Fears grow for smaller nations after ransomware attack on Costa Rica escalates

It’s been a rough start for the newly-elected Costa Rica president Rodrigo Chaves, who less than a week into office declared his country “at war” with the Conti ransomware gang.

“We’re at war and this is not an exaggeration,” Chaves told local media. “The war is against an international terrorist group, which apparently has operatives in Costa Rica. There are very clear indications that people inside the country are collaborating with Conti.”

Conti’s assault on the Costa Rican government began in April. The country’s Finance Ministry was the first hit by the Russia-linked hacking group, and in a statement on May 16, Chaves said the number of institutions impacted had since grown to 27. This, he admitted, means civil servants wouldn’t be paid on time and impact the country’s foreign trade.

In a message posted to its dark web leaks blog, Conti urged the citizens of Costa Rica to pressure their government to pay the ransom, which the group doubled from an initial $10 million to $20 million. In a separate statement, the group warned: “We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power.”

Conti is among the most prolific hacking groups. The FBI warned earlier this year that the gang was among “the three top variants” that targeted businesses in the United States, and it has been blamed for ransomware attacks targeting dozens of businesses, including Fat Face, Shutterfly, and the Irish healthcare service.

But Conti has picked up its pace in recent months: in January and February it published 31 victims on its leaks blog. In March and April, it posted 133 victims.

Why Costa Rica?

Some believe that Conti’s campaign against Costa Rica is motivated for siding with Ukraine. Experts say all signs point to money.

Brett Callow, a ransomware expert and threat analysis at Emsisoft, told TechCrunch that “there’s no reason to believe that the attack on Costa Rica is other than financially-motivated.” And Maya Horowitz, the vice president of research at Check Point Software, said based on their research, Conti’s extortion planning is “very focused and based on the ability of the victim to pay.”

Read more on TechCrunch

Chaves has repeatedly blamed the attack on his predecessor, former president Carlos Alvarado, for not investing in cybersecurity. While it’s unclear exactly what measures the country had implemented to protect against cyberattacks, Jorge Mora, the country’s director of digital governance recently said that four million hacking attempts were recently blocked thanks to “protection systems” installed across institutions.

But it’s more likely that Costa Rica was just unlucky and targeted as part of a wider operation rather than due to any perceived weakness.

“Situations like this reflect the asymmetric realities of attack and defense where attackers only need to be lucky once,” Jamie Boote, a software security consultant at the Synopsys Software Integrity Group, told TechCrunch. “If one in one hundred targets becomes a victim that can pay out millions in ransom, then it pays to target hundreds.”

Callow adds that it’s also possible that Conti targeted Costa Rica due to the increased success U.S. and European law enforcement have seen in disrupting their operations.

“They may not make as much money off attacks in countries like Costa Rica and Peru, but they’re not going to end up with a multi-million dollar bounty on their heads or with U.S. Cyber Command in their servers,” said Callow. “Less gain, less risk. Or, at least, that’s what they may believe.”

An inside job?

In a message posted to its dark web blog over the weekend, Conti claimed it had “insiders in [the Costa Rican] government,” which could go some way to explaining why the country became a target, or why the attack had such a devastating impact. This claim was echoed by  President Chaves earlier this week, saying “there are very clear indications that people within the country are collaborating with Conti.”

However, security experts tell TechCrunch that Conti’s claims should be treated with a heavy dose of skepticism.

“Dark web records reveal a user by this moniker has only been active on a popular cybercrime forum since March 2022 — around a month before the attacks on Costa Rica started,” Louise Ferrett, threat analyst from Searchlight Security, tells TechCrunch. “So, while it’s possible Conti could have bribed or socially engineered insiders within the country’s government, it seems unlikely they would have amassed so much influence so quickly.”

“It is a known tactic for ransomware gangs to make exaggerated and outlandish threats in order to instill a sense of urgency in the victim and obtain a ransom payment,” Ferrett said.

What — or who — is next?

“The success of these attacks should concern smaller governments around the world,” Allan Liska, an intelligence analyst at Recorded Future tells TechCrunch. He added:

While many ransomware groups won’t touch national governments, others, like Conti feel they are untouchable and will go after whatever victim they want because they assume there will be no consequences. This is going to be an increasingly bigger problem and governments have to take firm action against ransomware actors. These are non-nation-state groups engaging in essentially nation-state-style attacks and there should be appropriate repercussions for these actions.

