Meet Bluetana, the Scourge of Pump Skimmers

Bluetana,” a new mobile app that looks for Bluetooth-based payment card skimmers hidden inside gas pumps, is helping police and state employees more rapidly and accurately locate compromised fuel stations across the nation, a study released this week suggests. Data collected in the course of the investigation also reveals some fascinating details that may help explain why these pump skimmers are so lucrative and ubiquitous.

The new app, now being used by agencies in several states, is the brainchild of computer scientists from the University of California San Diego and the University of Illinois Urbana-Champaign, who say they developed the software in tandem with technical input from the U.S. Secret Service (the federal agency most commonly called in to investigate pump skimming rings).

The Bluetooth pump skimmer scanner app ‘Bluetana’ in action.

Gas pumps are a perennial target of skimmer thieves for several reasons. They are usually unattended, and in too many cases a handful of master keys will open a great many pumps at a variety of filling stations.

The skimming devices can then be attached to electronics inside the pumps in a matter of seconds, and because they’re also wired to the pump’s internal power supply the skimmers can operate indefinitely without the need of short-lived batteries.

And increasingly, these pump skimmers are fashioned to relay stolen card data and PINs via Bluetooth wireless technology, meaning the thieves who install them can periodically download stolen card data just by pulling up to a compromised pump and remotely connecting to it from a Bluetooth-enabled mobile device or laptop.

According to the study, some 44 volunteers  — mostly law enforcement officials and state employees — were equipped with Bluetana over a year-long experiment to test the effectiveness of the scanning app.

The researchers said their volunteers collected Bluetooth scans at 1,185 gas stations across six states, and that Bluetana detected a total of 64 skimmers across four of those states. All of the skimmers were later collected by law enforcement, including two that were reportedly missed in manual safety inspections of the pumps six months earlier.

While several other Android-based apps designed to find pump skimmers are already available, the researchers said Bluetana was developed with an eye toward eliminating false-positives that some of these other apps can fail to distinguish.

“Bluetooth technology used in these skimmers are also used for legitimate products commonly seen at and near gas stations such as speed-limit signs, weather sensors and fleet tracking systems,” said Nishant Bhaskar, UC San Diego Ph.D. student and principal author of the study. “These products can be mistaken for skimmers by existing detection apps.”

BLACK MARKET VALUE

The fuel skimmer study also helps explain how quickly these hidden devices can generate huge profits for the organized gangs that typically deploy them. The researchers found the skimmers their app found collected data from roughly 20 -25 payment cards each day — evenly distributed between debit and credit cards (although they note estimates from payment fraud prevention companies and the Secret Service that put the average figure closer to 50-100 cards daily per compromised machine).

The academics also studied court documents which revealed that skimmer scammers often are only able to “cashout” stolen cards — either through selling them on the black market or using them for fraudulent purchases — a little less than half of the time. This can result from the skimmers sometimes incorrectly reading card data, daily withdrawal limits, or fraud alerts at the issuing bank.

“Based on the prior figures, we estimate the range of per-day revenue from a skimmer is $4,253 (25 cards per day, cashout of $362 per card, and 47% cashout success rate), and our high end estimate is $63,638 (100 cards per day per day, $1,354 cashout per card, and cashout success rate of 47%),” the study notes.

Not a bad haul either way, considering these skimmers typically cost about $25 to produce.

Those earnings estimates assume an even distribution of credit and debit card use among customers of a compromised pump: The more customers pay with a debit card, the more profitable the whole criminal scheme may become. Armed with your PIN and debit card data, skimmer thieves or those who purchase stolen cards can clone your card and pull money out of your account at an ATM.

“Availability of a PIN code with a stolen debit card in particular, can increase its value five-fold on the black market,” the researchers wrote.

This highlights a warning that KrebsOnSecurity has relayed to readers in many previous stories on pump skimming attacks: Using a debit card at the pump can be way riskier than paying with cash or a credit card.

The black market value, impact to consumers and banks, and liability associated with different types of card fraud.

And as the above graphic from the report illustrates, there are different legal protections for fraudulent transactions on debit vs. credit cards. With a credit card, your maximum loss on any transactions you report as fraud is $50; with a debit card, that protection only extends for within two days of the unauthorized transaction. After that, the maximum consumer liability can increase to $500 within 60 days, and to an unlimited amount after 60 days.

In practice, your bank or debit card issuer may still waive additional liabilities, and many do. But even then, having your checking account emptied of cash while your bank sorts out the situation can still be a huge hassle and create secondary problems (bounced checks, for instance).

