Russians Shut Down Huge Card Fraud Ring

Federal investigators in Russia have charged at least 25 people accused of operating a sprawling international credit card theft ring. Cybersecurity experts say the raid included the charging of a major carding kingpin thought to be tied to dozens of carding shops and to some of the bigger data breaches targeting western retailers over the past decade.

In a statement released this week, the Russian Federal Security Service (FSB) said 25 individuals were charged with circulating illegal means of payment in connection with some 90 websites that sold stolen credit card data.

A still image from a video of the raids released by the Russian FSB this week shows stacks of hundred dollar bills and cash counting machines seized at a residence of one of the accused.

The FSB has not released a list of those apprehended, but the agency’s statement came several days after details of the raids were first leaked on the LiveJournal blog of cybersecurity blogger Andrey Sporov. The post claimed that among those apprehended was the infamous cybercriminal Alexey Stroganov, who goes by the hacker names “Flint” and “Flint24.”

According to cyber intelligence firm Intel 471, Stroganov has been a long-standing member of major underground forums since at least 2001. In 2006, Stroganov and an associate Gerasim Silivanon (a.k.a. “Gabrik“) were sentenced to six years of confinement in Russia, but were set free just two years into their sentence. Intel 471 says Selivanon also was charged along with Stroganov in this past week’s law enforcement action.

“Our continuous monitoring of underground activity revealed despite the conviction, Flint24 never left the cybercrime scene,” reads an analysis penned by Intel 471.

“You can draw your own conclusions [about why he was released early],” Sporaw wrote, suggesting that perhaps the accused bribed someone to get out of jail before his sentence was up.

Flint is among the biggest players in the crowded underground market for stolen credit card data, according to a U.S. law enforcement source who asked to remain anonymous because he was not authorized to speak to the media. The source described Flint’s role as that of a wholesaler of credit card data stolen in some of the biggest breaches at major Western retailers.

“He moved hundreds of millions of dollars through BTC-e,” the source said, referring to a cryptocurrency exchange that was seized by U.S. authorities in 2017. “Flint had a piece of almost every major hack because in many cases it was his guys doing it. Whether or not his marketplaces sold it, his crew had a role in a lot of the big breaches over the last ten years.”

Intel 471’s analysis seemed to support that conclusion, noting that Flint worked closely with other major carding shops that were not his, and that he associated with a number of cybercrooks who regularly bought stolen credit cards in batches of 100,000 pieces at once.

Top denizens of several cybercrime forums who’ve been tracking the raids posited that Stroganov and others were busted because they had a habit of violating the golden rule for criminal hackers residing in Russia or in a former Soviet country: Don’t target your own country’s people and/or banks.

A longtime moderator of perhaps the cybercrime underground’s most venerated Russian hacking forum posted a list of more than 40 carding sites thought to be tied to the group’s operations that are no longer online. Among them is MrWhite[.]biz, a carding site whose slick video ads were profiled in a KrebsOnSecurity post last year.

A snippet from a promotional video from the carding/dumps shop MrWhite.

KNOW YOUR FRAUDSTER

Nearly all of the carding sites allegedly tied to this law enforcement action — including those with such catchy names as BingoDumps, DumpsKindgom, GoldenDumps, HoneyMoney and HustleBank — were united by a common innovation designed to win loyalty among cybercriminals who buy stolen cards or “dumps” in bulk: Namely, a system that allowed buyers to get instant refunds on “bad” stolen cards without having to first prove that the cards were canceled by the issuing bank before they could be used for fraud.

Most carding sites will offer customers a form of buyer’s insurance known as a “checker,” which is an automated, à la carte service customers can use after purchasing cards to validate whether the cards they just bought are still active.

These checking services are tied to “moneyback” guarantees that will automatically refund the purchase price for any cards found to be invalid shortly after the cards are bought (usually a window of a few minutes up to a few hours), provided the buyer agrees to pay an added fee of a few cents per card to use the shop’s own checking service.

But many cybercrooks have long suspected some checkers at the more popular carding sites routinely give inaccurate results that favor the card shop (i.e., intentionally flagging some percentage of inactive cards as valid). So, the innovation that Flint’s gang came up with was a policy called “Trust Your Client” or “TYC,” which appears to be a sly dig on the banking industry’s “know your customer” or KYC rules to help fight fraud and money laundering.

