Proxyclick visitor management system adapts to COVID as employee check-in platform

Proxyclick began life by providing an easy way to manage visitors in your building with an iPad-based check-in system. As the pandemic has taken hold, however, customer requirements have changed, and Proxyclick is changing with them. Today the company announced Proxyclick Flow, a new system designed to check in employees during the time of COVID.

“Basically when COVID hit our customers told us that actually our employees are the new visitors. So what you used to ask your visitors, you are now asking your employees — the usual probing question, but also when are you coming and so forth. So we evolved the offering into a wider platform,” Proxyclick co-founder and CEO Gregory Blondeau explained.

That means instead of managing a steady flow of visitors — although it can still do that — the company is focusing on the needs of customers who want to open their offices on a limited basis during the pandemic, based on local regulations. To help adapt the platform for this purpose, the company developed the Proovr smartphone app, which employees can use to check in prior to going to the office, complete a health checklist, see who else will be in the office and make sure the building isn’t over capacity.

When the employee arrives at the office, they get a temperature check, and then can use the QR code issued by the Proovr app to enter the building via Proxyclick’s check-in system or whatever system they have in place. Beyond the mobile app, the company has designed the system to work with a number of adjacent building management and security systems so that customers can use it in conjunction with existing tooling.

They also beefed up the workflow engine that companies can adapt based on their own unique entrance and exit requirements. The COVID workflow is simply one of those workflows, but Blondeau recognizes not everyone will want to use the exact one they have provided out of the box, so they designed a flexible system.

“So the challenge was technical on one side to integrate all the systems, and afterwards to group workflows on the employee’s smartphone, so that each organization can define its own workflow and present it on the smartphone,” Blondeau said.

Once in the building, the systems registers your presence and the information remains on the system for two weeks for contact tracing purposes should there be an exposure to COVID. You check out when you leave the building, but if you forget, it automatically checks you out at midnight.

The company was founded in 2010 and has raised $19.6 million. The most recent raise was a $18.5 million Series B in January.

Forrester TEI Study: SentinelOne Singularity XDR Platform Can Deliver ROI of 353%

Understanding the ROI of cybersecurity investments is critical to building an effective program. Forrester’s Total Economic Impact™ (TEI) study captures the value SentinelOne delivers.

Global enterprises managing thousands of user endpoints across various devices are increasingly susceptible to the rising threat of criminal malware and ransomware activity. Successful attacks can be costly and result in customer data loss, diminished brand reputation, customer attrition, and ultimately revenue loss.

That’s why successful enterprises turn to SentinelOne to provide a comprehensive solution to protect endpoints by automatically detecting and resolving sophisticated cyberthreats and eliminating vulnerable entry and egress points.

“SentinelOne gives us coverage and visibility across our entire global entity, stopping security threats before they can enter. I’ve been in this business for 25 years, and I’ve never seen anything like it.” — Enterprise security architect, global workforce solution at interviewed organization

To measure the ROI our technology delivers in production, we commissioned Forrester Consulting to conduct a custom research study using the Total Economic Impact™ methodology. The study measured the business benefits, and the potential return on investment (ROI) enterprises realize by deploying SentinelOne Singularity XDR platform. The results of the TEI study provide organizations of all types with a framework to evaluate the potential financial impact of the Singularity platform on their organizations.

Key benefits that customers experienced from SentinelOne Singularity XDR platform include:

  • SentinelOne provides gains of $3M through consolidation and increased coverage. SentinelOne’s consolidated platform increased coverage from 50% to 100% while simultaneously reducing cybersecurity platform subscription fees. Customers could replace their various legacy systems with a single agent solution that doubled their threat coverage to 100%. This enables customers to save $3M over three years.
  • SentinelOne significantly reduces the risk of successful malware and ransomware attacks, saving customers $671,000. SentinelOne’s threat detection through AI-generated behavior analysis can neutralize many cybersecurity concerns before they enter an organization’s digital environment. SentinelOne ActiveEDR can identify continuously morphing malicious code, providing a second layer of threat protection to a less complex, first-line, signature-based endpoint protection tool. This benefits customers with a savings of $671,000 over three years.
“When suspicious activity is flagged, I can see its entire history—SentinelOne is a phenomenal tool.”Security team member at interviewed organization
  • SentinelOne reduces the time and effort required by security and IT teams, enabling savings of $1.2M. Security and IT desktop teams spend less time searching, remediating, and fixing the effects of cyberattacks. SentinelOne gives visibility to the root cause, including an attacker’s ingress, egress, and lateral actions. Attack recovery is simple and designed to be an automated, single-click operation, which promotes efficiencies as coding is not required to replay and reverse an attacker’s steps, enabling enterprises to save $1.2 million.

