Esri brings its flagship ArcGIS platform to Kubernetes

/0 Comments/in /by

Esri, the geographic information system (GIS), mapping and spatial analytics company, is hosting its (virtual) developer summit today. Unsurprisingly, it is making a couple of major announcements at the event that range from a new design system and improved JavaScript APIs to support for running ArcGIS Enterprise in containers on Kubernetes.

The Kubernetes project was a major undertaking for the company, Esri Product Managers Trevor Seaton and Philip Heede told me. Traditionally, like so many similar products, ArcGIS was architected to be installed on physical boxes, virtual machines or cloud-hosted VMs. And while it doesn’t really matter to end-users where the software runs, containerizing the application means that it is far easier for businesses to scale their systems up or down as needed.

Esri ArcGIS Enterprise on Kubernetes deployment

Esri ArcGIS Enterprise on Kubernetes deployment. Image Credits: Esri

“We have a lot of customers — especially some of the larger customers — that run very complex questions,” Seaton explained. “And sometimes it’s unpredictable. They might be responding to seasonal events or business events or economic events, and they need to understand not only what’s going on in the world, but also respond to their many users from outside the organization coming in and asking questions of the systems that they put in place using ArcGIS. And that unpredictable demand is one of the key benefits of Kubernetes.”

Deploying Esri ArcGIS Enterprise on Kubernetes

Deploying Esri ArcGIS Enterprise on Kubernetes. Image Credits: Esri

The team could have chosen to go the easy route and put a wrapper around its existing tools to containerize them and call it a day, but as Seaton noted, Esri used this opportunity to re-architect its tools and break it down into microservices.

“It’s taken us a while because we took three or four big applications that together make up [ArcGIS] Enterprise,” he said. “And we broke those apart into a much larger set of microservices. That allows us to containerize specific services and add a lot of high availability and resilience to the system without adding a lot of complexity for the administrators — in fact, we’re reducing the complexity as we do that and all of that gets installed in one single deployment script.”

While Kubernetes simplifies a lot of the management experience, a lot of companies that use ArcGIS aren’t yet familiar with it. And as Seaton and Heede noted, the company isn’t forcing anyone onto this platform. It will continue to support Windows and Linux just like before. Heede also stressed that it’s still unusual — especially in this industry — to see a complex, fully integrated system like ArcGIS being delivered in the form of microservices and multiple containers that its customers then run on their own infrastructure.

Image Credits: Esri

In addition to the Kubernetes announcement, Esri also today announced new JavaScript APIs that make it easier for developers to create applications that bring together Esri’s server-side technology and the scalability of doing much of the analysis on the client-side. Back in the day, Esri would support tools like Microsoft’s Silverlight and Adobe/Apache Flex for building rich web-based applications. “Now, we’re really focusing on a single web development technology and the toolset around that,” Esri product manager Julie Powell told me.

A bit later this month, Esri also plans to launch its new design system to make it easier and faster for developers to create clean and consistent user interfaces. This design system will launch April 22, but the company already provided a bit of a teaser today. As Powell noted, the challenge for Esri is that its design system has to help the company’s partners put their own style and branding on top of the maps and data they get from the ArcGIS ecosystem.

How Kubernetes came to rule the world

 

Berlin’s Bryter raises $66M to take its no-code tools for enterprises to the US

/0 Comments/in /by

No-code startups continue to see a lot of traction among enterprises, where employees — strictly speaking, non-technical, but still using software every day — are getting hands-on and building apps to take on some of the more repetitive aspects of their jobs, the so-called “citizen coders” of the working world.

And in one of the latest developments, a Bryter — an AI-based no-code startup that has built a platforms used by some 100 global enterprises to date across some 2,000 business applications and workflows — is announcing a new round of funding to double down on that opportunity. The Berlin-based company has closed a Series B of $66 million, money that it will be investing into its platform and expanding in the U.S. out of a New York office it opened last year. The funding comes on the heels of seeing a lot of demand for its tools, CEO and co-founder Michael Grupp said in an interview.