Interestingly, this advice against using debit cards at the pump often runs counter to the messaging pushed by fuel station owners themselves, many of whom offer lower prices for cash or debit card transactions. That’s because credit card transactions typically are more expensive to process.

For all its skimmer-skewering prowess, Bluetana will not be released to the public. The researchers said they the primary reason for this is highlighted in the core findings of the study.

“There are many legitimate devices near gas stations that look exactly like skimmers do in Bluetooth scans,” said UCSD Assistant Professor Aaron Schulman, in an email to KrebsOnSecurity. “Flagging suspicious devices in Bluetana is a only a way of notifying inspectors that they need to gather more data around the gas station to determine if the Bluetooth transmissions appear to be emanating from a device inside of of the pumps. If it does, they can then open the pump door and confirm that the signal strength rises, and begin their visual inspection for the skimmer.”

One of the best tips for avoiding fuel card skimmers is to favor filling stations that have updated security features, such as custom keys for each pump, better compartmentalization of individual components within the machine, and tamper protections that physically shut down a pump if the machine is improperly accessed.

How can you spot a gas station with these updated features, you ask? As noted in last summer’s story, How to Avoid Card Skimmers at the Pumps, these newer-model machines typically feature a horizontal card acceptance slot along with a raised metallic keypad. In contrast, older, less secure pumps usually have a vertical card reader a flat, membrane-based keypad.

Newer, more tamper-resistant fuel pumps include pump-specific key locks, raised metallic keypads, and horizontal card readers.

The researchers will present their work on Bluetana later today at the USENIX Security 2019 conference in Santa Clara, Calif. A copy of their paper is available here (PDF).

If you enjoyed this story, check out my series on all things skimmer-related: All About Skimmers. Looking for more information on fuel pump skimming? Have a look at some of these stories.

DEFCON’s Been And Gone | What Did You Miss?

Hard on the heels of Black Hat USA 2019 came DEFCON and the 27th iteration of the venerable hacker conference that began all the way back in 1993, a time before a good portion of this year’s 20,000 plus attendants were even born! With four days of great talks, multiple subject-specific spaces like Wireless Village, Lockpicking Village, Cloud Village, as well as contests, workshops and, of course, all the after-hours parties, DEFCON is the main hacker event of the year. If you weren’t able to make it this year, or you just didn’t get the chance to see as much as you’d have liked, here’s our quick take on the highlights of DEFCON 27.

The Badge

This year’s electronic badge was created by Joe Grand and featured a quartz-face with microcontroller and Near-Field Magnetic Induction chipset. Amazingly, all 30,000 badges made for this year’s con were made with a unique gemstone

image of defcon badge

As is tradition with DEFCON electronic badges, the device also held a challenge for participants. This year it required attendees to either get close enough to lots of other types of badges (human and non-human) to complete the challenge or to hack the badge’s internal circuitry and force the badge to complete with a bit of hacker trickery! The badge quest involved, by hook or by crook, “interacting” with all the following:

// Bit masks for badge quest flags
#define FLAG_0_MASK 0x01 // Any Valid Communication
#define FLAG_1_MASK 0x02 // Talk/Speaker
#define FLAG_2_MASK 0x04 // Village
#define FLAG_3_MASK 0x08 // Contest & Events
#define FLAG_4_MASK 0x10 // Arts & Entertainment
#define FLAG_5_MASK 0x20 // Parties
#define FLAG_6_MASK 0x40 /* Group Chat (all 6 gemstone colors:
                          Human/Contest/Artist/CFP/Uber +
                          Goon + Speaker + Vendor + Press + Village) */

For those interested in learning about hacking the badge, an excellent how-to is here

The Workshops

There were 37 workshops spread over 3 days, from Thursday through to Saturday covering topics from beginner level “Hack to Basics” to advanced wireless exploitation. As places are always limited, this year there was a $25 sign up fee to discourage no-shows. 

One of our favorites was Madhu Akula‘s ‘Breaking and Pwning Docker Containers and Kubernetes Clusters’. Security of cloud workflows is something enterprises need to pay more attention to, as vulnerabilities in applications running on containers is something most security solutions can’t offer visibility into. Being able to assess your cloud servers and workflows and protect them properly is a key defensive strategy organization need to have in place.  

