Why & Where You Should You Plant Your Flag

Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags.

As KrebsOnSecurity observed back in 2018, many people — particularly older folks — proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. From that story:

“The reasoning behind this strategy is as simple as it is alluring: What’s not put online can’t be hacked. But increasingly, adherents to this mantra are finding out the hard way that if you don’t plant your flag online, fraudsters and identity thieves may do it for you.”

“The crux of the problem is that while most types of customer accounts these days can be managed online, the process of tying one’s account number to a specific email address and/or mobile device typically involves supplying personal data that can easily be found or purchased online — such as Social Security numbers, birthdays and addresses.”

In short, although you may not be required to create online accounts to manage your affairs at your ISP, the U.S. Postal Service, the credit bureaus or the Social Security Administration, it’s a good idea to do so for several reasons.

Most importantly, the majority of the entities I’ll discuss here allow just one registrant per person/customer. Thus, even if you have no intention of using that account, establishing one will be far easier than trying to dislodge an impostor who gets there first using your identity data and an email address they control.

Also, the cost of planting your flag is virtually nil apart from your investment of time. In contrast, failing to plant one’s flag can allow ne’er-do-wells to create a great deal of mischief for you, whether it be misdirecting your service or benefits elsewhere, or canceling them altogether.

Before we dive into the list, a couple of important caveats. Adding multi-factor authentication (MFA) at these various providers (where available) and/or establishing a customer-specific personal identification number (PIN) also can help secure online access. For those who can’t be convinced to use a password manager, even writing down all of the account details and passwords on a slip of paper can be helpful, provided the document is secured in a safe place.

Perhaps the most important place to enable MFA is with your email accounts. Armed with access to your inbox, thieves can then reset the password for any other service or account that is tied to that email address.

People who don’t take advantage of these added safeguards may find it far more difficult to regain access when their account gets hacked, because increasingly thieves will enable multi-factor options and tie the account to a device they control.

Secondly, guard the security of your mobile phone account as best you can (doing so might just save your life). The passwords for countless online services can be reset merely by entering a one-time code sent via text message to the phone number on file for the customer’s account.

And thanks to the increasing prevalence of a crime known as SIM swapping, thieves may be able to upend your personal and financial life simply by tricking someone at your mobile service provider into diverting your calls and texts to a device they control.

Most mobile providers offer customers the option of placing a PIN or secret passphrase on their accounts to lessen the likelihood of such attacks succeeding, but these protections also usually fail when the attackers are social engineering some $12-an-hour employee at a mobile phone store.

Your best option is to reduce your overall reliance on your phone number for added authentication at any online service. Many sites now offer MFA options that are app-based and not tied to your mobile service, and this is your best option for MFA wherever possible.

YOUR CREDIT FILES

First and foremost, all U.S. residents should ensure they have accounts set up online at the three major credit bureaus — Equifax, Experian and Trans Union.

It’s important to remember that the questions these bureaus will ask to verify your identity are not terribly difficult for thieves to answer or guess just by referencing public records and/or perhaps your postings on social media.

You will need accounts at these bureaus if you wish to freeze your credit file. KrebsOnSecurity has for many years urged all readers to do just that, because freezing your file is the best way to prevent identity thieves from opening new lines of credit in your name. Parents and guardians also can now freeze the files of their dependents for free.

For more on what a freeze entails and how to place or thaw one, please see this post. Beyond the big three bureaus, Innovis is a distant fourth bureau that some entities use to check consumer creditworthiness. Fortunately, filing a freeze with Innovis likewise is free and relatively painless.

It’s also a good idea to notify a company called ChexSystems to keep an eye out for fraud committed in your name. Thousands of banks rely on ChexSystems to verify customers who are requesting new checking and savings accounts, and ChexSystems lets consumers place a security alert on their credit data to make it more difficult for ID thieves to fraudulently obtain checking and savings accounts. For more information on doing that with ChexSystems, see this link.

If you placed a freeze on your file at the major bureaus more than a few years ago but haven’t revisited the bureaus’ sites lately, it might be wise to do that soon. Following its epic 2017 data breach, Equifax reconfigured its systems to invalidate the freeze PINs it previously relied upon to unfreeze a file, effectively allowing anyone to bypass that PIN if they can glean a few personal details about you. Experian’s site also has undermined the security of the freeze PIN.

