Voice phishing is turning into a big problem

Welcome to Runtime! Today: Voice-phishing attacks are turning into a serious problem without an easy solution, Google Cloud furthers its nuclear plans, and the latest funding rounds in enterprise tech.

(Was this email forwarded to you? Sign up here to get Runtime each week.)

Who answers their phone these days

Earlier this month at the Black Hat cybersecurity conference in Las Vegas several speakers devoted their time to the onslaught of voice-phishing attacks, or "vishing," targeting databases with customer information. People pretending to be a trusted colleague or support professional have been conducting these sorts of attacks for a long time, but this summer has seen a surge in the number of incidents.

This week Workday became the latest company to disclose that hackers had targeted "our third-party CRM platform," which is believed to be the same type of attack on Salesforce databases that has hit more than a dozen big companies over the last few months. Security site Have I Been Pwned also revealed this week that a breach in July at Allianz Life leaked the personal information of nearly all of its 1.4 million customers.

• Workday was careful to note that the breach did not impact customers' own data stored in its HR and payroll software services, and that the attackers made off with "commonly available business contact information, like names, email addresses, and phone numbers, potentially to further their social engineering scams."
• However, as TechCrunch noted, the company originally told Google's search crawler not to index the blog post containing the breach notification, which is not something you do when you're trying to be upfront and transparent with customers. (It later added that tag.)
• The data stolen from Allianz Life appears to also include "professional info like licenses, firm affiliations, product approvals, and marketing classifications," which could make it much easier to infiltrate those companies at a later date.
• Allianz Life also declined to specify which CRM provider's databases were hit in the attacks, but Bleeping Computer reported last month that the attackers targeted its Salesforce tenants.

So what is voice phishing, and who is behind these attacks? A group known as ShinyHunters (a Pokemon reference, believe it or not) has been linked to most of this summer's attacks using simple techniques to deceive employees at target companies.

• After making contact with an employee, in most cases someone associated with the group convinces the employee to connect their Salesforce data to "a version of the Data Loader app [a commonly used tool for moving data into and out of Salesforce] with a name or branding that differs from the legitimate version," Google wrote in a report detailing the recent attacks earlier this month.
• Some vishing attacks use AI cloning technology to try and duplicate the voices of well-known people within the organization.
• Unlike the groups behind other attacks on companies and government organizations over the last few years, ShinyHunters does not appear to be affiliated with a nation-state and most experts believe they're just in it for the money.
• In some cases the attackers threaten to release the stolen data unless a ransom is paid, and in others they sell the data on the dark web.

Protecting against vishing attacks requires a lot of the same educational outreach and discipline that are used to combat email phishing attacks, such as setting up multifactor authentication, urging employees to be careful about clicking on external links, and empowering workers to take their time before revealing any sensitive information.

• “Employees should be aware of the procedures and understand that they will not be penalized for refusing to provide information or assist someone impersonating a superior, including even a CEO,” Boris Cipot, senior security engineer at Black Duck, told CSO.
• But there is clearly a pattern behind this summer's attacks that targets Salesforce installations, much the same way that Snowflake customers were targeted last summer by attackers that stole login credentials.
• In both cases, there was no evidence that either Snowflake or Salesforce's software contained a vulnerability, but security experts nonetheless pressed Snowflake to force customers to use multifactor authentication when accessing Snowflake accounts.
• Similarly, Salesforce might want to take some time away from shoving agentic AI down its customers' throats to rethink the way those customers are using its Data Loader app.

Volunteers wanted

The Big Three cloud providers have shown a great deal of interest in next-generation nuclear power technology over the last few years as they search for new sources of electrical power to handle their data-center expansion plans. Last year Google Cloud signed a deal with Kairos Power to deploy small nuclear reactors throughout the U.S., and on Monday it announced that the first plant will make its debut in Oak Ridge, Tennessee.

The Hermes Ridge 2 plant will provide 50 megawatts of power when it comes online in 2030, Google said in a blog post. Google actually plans to buy power from Hermes Ridge 2 through the Tennessee Valley Authority and use it to run data centers in Tennessee and Alabama.

That region is no stranger to next-generation energy projects, of course; scientists at Oak Ridge National Laboratory helped build the first atomic bomb. Google eventually wants to deploy 500 megawatts of nuclear power by 2035, but we'll see how many AI data centers actually get built over the next decade as local opposition mounts and AI hype hits the real world.

Enterprise funding

Databricks raised a reported $1 billion Series K round (!), which values the company at $100 billion.

Cohere scored $500 million in new funding that values the enterprise AI company at $6.8 billion.

Lambda landed $275 million in credit financing as it looks to expand its neocloud GPU service and compete with CoreWeave.

Aalo Atomics raised $100 million in Series B funding, which it said would allow the company to stand up a combination nuclear plant/data center by next summer.

Functionize scored $41 million in Series B funding for its QA platform, which uses AI agents to test software.

Parallel Web Systems launched with $30 million in new funding, which former Twitter CEO Parag Agrawal plans to use to develop web search infrastructure for AI agents.

The Runtime roundup

Shares of Palo Alto Networks rose nearly three percent on a down day for the Nasdaq, one day after it reported earnings that beat expectations and raised its revenue guidance for the year.

Around 95% of enterprise generative AI pilot projects are failing because companies fail to integrate them into existing workflows, according to a new report from MIT.

Thanks for reading — see you Thursday!