With TYC, if a customer claimed a card they bought was declined for fraudulent transaction attempts made within six hours of purchase, the carding shop would refund the price of that card — no questions asked. However, it seems likely these shops that observed TYC ran their own checkers on the back-end to protect themselves against dishonest customers.

An ad for the “Trust Your Client” or TYC policy observed by virtually all of the carding shops taken down in this past week’s Russian law enforcement operation.

Want to learn more about how carding shops work and all the lingo that comes with them? Check out my behind-the-scenes profile of one major fraud store — Peek Inside a Professional Carding Shop.

Looking on the Bright Side of Coronavirus: Impact on Low-to-Mid-Tier Criminals and Vendors

In these difficult and challenging times, it is helpful to try and look on the “bright side” and perhaps introduce a touch of levity into our massively-adjusted daily lives.

The Coronavirus/COVID-19 pandemic has affected everyone, but on said “bright side” it has also brought disruption to the businesses of cybercriminals. Among those seeing a downturn in trade are vendors of fraudulent and stolen data as well as illicit items like drugs. The strain on “supply”, from a shipping and logistics perspective, along with increased screening and scrutiny within various postal operations and shipping companies has had a very clear effect on illegal operations.

This impact has been felt, especially with online drug and chemical vendors.

In the last week or so, we observed a number of sites being updated to reflect current issues and difficulties surrounding COVID-19.

How COVID-19 Has Disrupted Cybercrime

One of the earliest examples of this phenomenon was the online drug and chemical vendor ‘Pushing Taboo’. The site was forced to announce temporary closure as a result of the Covid-19 pandemic.

image of Pushing Taboo message to customers

Their message was later expanded to provide additional information and guidance. And, similar to any legitimate business, they describe their current contingency plans, including partial refunds and a “massive sale” once things return to normal.

For a vendor that has not ceased operations for the last 8 years, it is remarkable that the current health crisis has done more to disrupt their business than anything else during that time.

Not every vendor is faced with a full shutdown, however. Many are shifting processes and alerting their customers to expect delays in shipments, especially in specific regions where lockdowns and increased package inspection are in place. Cocaine, heroin, and ecstasy vendor ‘cokehero’ updated their site to reflect shipping issues with specific countries:


Criminals with Crocodile Tears?

Illicit businesses are still businesses, and every successful business needs to put its customers first, or at least appear to be doing so. As a result, there is a running theme with most of these. They offer helpful hygiene advice (wash hands, stay inside, etc.) along with their situational update. In the previous example, the vendor ‘cokehero’ goes the extra mile to remind site visitors to wash their hands and disinfect all packages upon receipt. We see similar guidance from other vendors as well.

Below, “MushMerica” reminds customers to wash hands and delay opening packages for approximately one week.

“BlueMagic”, a distributor of Cocaine, bullishly proclaim it’s “Business as usual” for them, but they go on to point out that delivery is dependent on local conditions. Your order will arrive “As soon as your country delivers it!”. And of course, their “Corona Virus Update” ends with a perfunctory “stay safe people”.

Meanwhile, “DutchDrugz”, a supplier of a wide-range of narcotics, issued an update on March 16th informing its customers that distribution had been heavily impacted by lockdowns in the EU and worldwide. The message expresses a note of sympathy for anyone having contracted the virus and reminds customers to “follow advice and stay away from impaired & elderly people”.

Two days later, “DutchDrugz” were forced to post another message stressing that they were still in business, as clearly the first update had backfired and caused a negative impact on their sales:

Online drug dealers are not the only ones feeling the constraints of this global health issue, either. Bettings sites and professional ‘match fixers’ are feeling the effects as well.

In the example below, we see updates from “BettingLeaks 2.0” providing guidance on events that are cancelled or otherwise affected by COVID-19.

The message outlines the problems caused by a lack of live sporting fixtures, and promises refunds where necessary.