“It was a great year for low-code and no-code platforms,” said Grupp, who co-founded the company with Micha-Manuel Bues and Michael Hübl. “What everyone has realized is that most people don’t actually care about the tech. They only care about the use cases. They want to get things done.” Customers using the service include the likes of McDonald’s, Telefónica, and PwC, KPMG and Deloitte in Europe, as well as banks, healthcare and industrial enterprises.

Tiger Global is leading this round, with previous backers Accel, Dawn Capital, Notion Capital and Cavalry Ventures all also participating, along with a number of individual backers (they include Amit Agharwal, CPO of DataDog; Lars Björk, former CEO of Qlik; Ulf Zetterberg, founder and CEO of Seal Software; and former ServiceNow global SVP James Fitzgerald). The valuation is not being disclosed; Bryter has raised around $90 million to date.

Accel and Dawn co-led Bryter’s Series A of $16 million less than a year ago, in June 2020, a rapid funding pace that underscores both interest in the no-code/low-code space — Bryter’s enterprise customer base has doubled from 50 since then — and the fact that startups in it are striking while the iron is hot.

Bryter’s not the only one: Airtable, Genesis, Rows, Creatio, and Ushur are among the many startups building ‘hands-on tech creation for non-techie people’ that have raised money in the last several months.

Automation has been the bigger trend that has propelled a lot of this activity. Knowledge workers today spend most of their time these days in apps — a state of affairs that pre-dates the Covid-19 pandemic, but has definitely been furthered throughout it. While some of that work still requires manual involvement and evaluation from those workers, software has automated large swathes of those jobs.

RPA — robotic process automation, where companies like UiPath, Automation Anywhere and Blue Prism have taken a big lead — has accounted for a significant chunk of that activity, especially when it comes to reading forms and lots of data entry. But there remains a lot of other transactions and activities within specific apps where RPA is typically not used (not yet at least!). And this is where non-tech workers are finding that no-code tools like Bryter, which use artificial intelligence to deliver more personalised, yet scalable, automation, can play a very useful role.

“We sit on top of RPA in many cases,” said Grupp.

The company says that business functions where its platform has been implemented include compliance, legal, tax, privacy and security, procurement, administration, and HR, and the kinds of features that are being built include virtual assistants, chatbots, interactive self-service tools, and more.

These don’t replace people as such but cut down the time they need to spend in specific tasks to process and handle information within them, and could in theory also be used to build tools for customers to interact with services more easily, cutting down on the amount of time that agents are getting details and handling engagements.

That scalability, and the rapid customer up-take from a pool of users that extends beyond tech early-adopters, are part of what attracted the funding.

“Bryter has all the characteristics of a top-tier software company: high quality product that solves a real customer pain point, a large market opportunity and a world-class founding team,” said John Curtius, a partner at Tiger Global, in a statement. “The feedback from Bryter’s customers was resoundingly positive in our research, and we are excited to see the company reach new heights over the coming years.”

“Bryter has seen explosive growth over the last year, signing landmark customers across a large number of sectors and use cases. This does not come as a surprise. In the pandemic-affected world, digitalisation is no longer a nice to have, it is an imperative,” added Evgenia Plotnikova, a partner at Dawn Capital.

Blue dot raises $32M for AI that helps businesses manage their tax accounting

/0 Comments/in /by

Artificial intelligence has become a fundamental cornerstone of how a lot of business software works, providing a useful boost in reading, understanding, and using the often-fragmented trove of data that organizations generate these days. In the latest development, an Israeli startup called Blue dot, which uses AI to help companies handle their tax accounting, is announcing $32 million in funding to continue its growth, specifically addressing the demand from companies for more user-friendly tools to help read and correctly itemize expenses for tax purposes.

“The tax sector is very complicated, and we are playing in a very large space, but it’s a huge revolution,” Blue dot’s CEO and co-founder Isaac Saft said in an interview. “Business and enterprise accounting is just not going to look the same in the future as it does today.”

The funding is being led by Ibex Investors in partnership with Lutetia Technology Partners, with past investors Lamaison Partners, Viola and Target Global also contributing. Blue dot rebranded only last week from its original name, VATBox (part of the funding will be used to help Blue dot move deeper into the U.S. market, where the concept of VAT is not quite so ubiquitous: there is no national sales tax and states determine the rates themselves).