This is a viewpoint shared by Callow, who tells TechCrunch that we can expect to see organizations in countries outside of the U.S. receive more attention from ransomware gangs, particularly in low-income countries where cybersecurity spending is lower. “The U.S. public and private sectors are vulnerable to cyberattacks, and may be even more vulnerable in other countries,” he said.

Conti’s attack against Costa Rica is ongoing. In a post on Friday, Conti said it will delete the encryption keys used to lock Costa Rica’s government systems on May 23. As of the time of writing, Costa Rica’s government has refused to give in to Conti’s ransom demands.

But we are already seeing the emergence of similar attacks on smaller nation states. Greenland’s government this week confirmed that the island’s hospital system was “severely” impacted by a cyberattack, which has meant that hospital workers cannot access any patient medical records.

Second-largest crypto exchange FTX expands its empire with launch of stock trading feature

Cryptocurrency exchange FTX is launching stock trading capabilities for its customers through its U.S. division. The company, helmed by co-founder and billionaire Sam Bankman-Fried, said in an announcement that its launch will start in private beta mode for a select group of customers chosen from a waitlist before a full rollout in late 2022.

FTX, which is the second-largest crypto exchange in the world, says it will offer “hundreds of U.S. exchange-listed securities, including common stocks and ETFs,” including fractional shares in certain securities.

Notably, FTX plans to route all orders through Nasdaq rather than a third-party market maker. The exchange says it will not receive payment for order flow (PFOF), a method for order fulfillment Robinhood became notorious for that involves the exchange receiving payment from market makers for directing orders their way. It’s a controversial way of clearing trades because it often means the investor doesn’t receive their shares at the best possible price since the market maker profits from the spread.

Robinhood continues to employ PFOF because it can bring in substantial revenue from the third-party market makers. FTX, in contrast, will be foregoing profits from its stock trading offering because it is offering the service to users with no fee or commission charged in exchange.

FTX also says it will allow users to fund their brokerage accounts on the platform with fiat-backed stablecoins such as USDC (these are different from algorithmic stablecoins like Terra (UST), which are backed by other cryptocurrencies and don’t hold reserves in the traditional sense). The exchange says it will be the first to offer this capability, though users can also fund their accounts by standard means through wire transfers, ACH transfers and credit card deposits.

FTX also won’t require customers to hold any minimum balance in order to qualify for the no-fee account, it said.

The announcement marks a pivotal moment in Bankman-Fried’s vision to expand FTX from an institutionally focused platform with deep trading roots to an exchange that serves the broad range of needs of retail investors. Bankman-Fried revealed in a filing last week that he had bought shares in Robinhood worth 7.6% of the company, which could mark another move toward that end.

“What we eventually want to offer is an everything app for financial services,” Brett Harrison, FTX.US’s president, told the Wall Street Journal in an interview.

Twitter will hide false tweets from high-profile accounts during times of crisis

In its ongoing effort to combat misinformation about breaking news, Twitter is rolling out a crisis misinformation policy to ensure that it doesn’t amplify falsehoods during times of widespread strife.

To determine whether a tweet is misleading, Twitter will require verification from credible, public sources, including conflict monitoring groups, humanitarian organizations, open source investigators, journalists and more. If the platform finds that the tweet is misleading, it’ll slap a warning notice on the tweet, turn off likes, retweets and shares, and link to more details about the policy. These tweets will also stop surfacing on the home page, search or explore.

Notably, Twitter will “preserve this content for accountability purposes,” so it will remain online. Users will just have to click through the warning to view the tweet. In the past, some warnings about election or COVID-19 misinformation have simply been notices that appear in line beneath the tweet, rather than covering it up entirely.

Twitter crisis misinfo policy notice

Image Credits: Twitter

Twitter says it will prioritize adding warning notices to viral tweets or posts from high-profile accounts, which may include verified users, state-affiliated media and government accounts. This strategy makes a lot of sense, since a tweet from a prominent figure is more likely to go viral than a tweet from an ordinary person with 50 followers — but it’s a wonder that more platforms haven’t taken this approach already.