Conclusion

At the end of the day, we are all affected by the current COVID-19 outbreak. While we all adjust our daily lives and work to “flatten the curve”, it is nice to know that this health crisis does not discriminate. Criminal enterprises and operations are being impacted in a good way (well…bad for them). Hopefully, this brings a touch of cheer while reading this from your home office, couch or bed. There’s some small comfort to be had from knowing that our usual, anti-social adversaries are feeling the effects of the global pandemic in their pockets. We encourage everyone to continue to follow prescribed guidelines to keep yourselves and your loved ones safe, and as one of the messages above puts it, “hopefully, these dark times end faster than we think”.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

TripActions lays off hundreds amid COVID-19 travel freeze

The coronavirus demand crunch has taken another bite: Palo Alto-based corporate travel-focused unicorn TripActions has confirmed laying off hundreds of staff.

Per this post on Blind — written by someone with a verified TripActions email address — the company laid off 350 people. Business Insider reported the same figure yesterday, and the Wall Street Journal said the layoffs amount to between one-quarter to one-fifth of the startup’s total staff, citing a person familiar with the situation.

Update: A spokesman for TripActions told us the number of impacted employees impacted is “less than 300” — although he qualified the remark by saying the figure includes 25 people who were offered other roles within the company.

In an earlier email to Crunchbase News TripActions confirmed axing jobs in response to the COVID-19 global health crisis — saying it had “cut back on all non-essential spend.” It did not confirm exactly how many employees it had fired at that point.

“[We] made the very difficult decision to reduce our global workforce in line with the current climate,” TripActions wrote in the statement. “We look forward to when the strength of the global economy and business travel inevitably return and we can hire back our colleagues to rejoin us in our mission to make business travel effortless for our customers and users.”

“This global health crisis is unlike anything we’ve ever seen in our lifetimes, and our hearts go out to everyone impacted around the world, including our own customers, partners, suppliers and employees,” it added. “The coronavirus has had [a] wide-reaching effect on the global economy. Every business has been impacted including TripActions. While we were fortunate to have recently raised funding and secured debt financing, we are taking appropriate steps in our business to ensure we are here for our customers and their travelers long into the future.”

Per the post on Blind, TripActions is providing one week of severance to sacked staff and medical cover until end of month. “With [the coronavirus pandemic] going on you think they would do better,” the OP wrote. The layoffs were made by Zoom call, they also said.

However TripActions’ spokesman disputed the details about severance and medical cover, saying it is offering severance packages for U.S. employees that include two months of company-paid COBRA health insurance coverage, extending health benefits through the end of June, along with a minimum of 3 weeks salary.

He added that U.S. employees who were given notice yesterday were told their last day would be April 1, 2020 — meaning their health benefits continue through the end of April.

Travel startups are facing an unprecedented nuclear winter as demand has fallen off a cliff globally — with little prospect of a substantial change to the freeze on most business travel in the coming months as rates of COVID-19 infections continue to grow exponentially outside China.

However, TripActions is one of the highest valued and best financed of such startups, securing a $500 million credit facility for a new corporate product only last month. At the time, Crunchbase recorded $480 million in tracked equity funding for the company, including a $250M Series D TripActions raised in June from investors including a16z, Group 11, Lightspeed and Zeev Ventures.

Before the layoffs, the company had already paused all hiring, per one former technical sourcer for the company writing on LinkedIn.

This post was updated with additional comment from TripActions

Espressive lands $30M Series B to build better help chatbots

Espressive, a four-year-old startup from former ServiceNow employees, is working to build a better chatbot to reduce calls to company help desks. Today, the company announced a $30 million Series B investment.

Insight Partners led the round with help from Series A lead investor General Catalyst along with Wing Venture Capital. Under the terms of today’s agreement, Insight founder and managing director Jeff Horing will be joining the Espressive Board. Today’s investment brings the total raised to $53 million, according to the company.

Company founder and CEO Pat Calhoun says that when he was at ServiceNow he observed that, in many companies, employees often got frustrated looking for answers to basic questions. That resulted in a call to a Help Desk requiring human intervention to answer the question.

He believed that there was a way to automate this with AI-driven chatbots, and he founded Espressive to develop a solution. “Our job is to help employees get immediate answers to their questions or solutions or resolutions to their issues, so that they can get back to work,” he said.

They do that by providing a very narrowly focused natural language processing (NLP) engine to understand the question and find answers quickly, while using machine learning to improve on those answers over time.

“We’re not trying to solve every problem that NLP can address. We’re going after a very specific set of use cases which is really around employee language, and as a result, we’ve really tuned our engine to have the highest accuracy possible in the industry,” Calhoun told TechCrunch.

