Is this email difficult to read? View it in a web browser. ›

The Wall Street Journal ProThe Wall Street Journal Pro

CybersecurityCybersecurity

Sponsored by Zscaler logo.

Do-It-Yourself Cyberattack Tools Are Booming

By Kim S. Nash

 

Hello. More wannabe cybercriminals are turning to user-friendly online tool kits designed to help them steal login credentials, passwords, credit card numbers and other sensitive data.

The strategy isn’t new but the services’ increasing ease-of-use and sophistication—fueled by artificial intelligence—is driving booming demand on the dark web. One such Chinese platform went from zero to nearly 1,700 users in its new secure messaging page since April. Read our full story. 

What can corporate cyber chiefs do to combat this trend? Scroll down for our Newsletter Bonus story. 

Also today: 

  • Online and some in-store operations down at Victoria's Secret
  • U.S. collects DNA samples from migrant children
  • Attempted espionage at Defense Intelligence Agency
  • Rosy picture in cloud security for Netskope, Zscaler
  • Executive insights from across WSJ Pro
  • And more
 

‏‏‎ ‎

CONTENT FROM: Zscaler
See you at ZenithLive '25. Cybersecurity event of the year.

One Epic Week. AI Ignited. Zero Trust Elevated. Security Operations Reinvented. Join and bring your team to the premier learning conference that brings together industry experts to share insights on zero trust, hands-on training, and certifications to protect and enable your organization to thrive. WSJ readers enjoy an exclusive 50% discount with code [WSJZL25]—don’t miss this opportunity!

Register Now

 

More Cyber News

PHOTO: ANDREW HARNIK/GETTY IMAGES

Federal authorities are investigating a clandestine effort to impersonate White House chief of staff Susie Wiles, according to people familiar with the matter. In recent weeks, senators, governors, top U.S. business executives and other well-known figures have received text messages and phone calls from a person who claimed to be Wiles. (WSJ)

The website of Victoria's Secret remained down Thursday after the women's clothing retailer disclosed Wednesday that it was dealing with a "security incident."

  • "We have taken down our website and some in store services as a precaution. Our team is working around the clock to fully restore operations," a message at the website said.
  • The company didn't provide details about the incident.

Privacy: U.S. officials are adding immigrant children's DNA samples to a federal law-enforcement database. From October 2020 through the end of last year, the U.S. Customs and Border Protection swabbed as many as 133,539 minors, including at least one four-year old, for genetic material to add to the Codis database. The Federal Bureau of Investigation runs Codis as a resource for local police and investigators. (Wired)

The U.S. sanctioned Funnull Technology, a Philippines company that the Treasury Department said provides tech infrastructure to people running so-called pig butchering campaigns and to other cryptocurrency scam websites. Funnull is run by a Chinese national who was also sanctioned, Treasury said. 

Attempted espionage: A 28-year-old tech worker with Top Secret security clearance at the federal Defense Intelligence Agency was arrested Thursday, accused of attempting to give U.S. defense information to a foreign government, the Justice Department said. The man, a Virginia resident, was communicating with an undercover FBI agent. 

 
Alt text.

How laptop farms have allowed North Korean scammers to rake in hundreds of millions of dollars to the sanctioned country

Listen Now
 

Newsletter Bonus

Can Phishing-as-a-Service be Stopped?

Beyond tech-heavy security measures, guarding against the worrisome surge in phishing attacks calls for old-school training and awareness programs, cybersecurity experts said.

Even then, spotting fake emails and login pages “is becoming increasingly difficult,” said James Maude, field CTO at BeyondTrust. “With generative AI and specialist criminal providers, the days of misspelled emails and obviously suspicious login pages are behind us,” Maude said.

Kern Smith, vice president of global solutions at cybersecurity firm Zimperium, said companies need to take a multi-layered approach that includes AI-driven detection, real-time analysis of links and app behaviors, and protection directly on mobile devices.

Protection also requires more dynamic identity verification methods, such as multi-factor authentication and biometrics, said Darren Guccione, chief executive and co-founder of Keeper Security.

“These cybercriminals are not only relying on stolen credentials, but also on social manipulation,” Guccione said.

— Angus Loten

 

Cyber Business

PHOTO: RITCHIE B. TONGO

/SHUTTERSTOCK

Some SentinelOne systems were down for several hours Thursday, disrupting the cyber company's ability to to provide thorough managed services for some enterprise customers worldwide. Threat-intelligence reporting was also delayed. The company said the problem wasn't due to a cyberattack. (Cybersecurity Dive)

Rosy picture in cloud-security: Santa Clara, Calif.-based Netskope is working with investment firm Morgan Stanley to prepare for an IPO as soon as next quarter, Reuters reported, citing people familiar with the matter. 

  • Rival Zscaler on Thursday reported that revenue was up 23% in its fiscal third quarter compared to same period a year earlier. The company narrowed its quarterly loss to $4.1 million from $19.1 million. Kevin Rubin joined as CFO from online coaching service BetterUp, Zscaler said. Rubin succeeds Remo Canessa, who is retiring. 
 

Executive Insights

Our weekly roundup of stories from across WSJ Pro that we think you'll find useful

  • U.S. venture capitalists are racing to tap into China’s growing biotechnology prowess.
  • Some of the U.S. banks that cut ties with a leading industry climate group have shifted how they talk about their climate efforts.
  • Big private-equity firms increasingly are taking two different approaches as they strive to expand, with most following an “asset light” strategy.

Coffee-machine maker Nespresso, purveyor of sophistication, wants to win over Gen Z coffee drinkers. To do so, it’s having to get more playful with its marketing.

 

About Us

The WSJ Pro Cybersecurity team is Deputy Bureau Chief Kim S. Nash and reporters Angus Loten, James Rundle and Catherine Stupp. Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.

 
Share this email with a friend.
Forward ›
Forwarded this email by a friend?
Sign Up Here ›
 
Desktop, tablet and mobile. Desktop, tablet and mobile.
Access WSJ‌.com and our mobile apps. Subscribe
Apple app store icon. Google app store icon.
Unsubscribe   |    Newsletters & Alerts   |    Contact Us   |    Privacy Notice   |    Cookie Notice
Dow Jones & Company, Inc. 4300 U.S. Ro‌ute 1 No‌rth Monm‌outh Junc‌tion, N‌J 088‌52
You are currently subscribed as [email address suppressed]. For further assistance, please contact Customer Service at pro‌newsletter@dowjones.com or 1-87‌7-975-6246.
Copyright 2025 Dow Jones & Company, Inc.   |   All Rights Reserved.
Unsubscribe