Some examples of tweets that might be flagged under this policy include false on-the-ground event reporting, misleading allegations of war crimes, atrocities, or use of weapons and misinformation about international community response, sanctions, defensive operations and more. Personal anecdotes don’t fall under the policy, nor do people’s strong opinions, commentary or satire. Tweets that call attention to a false claim in order to refute it are allowed, too.

Twitter began working on a crisis misinformation framework last year alongside human rights organizations, it says. This policy may come into effect under circumstances like public health emergencies or natural disasters, but to start, the platform will use these tactics to mitigate misinformation about international armed conflict — particularly, the ongoing Russian attack on Ukraine.

Most social networks have struggled with content moderation amid the war in Ukraine, and Twitter is no exception. In one circumstance, Twitter made the decision to remove the Russian Embassy’s false claim that a pregnant bombing victim in Ukraine was a crisis actor. Twitter also suspended an account that spread a false conspiracy theory that the U.S. holds biological weapons in Ukraine.

It seems like there’s a fine line between what kind of content would be taken down entirely or what posts would result in a deletion or ban. This policy might have applied to the Russian Embassy’s misleading tweet, for example, but at what point is an account so violative that it earns a ban?

“Content moderation is more than just leaving up or taking down content,” Twitter’s head of safety and integrity Yoel Roth wrote in a blog post. “We’ve found that not amplifying or recommending certain content, adding context through labels, and in severe cases, disabling engagement with the Tweets, are effective ways to mitigate harm, while still preserving speech and records of critical global events.”

Roth added in a thread that Twitter found that not amplifying this content can reduce its spread by 30% to 50%.

But depending on whether Elon Musk’s $44 billion bid to buy Twitter actually goes through, these policies may not be around for long. Musk believes that content moderation should mirror the rules of the state, AKA, Twitter’s community guidelines basically just become the First Amendment with no added nuance. While that may be appealing to the kinds of people who are never on the receiving end of hateful messages, that approach could undo loads of progress on Twitter, including efforts like this that halt the spread of harmful misinformation.

Even so, these policies are never 100% effective, and much content that violates guidelines escapes detection anyway. This week, we encountered multiple banned videos of the Buffalo shooter’s terrorist attack on platforms like Twitter and Facebook, which were left online for days without removal. One video of the gruesome shooting, which we sent to Twitter directly, still remains online.

So while these policies might be well intentioned, they can only function as effectively as they’re enforced.

WhatsApp ramps up revenue with global launch of Cloud API and soon, a paid tier for its Business App

WhatsApp is continuing its push into the business market with today’s news it’s launching the WhatsApp Cloud API to all businesses worldwide. Introduced into beta testing last November, the new developer tool is a cloud-based version of the WhatsApp Business API — WhatsApp’s first revenue-generating enterprise product — but hosted on parent company Meta’s infrastructure.

The company had been building out its Business API platform over the past several years as one of the key ways the otherwise free messaging app would make money. Businesses pay WhatsApp on a per-message basis, with rates that vary based on the region and number of messages sent. As of late last year, tens of thousands of businesses were set up on the non-cloud-based version of the Business API including brands like Vodafone, Coppel, Sears Mexico, BMW, KLM Royal Dutch Airlines, Iberia Airlines, Itau Brazil, iFood, and Bank Mandiri, and others. This on-premise version of the API is free to use.

The cloud-based version, however, aims to attract a market of smaller businesses, and reduces the integration time from weeks to only minutes, the company had said. It is also free.

Businesses integrate the API with their backend systems, where WhatsApp communication is usually just one part of their messaging and communication strategy. They may also want to direct their communications to SMS, other messaging apps, emails, and more. Typically, businesses would work with a solutions provider like Zendeks or Twilio to help facilitate these integrations. Providers during the cloud API beta tests had included Zendesk in the U.S., Take in Brazil, and MessageBird in the E.U.

During Meta’s messaging-focused “Conversations” live event today, Meta CEO Mark Zuckerberg announced the global, public availability of the cloud-based platform, now called the WhatsApp Cloud API.

“The best business experiences meet people where they are. Already more than 1 billion users connect with a business account across our messaging services every week. They’re reaching out for help, to find products and services, and to buy anything from big-ticket items to everyday goods. And today, I am excited to announce that we’re opening WhatsApp to any business of any size around the world with WhatsApp Cloud API,” he said.