He says what they’ve done to increase accuracy is combine the NLP with image recognition technology. “What we’ve done is we’ve built our NLP engine on top of some image recognition architecture that’s really designed for a high degree of accuracy and essentially breaks down the phrase to understand the true meaning behind the phrase,” he said.

The solution is designed to provide a single immediate answer. If, for some reason, it can’t understand a request, it will open a help ticket automatically and route it to a human to resolve, but they try to keep that to a minimum. He says that when they deploy their solution, they tune it to the individual customers’ buzzwords and terminology.

So far they have been able to reduce help desk calls by 40% to 60% across customers with around 85% employee participation, which shows that they are using the tool and it’s providing the answers they need. In fact, the product understands 750 million employee phrases out of the box.

The company was founded in 2016. It currently has 65 employees and 35 customers, but with the new funding, both of those numbers should increase.

Humio announces $20M Series B to advance unlimited logging tool

Humio, a startup that has built a modern unlimited logging solution, announced a $20 million Series B investment today.

Dell Technologies Capital led the round with participation from previous investor Accel. Today’s investment brings the total raised to $32 million, according to the company.

Humio co-founder and CEO Geeta Schmidt says the startup wanted to build a solution that would allow companies to log everything, while reducing the overall cost associated with doing that, a tough problem due to the resource and data volume involved. The company deals with customers who are processing multiple terabytes of data per day.

“We really wanted to build an infrastructure where it’s easy to log everything and answer anything in real time. So we built an index-free logging solution which allows you to ask […] ad hoc questions over large volumes of data,” Schmidt told TechCrunch.

They are able to ingest so much data by using streaming technology, says company EVP of sales Morten Gram. “We have this real time streaming engine that makes it possible for customers to monitor whatever they know they want to be looking at. So they can build dashboards and alerts for these [metrics] that will be running in real time,” Gram explained.

What’s more, because the solution enables companies to log everything, rather than pick and choose what to log, they can ask questions about things they might not know, such as an on-going security incident or a major outage, and trace the answer from the data in the logs as the incident is happening.

Perhaps more importantly, the company has come up with technology to reduce the cost associated with processing and storing such high volumes of data. “We have thought a lot about trying to do a lot more with a lot less resources. And so, for example, one of our customers, who moved from a competitor, has gone from 80 servers to 14 doing the same volumes of data,” she said.

Deepak Jeevankumar, managing director and lead investor at Dell Technologies Capital, says that his firm recognized that Humio was solving these issues in a creative and modern way.

“Humio’s team has created a new log analysis architecture for the microservices age. This can support real-time analysis at full-speed ingest, while decreasing cost of storage and analysis by at least an order of magnitude,” he explained. “In a short-period of time, Humio has won the confidence of many Fortune 500 customers who have shifted their log platforms to Humio from legacy, decade-old architectures that do not scale for the cloud world.”

The company’s customers include Netlify, Bloomberg, HP Aruba and Michigan State University. It offers on-prem, cloud and hosted SaaS products. Today, the company also announced it was introducing an unlimited ingest plan for hosted SaaS customers.

Spotinst rebrands as Spot and announces new cloud spend dashboard

Spotinst, the startup that helps companies find lower-cost spot instances in the cloud, announced today that it was rebranding as Spot. It also announced a brand new cloud usage dashboard to help companies get a detailed view of their cloud spend.

Amiram Shachar, co-founder and CEO at Spot, says the new product is designed to give customers much greater insight and visibility into cloud usage and spending.

“With this new product we’re providing a more holistic platform that lets customers see all of their cloud spending in one place — all of their usage, all of their costs, what they are spending and doing across multiple clouds — and then what they can actually do [to deploy resources more efficiently],” Shachar told TechCrunch.

The visibility means that customers can see across cloud vendors and get a big picture view of how they are deploying cloud resources to optimize their usage, which could be useful for the financial side of the house and IT.

“We’re basically bifurcating all of our customers’ cloud infrastructure and telling them this is what you should run on spot instances, this is what you should run on reserved instances and this is why you should keep on-demand instances,” he said.

The new product builds on the company’s core competency: helping customers deploy cheaper spot and reserved instances from cloud infrastructure vendors in an automated fashion.

