Proxyclick raises $15M Series B for its visitor management platform

If you’ve ever entered a company’s office as a visitor or contractor, you probably know the routine: check in with a receptionist, figure out who invited you, print out a badge and get on your merry way. Brussels, Belgium and New York-based Proxyclick aims to streamline this process, while also helping businesses keep their people and assets secure. As the company announced today, it has raised a $15 million Series B round led by Five Elms Capital, together with previous investor Join Capital.

In total, Proxyclick says its systems have now been used to register more than 30 million visitors in 7,000 locations around the world. In the U.K. alone, more than 1,000 locations use the company’s tools. Current customers include L’Oréal, Vodafone, Revolut, PepsiCo and Airbnb, as well as a number of other Fortune 500 firms.

Gregory Blondeau, founder and CEO of Proxyclick, stresses that the company believes that paper logbooks, which are still in use in many companies, are simply not an acceptable solution anymore, not in the least because that record is often permanent and visible to other visitors.

Proxyclick’s founding team.

“We all agree it is not acceptable to have those paper logbooks at the entrance where everyone can see previous visitors,” he said. “It is also not normal for companies to store visitors’ digital data indefinitely. We already propose automatic data deletion in order to respect visitor privacy. In a few weeks, we’ll enable companies to delete sensitive data such as visitor photos sooner than other data. Security should not be an excuse to exploit or hold visitor data longer than required.”

What also makes Proxyclick stand out from similar solutions is that it integrates with a lot of existing systems for access control (including C-Cure and Lenel systems). With that, users can ensure that a visitor only has access to specific parts of a building, too.

In addition, though, it also supports existing meeting rooms, calendaring and parking systems, and integrates with Wi-Fi credentialing tools so your visitors don’t have to keep asking for the password to get online.

Like similar systems, Proxyclick provides businesses with a tablet-based sign-in service that also allows them to get consent and NDA signatures right during the sign-in process. If necessary, the system also can compare the photos it takes to print out badges with those on a government-issued ID to ensure your visitors are who they say they are.

Blondeau noted that the whole industry is changing, too. “Visitor management is becoming mainstream, it is transitioning from a local, office-related subject handled by facility managers to a global, security and privacy-driven priority handled by chief information security officers. Scope, decision drivers and key people involved are not the same as in the early days,” he said.

It’s no surprise then that the company plans to use the new funding to accelerate its roadmap. Specifically, it’s looking to integrate its solution with more third-party systems with a focus on physical security features and facial recognition, as well as additional new enterprise features.

In latest JEDI contract drama, AWS files motion to stop work on project

When the Department of Defense finally made a decision in October on the decade-long, $10 billion JEDI cloud contract, it seemed that Microsoft had won. But nothing has been simple about this deal from the earliest days, so it shouldn’t come as a surprise that last night Amazon filed a motion to stop work on the project until the court decides on its protest of the DoD’s decision.

The company announced on November 22nd that it had filed suit in the U.S. Court of Federal Claims protesting the DoD’s decision to select Microsoft. Last night’s motion is an extension of that move to put the project on hold until the court decides on the merits of the case.

Sources tell us that AWS decided not protest the start of initial JEDI activities at the time of the court filing in November as an accommodation made at DoD’s request. DoD declined to comment on that.

As for why they are doing it now, an Amazon spokesperson had this to say in a statement last night: “It is common practice to stay contract performance while a protest is pending and it’s important that the numerous evaluation errors and blatant political interference that impacted the JEDI award decision be reviewed. AWS is absolutely committed to supporting the DoD’s modernization efforts and to an expeditious legal process that resolves this matter as quickly as possible.”

As we previously reported, the statement echoes sentiments AWS CEO Andy Jassy made at a press event during AWS re:Invent in December:

“I would say is that it’s fairly obvious that we feel pretty strongly that it was not adjudicated fairly,” he said. He added, “I think that we ended up with a situation where there was political interference. When you have a sitting president, who has shared openly his disdain for a company, and the leader of that company, it makes it really difficult for government agencies, including the DoD, to make objective decisions without fear of reprisal.”

This is just the latest turn in a contract procurement process for the ages. It will now be up to the court to decide if the project should stop or not, and beyond that if the decision process was carried out fairly.