He said the company believes the new API will help businesses, both big and small, be able to connect with more people.

In addition to helping businesses and developers get set up faster than with the on-premise version, Meta says the Cloud API will help partners to eliminate costly server expenses and help them provide customers with quick access to new features as they arrive.

Some businesses may choose to forgo the API and use the dedicated WhatsApp Business app instead. Launched in 2018, the WhatsApp Business App is aimed at smaller businesses that want to establish an official presence on WhatsApp’s service and connect with customers. It provides a set of features that wouldn’t be available to users of the free WhatsApp messaging app, like support automated quick replies, greeting messages, FAQs, away messaging, statistics, and more.

Today, Meta is also introducing new power features for its WhatsApp Business app that will be offered for a fee — like the ability to manage chats across up to 10 devices. The company will also provide new customizable WhatsApp click-to-chat links that help businesses attract customers across their online presence, including of course, Meta’s other applications like Facebook and Instagram.

These will be a part of a forthcoming Premium service for WhatsApp Business app users. Further details, including pricing, will be announced at a later date.


DOJ says it will no longer prosecute good-faith hackers under CFAA

The U.S. Justice Department announced Thursday it will not bring charges under federal hacking laws against security researchers and hackers who act in good faith.

The policy for the first time “directs that good-faith security research should not be charged” under the Computer Fraud and Abuse Act, a seismic shift away from its previous policy that allowed prosecutors to bring federal charges against hackers who find security flaws for the purpose of helping to secure exposed or vulnerable systems.

The Justice Department said that good-faith researchers are those who carry out their activity “in a manner designed to avoid any harm to individuals or the public,” and where the information “used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.”

The Computer Fraud and Abuse Act, or CFAA, was enacted in law in 1986 and predates the modern internet. The federal law dictates what constitutes computer hacking — specifically “unauthorized” access to a computer system — at the federal level. But the CFAA has long been criticized for its outdated and vague language that does little to differentiate between good-faith researchers and hackers, and malicious actors who set out to extort companies or individuals or otherwise cause harm.

Last year the Supreme Court took its first look at the CFAA since the law came into force, and for the first time determined precisely what the CFAA’s reading of “unauthorized” access means under the law, and subsequently limited its scope, effectively eliminating an entire class of hypothetical scenarios — like violating a web service’s privacy policy, checking sports results from a work computer, and more recently scraping public web pages — under which federal prosecutors could have brought charges.

Now the Justice Department is ruling out, albeit a year on from the court’s ruling, bringing federal charges over these kinds of scenarios and instead focusing on cases where malicious actors deliberately break into a computer system.

The policy shift is not a legislative fix and could, just as the Justice Department did today, change in the future. It also does not protect good-faith hackers — or anyone else accused of hacking — from state computer hacking laws.

In a statement, U.S. deputy attorney general Lisa O. Monaco said: “The department has never been interested in prosecuting good-faith computer security research as a crime, and today’s announcement promotes cybersecurity by providing clarity for good-faith security researchers who root out vulnerabilities for the common good.”

Some critics may not accept that claim so willingly following the death of Aaron Swartz, who died by suicide in 2013 after he was charged under the CFAA for downloading 4.8 million articles and documents from academic subscription service JSTOR. Although JSTOR declined to pursue the case, federal prosecutors still brought charges accusing him of theft.

Since Swartz’s death, campaigners and lawmakers alike have pushed “Aaron’s Law,” to reform and codify changes to the CFAA in law to better protect good-faith hackers.

Dig emerges from stealth to help organizations secure their data in public clouds

Dig, a Tel Aviv-based cloud data security startup, has emerged from stealth with an $11 million investment to help organizations protect data stored in public cloud environments.

It’s no secret that data is often the ultimate target for some cybercriminals, yet so many organizations don’t have visibility, context or control over data stored in public cloud environments — like the ones run by Amazon, Google and Microsoft — according to Dig. That’s why the startup has developed a data detection and response (DDR) solution, which it claims can help enterprises to discover, protect and govern their cloud data in real time.