Pitchbook notes that under its previous name, the startup last raised money in 2017, a $20 million Series B led by Viola at a $120 million post-money valuation.

While Blue dot is not disclosing valuation today, it’s likely to be significantly higher than this based on some of its engagements. In addition to customers like Amazon, tobacco giant BAT and Dell, it also has a partnership with one of the bigger names in expense accounting, SAP Concur, which uses Blue dot to power its expense data entry tool to automatically read charges and figure out how to itemize them so that employees or accountants don’t need to go through the pain of that themselves.

As Saft describes it, part of what is propelling his company’s business is the bigger trend of consumerization and the role that it has played in enterprise services: the working world has picked up a lot of technology tools, led by the smartphone, to help them organize their personal lives, and a lot of what they are being “served” through technology is increasingly personalized with lower barriers of entry, whether its on e-commerce sites, entertainment or social media. In the working world, they can often be frustrated as a result with how much work something like expenses can involve — a process that gets ever more complicated the more strict tax regimes become.

Blue dot’s approach is to essentially view the tax accounting process as something that can be improved with AI to make it easier for people to use — whether those people are workers itemizing their expenses, or accounts auditing them and running those through even bigger accounting processes. With a machine learning system that both takes into account a company’s own internal compliance and company policies, and the wider tax and regulatory framework, Blue dot helps “read” an expense and figure out how to notate it, how much tax should be accounted and where, and so on.

This is especially important as the process of entering and managing expenses gets pushed out to the people spending the money, rather than dedicated accountants handling that work on their behalf. An awareness of how modern offices are functioning today and evolving is one reason why investors were interested here.

“We believe Blue dot can change the way organizations worldwide manage accounting and its tax implications for their expenses,” Gal Gitter, a partner at Ibex, said in a statement. “There’s been a major market shift away from centralization of enterprise functions, including procurement. As that accelerates, more companies will be looking for ways to replace costly and complex manual processes with digital, automated solutions that use data and AI to essentially enable transactions to report themselves, which Blue dot delivers.”

Pathlight, a performance management tool for customer-facing teams and the individuals in them, raises $25M

/0 Comments/in /by

The longer we continue to work with either all or part of our teams in remote, out-of-physical-office environments, the more imperative it becomes for those teams to have some tools in place to keep the channels of communication and management open, and for the individuals in those teams to have a sense of how well they are performing. Today, one of the startups that provides a team productivity app with that in mind is announcing a round of funding to fuel its growth.

Pathlight, which has built a performance management platform for customer-facing teams — sales, field service and support — to help managers and employees themselves to track and analyze how they are doing, to coach them when and where it’s needed, and to communicate updates and more, has picked up $25 million — money that it will be using to continue growing its customer base and the functionality across its app.

The funding is being led by Insight Partners, with previous backers Kleiner Perkins and Quiet Capital also participating, alongside Uncorrelated Ventures; Jeremy Stoppelman, CEO of Yelp; David Glazer, CFO of Palantir; and Michael Ovitz, co-founder of CAA and Owner of Broad Beach Ventures. Pathlight has now raised $35 million.

Pathlight today provides users with a range of tools to visualize team and individual performance across various parameters set by managers, using data that teams integrate from other platforms like Salesforce, Zendesk and Outreach, among others.

Using that data and specific metrics for the job in question, managers can then initiate conversations with individuals to focus in on specific areas where things need attention, and provide some coaching to help fix it. It can also be used to provide team-wide updates and encouragement, which sits alongside whatever other tools a person might use in their daily customer-facing work.

Since launching in March 2020, the startup has picked up good traction, with customers including Twilio, Earnin, Greenhouse, and CLEAR. But perhaps even more importantly, the pandemic and resulting switch to remote work has underscored how necessary tools like Pathlight’s have become: the startup says that engagement on its platform has shot up 300% in the last 12 months.