    The legacy solutions organizations employed were on-premises, stacked solutions that required frequent, time-consuming upgrades as well as significant management and maintenance time. SentinelOne helped completely replace their more cumbersome on-premises solutions with SentinelOne’s single platform that can be managed with fewer FTE hours. The average savings reported is 300 FTE hours per month.

  • SentinelOne provides a unified, cloud-based solution.
    SaaS offering allows the customer and its endpoint users flexibility regarding the physical location and access while still maintaining vigilance.

In addition, SentinelOne also provides customers with increased cybersecurity team satisfaction and tailored, expert customer service.

SentinelOne Singularity XDR Platform is an industry-first data lake that seamlessly fuses the data, access, control, and integration planes of its endpoint protection, endpoint detection and response, IoT security, and cloud workload security into a centralized platform. With Singularity, organizations gain access to back-end data across the organization through a single solution, providing a cohesive view of their network and assets by adding a real-time autonomous security layer across all enterprise assets.

Read the full Forrester Total Economic Impact™ (TEI) study.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Friday app, a remote work tool, raises $2.1 million led by Bessemer

Friday, an app looking to make remote work more efficient, has announced the close of a $2.1 million seed round led by Bessemer Venture Partners. Active Capital, Underscore, El Cap Holdings, TLC Collective and New York Venture Partners also participated in the round, among others.

Founded by Luke Thomas, Friday sits on top of the tools that teams already use — GitHub, Trello, Asana, Slack, etc. — to surface information that workers need when they need it and keep them on top of what others in the organization are doing.

The platform offers a Daily Planner feature, so users can roadmap their day and share it with others, as well as a Work Routines feature, giving users the ability to customize and even automate routine updates. For example, weekly updates or daily standups done via Slack or Google Hangouts can be done via Friday app, eliminating the time spent by managers, or others, jotting down these updates or copying that info over from Slack.

Friday also lets users set goals across the organization or team so that users’ daily and weekly work aligns with the broader OKRs of the company.

Plus, Friday users can track their time spent in meetings, as well as team morale and productivity, using the Analytics dashboard of the platform.

Friday has a free-forever model, which allows individual users or even organizations to use the app for free for as long as they want. More advanced features like Goals, Analytics and the ability to see past three weeks of history within the app are paywalled for a price of $6/seat/month.

Thomas says that one of the biggest challenges for Friday is that people automatically assume it’s competing with an Asana or Trello, as opposed to being a layer on top of these products that brings all that information into one place.

“The number one problem is that we’re in a noisy space,” said Thomas. “There are a lot of tools that are saying they’re a remote work tool when they’re really just a layer on top of Zoom or a video conferencing tool. There is certainly increased amount of interest in the space in a good and positive way, but it also means that we have to work harder to cut through the noise.”

The Friday team is small for now — four full-time staff members — and Thomas says that he plans to double the size of the team following the seed round. Thomas declined to share any information around the diversity breakdown of the team.

Following a beta launch at the beginning of 2020, Friday says it is used by employees at organizations such as Twitter, LinkedIn, Quizlet, Red Hat and EA, among others.

This latest round brings the company’s total funding to $2.5 million.

AvePoint to go public via SPAC valued at $2B

AvePoint, a company that gives enterprises using Microsoft Office 365, SharePoint and Teams a control layer on top of these tools, announced today that it would be going public via a SPAC merger with Apex Technology Acquisition Corporation in a deal that values AvePoint at around $2 billion.

The acquisition brings together some powerful technology executives with Apex run by former Oracle CFO Jeff Epstein and former Goldman Sachs head of technology investment banking Brad Koenig, who will now be working closely with AvePoint’s CEO Tianyi Jiang. Apex filed for a $305 million SPAC in September 2019.