Xerox wants to replace HP board that rejected takeover bid

In Xerox’s latest effort to get HP to bend to its will and combine the two companies, it announced its intent today to try to replace the entire HP board of directors at the company’s stockholder’s meeting in April. That would be the same board that unanimously rejected Xerox’s takeover bid.

Xerox and HP have been playing a highly public game of tit for tat in recent months. Xerox wants very much to combine with HP, and offered $34 billion, an offer HP summarily rejected at the end of last year. Xerox threatened to take it to shareholders.

Now it wants to take over the board, announcing today that it had nominated 11 people to replace the current slate of directors.

As you might imagine, HP was none too pleased with this latest move by Xerox. “We believe these nominations are a self-serving tactic by Xerox to advance its proposal, that significantly undervalues HP and creates meaningful risk to the detriment of HP shareholders,” HP fired back in a statement today emailed to TechCrunch.

It went on to blame Xerox shareholder Carl Icahn for the continued pressure. “We believe that Xerox’s proposal and nominations are being driven by Carl Icahn, and his large ownership position in Xerox means that his interests are not aligned with those of other HP shareholders. Due to Mr. Icahn’s ownership position, he would disproportionately benefit from an acquisition of HP by Xerox at a price that undervalues HP,” the company stated.

The two companies exchanged increasingly harsh letters in November as Xerox signaled its intent to take over the much larger HP. HP questioned Xerox’s ability to raise the money, but earlier this month it announced had in fact raised the $24 billion it would need to buy the company. HP was still not convinced.

Today’s exchange is just the latest between the two companies in an increasingly hostile bid by Xerox to combine the two companies.

As SaaS stocks set new records, Atlassian’s earnings show there’s still room to grow

Hello and welcome back to our regular morning look at private companies, public markets and the gray space in between.

SaaS stocks had a good run in late 2019. TechCrunch covered their ascent, a recovery from early-year doldrums and a summer slowdown. In 2020 so far, SaaS and cloud stocks have surged to all-time highs. The latest records are only a hair higher than what the same companies saw in July of last year, but they represent a return to form all the same.

Given that public SaaS companies have now managed to crest their prior highs and have been rewarded for doing so with several days of flat trading, you might think that there isn’t much room left for them to rise. Not so, at least according to Atlassian . The well-known software company reported earnings after-hours yesterday and the market quickly pushed its shares up by more than 10%.

Why? It’s worth understanding, because if we know why Atlassian is suddenly worth lots more, we’ll better grok what investors — public and private — are hunting for in SaaS companies and how much more room they may have to rise.

Does Your Domain Have a Registry Lock?

If you’re running a business online, few things can be as disruptive or destructive to your brand as someone stealing your company’s domain name and doing whatever they wish with it. Even so, most major Web site owners aren’t taking full advantage of the security tools available to protect their domains from being hijacked. Here’s the story of one recent victim who was doing almost everything possible to avoid such a situation and still had a key domain stolen by scammers.

On December 23, 2019, unknown attackers began contacting customer support people at OpenProvider, a popular domain name registrar based in The Netherlands. The scammers told the customer representatives they had just purchased from the original owner the domain e-hawk.net — which is part of a service that helps Web sites detect and block fraud — and that they were having trouble transferring the domain from OpenProvider to a different registrar.

The real owner of e-hawk.net is Raymond Dijkxhoorn, a security expert and entrepreneur who has spent much of his career making life harder for cybercrooks and spammers. Dijkxhoorn and E-HAWK’s CEO Peter Cholnoky had already protected their domain with a “registrar lock,” a service that requires the registrar to confirm any requested changes with the domain owner via whatever communications method is specified by the registrant.

In the case of e-hawk.net, however, the scammers managed to trick an OpenProvider customer service rep into transferring the domain to another registrar with a fairly lame social engineering ruse — and without triggering any verification to the real owners of the domain.

Specifically, the thieves contacted OpenProvider via WhatsApp, said they were now the rightful owners of the domain, and shared a short screen grab video showing the registrar’s automated system blocking the domain transfer (see video below).

“The support agent helpfully tried to verify if what the [scammers] were saying was true, and said, ‘Let’s see if we can move e-hawk.net from here to check if that works’,” Dijkxhoorn said. “But a registrar should not act on instructions coming from a random email address or other account that is not even connected to the domain in question.”

Dijkxhoorn shared records obtained from OpenProvider showing that on Dec. 23, 2019, the e-hawk.net domain was transferred to a reseller account within OpenProvider. Just three days later, that reseller account moved e-hawk.net to another registrar — Public Domain Registry (PDR).