Spot instances are a product where cloud vendors deploy their unused resources for much lower cost, while reserved instances provide a discounted rate for buying resources in advance for a set price. However, spot instances have a big catch: when the cloud vendor needs those resources, you get kicked off. Spot helps in this regard by safely moving the workload to another available spot instance automatically.

Spot was founded in 2015 and has raised more than $52 million, according to Crunchbase. Shachar says the company is in the $30 million revenue range and this new product should help drive that higher.

US Government Sites Give Bad Security Advice

Many U.S. government Web sites now carry a message prominently at the top of their home pages meant to help visitors better distinguish between official U.S. government properties and phishing pages. Unfortunately, part of that message is misleading and may help perpetuate a popular misunderstanding about Web site security and trust that phishers have been exploiting for years now.

For example, the official U.S. Census Bureau website https://my2020census.gov carries a message that reads, “An official Web site of the United States government. Here’s how you know.” Clicking the last part of that statement brings up a panel with the following information:

A message displayed at the top of many U.S. .gov Web sites.

The text I have a beef with is the bit on the right, beneath the “This site is secure” statement. Specifically, it says, “The https:// ensures that you are connecting to the official website….”

Here’s the deal: The https:// part of an address (also called “Secure Sockets Layer” or SSL) merely signifies the data being transmitted back and forth between your browser and the site is encrypted and cannot be read by third parties.

However, the presence of “https://” or a padlock in the browser address bar does not mean the site is legitimate, nor is it any proof the site has been security-hardened against intrusion from hackers.

In other words, while readers should never transmit sensitive information to a site that does not use https://, the presence of this security feature tells you nothing about the trustworthiness of the site in question.

Here’s a sobering statistic: According to PhishLabs, by the end of 2019 roughly three-quarters (74 percent) of all phishing sites were using SSL certificates. PhishLabs found this percentage increased from 68% in Q3 and 54% in Q2 of 2019.

“Attackers are using free certificates on phishing sites that they create, and are abusing the encryption already installed on hacked web sites,” PhishLabs founder and CTO John LaCour said.

Image: PhishLabs.com

The truth is anyone can get an SSL certificate for free, and that’s a big reason why most phishing sites now have them. The other reason is that they help phishers better disguise their sites as legitimate, since many Web browsers now throw up security warnings on non-https:// sites.

KrebsOnSecurity couldn’t find any reliable information on how difficult it may be to obtain an SSL certificate for a .gov site once one has a .gov domain, but it is apparently not difficult for just about anyone to get their very own .gov domain name.

The U.S. General Services Administration (GSA), which oversees the issuance of .gov domains, recently made it a tiny bit more difficult to do so — by requiring all applications be notarized — but this seems a small hurdle for scam artists to clear.

Regardless, it seems the federal government is doing consumers a disservice with this messaging, by perpetuating the myth that the presence of “https://” in a link denotes any kind of legitimacy.

“‘Https’ does not mean that you are at the correct website or that the site is secure,” LaCour said. “It only indicates that the connection is encrypted. The server could still be misconfigured or have software vulnerabilities. It is good that they mention to look for ‘.gov’. There’s no guarantee that a .gov website is secure, but it should help ensure that visitors are on the right website.”

I should note that this misleading message seems to be present only on some federal government Web sites. For instance, while the sites for the GSA, the Department of Labor, Department of Transportation, and Department of Veterans Affairs all include the same wording, those for the Commerce Department and Justice Department are devoid of the misleading text, stating:

“This site is also protected by an SSL (Secure Sockets Layer) certificate that’s been signed by the U.S. government. The https:// means all transmitted data is encrypted — in other words, any information or browsing history that you provide is transmitted securely.”

Other federal sites — like dhs.gov, irs.gov and epa.gov — simply have the “An official website of the United States government” declaration at the top, without offering any tips about how to feel better about that statement.

GitLab offers key lessons in running an all-remote workforce in new e-book

As companies that are used to having workers in the same building struggle to find ways to work from home, one company that has been remote from Day One is GitLab . It recently published a handbook to help other companies who are facing the work-from-home challenge for the first time.

Lest you think GitLab is a small organization, it’s not. It’s 1,200 employees strong, all of which work from home in a mind boggling 67 countries. And it’s doing well. In September, the company raised $268 million on a $2.75 billion valuation.

Given that it has found a way to make a decentralized company work, GitLab has decided to share the best practices they’ve built up over the years to help others just starting on this journey.