I mentioned planting your flag at the credit bureaus first because if you plan to freeze your credit files, it may be wise to do so after you have planted your flag at all the other places listed in this story. That’s because these other places may try to check your identity records at one or more of the bureaus, and having a freeze in place may interfere with that account creation.

YOUR FINANCIAL INSTITUTIONS

I can’t tell you how many times people have proudly told me they don’t bank online, and prefer to manage all of their accounts the old fashioned way. I always respond that while this is totally okay, you still need to establish an online account for your financial providers because if you don’t someone may do it for you.

This goes doubly for any retirement and pension plans you may have. It’s a good idea for people with older relatives to help those individuals set up and manage online identities for their various accounts — even if those relatives never intend to access any of the accounts online.

This process is doubly important for parents and relatives who have just lost a spouse. When someone passes away, there’s often an obituary in the paper that offers a great deal of information about the deceased and any surviving family members, and identity thieves love to mine this information.

YOUR GOVERNMENT

Whether you’re approaching retirement, middle-aged or just starting out in your career, you should establish an account online at the U.S. Social Security Administration. Maybe you don’t believe Social Security money will actually still be there when you retire, but chances are you’re nevertheless paying into the system now. Either way, the plant-your-flag rules still apply.

Ditto for the Internal Revenue Service. A few years back, ID thieves who specialize in perpetrating tax refund fraud were massively registering people at the IRS’s website to download key data from their prior years’ tax transcripts. While the IRS has improved its taxpayer validation and security measures since then, it’s a good idea to mark your territory here as well.

The same goes for your state’s Department of Motor Vehicles (DMV), which maintains an alarming amount of information about you whether you have an online account there or not. Because the DMV also is the place that typically issues state drivers licenses, you really don’t want to mess around with the possibility that someone could register as you, change your physical address on file, and obtain a new license in your name.

Last but certainly not least, you should create an account for your household at the U.S. Postal Service’s Web site. Having someone divert your mail or delay delivery of it for however long they like is not a fun experience.

Also, the USPS has this nifty service called Informed Delivery, which lets residents view scanned images of all incoming mail prior to delivery. In 2018, the U.S. Secret Service warned that identity thieves have been abusing Informed Delivery to let them know when residents are about to receive credit cards or notices of new lines of credit opened in their names. Do yourself a favor and create an Informed Delivery account as well. Note that multiple occupants of the same street address can each have their own accounts.

YOUR HOME

Online accounts coupled with the strongest multi-factor authentication available also are important for any services that provide you with telephone, television and Internet access.

Strange as it may sound, plenty of people who receive all of these services in a bundle from one ISP do not have accounts online to manage their service. This is dangerous because if thieves can establish an account on your behalf, they can then divert calls intended for you to their own phones.

My original Plant Your Flag piece in 2018 told the story of an older Florida man who had pricey jewelry bought in his name after fraudsters created an online account at his ISP and diverted calls to his home phone number so they could intercept calls from his bank seeking to verify the transactions.

If you own a home, chances are you also have an account at one or more local utility providers, such as power and water companies. If you don’t already have an account at these places, create one and secure access to it with a strong password and any other access controls available.

These frequently monopolistic companies traditionally have poor to non-existent fraud controls, even though they effectively operate as mini credit bureaus. Bear in mind that possession of one or more of your utility bills is often sufficient documentation to establish proof of identity. As a result, such records are highly sought-after by identity thieves.

Another common way that ID thieves establish new lines of credit is by opening a mobile phone account in a target’s name. A little-known entity that many mobile providers turn to for validating new mobile accounts is the National Consumer Telecommunications and Utilities Exchange, or nctue.com. Happily, the NCTUE allows consumers to place a freeze on their file by calling their 800-number, 1-866-349-5355. For more information on the NCTUE, see this page.

Have I missed any important items? Please sound off in the comments below.

Parsable scores $60M Series D as pandemic forces faster digitization of industrial sector

It seems the pandemic has forced the business world to digitize faster, and the industrial sector is no different. Parsable, a San Francisco startup that is helping digitize industrial front-line workers, announced a $60 million Series D today.