“Due to the previously silent move to another reseller account within OpenProvider, we were not notified by the registrar about any changes,” Dijkxhoorn said. “This fraudulent move was possible due to successful social engineering towards the OpenProvider support team. We have now learned that after the move to the other OpenProvider account, the fraudsters could silently remove the registrar lock and move the domain to PDR.”

REGISTRY LOCK

Dijkxhoorn said one security precaution his company had not taken with their domain prior to the fraudulent transfer was a “registry lock,” a more stringent, manual (and sometimes offline) process that effectively neutralizes any attempts by fraudsters to social engineer your domain registrar.

With a registry lock in place, your registrar cannot move your domain to another registrar on its own. Doing so requires manual contact verification by the appropriate domain registry, such as Verisign — which is the authoritative registry for all domains ending in .com, .net, .name, .cc, .tv, .edu, .gov and .jobs. Other registries handle locks for specific top-level or country-code domains, including Nominet (for .co.uk or .uk domains), EURID (for .eu domains), CNNIC for (for .cn) domains, and so on.

According to data provided by digital brand protection firm CSC, while domains created in the top three most registered top-level domains (.com, .jp and .cn) are eligible for registry locks, just 22 percent of domain names tracked in Forbes’ list of the World’s Largest Public Companies have secured registry locks.

Unfortunately, not all registrars support registry locks (a list of top-level domains that do allow registry locks is here, courtesy of CSC). But as we’ll see in a moment, there are other security precautions that can and do help if your domain somehow ends up getting hijacked.

Dijkxhoorn said his company first learned of the domain theft on Jan. 13, 2020, which was the date the fraudsters got around to changing the domain name system (DNS) settings for e-hawk.net. That alert was triggered by systems E-HAWK had previously built in-house that continually monitor their stable of domains for any DNS changes.

By the way, this continuous monitoring of one’s DNS settings is a powerful approach to help blunt attacks on your domains and DNS infrastructure. Anyone curious about why this might be a good approach should have a look at this deep-dive from 2019 on “DNSpionage,” the name given to the exploits of an Iranian group that has successfully stolen countless passwords and VPN credentials from major companies via DNS-based attacks.

DNSSEC

Shortly after pointing e-hawk.net’s DNS settings to a server they controlled, the attackers were able to obtain at least one encryption certificate for the domain, which could have allowed them to intercept and read encrypted Web and email communications tied to e-hawk.net.

But that effort failed because E-HAWK’s owners also had enabled DNSSEC for their domains (a.k.a. “DNS Security Extensions”), which protects applications from using forged or manipulated DNS data by requiring that all DNS queries for a given domain or set of domains be digitally signed.

With DNSSEC properly enabled, if a name server determines that the address record for a given domain has not been modified in transit, it resolves the domain and lets the user visit the site. If, however, that record has been modified in some way or doesn’t match the domain requested, the name server blocks the user from reaching the fraudulent address.

While fraudsters who have hijacked your domain and/or co-opted access to your domain registrar can and usually will try to remove any DNSSEC records associated with the hijacked domain, it generally takes a few days for these updated records to be noticed and obeyed by the rest of the Internet.

As a result, having DNSSEC enabled for its domains bought E-HAWK an additional 48 hours or so with which to regain control over its domain before any encrypted traffic to and from e-hawk.net could have been intercepted.

In the end, E-HAWK was able to wrest back its hijacked domain in less than 48 hours, but only because its owners are on a first-name basis with many of the companies that manage the Internet’s global domain name system. Perhaps more importantly, they happened to know key people at PDR — the registrar to which the thieves moved the stolen domain.

Dijkxhoorn said without that industry access, E-HAWK probably would still be waiting to re-assume control over its domain.

“This process is normally not that quick,” he said, noting that most domains can’t be moved for at least 60 days after a successful transfer to another registrar.

In an interview with KrebsOnSecurity, OpenProvider CEO and Founder Arno Vis said said OpenProvider is reviewing its procedures and building systems to prevent support employees from overriding security checks that come with a registrar lock.

“We are building an extra layer of approval for things that support engineers shouldn’t be doing in the first place,” Vis said. “As far as I know, this is the first time something like this has happened to us.”