Under the terms of the transaction, Apex’s balance of $352 million plus a $140 million additional private investment will be handed over to AvePoint. Once transaction fees and other considerations are paid for, AvePoint is expected to have $252 million on its balance sheet. Existing AvePoint shareholders will own approximately 72% of the combined entity, with the balance held by the Apex SPAC and the private investment owners.

Jiang sees this is a way to keep growing the company. “Going public now gives us the ability to meet this demand and scale up faster across product innovation, channel marketing, international markets and customer success initiatives,” he said in a statement.

AvePoint was founded in 2001 as a company to help ease the complexity of SharePoint installations, which at the time were all on-premise. Today, it has adapted to the shift to the cloud as a SaaS tool and primarily acts as a policy layer enabling companies to make sure employees are using these tools in a compliant way.

The company raised $200 million in January this year led by Sixth Street Partners (formerly TPG Sixth Street Partners), with additional participation from prior investor Goldman Sachs, meaning that Koenig was probably familiar with the company based on his previous role.

The company has raised a total of $294 million in capital before today’s announcement. It expects to generate almost $150 million in revenue by the end of this year with ARR growing at over 30%. It’s worth noting that the company’s ARR and revenue has been growing steadily since Q12019. The company is projecting significant growth for the next two years with revenue estimates of $257 million and ARR of $220 million by the end of 2022.

Graph of revenue and projected revenue

Image Credits: AvePoint

The deal is expected to close in the first quarter of next year. Upon close the company will continue to be known as AvePoint and be publicly traded on NASDAQ under the new ticker symbol AVPT.

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world’s largest domain name registrar, KrebsOnSecurity has learned.

The incident is the latest incursion at GoDaddy that relied on tricking employees into transferring ownership and/or control over targeted domains to fraudsters. In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com.

And in May of this year, GoDaddy disclosed that 28,000 of its customers’ web hosting accounts were compromised following a security incident in Oct. 2019 that wasn’t discovered until April 2020.

This latest campaign appears to have begun on or around Nov. 13, with an attack on cryptocurrency trading platform liquid.com.

“A domain hosting provider ‘GoDaddy’ that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor,” Liquid CEO Mike Kayamori said in a blog post. “This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.”

In the early morning hours of Nov. 18 Central European Time (CET), cyptocurrency mining service NiceHash disccovered that some of the settings for its domain registration records at GoDaddy were changed without authorization, briefly redirecting email and web traffic for the site. NiceHash froze all customer funds for roughly 24 hours until it was able to verify that its domain settings had been changed back to their original settings.

“At this moment in time, it looks like no emails, passwords, or any personal data were accessed, but we do suggest resetting your password and activate 2FA security,” the company wrote in a blog post.

NiceHash founder Matjaz Skorjanc said the unauthorized changes were made from an Internet address at GoDaddy, and that the attackers tried to use their access to its incoming NiceHash emails to perform password resets on various third-party services, including Slack and Github. But he said GoDaddy was impossible to reach at the time because it was undergoing a widespread system outage in which phone and email systems were unresponsive.

“We detected this almost immediately [and] started to mitigate [the] attack,” Skorjanc said in an email to this author. “Luckily, we fought them off well and they did not gain access to any important service. Nothing was stolen.”

Skorjanc said NiceHash’s email service was redirected to privateemail.com, an email platform run by Namecheap Inc., another large domain name registrar. Using Farsight Security, a service which maps changes to domain name records over time, KrebsOnSecurity instructed the service to show all domains registered at GoDaddy that had alterations to their email records in the past week which pointed them to privateemail.com. Those results were then indexed against the top one million most popular websites according to Alexa.com.

The result shows that several other cryptocurrency platforms also may have been targeted by the same group, including Bibox.com, Celsius.network, and Wirex.app. None of these companies responded to requests for comment.

In response to questions from KrebsOnSecurity, GoDaddy acknowledged that “a small number” of customer domain names had been modified after a “limited” number of GoDaddy employees fell for a social engineering scam. GoDaddy said the outage between 7:00 p.m. and 11:00 p.m. PST on Nov. 17 was not related to a security incident, but rather a technical issue that materialized during planned network maintenance.