Alexander Kvamme, the CEO of Pathlight, said that he first became aware of the challenges of communicating across customer-facing teams, and having transparency on how they are doing as individuals and as a group, when he was at Yelp. Yelp had acquired his startup, reservations service SeatMe, and used the acquisition to build and run Yelp Reservations.

He was quick to realize that there weren’t really effective tools for him to see how individuals in the sales team were doing, how they were doing compared to goals the company wanted to achieve and based on the sales data they already had in other systems, how to work more effectively with people to communicate when something needed changing, and how to tailor all that in line with new variations in the formula — in their case, how to sell new products like a reservations service alongside advertising and other Yelp services for businesses.

“Whether it’s five or 3,000 people, the problem doesn’t go away,” he said. “Everyone uses their own systems, and it hurts front line employees when they don’t know how they are doing, or don’t get recognition when they are doing well, or don’t get coaching when they are not. Our thesis was that if software is eating the world, and you as a company are buying more software and analytics, over time managers will be more like data analysts. So we are providing a way for managers to be more data-driven.”

Five years down the line, Kvamme got the bug again to start a company and decided to return to that problem, teaming up with co-founder Trey Doig, the engineer who designed SeatMe and then turned it into Yelp Reservations and is now Pathlight’s CTO.

As they see it, the challenge has still not really been addressed. That’s not to say that there are not a number of companies — competitors to Pathlight — looking to fill that gap as well. Another people management platform called Lattice last year picked up $45 million  (I’m guessing it will be raising money again around about now); HubSpot, Zoho, SalesLoft and a number of others also are taking different approaches to the same challenge: front-line customer-facing people spend the majority of their time and attention on interacting with people, and so there need to be better tools in place to help them figure out how to make that communication more effective, figure out what is working and what is not.

And all of this, of course, is not at all new: it’s not like we all woke up one day and suddenly wanted to know how we are doing at work, or managers suddenly felt they needed to communicate with staff.

What has changed, however, is how we work: many of us have not seen the inside of our offices for more than a year at this point, and for a large proportion of us, we may never return again, or if we do it will be under different circumstances.

All of this means that some of the more traditional metrics and indicators of our performance, praising, management relationships, and learning from team mates simply is not there anymore.

In customer-facing areas like sales, support and field service, that lack of contact may be even more acute, since many of the teams working in these environments have long relied on huddles and communication throughout the day, week and month to continuously tweak work and improve it. So while tools like Pathlight’s will be useful as data analytics provision for teams regardless of how we work, it can be argued that they are even more important right now.

“I think people have started to realize that if you can empower front line to be more independent, your numbers will go up and do better,” Kvamme said.

This is part of what went into the investment decision made here.

“With the acceleration of digital transformation across the enterprise, it’s not enough to rethink the way we work—we must also rethink the way we manage,” said Jeff Lieberman, MD at Insight Partners. “Pathlight is ushering in a new age of data-driven management, an ethos that we believe every enterprise will need to embrace—quickly. We are excited to partner with the Pathlight team as they bring their powerful platform to companies across the world.”

Swyft raises $17.5 million to bring same-day delivery to all the retailers that aren’t Amazon

/0 Comments/in /by

Thanks to major players like Amazon and Walmart, we’ve become accustomed to next- or same-day delivery. But the pandemic has also renewed our interest in buying from smaller businesses and retailers.

Swyft, a company that has just raised $17.5 million in Series A, helps retailers of any size provide affordable same-day delivery. The round was co-led by Inovia Capital and Forerunner Ventures, with participation from Shopify and existing investors Golden Ventures and Trucks VC.

Swyft is a marketplace, connecting a network of shipping carriers with vendors. But the company also provides software to those carriers to make them more efficient, and turns them into a vast network that allows them to pick up more inventory without adding to their infrastructure.

In other words, several regional carriers may play a part in delivering a parcel shipped via Swyft without making any big changes to their original routes or adding new drivers, trucks, etc.

To date, major players in both shipping and retail have dominated this space, thanks in large part to their ability to deliver quickly. Swyft is looking to amass an army, for lack of a better term, comprised of all of the smaller players, including mom and pop retailers and vendors as well as smaller, regional carriers. Banded together through software, these carriers and retailers can match the scale and influence of the behemoths without spending a fortune.