As in this case, crooks who specialize in stealing domains often pounce during holidays, when many registrars are short on well-trained staff. But Vis said the attack against E-HAWK targeted the company’s most senior support engineer.

“This is why social engineering is such a tricky thing, because in the end you still have a person who has to make a decision about something and in some cases they don’t make the right decision,” he said.

WHAT CAN YOU DO?

To recap, for maximum security on your domains, consider adopting some or all of the following best practices:

-Use registration features like Registry Lock that can help protect domain names records from being changed. Note that this may increase the amount of time it takes going forward to make key changes to the locked domain (such as DNS changes).

-Use DNSSEC (both signing zones and validating responses).

-Use access control lists for applications, Internet traffic and monitoring.

-Use 2-factor authentication, and require it to be used by all relevant users and subcontractors.

-In cases where passwords are used, pick unique passwords and consider password managers.

-Review the security of existing accounts with registrars and other providers, and make sure you have multiple notifications in place when and if a domain you own is about to expire.

-Monitor the issuance of new SSL certificates for your domains by monitoring, for example, Certificate Transparency Logs.

Enterprise & IoT | 500,000 Passwords Leak & What It Means For You

The rising trend in IoT devices on corporate networks brings with it an increased, and often invisible, risk of exposed assets. From printers and security cameras to “smart” office novelties, most of these wired devices come with baked-in default login credentials that are widely known and shared among cyber criminals. Even when a policy exists to change these defaults, many organizations use easily guessable passwords for the convenience of IT maintenance. While it’s true that managing risk can often be a trade-off between security and convenience, there’s no doubt that improperly managed IoT and other devices offer a path to compromise just waiting to be exploited.

image of leaked passwords

Exactly that danger was graphically illustrated this week when a list of over half a million Telnet credentials belonging to severs, home routers and IoT devices were dumped on a hacking forum. The dump included the IP address, username and password for each of some 515,000 devices’ Telnet ports. 

image of telnet password leak

 Source

Is Telnet Still a (IoT) Thing?

Most networking admins will know all about telnet, which remains a popular networking tool, but if you’re not familiar with it don’t be surprised. It’s been disabled in Windows Desktop versions by default for a long time, and Apple completely removed  the telnet client from macOS 10.12 High Sierra (i.e., September 2017) onwards. Both major OSs regard telnet’s clear text communication protocol as a security hazard and recommend other more secure options like SSH. 

However, while telnet may have been the protocol targeted in this case, the issue is less with which protocol these devices use than it is with the failure of admins to use secure passwords to protect them. Indeed, this is the exact same methodology notoriously deployed to such great effect over three years ago by the original Mirai botnet attack. Clearly, lessons have not been learned.

How Do Hackers Discover Device Passwords?

The list of leaked credentials was compiled, and leaked, by a cyber criminal running a DDoS (Distributed Denial of Service) for Hire Attack service. Such services provide low-level threat actors (aka ‘Script Kiddies’) with the ability to target specific web sites or domains that they want to disrupt. Ordinarily, we’d expect the people behind such services to keep a list of compromised devices for their own use. However, in this case, the leaker said he no longer needed to use IoT botnets and had switched to “renting high output servers from cloud providers” instead. That suggests the list was compiled sometime before the leaker had decided on his new strategy, and indeed the ‘Date Modified’ file metadata in the dump span through October and November of last year. 

For IT and Security admins, the greatest concern here should be the ease with which such a list can be compiled. Port scanners like Masscan and NMAP can rapidly surveil the entire Internet, and services like Shodan can be used to collect data on servers with open FTP, SSH, Telnet , RTSP and other ports. This data can then be used to access things like webcams, routers and other connected devices. 

Attackers can not only quickly scan for open ports but also test them for default credentials like admin:admin and root:root. Offensive security tools like hydra can automate password cracking against remote targets through brute force and password spraying, in which a list of commonly used or weak passwords are tested against each account.

In the video below, we demonstrate how easy it is for attackers to harvest leaked passwords from public resources and use them to login to a Ring device, but the same principle applies regardless of the platform or kind of device targeted.

The effectiveness of this technique is evidenced by the size of the recent dump, and the fact that in 2017 a similar dump yielded over 30,000 account credentials. While that dump probably whittled down to no more than 8000 or so valid, unique credentials, that’s still a sizeable army for a botnet to recruit. More worryingly, every device whose credentials are leaked in dumps like these represents a possible entry point to business compromise and lateral movement if it belongs to a device connected to an enterprise network.