Among the key bits of advice in the 34-page report, perhaps the most important to note when you begin working apart is to document everything. GitLab has a reputation for hyper transparency, publishing everything from its 3-year business strategy to its projected IPO date for the world to see.

But it’s also about writing down policies and procedures and making them available to the remote workforce. When you’re not in the same building, you can’t simply walk up to someone’s cubicle and ask a question, so you need to be vigilant about documenting your processes in a handbook that is available online and searchable.

“By adopting a handbook-first approach, team members have ‘a single source of truth’ for answers. Even though documentation takes a little more time upfront, it prevents people from having to ask the same question repeatedly. Remote work is what led to the development of GitLab’s publicly viewable handbook,” the company wrote in the e-book.

That includes an on-boarding procedure because folks aren’t coming into a meeting with HR when they start at GitLab. It’s essential to have all the information new hires need in one place, and the company has worked hard to build on-boarding templates. They also offer remote GitLab 101 meetings to orient folks who need more face time to get going.

You would think when you work like this, meetings would be required, but GitLab suggests making meetings optional. That’s because people are spread across the world’s time zones, making it difficult to get everyone together at the same time. Instead, the company records meetings and brainstorms ideas, essentially virtual white-boarding in Google Docs.

Another key piece of advice is to align your values with a remote way of working. That means changing your management approach to fit the expectations of a remote workforce. “If your values are structured to encourage conventional colocated workplace norms (such as consensus gathering or recurring meetings with in-person teams), rewrite them. If values are inconsistent with the foundation of remote work, there’s bound to be disappointment and confusion. Values can set the right expectations and provide a clear direction for the company going forward,” the company wrote.

This is just scratching the surface of what’s in the handbook, but it’s a valuable resource for anyone who is trying to find a way to function in a remote work environment. Each company will have its own culture and way of dealing with this, of course, but when a company like GitLab, which was born remote, provides this level of advice, it pays to listen and take advantage of their many years of expertise.

Control each other’s apps with new screensharing tool Screen

It’s like Google Docs for everything. Screen is a free interactive multiplayer screensharing app that gives everyone a cursor so they can navigate, draw on and even code within the apps of their co-workers while voice or video chatting. Screen makes it easy and fun to co-design content, pair program, code review or debug together, or get feedback from a teacher.

Jahanzeb Sherwani sold his last screensharing tool Screenhero to Slack, but it never performed as well crammed inside the messaging app. Five years later, he’s accelerated the launch of Screen to today and made it free to help all the teams stuck working from home amidst coronavirus shelter-in-place orders. 

Sherwani claims that Screen is “2x-5x faster than other screen sharing tools, and has between 30ms-50ms end-to-end latency. Most other screen sharing tools have between 100ms-150ms.” For being built by just a two-person team, Screen has a remarkable breadth of features that are all responsive and intuitive. Sherwani says the startup is making due with “no funding, 100% bootstrapped, and I’d like to keep it that way” so he can control his destiny rather than being prodded for an exit by investors.

A few things you can do with Screen:

  • Share your screen from desktop on Mac, Windows and Linux while chatting over audio or video calling in a little overlaid window, or join a call and watch from your browser or mobile
  • Use your cursor on someone else’s shared screen so you can control or type anything just like it was your computer
  • Overlay drawing on the screenshare so you can annotate things like “this is misspelled” or “move this there,” with doodles fading away after a few seconds unless your hold down your mouse or turn on caps lock
  • Post ephemeral text comments so you can collaborate even if you have to be quiet
  • Launch Screen meetings from Slack and schedule them with Google Calendar integration
  • Share invite links with anyone with no need to log in or be at the same company, just be careful who you let control your Screen

Normally Screen is free for joining meetings, $10 per month to host them and $20 per person per month for enterprise teams. But Sherwani writes that for now it’s free to host too “so you can stay healthy & productive during the coronavirus outbreak.” If you can afford to pay, you should, though, as “We’re trying this as an experiment in the hope that the number of paid users is sufficient to pay for our running costs to help us stay break-even.”

Sherwani’s new creation could become an acquisition target for video call giants like Zoom, but he might not be so willing to sell this time around. Founded in 2013, Screenhero was incredibly powerful for its time, offering some of the collaboration tools now in Screen. But after it was acquired by Slack after raising just $1.8 million, Screenhero never got the integration it deserved.

