schrader advises.
Your email address will not be published. Required fields are markedmarked