“Separately, and unrelated to the outage, a routine audit of account activity identified potential unauthorized changes to a small number of customer domains and/or account information,” GoDaddy spokesperson Dan Race said. “Our security team investigated and confirmed threat actor activity, including social engineering of a limited number of GoDaddy employees.

“We immediately locked down the accounts involved in this incident, reverted any changes that took place to accounts, and assisted affected customers with regaining access to their accounts,” GoDaddy’s statement continued. “As threat actors become increasingly sophisticated and aggressive in their attacks, we are constantly educating employees about new tactics that might be used against them and adopting new security measures to prevent future attacks.”

Race declined to specify how its employees were tricked into making the unauthorized changes, saying the matter was still under investigation. But in the attacks earlier this year that affected escrow.com and several other GoDaddy customer domains, the assailants targeted employees over the phone, and were able to read internal notes that GoDaddy employees had left on customer accounts.

What’s more, the attack on escrow.com redirected the site to an Internet address in Malaysia that hosted fewer than a dozen other domains, including the phishing website servicenow-godaddy.com. This suggests the attackers behind the March incident — and possibly this latest one — succeeded by calling GoDaddy employees and convincing them to use their employee credentials at a fraudulent GoDaddy login page.

In August 2020, KrebsOnSecurity warned about a marked increase in large corporations being targeted in sophisticated voice phishing or “vishing” scams. Experts say the success of these scams has been aided greatly by many employees working remotely thanks to the ongoing Coronavirus pandemic.

A typical vishing scam begins with a series of phone calls to employees working remotely at a targeted organization. The phishers often will explain that they’re calling from the employer’s IT department to help troubleshoot issues with the company’s email or virtual private networking (VPN) technology.

The goal is to convince the target either to divulge their credentials over the phone or to input them manually at a website set up by the attackers that mimics the organization’s corporate email or VPN portal.

On July 15, a number of high-profile Twitter accounts were used to tweet out a bitcoin scam that earned more than $100,000 in a few hours. According to Twitter, that attack succeeded because the perpetrators were able to social engineer several Twitter employees over the phone into giving away access to internal Twitter tools.

An alert issued jointly by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) says the perpetrators of these vishing attacks compile dossiers on employees at their targeted companies using mass scraping of public profiles on social media platforms, recruiter and marketing tools, publicly available background check services, and open-source research.

The FBI/CISA advisory includes a number of suggestions that companies can implement to help mitigate the threat from vishing attacks, including:

• Restrict VPN connections to managed devices only, using mechanisms like hardware checks or installed certificates, so user input alone is not enough to access the corporate VPN.

• Restrict VPN access hours, where applicable, to mitigate access outside of allowed times.

• Employ domain monitoring to track the creation of, or changes to, corporate, brand-name domains.

• Actively scan and monitor web applications for unauthorized access, modification, and anomalous activities.

• Employ the principle of least privilege and implement software restriction policies or other controls; monitor authorized user accesses and usage.

• Consider using a formalized authentication process for employee-to-employee communications made over the public telephone network where a second factor is used to
authenticate the phone call before sensitive information can be discussed.

• Improve 2FA and OTP messaging to reduce confusion about employee authentication attempts.

• Verify web links do not have misspellings or contain the wrong domain.

• Bookmark the correct corporate VPN URL and do not visit alternative URLs on the sole basis of an inbound phone call.

• Be suspicious of unsolicited phone calls, visits, or email messages from unknown individuals claiming to be from a legitimate organization. Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information. If possible, try to verify the caller’s identity directly with the company.

• If you receive a vishing call, document the phone number of the caller as well as the domain that the actor tried to send you to and relay this information to law enforcement.

• Limit the amount of personal information you post on social networking sites. The internet is a public resource; only post information you are comfortable with anyone seeing.

• Evaluate your settings: sites may change their options periodically, so review your security and privacy settings regularly to make sure that your choices are still appropriate.

The Good, the Bad and the Ugly in Cybersecurity – Week 47

The Good

What could be better than a new security feature? Why, one that users are asked for their input as it’s developed and rolled out, of course! In a welcome move for browser security and user participation, Mozilla this week announced that it is opening a public “comment period” regarding its recent DNS-over-HTTPS (DoH) feature.