The Villages

This year there were a total of 30 villages, with DEFCON 27 hosting a Ham Radio Village for the first time. If you’re not familiar with the concept of DEFCON villages, the idea is that each village holds its own schedule of talks, workshops, labs and contests that are specific to the theme of the village. This allows for attendees to really focus on areas that interest them, meet like-minded hackers, and drill-down into the subject matter in various ways. From privacy to biohacking, the range of topics, talks and activities has something for everyone.

image of DEF CON cloud village

One of the more interesting villages this year was the Cloud village, an open space for people interested in offensive and defensive aspects of cloud security. One of the timely talks in the Cloud village this con was ‘Your Blacklist is Dead. Airgap Everything: The Future of CNC is the Cloud’. Eric Galinkin explained how SaaS platforms like Slack, Pastebin, Google and other social media sites are being exploited by hackers to get around URL blacklisting and the need to write domain name generating algorithms. With companies increasingly reliant on cloud and hybrid cloud infrastructures like AWS, understanding how threat actors are adapting their tools, tactics and procedures in light of that is essential.

With the 2020 elections just around the corner, the Voting Hacking Village was sure to receive a lot of attention, but unfortunately things didn’t quite go to plan. Thanks to a mixture of problems with the five prototype voting machines provided by DARPA, hackers were only able to stress test them for security flaws on the final day. Let’s hope they get a chance for a better community-driven security audit before next fall’s voting!

The Talks

Aside from the Village-hosted talks, there were four tracks of talks on demos, tools and exploits. High-school researcher Bill Demirkapi‘s talk on Friday, ‘Are Your Child’s Records at Risk? The Current State of School Infosec’, highlighted the difficulties of responsible disclosure for security researchers working in the education sector. Bill discovered vulnerabilities in two content management systems  — Blackboard and Aspen — but faced an uphill struggle when he tried to inform the vendors of security flaws in their products. Fortunately, both vendors came round eventually, but not without some personal cost to Bill, who found himself temporarily suspended from school as he tried to gain attention to the cross-site scripting and SQL injection vulnerabilities in the widely used educational software.

image of school infosec

Another interesting talk that caught our attention focused on one particular kind of IoT device that is pretty much ubiquitous in homes, reception areas and many offices but which receives little attention: the Smart TV. In ‘SDR Against Smart TVs: URL and Channel Injection Attacks’, Pedro Cabrera Camara demonstrated how internet-connected TVs present a readily-exploitable attack surface.  Hackers can exploit flaws in the implementation of the HbbTV standard to pull off sophisticated remote attacks including keylogging and cryptomining.

We’d also like to give a shout out to Matt Wixey and his talk ‘Sound Effects: Exploring Acoustic Cyber-weapons’ for introducing the fascinating topic of how attackers can affect human health by bridging the divide between the digital and the physical. Matt’s talk covered acoustic malware that can cause physical or psychological harm, specifically through inaudible, ultrasonic frequencies. Matt showed how everyday IoT items like smart speakers and bluetooth headphones can be weaponized to both harm human users and damage the device itself.

Conclusion

While massive hacker cons might not be to everyone’s taste, the sheer size of DEFCON means there will always be plenty of content that covers whatever area of cybersecurity you happen to be interested in, and there’s always a good chance you’ll discover some new area of interest. It’s much of the reason why we all keep going back every year, as well as to meet up with old friends and to make some new. After an action-packed week in Las Vegas with both Black Hat and DEFCON, it’s time to bring all the new knowledge, insights and experiences back to base, share with our colleagues, and use what we’ve learned to develop new ways to improve our cybersecurity defences.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Lucidworks raises $100M to expand in AI-powered search-as-a-service for organizations

If the sheer amount of information that we can tap into using the internet has made the world our oyster, then the huge success of Google is a testament to how lucrative search can be in helping to light the way through that data maze.

Now, in a sign of the times, a startup called Lucidworks, which has built an AI-based engine to help individual organizations provide personalised search services for their own users, has raised $100 million in funding. Lucidworks believes its approach can produce better and more relevant results than other search services in the market, and it plans to use the funding for its next stage of growth to become, in the words of CEO Will Hayes, “the world’s next important platform.”

The funding is coming from PE firm Francisco Partners​ and ​TPG Sixth Street Partners​. Existing investors in the company include Top Tier Capital Partners, Shasta Ventures, Granite Ventures and Allegis Cyber.

Lucidworks has raised around $200 million in funding to date, and while it is not disclosing the valuation, the company says it has been doubling revenues each year for the last three and counts companies like Reddit, Red Hat, REI and the U.S. Census among some 400 others of its customers using its flagship product, Fusion. PitchBook notes that its last round in 2018 was at a modest $135 million, and my guess is that is up by quite some way.

The idea of building a business on search, of course, is not at all new, and Lucidworks works is in a very crowded field. The likes of Amazon, Google and Microsoft have built entire empires on search — in Google’s and Microsoft’s case, by selling ads against those search results; in Amazon’s case, by generating sales of items in the search results — and they have subsequently productised that technology, selling it as a service to others.