Forgotten Devices | Invisible Threats on Your Network

Aside from the danger of network admins using weak or default passwords for maintenance convenience, there is also the danger of forgotten devices. 

The ease with which ‘smart’ devices like printers and security cameras can be set up in a plug-and-play manner and then be forgotten is a danger for any enterprise that does not have full visibility across its networks.

Add to that the fact that many embedded devices can be difficult or impossible to patch, it’s easy to see that even a device bought today and protected by strong credentials could become a risk in the future when its OS or firmware have been found to contain exploitable bugs. Without a full and updated inventory of what’s running on your network, the danger of “forgetting” about devices that could at some point be exploited is one that businesses can’t afford to ignore.

If the situation is worrying, the good news is it is entirely preventable. First, implement and enforce a password policy for your IoT devices just like you would for any other device. Second, ensure you have the tools for full network visibility and control so that forgotten assets can be discovered and managed.

Conclusion

Any connected device with an open, internet-facing port will be found and tested by cyber criminals. Not just “one day”, but likely thousands of times a day. Any device that is not secured with a strong password will almost certainly be compromised. Being recruited into a botnet is probably the least worst fate in such a scenario. The far more worrying possibility is that an exposed asset will serve as an entry point into your network for ransomware, Emotet, TrickBot or any other number of trojans, or lateral movement by a targeted attacker. We are not helpless here, however. Device security is manageable provided you have visibility and enforce secure password protocols. If you’d like to see how SentinelOne can help improve the security of IoT and all other devices across your network, contact us or request a free demo


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Crisp, the demand forecast platform for the food industry, goes live

The food industry may be the biggest industry in the world, but it’s also one of the least efficient. BCG says 1.6 billions tons of food, worth $1.2 trillion, is wasted in food every year and those numbers are only expected to go up.

A number of players have stepped up to try and solve their own portion of the problem, and one such solution is Crisp. The company, which received $14 million in Series A funding last year led by FirstMark Capital, is today going live with its platform (which has been in beta).

Crisp aims to solve the global food waste problem via demand forecasts. Founder and CEO Are Traasdahl, a serial founder, believes that a lack of communication and data flow between the many players in the supply chain is a main cause for all this waste, a great deal of which happens long before the food reaches the consumer.

Right now, forecasting demand is no where close to a perfect science for many of these players. From food brands to distributors to grocery stores, the problem is usually solved by looking at a spreadsheet from last year’s sales for hours to try to determine the signals that played into this or that SKU’s sales performance.

And then there was Crisp.

Integrated with almost any ERP software a company might have, Crisp ingests historical data from these food brands and combines that data with signals around other demand drivers, such as seasonality, holidays, price sensitivity and other pricing information, marketing campaigns, competitive landscape, weather that might affect the sale or shipment of certain produce or other ingredients.

Using these data points, and historical sales data, Crisp believes it can give a much more accurate picture of demand over the next day, week, month or year.

But Crisp isn’t just for food brands, such as Nounós Creamery, a Crisp customer that says its reduced scrapped inventory by 80 percent since switching to the platform. Crisp serves almost every player in the food supply chain, from retailers to distributors to brands to brokers.

And the more customers it gets, the better it is at predicting demand on a very specific level. For instance, the demand forecasting Crisp offers for a particular grocery store, based on external data, will obviously get much better once that grocery store is a customer on the platform.

Traasdahl was initially concerned that his customers would be reluctant to hand over this type of sensitive sales data, and also that players within the industry might be anxious to hand over such data to a platform that’s aggregating everyone’s data, including their competitors. Turns out, the food industry has more of a “better together” mentality.

“Other industries are not as dependent on each other,” said Traasdahl. “If I am a creamery and need to buy blueberries for my yogurt, I may have five different vendors for those blueberries. And if they don’t get delivered on the right day, Costco will yell at me for being late with the yogurt. Everyone in the supply chain is somewhat dependent on each other.”

For that reason, it’s been easier to attract clients to the platform than expected. The prospect of a collaborative demand forecast platform, that’s pulling signals from across the entire industry, is going to be more accurate than siloed demand forecasts produced by a single vendor or brand.

During the beta program, which launched in October, Crisp brought on more than 30 companies to the platform, including Gilbert’s Craft Sausages, SunFed Perfect Produce, Nounós Creamery, Hofseth, REMA and Superior Farms.