Activate Capital and Glade Brook Capital Partners co-led the round. They got help from new investors Alumni Ventures Group, Cisco Investments, Downing Ventures, Evolv Ventures and Princeville Capital, along with existing investors Lightspeed Venture Partners, Future Fund, B37 Ventures, Honeywell and Saudi Aramco. Today’s money brings the total raised to more than $133 million, according to the company.

As I wrote at the time of the company’s $40 million Series C in 2018, “Parsable has developed a Connected Worker platform to help bring high tech solutions to deskless industrial workers who have been working mostly with paper-based processes.”

CEO Lawrence Whittle says that while the pandemic has shut some factories, and reduced overall worker headcount, it has still led to increased usage on the platform of companies whose products are considered essential services. What’s more, Parsable’s ability to deal with information on an individual mobile device or laptop means that in many cases, workers can stay separated and not share computers on the factory floor, making the process safer.

“Fortunately, the majority of our focus is in what’s often deemed as essential industries — so consumer packaged goods (CPG), food, beverage, agriculture and related industries such as paper and packaging. Those markets, interestingly enough, predominantly because of consumer demand continue to operate pretty successfully from a demand perspective during this COVID period,” Whittle told TechCrunch.

While the company would not give specific growth numbers, they shared that registered users grew 11x and the number of deployed sites tripled year over year. What’s more, they have users in more than 100 countries encompassing 14 languages.

With the money, the company wants to expand internationally into Asia, EMEA and Latin America. The startup has 120 employees, but plans to hire for essential needs over the next several months, preferring to be conservative and seeing where the pandemic takes the economy in the coming months.

Whittle points out that the diversity of its user base, and the desire to expand into other regions demands that they have a more diverse employee base, even while it’s a clear ethical consideration, as well.

“When you’re serving customers in over 100 countries, and you provide a product in in 14 languages, [having] diversity and inclusion is to some extent a given. What we’re doing as a company […] is taking every opportunity to further lean into that and that’s one of the leading lights of our of our business,” Whittle said.

Parsable launched in 2013. It took a few years to build the product. Today, customers include Georgia-Pacific, Henkel and Shell.

Emergence’s Jason Green still sees plenty of opportunities for enterprise SaaS startups

Jason Green, co-founder and partner at Emergence, has made some solid enterprise SaaS bets over the years, long before it was fashionable to do so. He invested early in companies like Box, ServiceMax, Yammer, SteelBrick and SuccessFactors.

Just those companies alone would be a pretty good track record, but his firm also invested in Salesforce, Zoom, Veeva and Bill.com. One consistent thread runs through Emergence’s portfolio: They focus on the cloud and enterprise, a thesis that has paid off big time. What’s more, every one of those previously mentioned companies had a great founding team and successful exit via either IPO or acquisition.

I spoke with Green in June about his investment performance with enterprise SaaS to get a sense of the secret of his long-term success. We also asked a few of those portfolio company CEOs about what it has been like to work with him over time.

All in on SaaS

Green and his co-founders saw something when it came to the emerging enterprise SaaS market in the early 2000s that a lot of firms missed. Salesforce co-founder and CEO Marc Benioff told a story in 2018 about his early attempts at getting funding for his company — and how every single Silicon Valley firm he talked to turned him down.

Green’s partner, Gordon Ritter, eventually invested in Salesforce as one of the company’s earliest investments because the partners saw something in the SaaS approach, even before the term entered the industry lexicon.

Microsoft Patch Tuesday, August 2020 Edition

Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it’s time once again to backup and patch up!

At least 17 of the bugs squashed in August’s patch batch address vulnerabilities Microsoft rates as “critical,” meaning they can be exploited by miscreants or malware to gain complete, remote control over an affected system with little or no help from users. This is the sixth month in a row Microsoft has shipped fixes for more than 100 flaws in its products.

The most concerning of these appears to be CVE-2020-1380, which is a weaknesses in Internet Explorer that could result in system compromise just by browsing with IE to a hacked or malicious website. Microsoft’s advisory says this flaw is currently being exploited in active attacks.