Alongside that are companies that have been building search-as-a-service from the ground up — like Elastic, Sumo Logic and Splunk (whose founding team, coincidentally, went on to found Lucidworks…) — both for back-office processes as well as for services that are customer-facing.

In an interview, Hayes said that what sets Lucidworks apart is how it uses machine learning and other AI processes to personalise those results after “sorting through mountains of data,” to provide enterprise information to knowledge workers, shopping results on an e-commerce site to consumers, data to wealth managers or whatever it is that is being sought.

Take the case of a shopping experience, he said by way of explanation. “If I’m on REI to buy hiking shoes, I don’t just want to see the highest-rated hiking shoes, or the most expensive,” he said.

The idea is that Lucidworks builds algorithms that bring in other data sources — your past shopping patterns, your location, what kind of walking you might be doing, what other people like you have purchased — to produce a more focused list of products that you are more likely to buy.

“Amazon has no taste,” he concluded, a little playfully.

Today, around half of Lucidworks’ business comes from digital commerce and digital content — searches of the kind described above for products, or monitoring customer search queries sites like Red Hat or Reddit — and half comes from knowledge worker applications inside organizations.

The plan will be to continue that proportion, while also adding other kinds of features — more natural language processing and more semantic search features — to expand the kinds of queries that can be made, and also cues that Fusion can use to produce results.

Interestingly, Hayes said that while it’s come up a number of times, Lucidworks doesn’t see itself ever going head-to-head with a company like Google or Amazon in providing a first-party search platform of its own. Indeed, that may be an area that has, for the time being at least, already been played out. Or it may be that we have turned to a time when walled gardens — or at least more targeted and curated experiences — are coming into their own.

“We still see a lot of runway in this market,” said Jonathan Murphy of Francisco Partners. “We were very attracted to the idea of next-generation search, on one hand serving internet users facing the pain of the broader internet, and on the other enterprises as an enterprise software product.” 

Lucidworks, it seems, has also entertained acquisition approaches, although Hayes declined to get specific about that. The longer-term goal, he said, “is to build something special that will stay here for a long time. The likelihood of needing that to be a public company is very high, but we will do what we think is best for the company and investors in the long run. But our focus and intention is to continue growing.”

Polarity raises $8.1M for its AI software that constantly analyzes employee screens and highlights key info

Reference docs and spreadsheets seemingly make the world go ’round, but what if employees could just close those tabs for good without losing that knowledge?

One startup is taking on that complicated challenge. Predictably, the solution is quite complicated, as well, from a tech perspective, involving an AI solution that analyzes everything on your PC screen — all the time — and highlights text onscreen for which you could use a little bit more context. The team at Polarity wants its tech to help teams lower the knowledge barrier to getting stuff done and allow people to focus more on procedure and strategy than memorizing file numbers, IP addresses and jargon.

The Connecticut startup just closed an $8.1 million “AA” round led by TechOperators, with Shasta Ventures, Strategic Cyber Ventures, Gula Tech Adventures and Kaiser Permanente Ventures also participating in the round. The startup closed its $3.5 million Series A in early 2017.

Interestingly, the enterprise-centric startup pitches itself as an AR company, augmenting what’s happening on your laptop screen much like a pair of AR glasses could.

The startup’s computer vision software that uses character recognition to analyze what’s on a user’s screen can be helpful for enterprise teams importing things like a company Rolodex so that bios are always collectively a click away, but the real utility comes from team-wide flagging of things like suspicious IP addresses that will allow entire teams to learn about new threats and issues at the same time without having to constantly check in with their co-workers. The startup’s current product has a big focus on analysts and security teams.

Polarity before and after two

via Polarity

Using character recognition to analyze a screen for specific keywords is useful in itself, but that’s also largely a solved computer vision problem.

Polarity’s big advance has been getting these processes to occur consistently on-device without crushing a device’s CPU. CEO Paul Battista says that for the average customer, Polarity’s software generally eats up about 3-6% of their computer’s processing power, though it can spike much higher if the system is getting fed a ton of new information at once.

“We spent years building the tech to accomplish [efficiency], readjusting how people think of [object character recognition] and then doing it in real time,” Battista tells me. “The more data that you have onscreen, the more power you use. So it does use a significant percentage of the CPU.”

Why bother with all of this AI trickery and CPU efficiency when you could pull this functionality off in certain apps with an API? The whole deliverable here is that it doesn’t matter if you’re working in Chrome, or Excel or pulling up a scanned document, the software is analyzing what’s actually being rendered onscreen, not what the individual app is communicating.