Apple Addresses iPhone 11 Location Privacy Concern

Apple is rolling out a new update to its iOS operating system that addresses the location privacy issue on iPhone 11 devices that was first detailed here last month.

Beta versions of iOS 13.3.1 include a new setting that lets users disable the “Ultra Wideband” feature, a short-range technology that lets iPhone 11 users share files locally with other nearby phones that support this feature.

In December, KrebsOnSecurity pointed out the new iPhone 11 line queries the user’s location even when all applications and system services are individually set never to request this data.

Apple initially said the company did not see any privacy concerns and that the location tracking icon (a small, upward-facing arrow to the left of the battery icon) appears for system services that do not have a switch in the iPhone’s settings menu.

Apple later acknowledged the mysterious location requests were related to the inclusion of an Ultra Wideband chip in iPhone 11, Pro and Pro Max devices.

The company further explained that the location information indicator appears because the device periodically checks to see whether it is being used in a handful of countries for which Apple hasn’t yet received approval to deploy Ultra Wideband.

Apple also stressed it doesn’t use the UWB feature to collect user location data, and that this location checking resided “entirely on the device.” Still, it’s nice that iPhone 11 users will now have a setting to disable the feature if they want.

Spotted by journalist Brandon Butch and published on Twitter last week, the new toggle switch to turn off UWB now exists in the “Networking & Wireless” settings in beta versions of iOS 13.3.1, under Locations Services > System Services. Beta versions are released early to developers to help iron out kinks in the software, and it’s not clear yet when 13.3.1 will be released to the general public.

Battle for Supremacy | Hacktivists from Turkey and Greece Exchange Virtual Blows

Tensions between Greece and its neighbor, Turkey, are nothing new. Conflict in the Aegean extends back to the days of Homer, who described how a Greek army decimated the town of Troy, located near Hisarlik in Turkey. The animosity between these nations may date centuries into the past, but the weapons and tactics used in the conflict today are cutting edge cyber tools.

Greece and Turkey are now engaged in a diplomatic conflict focused on the maritime boundaries surrounding the Greek island of Crete. The row comes after Turkey and the Libyan government agreed to seek to map out a boundary that would potentially reduce Greece’s maritime territory. This conflict raises patriotic tensions on both sides, some of which have become manifest in cyberspace.   

image of battle for supremecy

Turkish hackers last week claimed responsibility for cyber attacks on Greek government sites, including those of the Greek National Intelligence Services (EYP), Greek Parliament, the Greek Ministry of Foreign Affairs and the Greek Ministry of Finance among others. Turkish hackers AnkaNeferler said these were in retaliation for the Greek government’s stance on the Turkish agreement with Libya (the Turkish government is providing military support and plans to send its military troops). 

Meanwhile, Greece is furious at the pact between Turkey and Sarraj’s government as it threatens to skim the Greek island of Crete, which Greece and its allies say is contrary to international law. 

image of turkey greek hacktivist

Greek hackers have not stood idly by. According to different reports, a group called Anonymous Greece retaliated with a cyber-attack of their own just hours after the original Turkish attack. 

As the Turks hit yesterday, so do we the day after in response. Let it be known that the attacks have just begun. For every new attack, we will posting a new article. We will now show what we have hit in a matter of hours“, wrote Anonymous Greece on their website.

The list of Turkish websites that have been hit:

  • 112 Emergency Call number
  • Sabah Email Service
  • Hurricane Email Service
  • 112 Emergency Email Service
  • Turkish Police (EGM) Email Service
  • Saglik Email service
  • Economics Email service
  • Enerji Email service
  • SIP-VOIP of Turkish Energy
  • MIT Email service

But these attacks were rather insignificant in comparison to what happened next. Yesterday, it was reported that Turkey’s telecommunications giant Türk Telekom was hit by a cyber attack that caused hours-long problems with Internet access throughout the country.

tweet of hacktivism

Source

Who’s Doing What?

It is unclear at this point if any of these attacks had any affiliation to the authorities on either side. It is also unclear what type of attacks have occured. The first attacks were thought to be DDoS attacks, then DNS hacks, but it seems that at least some of these attacks included one or more malware infections. According to sources, all Greek embassies and diplomatic missions such as Consulates faced major communication problems as the server of the Ministry of Foreign Affairs went down for several days.

What Should Enterprises Do?