The other flaw enjoying active exploitation is CVE-2020-1464, which is a “spoofing” bug in virtually supported version of Windows that allows an attacker to bypass Windows security features and load improperly signed files.

Trend Micro’s Zero Day Initiative points to another fix — CVE-2020-1472 — which involves a critical issue in Windows Server versions that could let an unauthenticated attacker gain administrative access to a Windows domain controller and run an application of their choosing. A domain controller is a server that responds to security authentication requests in a Windows environment, and a compromised domain controller can give attackers the keys to the kingdom inside a corporate network.

“It’s rare to see a Critical-rated elevation of privilege bug, but this one deserves it,” said ZDI’S Dustin Childs. “What’s worse is that there is not a full fix available.”

Perhaps the most “elite” vulnerability addressed this month earned the distinction of being named CVE-2020-1337, and refers to a security hole in the Windows Print Spooler service that could allow an attacker or malware to escalate their privileges on a system if they were already logged on as a regular (non-administrator) user.

Satnam Narang at Tenable notes that CVE-2020-1337 is a patch bypass for CVE-2020-1048, another Windows Print Spooler vulnerability that was patched in May 2020. Narang said researchers found that the patch for CVE-2020-1048 was incomplete and presented their findings for CVE-2020-1337 at the Black Hat security conference earlier this month. More information on CVE-2020-1337, including a video demonstration of a proof-of-concept exploit, is available here.

Adobe has graciously given us another month’s respite from patching Flash Player flaws, but it did release critical security updates for its Acrobat and PDF Reader products. More information on those updates is available here.

Keep in mind that while staying up-to-date on Windows patches is a must, it’s important to make sure you’re updating only after you’ve backed up your important data and files. A reliable backup means you’re less likely to pull your hair out when the odd buggy patch causes problems booting the system.

So do yourself a favor and backup your files before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

And as ever, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips.

The Good, the Bad and the Ugly in Cybersecurity – Week 32

The Good

If you are under thirty, and already earned the nicknames “Onassis,” “Flagler,” “Socrates,” and “Ecclesiastes,” and you are wanted by the US Justice department, you have to be some kind of criminal mastermind. And Valerian Chiochiu is just that. On Friday, July 31, he pleaded guilty to a charge of “RICO conspiracy” (Racketeer Influenced and Corrupt Organizations).

Eight years ago he joined a criminal syndicate called “Infraud” and quickly became the technical expert on all malware related matters. He served as the technical “guru” of the organization, instructing other members on using malware. He even created the malware known as FastPOS, dedicated to stealing credit card details from point-of-sale devices.

Infraud activities netted an estimated $568 million in revenue. In its heyday around 2017, there were 10,901 registered members of the Infraud Organization, and they even coined the tagline: “in Fraud we trust”. The ring was taken down in 2018 and Chiochiu is the second of 36 individuals identified by the DOJ as the main conspirators to plead guilty. The DOJ is laudably working towards bringing the perpetrators to justice even years after the operation was dismantled.

The Bad

Intel, the world’s largest chip manufacturer, has been hacked. That in itself is bad, but the attack also saw the theft and subsequent release of 20 gigabytes of confidential files and intellectual property. And it gets even worse. Till Kottmann, a Swiss IT consultant, posted on Twitter a link to a file sharing service today that contains a huge portion of Intel’s IP.

According to sources, the leak contains the following information:

  • Intel ME Bringup guides + (flash) tooling + samples for various platforms
  • Kaby Lake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)
  • Intel CEFDK (Consumer Electronics Firmware Development Kit)
  • Silicon / FSP source code packages for various platforms
  • Various Intel Development and Debugging Tools
  • Simics Simulation for Rocket Lake S and potentially other platforms
  • Binaries for Camera drivers Intel made for SpaceX
  • Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform
  • Kaby Lake FDK training videos
  • Intel Trace Hub + decoder files for various Intel ME versions
  • Elkhart Lake Silicon Reference and Platform Sample Code
  • Debug BIOS/TXE builds for various Platforms
  • Bootguard SDK
  • Intel Snowridge / Snowfish Process Simulator ADK
  • Various schematics

Intel’s response: “We are investigating this situation. The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.”