Quick refresher: DNS is the means by which browsers “lookup” the actual IP address of domain names, like sentinelone.com, for example. However, these lookups travel across the network – through various gateways and servers – entirely unencrypted. That means each of those points can both potentially “sniff” and interfere with the lookup. With DoH (pronounced “dough”, apparently), DNS lookups are encrypted between the requesting browser and the DNS resolver via HTTPS.


Source: Mozilla

What’s not to like? Well, ISPs for one aren’t over-the-moon about it because it can disrupt their ability to inject ads into users’ browsing requests. However, there are other, more legitimate, concerns such as making it more difficult for security tools to monitor and filter malicious web traffic. In the UK, authorities use DNS as a tool to fight child exploitation by filtering out domains serving up illegal content.

Given these concerns and the many different use cases for DNS filtering, Mozilla have taken the welcome step of eliciting public comment, open until January 4th 2021, on how the feature should be deployed. The company say they want to “crowdsource ideas, recommendations, and insights that can help us maximise the security and privacy-enhancing benefits of our implementation of DoH”. They go on to say that they “We welcome contributions for anyone who cares about the growth of a healthy, rights-protective and secure Internet”. Apple, take note?

The Bad

While we’re on the topic of web security, this week’s bad news concerns a suspected REvil ransomware attack on managed web hosting solution provider Managed.com. While the attack at first seemed to be limited in scale, the company soon had to take down its entire web hosting infrastructure, which affected blogging platform giants WordPress, among others.

The company says that it is both working to resolve the incident and cooperating with law enforcement agencies in an attempt to identify the entities involved in the attack. That’s not just out of a sense of public duty; it is pretty much a requirement these days as companies need to ensure that if they consider paying the attackers, they will not risk legal sanctions for dealing with certain proscribed entities.

BleepingComputer report that the perpertrators were likely REvil and that they are demanding a $500,000 ransom for a decryptor.


Source: BleepingComputer

There’s no suggestion at this point that Managed.com have had any contact with the perpetrators. Per their official statement, the company say their “Technology and Information Security teams are working diligently to eliminate the threat and restore our customers to full capacity.”

The Ugly

Since the start of the pandemic in early 2020, video conferencing software has come under a lot of scrutiny with regard to security, with Zoom, for example, taking a lot of the early heat. But the problems they faced were perhaps nowhere near as serious as three recently disclosed vulnerabilities in Cisco Webex.

Researchers from IBM discovered that Webex meetings could be “haunted” by invisible participants. These uninvited “ghost” guests could join meetings without showing up in the participants list and could remain in the meeting even if the host tried to expel them. To top it all, a third vulnerability made it possible to gather information about other attendees without joining the meeting at all.

According to the researchers, the vulnerabilities reside in the way Cisco Webex handles the “handshake” process between the client app and the Webex server and affect both scheduled meetings and Webex Personal Rooms. The vulnerabilities were also demonstrated on multiple platforms, including Windows, macOS and iOS.

IBM claim that employees now spend over 5 billion minutes per month in virtual meetings, which makes these kind of flaws extremely inviting targets for threat actors.


Source: IBM Research

However, there’s no evidence at the moment to suggest that malicious actors have been abusing the bugs, and Cisco have released security patches for both the Cisco Webex server and all affected client applications. Users of Cisco Webex client and server software are advised to patch without delay.

Meanwhile, the researchers filed three CVEs against the vulnerabilities, namely CVE-2020-3441, CVE-2020-3471, and CVE-2020-3419.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

FireEye acquires Respond Software for $186M, announces $400M investment

The security sector is ever frothy and acquisitive. Just last week Palo Alto Networks grabbed Expanse for $800 million. Today it was FireEye’s turn, snagging Respond Software, a company that helps customers investigate and understand security incidents, while reducing the need for highly trained (and scarce) security analysts. The deal has closed, according to the company.

FireEye had its eye on Respond’s Analyst product, which it plans to fold into its Mandiant Solutions platform. Like many companies today, FireEye is focused on using machine learning to help bolster its solutions and bring a level of automation to sorting through the data, finding real issues and weeding out false positives. The acquisition gives them a quick influx of machine learning-fueled software.