Swyft was cofounded by Aadil Kazmi (CEO), Zeeshan Hamid (Head of Engineering), and Maraz Rahman (Head of Sales). Kazmi and Hamid both spent their careers at Amazon, working on data and last-mile operations for the behemoth. Rahman was an early employee at a YC-backed proptech startup.

The trio started asking themselves early last year why retailers weren’t able to offer same-day delivery and chose to tackle the gap they discovered.

The key ingredient to Swyft is not its aggregation of couriers, but the software it provides to them. Because Swyft is increasing demand for these carriers, it also needs to make them more efficient. The back-end software allows carriers to digitize or automate a good deal of what they’re traditionally doing by hand.

CEO Aadil Kazmi says that Swyft is able to come in anywhere between 25 and 30 percent cheaper than the incumbent option.

“I don’t know what percent of your purchases are from Amazon, but for me it’s like 150 percent,” said Eurie Kim. “I’d prefer to buy elsewhere with the pandemic, and support local and independent brands, but Amazon’s trained us all to have fast and free shipping. It feels like an opportunity where the consumer experience is really lacking and the burden on merchants and retailers is extremely heavy.”

Swyft currently has 16 full-time employees. Twelve percent are female and 75 percent are people of color, according to the company.

Since April 2020, Swyft has facilitated the delivery of more than 180,000 packages, and expanded gross margin from 78 percent to 82 percent, thanks in large part to revenue from the software side of the business and a zero-asset model.

Are You One of the 533M People Who Got Facebooked?

/0 Comments/in /by

Ne’er-do-wells leaked personal data — including phone numbers — for some 553 million Facebook users this week. Facebook says the data was collected before 2020 when it changed things to prevent such information from being scraped from profiles. To my mind, this just reinforces the need to remove mobile phone numbers from all of your online accounts wherever feasible. Meanwhile, if you’re a Facebook product user and want to learn if your data was leaked, there are easy ways to find out.

The HaveIBeenPwned project, which collects and analyzes hundreds of database dumps containing information about billions of leaked accounts, has incorporated the data into his service. Facebook users can enter the mobile number (in international format) associated with their account and see if those digits were exposed in the new data dump (HIBP doesn’t show you any data, just gives you a yes/no on whether your data shows up).

The phone number associated with my late Facebook account (which I deleted in Jan. 2020) was not in HaveIBeenPwned, but then again Facebook claims to have more than 2.7 billion active monthly users.

It appears much of this database has been kicking around the cybercrime underground in one form or another since last summer at least. According to a Jan. 14, 2021 Twitter post from Under the Breach’s Alon Gal, the 533 million Facebook accounts database was first put up for sale back in June 2020, offering Facebook profile data from 100 countries, including name, mobile number, gender, occupation, city, country, and marital status.

Under The Breach also said back in January that someone had created a Telegram bot allowing users to query the database for a low fee, and enabling people to find the phone numbers linked to a large number of Facebook accounts.

A cybercrime forum ad from June 2020 selling a database of 533 Million Facebook users. Image: @UnderTheBreach

Many people may not consider their mobile phone number to be private information, but there is a world of misery that bad guys, stalkers and creeps can visit on your life just by knowing your mobile number. Sure they could call you and harass you that way, but more likely they will see how many of your other accounts — at major email providers and social networking sites like Facebook, Twitter, Instagram, e.g. — rely on that number for password resets.

From there, the target is primed for a SIM-swapping attack, where thieves trick or bribe employees at mobile phone stores into transferring ownership of the target’s phone number to a mobile device controlled by the attackers. From there, the bad guys can reset the password of any account to which that mobile number is tied, and of course intercept any one-time tokens sent to that number for the purposes of multi-factor authentication.

Or the attackers take advantage of some other privacy and security wrinkle in the way SMS text messages are handled. Last month, a security researcher showed how easy it was to abuse services aimed at helping celebrities manage their social media profiles to intercept SMS messages for any mobile user. That weakness has supposedly been patched for all the major wireless carriers now, but it really makes you question the ongoing sanity of relying on the Internet equivalent of postcards (SMS) to securely handle quite sensitive information.

