In 2024, the rise of information-stealing malware, or software that harvests login credentials, has made cybercrime easier. Instead of exploiting vulnerabilities to break into the target network, hackers can simply log in using stolen credentials. You don't have to steal it yourself, you can also buy it on the dark web.
IBM's 2024 X-Force Intelligence report states that “credentials are relatively easy to obtain.” On the heels of one of the most high-profile and largest data theft cases, the Snowflake incident earlier this year, the report notes that the use of data thieves has increased by 266% in 2023.
Flare, a Montreal-based threat exposure management startup, believes it has found a solution with its new account and session takeover protection features. The service monitors for signs that customer login information is circulating on the dark web and automatically resets affected passwords before thieves gain access. It also monitors for stolen session cookies that can trick a computer into thinking a hacker is a previously authenticated user.
“All of these organizations essentially had their access to the Snowflake environment compromised. There was no compromise of the Snowflake platform,” Flare CEO Norman Menz told TechCrunch. He added that the hackers were “using credentials for information-stealing malware,” which TC also reported at the time.
Flare was founded in 2017 as a modernized cyber threat intelligence (CTI) platform for small and medium-sized businesses. Its claim to fame is that in addition to monitoring regular dark web sources, it also looks at threat actors using the messaging app Telegram.
“They're not only using it for information exchange, but they're also using it for command and control architecture,” Mentz said, adding that compared to many of its competitors, Flair is “the largest repository of Telegram coverage. ” he added.
Telegram founder Pavel Durov was arrested in France in late August on charges of distributing child sexual abuse material, running a company that aided drug trafficking and organized fraud, and was subsequently released on €5 million bail. It was done. Downloads of the messaging app skyrocketed after his arrest made headlines.
Leveraging this new information theft prevention technology, its user base, and the power of growth, Flare is launching a new We got a $30 million Series B. .
Mentz did not disclose Flair's revenue or valuation, but said the Series B valuation was 5.6 times higher than the Series A in 2022 (PitchBook estimates the Series A's $9.3 million). The later appraised value was estimated at $13.33 million). Mentz also said the company has about 100 employees and about 250 customers in more than 40 countries.
“Built for small to medium-sized businesses and the mid-market, Flare monitors the adversary space where organized cybercriminals talk, engage, and do business from outside the perimeter,” Conn told TechCrunch told. “They're spies, so to speak.”
Flare's ability to raise money was also helped by the sale of Recorded Future, one of the biggest names in threat intelligence, to Mastercard in September for $2.65 billion. This proves that this area of cybersecurity has the potential to create a huge outlet. But Flare also faces many other competitors, from startups to major companies like Mandiant, Palo Alto Networks, and Microsoft.