Given the nature of these conflicts and the way businesses operate today, it is highly conceivable that hostilities won’t stop any time soon and that some enterprises will be hit as collateral damage. And while there is not much an enterprise can do if an ISP (Internet Service Provider) service is disrupted, there are many things it can do to reduce risk.

Past conflicts have demonstrated that as long as these conflicts last, more juvenile hacking groups enter the game and try to wreak havoc on the opposing nation’s side. In the process, they target anything and anyone they can (as long as these are affiliated with the opponent’s flag). They also utilize much more common tools and techniques, looking for quick psychological wins. So the the best way to reduce the risk would be to ensure that standard defenses are all intact.

Disable unnecessary ports and protocols. A review of your network security device logs should help you determine which ports and protocols are exposed but not needed. For those that are, monitor these for suspicious, command & control-like activity.

Log and limit the use of PowerShell. If a user or account does not need PowerShell, disable it via the Group Policy Editor. For those that do, enable code signing of PowerShell scripts, log all PowerShell commands and turn on Script Block Logging. Learn more from Microsoft.

Set policies to alert on new hosts joining the network. To reduce the possibility of rogue devices on your network, increase visibility and have key security personnel notified when new hosts attempt to join the network.

Backup now, and test your recovery process for business continuity. It is easy to let backup policies slide, or fail to prove that you can restore in practice. Also, ensure you have redundant backups, ideally using a combination of hot, warm and/or cold sites.

Step up monitoring of network and email traffic. The most common vectors for intruders are unprotected devices on your network and targeted phishing emails. Follow best practices for restricting attachments via email and other mechanisms and review network signatures.

Patch externally facing equipment. Attackers actively scan for and will exploit vulnerabilities, particularly those that allow for remote code execution or denial of service attacks.

Conclusion

It’s too early to predict where this cyber conflict is heading. It is possible that we’ve seen the apex of offensive activities, or perhaps it is only the beginning. Regardless, enterprises, organizations and individuals face increasing risk of becoming accidental victims caught in the cyber crossfire of this conflict. CISOs are advised to take precautions as to minimize this risk.    


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Descartes Labs launches its new platform for analyzing geospatial data

Descartes Labs, a wellfunded startup based in New Mexico, provides businesses with geospatial data and the tools to analyze it in order to make business decisions. Today, the company announced the launch of its Descartes Labs Platform, which promises to bring its data together with all of the tools data scientists — including those with no background in analyzing this kind of information — would need to work with these images to analyze them and build machine learning models based on the data in them.

Descartes Labs CEO Phil Fraher, who took this position only a few months ago, told me that the company’s current business often includes a lot of consulting work to get its customers started. These customers span the range from energy and mining companies to government agencies, financial services and agriculture businesses, but many don’t have the in-house expertise to immediately make use of the data that Descartes Labs provides.

“For the most part, we still have to evangelize how to use geospatial data to solve business problems. And so a lot of our customers rely on us to do consulting,” Fraher said. “But what’s really interesting is that even with some of our existing customers, we’re now seeing more early adopters, more business and analysis teams and data scientists being hired, that do focus on geospatial data. So what’s really exciting with this launch is we’re now going to put our platform tool in the hands of those particular individuals that now can do their own work.”

In many ways, this new platform gives these customers access to the tools and data that Descartes Labs’ own team uses and allows them to collaborate with the company to solve their problems and use the new modeling tools to build solutions for their individual businesses.

“Previously, a data science team at a company that’s interested in this kind of analysis would also have to know how to wrangle very large-scale or petabyte-scale Earth observation data sets,” Fraher said. “These are very unique and specific skillsets and because of that kind of barrier to entry, the adoption of some of this technology and data sources has been slow.”

To enable more businesses to get started with working with this data (and become Descartes Labs customers), the company is betting on the standard tools in the industry, with hosted Jupyter notebooks, Python support and a set of APIs. It also includes tools to transform and clean the incoming data from Descartes’ third-party partners in order to make it usable for data scientists.

“It’s not just like some simple ETL-like data processing pipeline,” Descartes Labs’ head of Engineering Sam Skillman noted. “It’s something where we have to combine very in-depth data science, remote sensing and large-scale compute capabilities to bring all of that data in in a way that normalizes it and gets it ready for analysis.”

All of this analysis is handled in the cloud, of course.

The new platform is now available to businesses that want to give it a try.