My advice has long been to remove phone numbers from your online accounts wherever you can, and avoid selecting SMS or phone calls for second factor or one-time codes. Phone numbers were never designed to be identity documents, but that’s effectively what they’ve become. It’s time we stopped letting everyone treat them that way.

Any online accounts that you value should be secured with a unique and strong password, as well as the most robust form of multi-factor authentication available. Usually, this is a mobile app like Authy or Google Authenticator that generates a one-time code. Some sites like Twitter and Facebook now support even more robust options — such as physical security keys.

Removing your phone number may be even more important for any email accounts you may have. Sign up with any service online, and it will almost certainly require you to supply an email address. In nearly all cases, the person who is in control of that address can reset the password of any associated services or accounts– merely by requesting a password reset email.

Unfortunately, many email providers still let users reset their account passwords by having a link sent via text to the phone number on file for the account. So remove the phone number as a backup for your email account, and ensure a more robust second factor is selected for all available account recovery options.

Here’s the thing: Most online services require users to supply a mobile phone number when setting up the account, but do not require the number to remain associated with the account after it is established. I advise readers to remove their phone numbers from accounts wherever possible, and to take advantage of a mobile app to generate any one-time codes for multifactor authentication.

Why did KrebsOnSecurity delete its Facebook account early last year? Sure, it might had something to do with the incessant stream of breaches, leaks and privacy betrayals by Facebook over the years. But what really bothered me were the number of people who felt comfortable sharing extraordinarily sensitive information with me on things like Facebook Messenger, all the while expecting that I can vouch for the privacy and security of that message just by virtue of my presence on the platform.

In case readers want to get in touch for any reason, my email here is krebsonsecurity at gmail dot com, or krebsonsecurity at protonmail.com. I also respond at Krebswickr on the encrypted messaging platform Wickr.

Okta launches a new free developer plan

/0 Comments/in /by

At its Oktane21 conference, Okta, the popular authentication and identity platform, today announced a new — and free — developer edition that features fewer limitations and support for significantly more monthly active users than its current free plan.

The new ‘Okta Starter Developer Edition,’ as it’s called, allows developers to scale up to 15,000 monthly active users — up from only 1,000 on its existing free plan. In addition, the company is also launching enhanced documentation, a set of sample apps and new SDKs, which now cover languages and frameworks like Go, Java, JavaScript, Python, Vue.js, React Native and Spring Boot.

“Our overall philosophy isn’t, ‘we want to just provide […] a set of authentication and authorization services.’ The way we’re looking at this is, ‘hey, app developer, how do we provide you the foundation you need to get up and running quickly with authorization and authentication as one part of it,’ ” Diya Jolly, Okta’s chief product officer, told me. And she believes that Okta is in a unique position to do so, because it doesn’t only offer tools to manage authorization and access, but also systems for securing microservices and providing applications with access to privileged resources.

Image Credits: Okta

It’s also worth noting that, while the deal hasn’t closed yet, Okta’s intent to acquire Auth0 significantly extends its developer strategy, given Auth0’s developer-first approach.

Making sense of the $6.5B Okta-Auth0 deal

As for the expanded free account, Jolly noted that the company found that developers wanted to be able to access more of the service’s features during their prototyping phases. That means the new free Developer Edition comes with support for multi-factor authentication, machine-to-machine tokens and B2B integrations, for example, in addition to expanded support for integrations into toolchains. As is so often the case with enterprise tools, the free edition doesn’t come with the usual enterprise support options and has lower rate limits than the paid plans.

Still, and Jolly acknowledged this, a small to medium-sized business may be able to build applications and take them into production based on this new free plan.

“15K [monthly active users] is is a lot, but if you look at our customer base, it’s about the right amount for the smaller business applications, the real SMBs, and that was the goal. In a developer motion, you want people to try out things and then upgrade. I think that’s the key. No developer is going to come and build with you if you don’t have a free offering that they can tinker around and play with.”