“Companies don’t know what data they hold in the cloud, where it is, or most importantly how to protect it. They have tools to protect endpoints, networks, APIs but nothing to actively secure their data in public clouds,” Dan Benjamin, Dig’s co-founder and chief executive, tells TechCrunch. Prior to founding Dig in October last year, Benjamin led multi-cloud security at Microsoft and mentored CTOs at Google Cloud for Startups.

“If you speak to data security teams in large organizations today, most of them work with manual reports and run manual scans. We help organizations analyze and understand how that data is being used,” he added.

Dig claims, like unlike existing solutions, it analyzes and responds instantly to threats to cloud data, triggering alerts on suspicious or anomalous activity, stopping attacks, data exfiltration and employee data misuse. The solution — a software-as-a-service app — discovers all data assets across public clouds and brings context to how they are used, and also tracks whether each data source supports compliance like SOC2 and HIPAA.

“Just the other week, we integrated with a large financial public American company, and after five minutes, we had alerts. What we discovered is that they had all financial reports being copied to an external AWS account that doesn’t belong to them,” Benjamin says. “We see stuff like this all of the time because no-one has real visibility into how this data is being used.”

Benjamin, who founded the startup alongside veteran entrepreneurs Ido Azran and Gad Akuka — the first letters of the co-founders’ names spell “Dig” — tells TechCrunch that Dig currently works with Microsoft Azure and AWS, with support for Google Cloud Platform coming soon. His ultimate goal, however, is to expand beyond public clouds to provide a solution to protect data wherever it sits within an organization.

“Data sits in five main locations for a typical enterprise; endpoints, email, on-premise, SaaS, and public clouds,” Benjamin says. “We only cover public clouds, but I believe that, eventually, customers will want a single platform that protects data wherever it is.”

With its $11 million seed round led by Team8, with participation from CrowdStrike, CyberArk and Merlin Ventures, Dig plans to grow its headcount from 30 to 50 by the end of the year, including in the U.S. It also plans to expand the product, with Benjamin noting that the startup “still has a lot to do” across discovery, context and threat protection.

YouTube teases expansion of livestream shopping with new features arriving later this year

In recent years, YouTube has been working to transform its platform into more of a shopping destination with product launches like shoppable ads or more recently, the ability to shop directly from livestreams hosted by creators. Now, it’s furthering that investment with new features for live shopping experiences. At yesterday’s YouTube Brandcast event, where the company pitched itself to advertisers as a better place for their TV ad dollars, YouTube teased upcoming features that it claimed would make it easier for viewers to discover and buy from brands.

The company touted its forthcoming tools as offering advertisers a better way to engage viewers and make connections with their audience.

One new feature, explained YouTube, will allow two creators to go live at the same time to cohost a single live shopping stream. This could effectively double the draw for the event, as each creator would bring their own fanbase to the stream.

This feature arrives shortly after YouTube in March announced a pilot program called “Go Live Together,” a new mobile collaborative streaming feature that would enable creators to invite guests to their livestream with a link before going live together. This trial suggested YouTube had its eye on developing tools to better power joint livestreams — just as it’s now planning to introduce with its upcoming two-person live shopping streams. The addition could also make YouTube more competitive with Instagram which launched the ability for creators to go live with up to three people last year.

In addition to leveraging creators to build an audience for a live shopping event, YouTube’s shopping livestreams platform also offers other tools specifically designed to drive sales. The brand-integrated shopping experience actually allows viewers to shop the products shown in the video by tapping on a built-in “view products” button which then brings up a list of items featured by the creators.

The company says its new two-person live shopping feature will roll out sometime later this year.

Another upcoming option announced at Brandcast is something YouTube calls “live redirects.”

In this case, creators will be able to start a shopping livestream on their channel, then redirect their audience over to a brand’s channel for fans to keep watching. This allows brands to tap into the power of the creator’s platform and reach their fanbase, but then gives the brands themselves access to that audience — and the key metrics and analytics associated with their live event — directly on their own YouTube channel. This will also roll out sometime this year, says YouTube, but didn’t provide a timeframe.

YouTube’s announcements follow the broader growth of the live e-commerce market in the U.S. — a trend inspired by the livestream shopping activity surging in China, where streamers can pull in billions of dollars in a matter of hours. Today, a number of startups have also entered this space, including TalkShopLive, PopShop Live, NTWRK, Whatnot, ShopShops, Supergreat, and others. Klarna even added virtual shopping capabilities to connect its buy-now, pay-later customers with live product demos from retail partners.