FireEye sees a product that can help add speed to its existing tooling. “With Mandiant’s position on the front lines, we know what to look for in an attack, and Respond’s cloud-based machine learning productizes our expertise to deliver faster outcomes and protect more customers,” Kevin Mandia, FireEye CEO said in a statement announcing the deal.

Mike Armistead, CEO at Respond, wrote in a company blog post that today’s acquisition marks the end of a four-year journey for the startup, but it believes it has landed in a good home with FireEye. “We are proud to announce that after many months of discussion, we are becoming part of the Mandiant Solutions portfolio, a solution organization inside FireEye,” Armistead wrote.

While FireEye was at it, it also announced a $400 million investment from Blackstone Tactical Opportunities fund and ClearSky (an investor in Respond), giving the public company a new influx of cash to make additional moves like the acquisition it made today.

It didn’t come cheap. “Under the terms of its investment, Blackstone and ClearSky will purchase $400 million in shares of a newly designated 4.5% Series A Convertible Preferred Stock of FireEye (the ‘Series A Preferred’), with a purchase price of $1,000 per share. The Series A Preferred will be convertible into shares of FireEye’s common stock at a conversion price of $18.00 per share,” the company explained in a statement. The stock closed at $14.24 today.

Respond, which was founded in 2016, raised $32 million, including a $12 million Series A in 2017 led by CRV and Foundation Capital and a $20 million Series B led by ClearSky last year, according to Crunchbase data.

Onit acquires legal startup McCarthyFinch to inject AI into legal workflows

Onit, a workflow software company based in Houston with a legal component, announced this week that it has acquired 2018 TechCrunch Disrupt Battlefield alum McCarthyFinch.  Onit intends to use the startup’s AI skills to beef up its legal workflow software offerings.

The companies did not share the purchase price.

After evaluating a number of companies in the space, Onit focused on McCarthyFinch, which gives it an artificial intelligence component the company’s legal workflow software had been lacking. “We evaluated about a dozen companies in the AI space and dug in deep on six of them. McCarthyFinch stood out from the pack. They had the strongest technology and the strongest team,” Eric M. Elfman, CEO and co-founder of Onit told TechCrunch.

The company intends to inject that AI into its existing Aptitude workflow platform.”Part of what really got me excited about McCarthyFinch was the very first conversation I had with their CEO, Nick Whitehouse. They considered themselves an AI platform, which complemented our approach and our workflow automation platform, Aptitude,” Elfman said.

McCarthyFinch CEO and co-founder Whitehouse says the startup was considering whether to raise more money or look at being acquired earlier this year when Onit made its interest known. At first, he wasn’t really interested in being acquired and was hoping to go the partner route, but over time that changed.

“I was very much on the partner track, and was probably quite dismissive to begin with because I was quite focused on that partner strategy. But as we talked, all egos aside, it just made sense [to move to acquisition talks],” Whitehouse said.

The talks heated up in May and the deal officially closed last week. With Onit, headquartered in Houston and McCarthyFinch in New Zealand, the negotiations and meetings all happened on Zoom. The two companies’ principals have never met in person. The plan is for McCarthyFinch to stay in place, even after the pandemic ends. Whitehouse expects to make a trip to Houston whenever it is safe to do so.

Whitehouse says his experience with Battlefield has had a huge influence on him. “Just the insights that we got through Battlefield, the coaching that we got, those things have stuck with me and they’ll stick with me for the rest of my life,” he said.

The company had 45 customers and 17 employees at the time of the acquisition. It raised $5 million US dollars along the way. Now it becomes part of Onit as the journey continues.

Convicted SIM Swapper Gets 3 Years in Jail

A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just under three years in prison. The defendant is part of an alleged conspiracy involving at least eight others in the United States who stand accused of theft via SIM swapping, a crime that involves convincing mobile phone company employees to transfer ownership of the target’s phone number to a device the attackers control.

Conor Freeman of Dublin took part in the theft of more than two million dollars worth of cryptocurrency from different victims throughout 2018. Freeman was named as a member of a group of alleged SIM swappers called “The Community” charged last year with wire fraud in connection with SIM swapping attacks that netted in excess of $2.4 million.

Among the eight others accused are three former wireless phone company employees who allegedly helped the gang hijack mobile numbers tied to their targets. Prosecutors say the men would identify people likely to have significant cryptocurrency holdings, then pay their phone company cohorts to transfer the victim’s mobile service to a new SIM card — the smart chip in each phone that ties a customer’s device to their number.