Beyond that statement, it is unclear how the data was obtained, but the implications for both Intel and cyber security in general could be profound. We’ll be watching closely to see how this one unfolds.

The Ugly

Remember how Twitter was hacked? The FBI was very swift, identifying and arresting the three culprits. The main suspect, recent high school graduate Graham Clark from the city of Tampa, Florida, was arrested last week and pleaded “not guilty”. The Judicial Circuit Court of Florida in Tampa held a bail hearing yesterday to discuss the plaintiff’s request to lower the bail from the original sum set at $725,000. As with many current court hearings, this was held on Zoom. Somehow, the technical details of how to prevent zoom-bombing eluded this particular court staff, and the discussion was interrupted shortly after it began (47 seconds): first with random people making comments, and then, predictably, with someone streaming pornographic videos. The prosecutor’s face says it all.

He then tweeted about the experience:

The nasty part of the discussion was recorded and posted on Twitter (definitely a NSFW link!).

The discussion went on for another 25 minutes before they had to call it quits. The bail remains at $725,000 and Mr. Clark will remain in prison until his next hearing in October, where he will be facing charges for 7 counts of communications fraud and 11 counts of fraudulent use of personal information. Hopefully, the proceedings of the next hearing will be somewhat better protected.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Wendell Brooks has resigned as president of Intel Capital

When Wendell Brooks was promoted to president of Intel Capital, the investment arm of the chip giant, in 2015, he knew he had big shoes to fill. He was taking over from Arvind Sodhani, who had run the investment component for 28 years since its inception. Today, the company confirmed reports that Brooks has resigned that role.

Wendell Brooks has resigned from Intel to pursue other opportunities. We thank Wendell for all his contributions and wish him the best for the future,” a company spokesperson told TechCrunch in a rather bland send off.

Anthony Lin, who has been leading mergers and acquisitions and international investing, will take over on an interim basis. Interestingly, when Brooks was promoted, he too was in charge of mergers and acquisitions. Whether Lin keeps that role remains to be seen.

When I spoke to Brooks in 2015 as he was about to take over from Sodhani, he certainly sounded ready for the task at hand. “I have huge shoes to fill in maintaining that track record,” he said at the time. “I view it as a huge opportunity to grow the focus of organization where we can provide strategic value to portfolio companies.”

In that same interview, Brooks described his investment philosophy, saying he preferred to lead, rather than come on as a secondary investor. “I tend to think the lead investor is able to influence the business thesis, the route to market, the direction, the technology of a startup more than a passive investor,” he said. He added that it also tends to get board seats that can provide additional influence.

Comparing his firm to traditional VC firms, he said they were as good or better in terms of the investing record, and as a strategic investor brought some other advantages as well. “Some of the traditional VCs are focused on a company-building value. We can provide strategic guidance and complement some of the company building over other VCs,” he said.

Over the life of the firm, it has invested $12.9 billion in more than 1,500 companies, with 692 of those exiting via IPO or acquisition. Just this year, under Brooks’ leadership, the company has invested $225 million so far, including 11 new investments and 26 investments in companies already in the portfolio.

Ransomware Prevention | Practical Steps to Reducing Your Attack Surface

Today, SentinelOne released our latest eBook, Understanding Ransomware in the Enterprise, a comprehensive guide to helping organizations understand, plan for, respond to and protect against this now-prevalent threat.

In this post, we reproduce a sample chapter from the ransomware eBook on how to reduce your attack surface.

Ransomware attacks are not going away; in fact, the increasing diversity and total volume enabled by RaaS and affiliate schemes along with the low risk and lucrative returns only serves to suggest that ransomware will continue to evolve and increase in sophistication for the foreseeable future.

Examples like DopplePaymer ransomware employ lightning-fast payloads to perform over 2000 malicious operations on the host in less than 7 seconds. This means that legacy detection and response methods are failing to prevent infections and defenders response to ransomware often starts after the ransomware has achieved its objectives.

In order to become more effective in preventing ransomware, try to implement as many of the following recommendations as possible, where appropriate for your business environment.

Threat Intelligence

How well do you know your attack surface? Prevention starts with intelligence on possible adversaries TTPs. Access to feeds and research powers your defences and helps you to understand and control your attack surface.