When it comes to a piece of software analyzing everything on your screen at all times, there are certainly some privacy concerns, not only from the employee’s perspective but from a company’s security perspective.

Battista says the intent with this product isn’t to be some piece of corporate spyware, and that it won’t be something running in the background — it’s an app that users will launch. “If [companies] wanted to they could collect all of the data on everybody’s screens, but we don’t have any customers doing that. The software is built to have a user interface for users to interact with so if the user didn’t choose to subscribe or turn on a metric, then [the company] wouldn’t be able to force them to collect it in the current product.”

Battista says that teams at seven Fortune 100 companies are currently paying for Polarity, with many more in pilot programs. The team is currently around 20 people and with this latest fundraise, Battista wants to double the size of the team in the next 18 months as they look to scale to larger rollouts at major companies.

Rimeto lands $10M Series A to modernize the corporate directory

The notion of the corporate directory has been around for many years, but in a time of more frequent turnover and shifting responsibilities, the founders of Rimeto, a 3 year old San Francisco startup, wanted to update it to reflect those changes.

Today, the company announced a $10 million Series A investment from USVP, Bow Capital, Floodgate and Ray Dalio, founder of Bridgewater Associates.

Co-founder Ted Zagat says that the founders observed shifting workplace demographics and changes in the way people work. They believed it required a better to way to locate people inside large organizations, which typically used homegrown methods or relied on Outlook or other corporate email systems.

“On one hand, we have people being asked to work much more collaboratively and cross-functionally. On the other, is an increasingly fragmented workplace. Employees really need help to be able to understand each other and work together effectively. That’s a real challenge for them,” Zagat explained.

Rimeto has developed a richer directory by sitting between various corporate systems like HR, CRM and other tools that contain additional details about the employee. It of course includes a name, title, email and phone like the basic corporate system, but it goes beyond that to find areas of expertise, projects the person is working on and other details that can help you find the right person when you’re searching the directory.

Rimeto product version 1 1

Rimeto directory on mobile and web. Screenshot: Rimeto

Zagat says that by connecting to these various corporate systems and layering on a quality search tool with a variety of filters to narrow the search, it can help employees connect to others inside an organization more easily, something that is often difficult to do in large companies.

The tool can be accessed via web or mobile app, or incorporated into a company intranet. It could also be accessed from a tool like Slack or Microsoft Teams.

The three founders — Zagat, Neville Bowers and Maxwell Hayman — all previously worked at Facebook. Unlike a lot of early stage startups, the company has paying customers (although it won’t share exactly how many) and reports that it’s cash-flow positive. Up to this point, the three founders had boot-strapped the company, but they wanted to go out and raise some capital to begin to expand more rapidly.

SEC Investigating Data Leak at First American Financial Corp.

The U.S. Securities and Exchange Commission (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp. that exposed more than 885 million personal and financial records tied to mortgage deals going back to 2003, KrebsOnSecurity has learned.

First American Financial Corp.

In May, KrebsOnSecurity broke the news that the Web site for Santa Ana, Calif.-based First American [NYSE:FAFexposed some 885 million documents related to real estate closings over the past 16 years, including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts and drivers license images. No authentication was required to view the documents.

The initial tip on that story came from Ben Shoval, a real estate developer based in Seattle. Shoval said he recently received a letter from the SEC’s enforcement division which stated the agency was investigating the data exposure to determine if First American had violated federal securities laws.

In its letter, the SEC asked Shoval to preserve and share any documents or evidence he had related to the data exposure.

“This investigation is a non-public, fact-finding inquiry,” the letter explained. “The investigation does not mean that we have concluded that anyone has violated the law.”

The SEC declined to comment for this story.

Word of the SEC investigation comes weeks after regulators in New York said they were investigating the company in what could turn out to be the first test of the state’s strict new cybersecurity regulation, which requires financial companies to periodically audit and report on how they protect sensitive data, and provides for fines in cases where violations were reckless or willful. First American also is now the target of a class action lawsuit that alleges it “failed to implement even rudimentary security measures.”

First American has issued a series of statements over the past few months that seem to downplay the severity of the data exposure, which the company said was the result of a “design defect” in its Web site.

On June 18, First American said a review of system logs by an outside forensic firm, “based on guidance from the company, identified 484 files that likely were accessed by individuals without authorization. The company has reviewed 211 of these files to date and determined that only 14 (or 6.6%) of those files contain non-public personal information. The company is in the process of notifying the affected consumers and will offer them complimentary credit monitoring services.”