Retailers, too, are getting in on the action. Nordstrom launched a live events platform, while Forever 21 and Macy’s are among those that added live shopping to their apps.

Meanwhile, big tech platforms are wooing brands by touting their wider reach.

Over the past year or so, we’ve seen Walmart pilot testing TikTok’s first livestreamed shopping experience; Facebook’s live shopping boosting sales for brands like Petco, Benefit, Samsung, Anne Klein, and others; and Instagram hosting live shopping events to cater to holiday crowds. Twitter even began to test livestream shopping, also with Walmart’s help on its pilot run — but it’s unclear where such initiatives will land if the Elon Musk buyout comes to pass.

While YouTube is certainly one of the largest creator platforms for video, there is some indication that it needs to catch up to its big tech rivals in livestream shopping, however. An eMarketer study from Jan. 2022 found that only 14.4% of survey respondents said YouTube’s platform drove them to purchase during a livestream event compared with 15.8% for TikTok, 45.8% for Instagram, and 57.8% for Facebook.

Image Credits: eMarketer/Insider Intelligence

YouTube’s new livestream features — and particularly the one that pushes a creator’s fanbase to a brand’s channel — could make its solution more compelling.

“People come to YouTube every day to make decisions about what to buy, and 87% of viewers say that when they’re shopping or browsing on YouTube, they feel like they can make a faster decision about what to purchase because of all the information that we have in videos,” said YouTube CEO Susan Wojcicki, speaking to the audience at the Brandcast live event last night. “We have so much shopping activity that is already happening on YouTube, so we are making it even easier for viewers to discover and to buy,” she said.

Investors discuss how labor shortage is shaking up the construction tech stack

Construction as an industry has evolved with civilization through the ages. But today, it’s one of the few industries that have one foot firmly planted in the past, even as the other tries to step into the future. Construction’s digital transformation journey is only just beginning, and the sector offers a ton of space for innovation.

To get a clear picture of where construction tech stands today, we spoke with five active investors in the space. And the overall consensus seems to be that the pandemic was a big boost to innovation as stakeholders realized the need for the ability to observe and direct work remotely.

“Due to the pandemic, many contech workers were unable to freely visit their job sites and realized they had less visibility than they’d like into what was happening onsite. For an industry that has historically been averse to tech, feeling this pain point was a real catalyst for adoption. Across segments, we’ve seen field workers become more open to exploring digital platforms and to the ROI they can deliver to projects,” said Nikitas Koutouples, managing director at Insight Partners.

The pandemic wasn’t the only challenge to hit the construction industry. The rising cost of raw materials coupled with a major labor shortage has left the industry scrambling for solutions to bridge these gaps.

According to Sungjoon Cho, general partner at D20 Capital, the usage of technology will be critical to counterbalance labor shortages. “Software tools are needed to increase efficiency, transparency, and accountability,” he said. “Robotics are needed to automate dangerous and repetitive tasks. And creative solutions are needed to ensure construction projects have access to the right talent at the right time. Although the concept of remote work is still a novel idea in the construction industry, we believe that opening up certain jobs to remote talent will open the door to increased efficiency and a broader talent pool — as we have seen in many other industries.”

Some of the investors we spoke to see more scope in commercial construction, while others favor residential housing. All the investors, however, did agree that the sector’s biggest developments lie in automation, data collection and data analysis.

For Suzanne Fletcher, venture partner at Prime Movers Lab, automation is the obvious solution to the labor shortage issue. “Automating new home construction is going to have an enormous impact on the production housing industry. For example, Diamond Age’s robotics-as-a-Service system combines 3D printing, mechatronics, and robotics to backfill the massive labor shortage and drive construction cycle times down,” she said.

Momei Qu, managing director at PSP Growth, believes the sector will adopt more tech in the next five to ten years: “In the long run (five to ten years), there will be game-changing innovations around new materials, automation techniques, and robotics that could fundamentally change how things are built and create a better, safer environment for those in the industry, which will hopefully also help with the labor shortage. I often look out my window at construction sites and think: “Humans should not be doing that.”