Highly organized crimeware groups such as Dridex and TrickBot have demonstrated success at scale utilizing ransomware as their primary attack vectors. Where they once relied primarily on banking fraud, their operations have noticeably shifted. This has attracted many new startup groups attempting to emulate their success. The proliferation of RaaS (Ransomware as a service)  operations have undoubtedly wreaked havoc on many corporate networks.

However, there appears to have been an escalation amongst the groups struggling for dominance in the burgeoning ransomware services. The operators are no longer content with holding a network hostage. They are now seeking major payouts. The operators rifle through networks for days and weeks on end attempting to map the data points and find the juiciest data targets that will provide them with the best leverage for a payout.

Ransomware operators are now attempting to perfect their extortion schemes. Recent statistics put out by the FBI in the RSA presentation, attributed $61 million dollars to the group operating the RYUK ransomware. This figure accounted for operations conducted only between February 2018 and October 2019.

Ebook: Understanding Ransomware in the Enterprise
This guide will help you understand, plan for, respond to and protect against this now-prevalent threat. It offers examples, recommendations and advice to ensure you stay unaffected by the constantly evolving ransomware menace.

The operators of Maze and Revil (sodinokibi) are leveraging media and data leak sites in order to further threaten and humiliate victims into paying out their extortionist demands. Many groups such as DoppelPaymer, Clop, Netwalker, ATO and others have followed suit with leak sites. As the payouts continue, the attacks are not likely to go away anytime soon. The groups are now armed with substantial capital to further their attacks and further improve their products.

Discovery and Inventory

Ransomware criminals take advantage of the challenges and vulnerabilities created by BYOD, IoT and digital transformation initiatives using technologies like social, mobile, cloud, and software defined networks. Remote work forces demanding the ability to work from anywhere, any time whilst accessing company data and using cloud applications also create challenges and increase your attack surface. Visibility into who and what is on your network is crucial.

To control and take action, aim for continuous discovery and fingerprinting of all connected devices using active and passive discovery to identify and create a real time inventory of even intermittently connecting devices. This will help you to find and control rogue endpoints.

Software vulnerabilities allow attackers to use exploit kits to distribute ransomware. Supplementing endpoint discovery with an understanding of what operating systems, software and versions you have on which endpoints and servers is important to any patch management process.

Can you answer these questions?

  • Which devices are connected to my environment?
  • Which devices were connected in my environment?
  • When was a device last seen or first seen in my environment?
  • Which devices are unmanaged and unprotected?
  • What is a device’s IP? MAC? Manufacturer? Type?
  • Does this device have a specific port open?
  • What information does the device report on this port?
  • In which network (behind which GW) is it connected?
  • What applications are installed on connected endpoints?
  • Are there any unauthorized applications running in the organization?

Control Vulnerabilities And Harden Configuration

After you understand what devices are in your environment and what programs are installed on them, you need to control access, mitigate vulnerabilities and harden these endpoints and the software on them.

Centrally managing the evaluation and enforcement of device configuration and compliance is important to reducing your attack surface. Non-compliant devices should be reconfigured and hardened. Enforcing VPN connectivity, mandatory disk encryption, and port control will reduce the attack surface for ransomware.

Patch management is key, but with thousands of new vulnerabilities appearing every year, no organization is realistically going to patch every single one. Having a risk-based structured approach is best, but no approach is infallible.

Having centrally-managed application control allows security teams to control all software running within the endpoint environment and protect against exploits of unpatched vulnerabilities. It allows authorization of new software and prevents other, unauthorized, malicious, untrusted, or unnecessary applications from executing.

Control Human Vulnerabilities

Often with ransomware the weakest link is us, the human. The main entry vector is still email or visiting risky websites. Phishing, spear phishing and whaling are becoming more sophisticated and targeted, loaded with maldocs or ransomware links that tempt even vigilant users to click.

Having a programme of staff education and training is important to create a culture of suspicion and vigilance, sharing real world examples with staff and testing resilience is important, but even the best of us have the weakest of moments. You can reduce risk but you cannot eliminate it with training alone.