In a statement on July 16, First American said its now-completed investigation identified just 32 consumers whose non-public personal information likely was accessed without authorization.

“These 32 consumers have been notified and offered complimentary credit monitoring services,” the company said.

First American has not responded to questions about how long this “design defect” persisted on its site, how far back it maintained access logs, or how far back in those access logs the company’s review extended.

Updated, Aug, 13, 8:40 a.m.: Added “no comment” from the SEC.

India’s Reliance Jio inks deal with Microsoft to expand Office 365, Azure to more businesses; unveils broadband, blockchain, and IoT platforms

India’s richest man’s Reliance Jio, which has disrupted the local telecom and features phone markets in less than three years of its existence, is ready to foray into many more businesses.

In a series of announcements Monday, that included a long-term partnership with global giant Microsoft, Reliance Jio said it will commercially roll out its broadband service next month; an IoT platform with ambitions to power more than a billion devices on January 1 next year; “one of the world’s biggest blockchain networks” in the next 12 months; all while also scaling its retail and commerce businesses.

The broadband service, called Jio Fiber, is aimed at individual customers, small and medium sized businesses, as well as enterprises, Mukesh Ambani, Chairman and Managing Director of Reliance Industries and Asia’s richest man, said at a shareholders meeting today.

The service, which is being initially targeted at 20 million homes and 15 million businesses in 1,600 towns, will start rolling out commercially starting September 5. Ambani said more than half a million customers have already been testing the broadband service, which was first unveiled last year.

The broadband service will come bundled with access to hundreds of TV channels and free calls across India and at discounted rates to the U.S. and Canada, Ambani said. The service, the cheapest tier of which will offer internet speeds of 100Mbps, will be priced at Rs 700 (~$10) a month. The company said it will offer various plans to meet a variety of needs including those of customers who want access to gigabit internet speeds.

Continuing its tradition to woo users with significant “free stuff,” Jio, which is a subsidiary of India’s largest industrial house (Reliance Industries) said customers who opt for the yearly-plan of its fiber broadband will be provided with the set top box and an HD or 4K TV at no extra charge. Specific details wasn’t immediately available. A premium tier, which will be available starting next year, will allow customers to watch many movies on the day of their public release.

The broadband service will bundle games from many popular studios including Microsoft Game Studios, Riot Games, Tencent Games, and Gameloft, Jio said.

Partnership with Microsoft

The company also announced a 10-year partnership with Microsoft to launch new cloud data-centers in India to ensure “more of Jio’s customers can access the tools and platforms they need to build their own digital capability,” said Microsoft CEO Satya Nadella in a video appearance Monday.

ambani nadella

Microsoft CEO Satya Nadella talks about the company’s partnership with Reliance Jio

“At Microsoft, our mission is to empower every person and every organization on the planet to achieve more. Core to this mission is deep partnerships, like the one we are announcing today with Reliance Jio. Our ambition is to help millions of organizations across India thrive and grow in the era of rapid technological change.”

“Together, we will offer a comprehensive technology solution, from compute to storage, to connectivity and productivity for small and medium-sized businesses everywhere in the country,” he added.

As part of the partnership, Nadella said, Jio and Microsoft will jointly offer Azure, Microsoft 365, and Microsoft AI platforms to more organizations in India, and also bring Azure Cognitive Services to more devices and in 13 Indian languages to businesses in the country. The solutions will be “accessible” to reach as many people and organizations in India as possible, he added. The cloud services will be offered to businesses for as little as Rs 1,500 ($21) per month.

The first two data-centers will be set up in Gujarat and Maharashtra by next year. Jio will migrate all of its non-networking apps to Microsoft Azure platform and promote its adoption among its ecosystem of startups, the two said in a joint statement.

The foray into broadband business and push to court small enterprises come as Reliance Industries, which dominates the telecom and retail spaces in India, attempts to diversify from its marquee oil and gas business. Reliance Jio, the nation’s top telecom operator, has amassed more than 340 million subscribers in less than three years of its commercial operations.

At the meeting, Ambani also unveiled that the Saudi Arabia’s state-owned oil producer Aramco was buying 20% stake in $75 billion worth Reliance Industries’ oil-to-chemicals business.

Like other Silicon Valley companies, Microsoft sees massive potential in India, where tens of millions of users and businesses have come online for the first time in recent years. Cloud services in India are estimated to generate a revenue of $2.4 billion this year, up about 25% from last year, according to research firm Gartner. Microsoft has won several major clients in India in recent years, including insurace giant ICICI Lombard.

Today’s partnership could significantly boost Microsoft’s footprint in India, posing bigger headache for Amazon and Google.