Governments and legislation do have a role to play in helping modernize the construction industry as well. The Infrastructure Investments and Jobs Act passed this year in the U.S. is expected to be beneficial to innovation in the industry.

But Heinrich Gröller, partner at Speedinvest, feels governments will need to get more involved to ensure that the construction industry heads in the right direction, especially in terms of environmental impact.

“Governments, not only in the U.S. but also in Germany, for example, will play a huge role,” he said. “There is a massive backlog in infrastructure investments that now need to be pushed forward, which will trigger massive investments. There is a clear tendency to make building information modeling compulsory for public construction projects. And there will be continued and growing pressure from governments to measure and minimize environmental impact and carbon footprint going forward — be it with recycling quotas or carbon emission targets. All of the above will create new tech solutions and enable many existing ones to finally take off.”

Read the full survey for more in-depth answers by these investors’ about the the opportunities and issues in construction tech. They also discuss the investments that they’re interested in making in construction tech, as well as the best way to approach them.

Gopuff, the instant delivery upstart, taps ex-Disney head Bob Iger as its newest investor and advisor

Gopuff, the instant delivery giant that is valued at $15 billion (but was filing financing papers in December 2021 at a value of up to $40 billion), made a name for itself courting consumers wanting groceries and other essentials with an app that lets them order and get those goods delivered in around 30 minutes. Now, as the category matures and faces a period of consolidation, Gopuff is announcing a new big-name advisor and investor — Bob Iger, the former CEO and chairman of The Walt Disney Company — as it looks to take its consumer profile to new levels.

Gopuff would not disclose the size of Iger’s stake in the company, nor whether the investment is coming as a separate investment, or as part of that December 2021 $1.5 billion financing (which was in the form of a convertible note, to convert to equity at an IPO price to a maximum of $40 billion).

Gopuff is no stranger to celebrity endorsements and connections — a spokesperson said Iger was introduced to the co-founder CEOs Yakir Gola and Rafael Ilishayev via none other than Chris Paul, the NBA all-star who has been working with Gopuff on healthy food, diversity engagement and other initiatives for a while now — but all the same this potentially puts an interesting spin on what Gopuff is aiming for in its next stage of growth, given Iger’s experience at a mega-brand where holdings span not just hospitality services (an obviously synergy) but extensive media and entertainment properties (…).

“Bob Iger is one of the most important and visionary business leaders of this generation. He defined consumer engagement, product innovation, and organizational excellence,” said Gola in a statement. “I am so proud and excited that Bob is joining team blue. Gopuff is building a platform designed for the future of the consumer industry and nobody understands consumers better than Bob Iger.”

“It’s been exciting to spend time with Gopuff leadership learning about the company, the founders, and their aspirations,” Iger said in his own statement. “I am excited to advise, mentor, and support the executive team as they continue building a company uniquely designed for how consumers are changing and growing. I believe consumer commerce will be very different in the near future and Gopuff is building the platform to power it.”

I don’t typically make references to press release wording, but to me it’s notable that Gopuff points out in its official announcement of the appointment that “Mr. Iger led The Walt Disney Company during the most difficult time in the company’s storied history,” going on to say that “practical concepts such as optimism, courage, decisiveness and fairness, and an ability to foster innovation while powering growth” marked his time there.

To be sure, the addition of Iger to “team blue,” as Gopuff describes it, is coming at a pretty critical time for the company and the wider category of commerce.

We have seen waves of huge funding rounds and precipitous valuations to grow what seemed like an endless pool of instant grocery startups that were capitalizing on the heady days of Covid-19 — when people socially distanced, sheltered in place, and swarmed on services like rapid delivery to get their hourly and daily fixes of consumer goods. Those many delivery companies followed suit with massive investments into growing their customer bases, subsidizing orders and splashing out on big promotional campaigns and ramping up their delivery operations and other teams.

But now, a lot of consumers returning to their “old normal”, and so those instant enterprises, and their shareholders, are sobering up.

Gopuff confirmed to us that it laid off three percent of its staff — 450 people — in late March as part of a restructuring. That came on the heels of strikes among its drivers demanding better compensation, as well as some shifts in its executive ranks. (The layoffs were reported to be in the works at the time but not confirmed by the company.)

Gopuff had originally been talking about a mid-2022 public listing but with the IPO market currently stalled out, we understand those plans are currently on hold.