“We finally shipped interactive screen sharing almost three years later, but it wasn’t as performant as Screenhero, and was eventually removed in 2019,” Sherwani writes. “Given that it was used by a tiny fraction of Slack’s user-base, and had a high maintenance cost, this was the correct decision for Slack .” Still, he explains why a company like Screen is better off independent. “Embedding one complex piece of software in another imposes a lot more constraints, which makes it more expensive to build. It’s far easier to have a standalone app that just does one thing well.”

Screen actually does a lot of things well. I tried it with my wife, and the low latency and extensive flexibility made it downright delightful to try co-writing this article. It’s easy to imagine all sorts of social use cases springing up if teens get hold of Screen. The whole concept of screensharing is getting popularized by apps like Squad and Instagram’s new Co-Watching feature that launched today.

The new Co-Watching feature is like screensharing just for Instagram

Eventually, Screen wants to launch a virtual office feature so you can just instantly pull co-workers into meetings. That could make it feel a lot more like collaborating in the same room with someone, where you can start a conversation at any time. Screen could also democratize the remote work landscape by shifting meetings from top-down broadcasts by managers to jam sessions where everyone has a say.

Sherwani concludes, “When working together, everyone needs to have a seat at the table.”

Enterprise Employees | 11 Things You Should Never Do at Work (or Home)

Your security and IT teams know all about the dangers of cybercrime, phishing, Business Email Compromise and malware, and they know the importance of practicing good cyber hygiene. But how well do the rest of your staff know and practice the basics of safe computing? How widely known and used are basic security practices in your organization? In this guide, we outline 11 essential things all your staff should know and should be doing. Be sure that they read it!

1. Don’t Let Others Use Your Work Computer

In many environments, whether it’s hotdesking or a request by a regular colleague to “just send a quick email”, the number one sin is allowing another person to use your work computer, especially unsupervised. It might sound strange to some – ‘why would you ever do that?’ – and not to others – ‘he sits next to me everyday, he’s trustworthy’ – but the fact is unauthorized physical access to your computer puts both you and your organization at risk. There’s a reason why we all have our own account passwords, and that’s not only to protect the company but to protect ourselves. If someone accesses corporate assets using your credentials, who is to prove it was not you? 

If you think it’s unlikely that your colleagues would do something malicious, don’t forget that people can easily be persuaded to do things either against their will or without realizing what they are doing. And remember it’s also easy to be fooled into trusting people who seem like they have the authority to be there but have just not been challenged, like the fake health inspector who infiltrated a US Prison. You don’t want to be the one named in a security audit as having been the weakest link that allowed penetration testers to compromise your company’s network, do you?

Always log out when you’re not at your computer, and if someone else does have a legitimate reason to use it, have them log in via their own or a guest account – never yours – and supervise their use.

2. Don’t Insert Unknown USBs 

Another tried-and-tested trick, and still a regular way that penetration testers and criminals open backdoors or load malware onto a network, is the simple malicious USB device. Your company should be using device control, but if they’re not then employees need to practice such control themselves. Any unknown removable media should either be given to IT for clearance first or plugged into a separate air-gapped machine running a trusted anti-malware solution.

A recent thread on Reddit (now deleted) told the story of a school that confiscated a USB device found in a pupil’s school bag, and then plugged it into a school computer to see what it contained. They found out the hard way that the USB contained malware and infected the school’s network. 

3. Don’t Click Links or Attachments Without Inspecting Them First

Phishing through links and attachments in emails is still by far and away the most common infection vector for ransomware, backdoor trojans, cryptominers and other forms of malware. Inspecting links and files before you click on them is like washing your hands to prevent transmission of a coronavirus, only the advice is not just do it ‘frequently’, but do it always. 

To inspect a link, hover over it with the mouse to see whether it points to where you expect it to; copying the link and pasting it in your browser rather than executing it directly in your email client is also a useful habit to get into. 

To inspect a file, save the file locally, making sure the file extension is what you would expect. Your endpoint should also be protected by a reliable security solution that can recognize and block malicious files on write and on execution. If opening the file results in a request to enable Macros, decline the request and contact your IT or security team. 