Ambani also said Reliance Retail, the nation’s largest retailer, is working on a “digital stack” to create a new commerce partnership platform in India to reach tens of millions of merchants, consumers, and producers. Ambani said Reliance Industries plans to list both Reliance Retail and Jio publicly in the next years.

“We have received strong interests from strategic and financial investors in our consumer businesses — Jio and Reliance Retail. We will induct leading global partners in these businesses in the next few quarters and move towards listing of both these companies within the next five years,” he said.

The announcement comes weeks after Reliance Industries acquired majority stake in Fynd, a Mumbai-based startup that connects brick and mortar retailers with online stores and consumers, for $42.3 million. Reliance Industries has previously stated plans to launch a new e-commerce firm in the country.

Without revealing specific details, Ambani also said that Jio is building an IoT platform to control at least one billion of the two billion IoT devices in India by next year. He said he sees IoT as a $2.8 billion revenue opportunity for Jio. Similarly, the company also plans to expand its blockchain network across India, he said.

“Using blockchain, we can deliver unprecedented security, trust, automation, and efficiency to almost any type of transaction. And using blockchain, we also have an opportunity to invent a brand-new model for data privacy where Indian data, especially customer data is owned and controlled through technology by the Indian people and not by corporate, especially global corporations,” he added.

Black Hat 2019 | It’s a Wrap!

While DefCon 27 gets underway, we were still going strong on the final day of Black Hat USA 2019. It seems nothing will dent the enthusiasm of the hardcore hacker crew, and despite several days of trainings, parties and briefings already behind them, visitors to the Business Hall had no intention of letting the opportunity to see the latest tech innovations pass them by. At the SentinelOne booth, we also had plenty going on. Here’s a quick run down of the day.

Our Demos – Seeing Is Believing

Our EPP demonstration showed just how unique our offering is and was a major hit both today and on Wednesday. Not only is it extremely lightweight and able to work online or offline, it also includes suite features you need such as device control and firewall control. On top of that, it offers automated remediation and rollback so that you can recover from attacks like ransomware with ease and without the need for backups.

We also demonstrated how ActiveEDR makes SentinelOne truly unique and ahead of the competition. With ActiveEDR, SentinelOne offers visibility and threat hunting that is easy to use, providing rich context and fewer alerts. We see everything as a rich story with context and meaning – and that is the backbone of our technology.

Ranger IoT is the one that everyone wanted to see. This new capability  provides awareness, context, and control of everything that is connected to your network. SentinelOne Ranger transforms every connected endpoint into a network detection device capable of identifying malicious activity. No more surprises with what is connected to your network.  This data streams directly into our threat hunting module and provides more context than you’ve ever been able to see before.

Locking Down Your Data with Cigent

Steve Nicol from Cigent Technologies was on hand to explain how, by integrating with SentinelOne, our customers can quickly detect hacking activity in real time and lock down files to protect vital data. Data breaches are a costly and embarrassing experience for any company; Cigent’s integration will help ensure your data stays where it belongs.

Next Level SIEM with Exabeam and SentinelOne

Exabeam’s Dan Malkovich was up next to showcase how their SIEM tools and SentinelOne work together to provide the data enterprises need to stay safe. Dan talked about how Exabeam ingests data directly from SentinelOne’s platform and allows customers to combine that with data from other IT and security tools to provide analysts with maximum visibility.

Detecting Evasive Malware with VMRay Sandboxing

Chad Loeven came to the booth to demonstrate how VMRay’s integration with SentinelOne provides our customers with seamless malware analysis and detection, accelerating response times to combat new and evasive malware. 

Chad explained how VMRay’s sandboxing capabilities uniquely combine static and real-time reputation engines to detect threats and extract IoCs to provided actionable intelligence. 

Conclusion

Another Black Hat has come and gone, and with almost 20,000 attendees there’s no doubt that it’s been a unique experience. We were thrilled to meet all of you that came by the SentinelOne booth yesterday and today, whether it was just for a chat or to take in some of the demos and great presentations that we hosted. Many thanks to all those that helped make it possible, including our guest speakers, support staff, the BH organizers and of course, you, too, without whom this great event wouldn’t be possible. See you next year (if we don’t see you before)! 