You can improve your email security with products that include features such as:

  • Url scanning of inbound or archived email which does not allow clicks on target sites until the site can be checked for malware
  • Detecting weaponized attachments in the mailbox and redirecting to a sandbox before delivery.
  • Protection against impersonation, social engineering, typosquatting and masking

Ransomware only has rights to change and encrypt files if the infected user does. Controlling user access to critical network resources is necessary to limit exposure to this and ensure lateral movement is made more difficult.

Therefore, it is critical to ensure privileges are current and up to date and that users can only access appropriate files and network locations required for their duties.

Monitoring and controlling user behaviour on and off the network will allow alerts and actions to automatically respond to suspicious deviations to server, file share or unusual areas of the network. Recording data, credential usage and connections by endpoints can highlight productivity change or possible security breach signals. Tools like EDR are available to record every file execution and modification, registry change, network connection and binary execution across an organization’s connected endpoints, enhancing threat visibility to speed up action.

Improve Endpoint Security

Almost all organizations have endpoint security; however, to prevent ransomware, static detection and antivirus is no longer enough. Having advanced features in your endpoint protection and the ability to perform endpoint management and hygiene from a centralised management system is increasingly important.

Good endpoint security should include multiple static and behavioural detection engines, using machine learning and AI to speed up detection and analysis. It is also important to have exploit protection, device control, access control, vulnerability and application control. The addition of endpoint detection and response (EDR) into the mix, provides forensic analysis and root cause and immediate response actions like isolation, transfer to sandbox and rollback features to automate remediation are important considerations.

Having these features in one platform and one agent capable of protecting all devices and servers will ensure centralised visibility and control for your cyber security team across your entire endpoint estate.

How Can SentinelOne Help?

SentinelOne provides one platform to prevent, detect, respond, and hunt ransomware across all enterprise assets. See what has never been seen before. Control the unknown. All at machine speed.

Want to learn more about defending your organization against ransomware? Read the full eBook.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Amazon inks cloud deal with Airtel in India

Amazon has found a new partner to expand the reach of its cloud services business — AWS — in India, the world’s second largest internet market.

On Wednesday, the e-commerce giant announced it has partnered with Bharti Airtel, the third-largest telecom operator in India with more than 300 million subscribers, to sell a wide-range of AWS offerings under Airtel Cloud brand to small, medium, and large-sized businesses in the country.

The deal could help AWS, which leads the cloud market in India, further expand its dominance in the country. The move follows a similar deal Reliance Jio — India’s largest telecom operator and which has raised more than $20 billion in recent months from Google, Facebook and a roster of other high-profile investors — struck with Microsoft last year to sell cloud services to small businesses. The two announced a 10-year partnership to “serve millions of customers.”

Airtel, which serves over 2,500 large enterprises and more than a million emerging businesses, itself signed a similar cloud deal with Google in January this year. That partnership is still in place, Airtel said.

“AWS brings over 175 services to the table. We pretty much support any workload on the cloud. We have the largest and the most vibrant community of customers,” said Puneet Chandok, President of AWS in India and South Asia, on a call with reporters Wednesday noon.

The two companies, which signed a similar agreement in 2015, will also collaborate on building new services and help existing customers migrate to Airtel Cloud, they said.

Today’s deal illustrates Airtel’s push to build businesses beyond its telecom venture, said Harmeen Mehta, Global CIO and Head of Cloud and Security Business at Airtel, on the call. Last month, Airtel partnered with Verizon — TechCrunch’s parent company — to sell BlueJeans video conferencing service to business customers in India.

Deals with carriers were very common a decade ago in India as tech giants rushed to amass users in the country. Replicating a similar strategy now illustrates the phase of the cloud adoption in the nation.

Nearly half a billion people in India came online last decade. And slowly, small businesses and merchants are also beginning to use digital tools, storage services, and accept online payments.

India has emerged as one of the emerging leading grounds for cloud services. The public cloud services market of the country is estimated to reach $7.1 billion by 2024, according to research firm IDC.

Harness makes first acquisition, snagging open-source CI company Drone.io

Harness has made a name for itself creating tools like continuous delivery (CD) for software engineers to give them the kind of power that has been traditionally reserved for companies with large engineering teams like Google, Facebook and Netflix. Today, the company announced it has acquired Drone.io, an open-source continuous integration (CI) company, marking the company’s first steps into open source, as well as its first acquisition.