A fraudulent SIM swap allows the bad guys to intercept a target’s incoming phone calls and text messages. This is dangerous because a great many sites and services still allow customers to reset their passwords simply by clicking on a link sent via SMS. From there, attackers can gain access to any accounts that allow password resets via SMS or automated calls, from email and social media profiles to virtual currency trading platforms.

Like other accused members of The Community, Freeman was an active member of OGUsers, a forum that caters to people selling access to hijacked social media and other online accounts. But unlike others in the group, Freeman used his real name (username: Conor), and disclosed his hometown and date of birth to others on the forum. At least twice in the past few years OGUsers was hacked, and its database of profiles and user messages posted online.

According to a report in The Irish Times, Freeman spent approximately €130,000, which he had converted into cash from the stolen cryptocurrency. Conor posted on OGUsers that he spent approximately $14,000 on a Rolex watch. The rest was handed over to the police in the form of an electronic wallet that held the equivalent of more than $2 million.

The Irish Times says the judge in the case insisted the three-year sentence was warranted in order to deter the defendant and to prevent others from following in his footsteps. The judge said stealing money of this order is serious because no one can know the effect it will have on the victim, noting that one victim’s life savings were taken and the proceeds of the sale of his house were stolen.

One way to protect your accounts against SIM swappers is to remove your phone number as a primary or secondary authentication mechanism wherever possible. Many online services require you to provide a phone number upon registering an account, but in many cases that number can be removed from your profile afterwards.

It’s also important for people to use something other than text messages for two-factor authentication on their email accounts when stronger authentication options are available. Consider instead using a mobile app like Authy, Duo, or Google Authenticator to generate the one-time code. Or better yet, a physical security key if that’s an option.

5 Key Factors for Successful Cloud Operations

The pace of cloud adoption continues to accelerate as businesses reap the benefits of speed, flexibility, and lower costs. While initially it was IT departments who pushed for a migration to the cloud, the C-suite have come to realize the many positive effects of cloud platforms: accelerating business innovation, transforming business functions, enhancing communication and collaboration, and increasing productivity.

Some may think that migrating to the cloud is a simple, one-off exercise. However, this is far from true. Without a rigorous plan from day one to tackle the complex issues pertaining to cloud adoption, the journey to the cloud can quickly create problems. Unforeseen costs, lack of scalability and availability, weak security controls and compliance violations are all factors that can cause corporate stakeholders concern.

It may also not be obvious that migrating to the cloud does not mean the end of all your on-premises infrastructure. On the contrary, these “traditional” data centers will be around for a considerable time, creating a hybrid environment further complicating decisions and investments.

Given that cloud needs are tied so closely to other business operations and objectives, the journey to the cloud is different for every organization. Some organizations start with a very well thought-out strategy, while others may be responding to a request from the business or an emergency such as the coronavirus pandemic and the shift to remote working.

No matter the motivation, the following five factors are essential for successful cloud operations.

1. Define Your Cloud Strategy

Before starting your journey into the cloud, a new due diligence process will be required. You should spend time building your strategy and defining your end state in business terms. This overarching strategy paper, which can be as short as two pages, should define:

  •   Measurable business objectives
  •   The strategies and tactics to be employed in support of those objectives
  •   The principles and priorities that will guide decision-making

Additionally, you should invest time and effort to find the right partners: the cloud providers that will help you to achieve your objectives. You should explore all available options, looking beyond the hype.

Seek and discover the providers’ development roadmaps, contingency plans, and get client references if possible.

Finally, since the cloud is an ever-expanding ecosystem, take the time to educate your corporate stakeholders and executives and seek technical help to close the skills gap.

2. Plan Your Cloud Security Carefully

Cloud security is the primary concern for security teams and CISOs. You should ensure that everyone is familiar with the Shared Responsibilities Model, placing the responsibility of data protection and encryption at the hands of the enterprise. Embracing a multi-cloud environment while maintaining some degree of on-premises infrastructure requires investing in a single, central, vendor-agnostic solution that can help you protect all your assets – on-premises and in the cloud.