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

The Good, the Bad and the Ugly in Cybersecurity – Week 32

The Good

This week was all about Black Hat 2019, the annual hacker con that meets in Las Vegas to offer training, briefings, and showcases of the latest security technology. Some of the good news to come out of Black Hat aside from our own announcements includes an expanded Apple bug bounty program for researchers. Starting this Fall, Apple will open up the program to all researchers across all its platforms, with up to $1million on offer for zero-click vulnerabilities that lead to complete kernel exploitation. The week continues for cybersecurity enthusiasts with Def Con 27 running from Thursday through to Sunday.

image of defcon badge
Source

Chipmaker Broadcom has announced a cash buy-out of Symantec’s enterprise business for $10.7 billion. The cybersecurity firm has been going through a rough patch of late, with turbulence in the boardroom and declining revenues, so the buy-out should be welcome news to Symantec shareholders. Not everyone was pleased about the acquistion, though. “[It’s a dinosaur] buying another dinosaur before both dinosaurs go out of business,” Herjavec Group CEO Robert Herajvec said, while commenting on the deal.

The Bad

IoT devices have been the focus of a campaign targeting public and private organizations by Russian-state backed APT group Fancy Bear, aka APT28 and Strontium, according to researchers at Microsoft. The campaign, thought to have begun in April, penetrates enterprise networks by leveraging simple vulnerabilities such as default passwords and outdated firmware on network-connected devices like printers, VOIP phones and video decoders. Once an IoT device is infected, the attackers are able to conduct a network scan and attempt lateral movement into higher privileged accounts. 

New figures from IBM reveal that the number of ransomware attacks appears to have doubled in the last six months. The stats show that on average, an enterprise ransomware infection cripples around 12,000 devices and requires over 500 hours of incident response.  Multinationals that fall victim to ransomware are suffering loses of $239 million on average, the report claims. 

The Ugly

Spectre is back, well it’s been back and gone again! Microsoft silently patched a hitherto unknown vulnerability affecting Intel CPUs in July, but the side channel attack could have been leaking encryption keys, passwords, private conversations and more if it had been exploited prior to that. Classified as CVE-2019-1125, the flaw made it possible for attackers to exploit the SWAPGS instruction and move data held in kernel memory to user memory.

Controversy has erupted around Amazon’s home security service Ring, which offers real-time crime and safety alerts from neighbors in part by sharing footage from video doorbells. Not all Ring users are inclined to share, however. Concern has been raised that Ring are coaching law enforcement agencies on both how to get users to “play ball” as well as how to drive downloads of Ring’s smartphone app. Claims that police officers can obtain footage without a warrant directly from Amazon were denied by the company.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Preclusio uses machine learning to comply with GDPR, other privacy regulations

As privacy regulations like GDPR and the California Consumer Privacy Act proliferate, more startups are looking to help companies comply. Enter Preclusio, a member of the Y Combinator Summer 2019 class, which has developed a machine learning-fueled solution to help companies adhere to these privacy regulations.

“We have a platform that is deployed on-prem in our customer’s environment, and helps them identify what data they’re collecting, how they’re using it, where it’s being stored and how it should be protected. We help companies put together this broad view of their data, and then we continuously monitor their data infrastructure to ensure that this data continues to be protected,” company co-founder and CEO Heather Wade told TechCrunch.

She says that the company made a deliberate decision to keep the solution on-prem. “We really believe in giving our clients control over their data. We don’t want to be just another third-party SaaS vendor that you have to ship your data to,” Wade explained.

That said, customers can run it wherever they wish, whether that’s on-prem or in the cloud in Azure or AWS. Regardless of where it’s stored, the idea is to give customers direct control over their own data. “We are really trying to alert our customers to threats or to potential privacy exceptions that are occurring in their environment in real time, and being in their environment is really the best way to facilitate this,” she said.

The product works by getting read-only access to the data, then begins to identify sensitive data in an automated fashion using machine learning. “Our product automatically looks at the schema and samples of the data, and uses machine learning to identify common protected data,” she said. Once that process is completed, a privacy compliance team can review the findings and adjust these classifications as needed.

Wade, who started the company in March, says the idea formed at previous positions where she was responsible for implementing privacy policies and found there weren’t adequate solutions on the market to help. “I had to face the challenges first-hand of dealing with privacy and compliance and seeing how resources were really taken away from our engineering teams and having to allocate these resources to solving these problems internally, especially early on when GDPR was first passed, and there really were not that many tools available in the market,” she said.

Interestingly Wade’s co-founder is her husband, John. She says they deal with the intensity of being married and startup founders by sticking to their areas of expertise. He’s the marketing person and she’s the technical one.

She says they applied to Y Combinator because they wanted to grow quickly, and that timing is important with more privacy laws coming online soon. She has been impressed with the generosity of the community in helping them reach their goals. “It’s almost indescribable how generous and helpful other folks who’ve been through the YC program are to the incoming batches, and they really do have that spirit of paying it forward,” she said.