The companies did not share the purchase price.

“Drone is a continuous integration software. It helps developers to continuously build, test and deploy their code. The project was started in 2012, and it was the first cloud-native, container-native continuous integration solution on the market, and we open sourced it,” company co-founder Brad Rydzewski told TechCrunch.

Drone delivers pipeline configuration information as code in a Docker container. Image: Drone.io

While Harness had previously lacked a CI tool to go with its continuous delivery tooling, founder and CEO Jyoti Bansal said this was less about filling in a hole than expanding the current platform.

“I would call it an expansion of our vision and where we were going. As you and I have talked in the past, the mission of Harness is to be a next-generation software delivery platform for everyone,” he said. He added that buying Drone had a lot of upside.”It’s all of those things — the size of the open-source community, the simplicity of the product — and it [made sense], for Harness and Drone to come together and bring this integrated CI/CD to the market.”

While this is Harness’ first foray into open source, Bansal says it’s just the starting point and they want to embrace open source as a company moving forward. “We are committed to getting more and more involved in open source and actually making even more parts of Harness, our original products, open source over time as well,” he said.

For Drone community members who might be concerned about the acquisition, Bansal said he was “100% committed” to continuing to support the open-source Drone product. In fact, Rydzewski said he wanted to team with Harness because he felt he could do so much more with them than he could have done continuing as a standalone company.

“Drone was a growing community, a growing project and a growing business. It really came down to I think the timing being right and wanting to partner with a company like Harness to build the future. Drone laid a lot of the groundwork, but it’s a matter of taking it to the next level,” he said.

Bansal says that Harness intends to also offer on the Harness platform a commercial version of Drone with some enterprise features, even while continuing to support the open source side of it.

Drone was founded in 2012. The only money it raised was $28,000 when it participated in the Alchemist Accelerator in 2013, according to Crunchbase data. The deal has closed and Rydzewski has joined the Harness team.

Kubermatic launches open-source service hub to enable complex service management

As Kubernetes and cloud-native technologies proliferate, developers and IT have found a growing set of technical challenges they need to address, and new concepts and projects have popped up to deal with them. For instance, operators provide a way to package, deploy and manage your cloud-native application in an automated way. Kubermatic wants to take that concept a step further, and today the German startup announced KubeCarrier, a new open-source, cloud-native service management hub.

Kubermatic co-founder Sebastian Scheele says three or four years ago, the cloud-native community needed to solve a bunch of technical problems around deploying Kubernetes clusters, such as overlay networking, service meshes and authentication. He sees a similar set of problems arising today where developers need more tools to manage the growing complexity of running Kubernetes clusters at scale.

Kubermatic has developed KubeCarrier to help solve one aspect of this. “What we’re currently focusing on is how to provision and manage workloads across multiple clusters, and how IT organizations can have a service hub where they can provide those services to their organizations in a centralized way,” Scheele explained.

Scheele says that KubeCarrier provides a way to manage and implement all of this, giving organizations much greater flexibility beyond purely managing Kubernetes. While he sees organizations with lots of Kubernetes operators, he says that as he sees it, it doesn’t stop there. “We have lots of Kubernetes operators now, but how do we manage them, especially when there are multiple operators, [along with] the services they are provisioning,” he asked.

This could involve provisioning something like Database as a Service inside the organization or for external customers, while combining or provisioning multiple services, which are working on multiple levels and a need a way to communicate with each other.

“That is where KubeCarrier comes in. Now, we can help our customers to build this kind of automation around provisioning, and service capability so that different teams can provide different services inside the organization or to external customers,” he said.

As the company explains it, “KubeCarrier addresses these complexities by harnessing the Kubernetes API and Operators into a central framework allowing enterprises and service providers to deliver cloud native service management from one multi-cloud, multi-cluster hub.”

KubeCarrier is available on GitHub, and Scheele says the company is hoping to get feedback from the community about how to improve it. In parallel, the company is looking for ways to incorporate this technology into its commercial offerings, and that should be available in the next 3-6 months, he said.