Sequoia Capital Investigating 'Cybersecurity Incident'Few Details Are Known, But Phishing Attack May Have Played a Role
Venture capital firm Sequoia Capital confirmed Monday it was recently involved in a "cybersecurity incident," but offered no details on exactly what may have transpired.
"We recently experienced a cybersecurity incident. Our security team responded promptly to investigate, and we contacted law enforcement and engaged leading outside cybersecurity experts to help remediate the issue and maintain the ongoing security of our systems," a company spokesperson told Information Security Media Group.
Sequoia Capital has invested in hundreds of companies, including the security firms Armis, FireEye and Okta. It did not release how the "incident" occurred, but the attacker may have gained access to Sequoia after an employee fell victim to a phishing attack, according to a report by the news site Axios.
"We regret that this incident has occurred and have notified affected individuals. We have made considerable investments in security and will continue to make investments in this space as we work to address constantly evolving cyber threats," Sequoia says.
The company did not release any details about the incident or potential impact, but Brett Callow, a threat analyst with Emsisoft, notes that anytime an incident affects individuals, there are dangers for a company's partners.
"If a third party accesses an organization's information, there is a chance that information will be misused - for phishing or in business email compromise scams, for example. The potential for misuse in this case would entirely depend on the nature of the information that was accessed," Callow says.
David Janssen, founder of the Dutch security and privacy firm VPNOverview, agrees, saying Sequoia's partner firms need to be wary that any information accessed will be used for additional attacks.
"I would advise companies and investors that have conducted business with Sequoia to be on the lookout for subsequent phishing attempts," Janssen says. "The data obtained in this [incident] can and most likely will be used as a basis for further attacks. I would also recommend these companies and investors check with Sequoia what information was potentially compromised."
Phishing has become a go-to attack vector for most threat actors striking parties ranging from major corporations, such as Sequoia, to individuals. Earlier this month, Google reported the company now stops 100 million malicious emails from reaching Gmail users each day. Fraudsters and cybercriminals have also taken advantage of the COVID-19 pandemic to send 18 million spam messages since March 2020, using the healthcare crisis as a social engineering tactic to convince users to open the email.
The IRS issued a warning earlier this month that fraudsters are spoofing the agency's domains and incorporating its logos and language into phishing campaigns (see: IRS Warns of Fresh Fraud Tactics as Tax Season Starts).
In this case, the malicious actors are trying to entice tax preparers to email documents that would disclose their identities and Electronic Filing Identification Numbers. The cybercriminals can then use this information to file fraudulent returns by impersonating the tax professional, the IRS notes.
In addition to attempting to access a firm's data, hackers have been increasingly using Trojanized applications coupled with phishing emails to spread a variety of malware.
The security firm Intezer recently found that hackers are using Trojanized applications and fake social media accounts to steal cryptocurrency from victims (see: ElectroRAT Malware Targets Cryptocurrency Wallets).
News Editor Doug Olenick contributed to this story.