Management & Strategy

Fraud Prevention Firm Sift Science Raises $53 Million

Fraud prevention and risk management solutions provider Sift Science today announced that it has closed a £53 million Series D funding round, bringing the total raised to date by the company to £107 million. The latest funding round was led by New York-based growth equity firm Stripes Group, with participation from SPINS, Remitly, Flatiron Health, Udemy, GrubHub, and previous investors Union Square Ventures, Insight Venture Partners, and Spark Capital. Sift Science plans on using the newly acquired funds to expand its global footprint in the fraud detection and prevention market, which is estimated to reach roughly £42 billion by 2022.

Sift's Digital Trust Platform relies on machine learning to protect businesses against fraud and abuse, including payment fraud, fake accounts, account hijacking, and abusive user-generated content. The platform uses data from thousands of websites and apps to identify fraud patterns based on connections between users, behaviors, locations, devices and more. Sift says its customers include Airbnb, Twitter, Twilio, Shutterstock, Yelp, Wayfair and Jet.

"We believe Sift is uniquely positioned to leverage its best-in-class software platform and data network to fundamentally reshape the way businesses and consumers interact online - with more confidence, transparency and security. We are thrilled to be partnering with Sift as it accelerates its already exceptional growth trajectory," said Ron Shah, partner at Stripes Group. Related: Virsec Raises £24 Million in Series B Funding

Related: ThreatQuotient Raises £30 Million in Series C Funding

Related: RELX Group to Acquire Fraud Fighting Firm ThreatMetrix for £815 Million

'Slingshot' Is U.S. Government Operation Targeting Terrorists: Report

The Slingshot cyber espionage campaign exposed recently by Kaspersky Lab is a U.S. government operation targeting members of terrorist organizations, according to a media report. Earlier this month, Kaspersky published a report detailing the activities of a threat actor targeting entities in the Middle East and Africa -- sometimes by hacking into their Mikrotik routers. The group is believed to have been active since at least 2012 and its members appear to speak English, the security firm said.

The main piece of malware used by the group has been dubbed Slingshot based on internal strings found by researchers. Kaspersky identified roughly 100 individuals and organizations targeted with the Slingshot malware, mainly in Kenya and Yemen, but also in Afghanistan, Libya, Congo, Jordan, Turkey, Iraq, Sudan, Somalia and Tanzania. CyberScoop claims to have learned from unnamed current and former U.S. intelligence officials that Slingshot is actually an operation of the U.S. military's Joint Special Operations Command (JSOC), a component of Special Operations Command (SOCOM), aimed at members of terrorist organizations such as ISIS and al-Qaeda.

SOCOM is well known for its counterterrorism operations, which can sometimes include a cyber component. CyberScoop's sources expressed concern that the exposure of the campaign may result in the U.S. losing a valuable surveillance program and it could even put the lives of soldiers at risk. The Slingshot infrastructure was likely already abandoned and "burned" following the disclosure, one former intelligence official told the publication.

Kaspersky has always insisted that its role is to protect customers against cyber threats, regardless of the source of an attack. The company typically refrains from attributing attacks, but it has exposed operations believed to be linked to Russia, China, the United States and others. In the case of Slingshot, Kaspersky has not directly attributed the campaign to the United States, but it did note that the hackers appear to speak English.

The company also pointed out that some of the techniques used by this actor are similar to ones leveraged by a group known as Longhorn and The Lamberts, which is believed to be associated with the U.S. Central Intelligence Agency (CIA). It's also worth noting that the WikiLeaks Vault7 files, which are believed to be tools developed and used by the CIA, describe a Mikrotik router exploit, although it is unclear if it's the one used in Slingshot attacks.

Another clue that shows a potential connection between Slingshot and U.S. intelligence is the use of tools and code strings referencing "Lord of the Rings" characters, including Gollum, which is also the name of an implant referenced in NSA documents leaked by Edward Snowden. Kaspersky's products were recently banned in U.S. federal agencies due to the company's alleged ties to Russian intelligence. The security firm has denied the accusations and it has taken legal action in hopes of overturning the ban.

If Slingshot really is a U.S. government operation, Kaspersky's disclosure of the campaign will likely not help its case. One senior U.S. intelligence official told CyberScoop it was unlikely that Kaspersky had been totally unaware of what it was dealing with. CyberScoop cited a source close to Kaspersky saying that researchers may have suspected a Five Eyes nation, but they couldn't have known for sure.

One of the incidents that led officials to believe Kaspersky may be linked to the Kremlin involved an NSA contractor from which Russian hackers allegedly stole information on how the U.S. penetrates foreign networks and how it defends against cyberattacks. Kaspersky's analysis showed that its antivirus product did automatically upload some files related to the NSA-linked Equation Group from a user's computer, but the company said the files were deleted from its systems after it noticed that they contained classified information. Related: Attribution Hell - Cyberspies Hacking Other Cyberspies

Related: The Increasing Effect of Geopolitics on Cybersecurity

Virsec Raises $24 Million in Series B Funding

Virsec, a cybersecurity company that protects applications from various attacks, today announced that it has closed a £24 million Series B funding round led by tech investment firm BlueIO. This latest funding round brings the total amount raised to-date by the company to £32 million. The company previously raised £1 million in seed funding and £7 million in a Series A funding round.

Virsec explains that its technology can protect applications by protecting processes in memory and pinpointing attacks in real-time, within any application. In more detail, the company explains that its Trusted Execution technology "maps acceptable application execution, and instantly detects deviations caused by attacks." "The battleground has shifted in cybersecurity and the industry is not keeping up," said Atiq Raza, CEO of San Jose, California-based Virsec. "With our deep understanding of process memory, control flow, and application context, we have developed a revolutionary solution that stops attacks in their tracks, where businesses are most vulnerable - within applications and processes."

Additional investors participating in the round include Artiman Ventures, Amity Ventures, Raj Singh, and Boston Seed Capital.