Is this email difficult to read? View it in a web browser. ›

The Wall Street Journal ProThe Wall Street Journal Pro

CybersecurityCybersecurity

Sponsored by Zscaler logo.

Dark Web Travel Agencies Take Flight

By Kim S. Nash

 

Hello. Criminals are innovative, I'll say that much. 

In a grift called triangulation fraud, scammers pose as online travel agents, advertising high-end vacation packages at sharp discounts.

They charge unsuspecting customers a fraction of the cost for lavish trips, covering the full price with stolen credit and loyalty cards and rake in a tidy profit. Read the full story from reporter Angus Loten.

Also today, reporter James Rundle gathered up salient points from Day 2 of the International Conference on Cyber Security, hosted by the FBI and Fordham University. Scroll down to our Newsletter Extra.

More news: 

  • United Natural Foods expects sales hit of up to $400 million from cyberattack
  • Canada wants a public accounting of hack at Nova Scotia Power
  • Aftermath of Marks & Spencer hack ripples to business partner
  • FCC seeks to ban Chinese tech from undersea cables
  • And more
 

‏‏‎ ‎

CONTENT FROM: Zscaler
Why Ransomware is Winning Despite Billions Spent on Security

Zscaler CEO Jay Chaudhry shares insights on how embracing Zero Trust AI stops ransomware at all four stages of an attack. Like a bank robbery, ransomware attacks find weaknesses, break in, move laterally, and steal or encrypt data. Attacks succeed because companies rely on firewalls as their primary defense. Firewalls expose public IPs, inviting attacks. Take back control of your security.

Watch Now

 

Hack Aftermath

PHOTO: IGOR GOLOVNIOV/ZUMA PRESS

Grocery distributor United Natural Foods warned sales will drop $350 million to $400 million for fiscal 2025 due to a cyberattack that disrupted operations for several days in June. Net profit will take a hit of $50 million to $60 million for the year, which ends July 31, the company said Wednesday.

  • Further reading from WSJ Pro: United Natural Foods Restores Systems After Hack

The U.K. grocery outlet known as Co-op said all 6.5 million members had their names, addresses and contact data breached in an April hack. No financial information was accessed, Chief Executive Shirine Khoury-Haq said. Co-op also runs funeral providers and legal and financial organizations. (Guardian)

  • The fallout from a hack at around the same time at retailer Marks & Spencer will trickle down to M&S business partner Sosandar. The fashion company hasn't booked sales through M&S since mid-April, Sosander said. (Times) 

Accountability: Canadian authorities have ordered Nova Scotia Power to provide a detailed report by the end of the year about a March cyberattack that exposed personal data for 280,000 people. Starting Aug. 1 and until the report is final, the utility must submit monthly updates on how it is responding to the hack, the Nova Scotia Energy Board said. 

  • The board plans to make details about the incident public, except for sensitive security information, it said. Canada's privacy watchdog is also investigating. (CTV News)
  • The board's requirements for the final report make for interesting reading. 
 

More Cyber News

PHOTO: CHAN LONG HEI/AP

The Federal Communications Commission on Wednesday proposed a ban of Chinese equipment in undersea telecom cables that connect to the U.S. FCC Chair Brendan Carr cited cyber and physical threats from the country. (Reuters)

U.S. schools petitioned the Trump administration and lawmakers to reverse staff and funding cuts to federal cybersecurity and tech programs that helped protect districts and student data across the country. More than 400 districts signed the petition.

PHOTO: OPTIV

CISO move: Rob Gregory this week joined cyber company Optiv as CISO, succeeding Max Shier, who left the company in May after nearly three years in the role. Previously, Gregory (pictured) was CISO at Security Benefit, a financial services firm in Topeka, Kan. Shier is now CISO at engineering company Amentum.

 

Newsletter Extra: Heard at the International Conference on Cyber Security

On offensive cyber measures

"If we start authorizing private actors to take offensive actions, particularly if there's a kinetic effect on the defense of different networks of other nations or groups, it really starts to tear at the core of our sovereign state system in ways that I think would be unpredictable. And we'll have a lot of second, third, fourth-order consequences that may not be entirely obvious from the beginning."—Stephenie Gosnell Handler, partner, at law firm Gibson Dunn

On the use of AI among criminals

"The thing about AI is that you don't have to be very smart to use it. We see everybody, from the sophisticated white-collar actor perpetuating million-dollar schemes, all the way to the gang banger who's hanging out on Roosevelt Ave., using AI in some form or another for their criminal activities."—Christopher Raia, assistant director in charge of the FBI's New York field office

On declassifying threat intelligence

"We've taken that approach: downgrade as much as we can and get out as much intelligence as possible to our industrial partners. I had one partner tell me that we are waterboarding him with intelligence and, uh, to back off a little bit. That was the biggest compliment I ever had."—Kristina Walter, chief of the National Security Agency’s Cybersecurity Collaboration Center

On the first hours after a cyberattack

"I just said we needed a whole department head meeting right away. I was doing that because I had some people running around the office, pulling out the cords from all of the computers, as if unplugging them would fix it." —Lisa Black, former chief deputy county executive of Suffolk County, N.Y.

  • Read the backstory from WSJ Pro: Long Island County Hack Probe Details History of Cyber Failures

— James Rundle

 

About Us

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten, James Rundle and Catherine Stupp. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.

 
Share this email with a friend.
Forward ›
Forwarded this email by a friend?
Sign Up Here ›
 
Desktop, tablet and mobile. Desktop, tablet and mobile.
Access WSJ‌.com and our mobile apps. Subscribe
Apple app store icon. Google app store icon.
Unsubscribe   |    Newsletters & Alerts   |    Contact Us   |    Privacy Notice   |    Cookie Notice
Dow Jones & Company, Inc. 4300 U.S. Ro‌ute 1 No‌rth Monm‌outh Junc‌tion, N‌J 088‌52
You are currently subscribed as [email address suppressed]. For further assistance, please contact Customer Service at pro‌newsletter@dowjones.com or 1-87‌7-975-6246.
Copyright 2025 Dow Jones & Company, Inc.   |   All Rights Reserved.
Unsubscribe