The Wiretap is your weekly digest of cybersecurity, internet privacy and surveillance news. To get it in your inbox, subscribe here.
Abnormal Security has announced a Series D funding round of $250 million, giving it a $5.1 billion valuation.
The company offers a machine learning platform that’s trained on normal activity for a company’s email and collaboration apps, enabling it to flag what’s abnormal. The aim is to prevent social engineering attacks that try to trick employees into giving attackers a way onto company networks. It also offers an AI assistant that helps staff when they flag a suspicious email or message.
The startup’s growth has been rapid in recent years: it says that it’s scored 100% year-over-year increases in annual recurring revenue, which is currently over $200 million. Among over 2,400 Abnormal customers are Airbnb, Boohoo Fashion, Chipotle and Xerox.
“We are relentless in fulfilling our mission of protecting humans with AI, and we’ve earned the trust of our customers by providing the best product in human behavior security,” says Evan Reiser, cofounder and CEO. Reiser and CTO Sanjay Jeyakumar previously sold their adtech company TellApart to Twitter for $479 million in 2015 before pivoting into security in 2018.
Abnormal’s latest investment round was led by Wellington Management. Existing investors Greylock Partners, Menlo Ventures, Insight Partners and CrowdStrike Falcon Fund all invested too. “We believe Abnormal has the potential to become a generational company,” said Wellington Management VC investor Rob Mazzoni.
Got a tip on surveillance or cybercrime? Get me on Signal at +1 929-512-7964.
US Trades Cybercriminals In Russia Prisoner Swap
As Americans celebrated the return of prisoners from Russia – including Wall Street Journal reporter Evan Gershkovich – among those going the other way were convicted cybercriminals. They included Roman Seleznev, who was serving a 27-year sentence for racketeering convictions tied to the theft and trade of payment card data, and Vladislav Klyushin, who’d been convicted of a “hack-to-trade conspiracy” where he and his co-conspirators traded on financial markets on information stolen from breached victims.
Stories You Have To Read Today
This week, Politico has a fascinating story about an FBI agent conspiring with an Austrian-born Silicon Valley entrepreneur to sell prohibited but faulty technologies to the Soviet Union and its allies during the 1980s. The Austrian, whose name remains unknown, was to pose as the seller of the tech, in the hopes that his role as a double agent would drain the Soviet Bloc’s funds while exposing its intelligence officers and programs.
The U.K. National Crime Agency announced the takedown of Russian Coms, a platform that helped criminals hide their identity by making their calls appear to come from legitimate organizations, from banks to police agencies. That proved particularly helpful for scammers and is believed to have facilitated fraud causing financial losses in the tens of millions of dollars.
Winner of the Week
Boldend, a Peter Thiel-backed cyber warfare startup, is being acquired by another government contractor, Sixgen. In a rare interview, Boldend CEO Mike Barry, a former senior CIA agent, told Forbes about its range of products, from the offensive to the defensive. Sixgen, meanwhile, has a significant contract with the DHS to test America’s critical infrastructure security. Both are now ultimately owned by private equity firm Washington Harbour, which bought Sixgen last year.
Loser of the Week
The fallout from the CrowdStrike outages that led to flights being canceled and hospitals having to cancel appointments continues to manifest itself in various ways. CrowdStrike is now being sued in a class action by investors, who claim the botched update was evidence the cybersecurity company had made false and misleading statements about its software testing. It’s also being sued by air fliers whose flights were canceled, not long after Delta Air Lines indicated it may take CrowdStrike to court for the losses it suffered as a result of the incident. CrowdStrike wrote a letter to Delta, meanwhile, in which it said that it “strongly rejects any allegation that it was grossly negligent or committed wilful misconduct.” It claimed that it acted “swiftly, transparently and constructively” to assist customers affected by the incident, and that Delta did not.