That state of the public markets is more generally also causing a trickle-down effect, putting pressure on companies like Gopuff that have raised a lot of funding.

The New York Post reported in March that it and others in the space are all seeing their valuations getting slashed on the secondary market. Gopuff investors, the NYP reported, were struggling to sell at $15 billion in March (recall $40 billion was the price floated just in December).

But that was before public markets started to get really dicey in recent weeks, so it’s not clear what that valuation might look like on secondary sales today. (Its investors include a number of those seeing the impacts of those devaluations, including SoftBank, D1, Guggenheim, Accel, and a number of others.)

That pressure is also leading to some major consolidation of the overcrowded instant delivery market at lower levels, too.

Just earlier this week, one of the big instant grocery companies out of Europe, Berlin’s Flink, acquired a would-be rival, Cajoo, becoming the biggest instant delivery player in France. (Flink also picked up some more funding and a higher valuation, $5 billion, in the process, so it seems receding tides are not capsizing all boats.) Gopuff itself has also snapped up some smaller players, including Dija and Fancy in the UK, to expand in Europe.

All of this frames a pretty challenging picture for Iger and his management skills, not least because Gopuff has also been enhancing that picture, so to speak, with a lot of new colors.

In the last 12 months, it has launched Gopuff Kitchens, a dark kitchen enterprise for ready-made meals; an advertising business; and Basically, its own private-label brand.

(And it’s worth pointing out that beyond instant commerce, there are equally challenging conditions for those looking to disrupt older models. Much-ballyhooed retail startup Enjoy just this week said it was on course to run out of money by June at the current rate of business.)

But despite all that, there remain some big opportunities to continue building and meeting consumer tastes, a fact not lost on an opportunity capitalizer like Iger. And Gopuff — which currently lays claim to being the biggest player of its kind in the U.S., with a 70% share of the market and operations in 600 locations (covering 1,200 cities) — may well be positioned to deliver on that.

Masterschool raises $100M seed round for its network of coding schools

Masterschool, which describes itself as a “network of tech career-training schools,” today announced that it has raised a $100 million seed funding round (yes, that’s correct — a $100 million seed round). The round was led by Group 11, with participation from Target Global, Pitango Ventures, Dynamic Loop Capital, Sir Ronald Cohen, and a number of additional strategic investors. The company declined to disclose its current valuation.

Like some of its competitors, Masterschool students don’t pay any upfront tuition for the six to twelve months it takes to complete its program. After that, they pay back their tuition, which typically ends up being somewhere between $10,000 to $20,000 by giving 10% of their monthly income to the company. That’s a pretty standard model for coding schools. One twist here is that Masterschool has also partnered with some companies that will pay off the tuition for the students who they hire themselves.

“Though our students pay no upfront tuition, they are investing a huge amount of time in order to build a new career. They trust us to deliver the best training with the best outcomes,” Masterschool co-founder and co-CEO Otni Levi said. “Breaking this trust and not delivering on our commitments is the greatest risk for us. This is what keeps us awake at night and also what motivates us.”

As Masterschool co-founder and co-CEO Miachel Shurp told me, he and Levi launched and bootstrapped the company three years ago. It has since became a profitable business, but the team decided to go out and raise funding now. “We opted to fundraise only when we knew it was time to scale, enabling us to grow the company and achieve our mission,” he said. In addition, Levi noted that the team was looking for the right investors that would align with the company’s long-term mission “to ensure everyone can build inspiring careers.”

The team argues that what sets Masterschool  apart from some of its competitors is that it’s a network of schools. So instead of enrolling in a traditional class, they select a school, which is typically run by an experienced practitioner, and then follow that school’s program. The programs themselves are 100% online and the team tells me that students should expect to spend between 25 to 40 hours per week on live lectures, assignments, one-on-one sessions, class meetings and more.

“There are currently over 1 million open IT jobs in just the US. Every school and bootcamp addressing this shortage is serving an important role,” said Shurp. “That being said, we need way more schools to fill this gap. That’s where Masterschool comes into play. We’re building a network of career training schools and offering industry leaders the ability to build and run their schools on our platform. In the coming years, we’ll launch thousands of career-training schools, enabling millions of students to build the career they want.”