4. Don’t Announce Absence from the Office Externally

If external emails result in an automated reply that you’re out of the office till next week, on maternity leave or skiing in the Himalayas till Friday, you’ve just provided some valuable intel to scammers, spammers and pen testers alike. There’s no reason to tell the world that you’re unavailable, just your colleagues and boss! Work emails should be redirected to an alternative point of contact who can deal with enquiries in your absence. 

5. Don’t Skip 2FA or Reuse Passwords

For criminals, passwords are a passport to your – and your company’s – most sensitive assets. While some organizations are starting to move away from relying on passwords, the day when they won’t be the main way to authenticate a person’s identity is still far away. Credential theft is high on every attacker’s agenda, but there are simple steps that you can take to plug this hole for the vast majority of attacks. 

First, enable 2FA or MFA on all accounts that support it. Short-time code generators like Google and Microsoft Authenticator should be in use wherever possible. On top of that, use a password manager to ensure you are generating unique passwords for each account to limit the damage of a breach, and sign up to a service like Firefox’s breach notification for all your email addresses if your password manager does not include a similar feature. 

6. Don’t Overshare on Social Media

Equally, sharing your personal and work life on social media is a great way to give criminals the free, open source intel they need. If you have a social media profile that details where you work, contains tagged photos of family, friends and colleagues, and gives away your location on a frequently-updated timeline, you are providing threat actors with all they need to spoof your identity, a regular tactic in Business Email Compromise and targeted phishing attacks.

7. Don’t Use Open Public Wifi Hotspots

While we all need internet service while on the move, you should use your phone’s service provider and tether your laptop to its Personal Hotspot when not at home or the office. Public Wifi is inherently insecure because it allows anyone else using the same network to sniff your traffic. If for some reason you cannot avoid using an unprotected public Wifi, ensure that you are using encrypted mail, messaging and browser tools to limit what an attacker can learn from your networking traffic. And never, ever, conduct things like payment processing or banking while connected to a public Wifi hotspot.

8. Don’t Mix Work and Play

Your work devices should be mandated by company policy as for nothing other than work tasks, but if not – or you’ve ignored that policy – you should immediately separate all work and personal computing activities and data. This is not only for your company’s protection, but for yours also. Most companies will have a No Privacy policy for any data or activities on your work device.

Also, if your company network is breached through some other device, you do not want your personal data being stolen as well. Similarly, if your company is breached as a result of you doing something non-work related on the computer, you will very likely be looking for a new job in no short time and could even face legal consequences. 

9. Don’t Transfer Company Data To Personal Devices

Just as important as not conducting personal business on company-owned property is the inverse of using your personal devices to conduct company business. Never store sensitive (or, ideally, any) enterprise data on your personal device, which almost certainly lacks the same security, encryption and oversight as your workplace computer or smartphone. Your personal devices, for example, may contain insecure applications or device settings which could make your company’s data vulnerable to theft. 

10. Don’t Ignore Software and OS Updates

This one should also be mandated by company policy, but if your device isn’t managed centrally by IT, then you need to pay attention to notifications about software and operating system updates. Why is it so important to apply updates in a timely fashion? As soon as vendors release a patch, hackers and reverse engineers are on top of it trying to figure out what the vulnerability in the previous version was and how to exploit it. Many breaches or incidents involving lateral movement through a network involve exploiting older, unpatched software

11. Don’t Be A Stranger to IT!

Last, but not least, make sure you know who to contact in the event of any suspicious or malicious behaviour on your company device and report it immediately you become aware. Criminals rarely just break into a single device and then leave. They are always interested in persistence – the ability to come back at will – and lateral movement – the ability to move through your company’s network – so getting IT involved at the earliest opportunity could prove vital to your organization.

You are not a trained security analyst, and nobody expects you to be, so put aside fear of ‘crying wolf’ just because you’re not sure. Your IT or security team would rather file a ‘nothing to see here’ report than be called in when the house is already on fire! 

Conclusion

Enterprise security isn’t rocket science. The vast majority of breaches occur because one or more of the above practices have been ignored. Giving threat actors a hard day at the office doesn’t require a degree in cyber security, just awareness and practice of basic principles that apply whether you’re working remotely from home, in an open-plan cubicle space or in the corner office on the top floor. 

If you would like to see how SentinelOne can help your staff and your organization stay secure, contact us or request a free demo.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security