Another area of concern is to be able to effectively authenticate everyone and everything requesting access to your assets. The introduction of cloud platforms blurs the corporate boundaries and trust becomes a vulnerability rather than an advantage. Make sure to leverage Zero Trust security principles and cultivate a “trust nothing, always verify” mindset.

Planning for and implementing security controls while migrating to the cloud is important to avoid costly data breaches and violations of regulatory compliance. Data encryption at rest and in transit, identity and access management, and RBAC controls should always be in your playbook.

Employees and applications interact with cloud workloads, which act as access points to corporate networks and create points of entry that can be exploited by cyber criminals. The use of a variety of cloud platforms and a lack of visibility into these endpoints create an expanded attack surface.

Businesses need to adapt their traditional security controls to protect these cloud-based endpoints by employing EDR solutions for workloads that provide continuous visibility and enable proactive threat identification.

Automated Application Control for Cloud Workloads
Protect cloud-native workloads with advanced lockdown capabilities that guarantee the immutable state of containerized workloads.

Finally, you should be comfortable that the providers’ security policies and practices can provide an adequate level of threat protection to mitigate risks and common vulnerabilities while addressing business specific requirements.

3. Build Strong Relationships with Cloud Providers

Cloud providers are partners in your effort to disrupt your market and gain competitive advantage. Your relationship should not be a static one, but rather a dynamic and flexible one that evolves and transforms in line with developments in cloud technology.

Ideally, you want to build a relationship with your cloud vendor that allows you to tap their knowledge base for strategic guidance, business case development, workload prioritization and more. Top tier organizations could require biannual meetings with the CSP’s senior technical architects to brainstorm technology and platform improvements that can take your business one step ahead of the competition. For SMEs, follow best practice recommendations in the form of whitepapers and technical guidance from the CSP or from peers in local groups such as the Cloud Security Alliance.

Migrating to the cloud is a strategic decision to bring innovation. Seek this innovation through a strong and flexible relationship with your cloud vendor.

4. Develop a Cloud Center of Excellence

Business operations need to adapt with agility to emerging cloud technologies. Speed of technology adoption and operational stability is an important balancing act. A multidisciplinary Cloud Center of Excellence can figure out the right tools and practices that would empower development teams to deliver high-quality digital experiences for your customers with agility and confidence.

Driven by collaboration between cloud architects, program managers, and engineers, CCoE can accelerate innovation and cloud migration, reduce the overall cost and increase business agility. The CCoE approach places the IT team as a partner to business objectives instead of a siloed, abstract department.

When successfully implemented, a CCoE can have a great impact on the overall business culture, improving reliability, sustainability, efficiency, security, and customer satisfaction.

As with any large-scale project, having leadership support is crucial to success as executive buy-in will be needed to allocate appropriate resources and funds. C-suite executives need to be closely involved during the implementation process so that everyone has the same expectations. Transparency is essential, keeping business leaders and others informed of any impending issue, such as limitations, outages, and concerns.

5. Think Ahead

While focusing on your journey to the cloud is important, it is equally crucial to have a plan once you get there. While it is vital to get up and running and demonstrate early wins, the next step needs to be planned for early on and managed closely.

Because the cloud is an ecosystem of top-notch solutions and services, aim for a more diverse vendor base and a hybrid IT environment. Avoiding vendor lock-in is important, and brings many benefits, but the complexities associated with expansive multi-cloud environments mandates robust and rigorous planning.

As cloud computing technology evolves and new solutions emerge, you should also plan regular meetings with the providers’ senior technical engineers. Your relationship with your cloud providers should be framed around collaboration and consultation. Your cloud provider should be your partner towards a multifaceted cloud environment for your business to reap all the benefits and gain competitive advantage in your market.

Conclusion

The journey to the cloud is different for every organization, but these five essential factors are pertinent to all. Defining your strategy before you embark on the journey, placing cloud security at the heart of your concerns, will form the bedrock of your success. Recognizing that cloud operations require building and maintaining close relationships with both your provider and evolving technologies, with one eye always on the future, will ensure that you derive the maximum competitive advantage that the cloud has to offer.

To learn about how SentinelOne Cloud Workload Security can extend security and visibility to assets running in public clouds, private clouds, and on-premises data centers, contact us or request a demo.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security