Image Credits: Okta

She noted that the company has spent a lot of time thinking about how to support developers through the application development lifecycle overall. That includes better CLI tools for developers who would rather bypass Okta’s web-based console, for example, and additional integrations with tools like Terraform, Kong and Heroku. “Today, [developers] have to stitch together identity and Okta into those experiences — or they use some other identity — we’ve pre-stitched all of this for them,” Jolly said.

The new Okta Starter Developer Edition, as well as the new documentation, sample applications and integrations, are now available at developer.okta.com.

Okta launches Lifecycle Management Workflows to make building identity-centric processes easy

Aporia raises $5M for its AI observability platform

/0 Comments/in /by

Machine learning (ML) models are only as good as the data you feed them. That’s true during training, but also once a model is put in production. In the real world, the data itself can change as new events occur and even small changes to how databases and APIs report and store data could have implications on how the models react. Since ML models will simply give you wrong predictions and not throw an error, it’s imperative that businesses monitor their data pipelines for these systems.

That’s where tools like Aporia come in. The Tel Aviv-based company today announced that it has raised a $5 million seed round for its monitoring platform for ML models. The investors are Vertex Ventures and TLV Partners.

Image Credits: Aporia

Aporia co-founder and CEO Liran Hason, after five years with the Israel Defense Forces, previously worked on the data science team at Adallom, a security company that was acquired by Microsoft in 2015. After the sale, he joined venture firm Vertex Ventures before starting Aporia in late 2019. But it was during his time at Adallom where he first encountered the problems that Aporio is now trying to solve.

“I was responsible for the production architecture of the machine learning models,” he said of his time at the company. “So that’s actually where, for the first time, I got to experience the challenges of getting models to production and all the surprises that you get there.”

The idea behind Aporia, Hason explained, is to make it easier for enterprises to implement machine learning models and leverage the power of AI in a responsible manner.

“AI is a super powerful technology,” he said. “But unlike traditional software, it highly relies on the data. Another unique characteristic of AI, which is very interesting, is that when it fails, it fails silently. You get no exceptions, no errors. That becomes really, really tricky, especially when getting to production, because in training, the data scientists have full control of the data.”

But as Hason noted, a production system may depend on data from a third-party vendor and that vendor may one day change the data schema without telling anybody about it. At that point, a model — say for predicting whether a bank’s customer may default on a loan — can’t be trusted anymore, but it may take weeks or months before anybody notices.

How artificial intelligence will be used in 2021

Aporia constantly tracks the statistical behavior of the incoming data and when that drifts too far away from the training set, it will alert its users.

One thing that makes Aporio unique is that it gives its users an almost IFTTT or Zapier-like graphical tool for setting up the logic of these monitors. It comes pre-configured with more than 50 combinations of monitors and provides full visibility in how they work behind the scenes. That, in turn, allows businesses to fine-tune the behavior of these monitors for their own specific business case and model.

Initially, the team thought it could build generic monitoring solutions. But the team realized that this wouldn’t only be a very complex undertaking, but that the data scientists who build the models also know exactly how those models should work and what they need from a monitoring solution.

“Monitoring production workloads is a well-established software engineering practice, and it’s past time for machine learning to be monitored at the same level,” said Rona Segev, founding partner at  TLV Partners. “Aporia‘s team has strong production-engineering experience, which makes their solution stand out as simple, secure and robust.”

 

Ransom Gangs Emailing Victim Customers for Leverage

/0 Comments/in /by

Some of the top ransomware gangs are deploying a new pressure tactic to push more victim organizations into paying an extortion demand: Emailing the victim’s customers and partners directly, warning that their data will be leaked to the dark web unless they can convince the victim firm to pay up.

This letter is from the Clop ransomware gang, putting pressure on a recent victim named on Clop’s dark web shaming site.

“Good day! If you received this letter, you are a customer, buyer, partner or employee of [victim],” the missive reads. “The company has been hacked, data has been stolen and will soon be released as the company refuses to protect its peoples’ data.”

“We inform you that information about you will be published on the darknet [link to dark web victim shaming page] if the company does not contact us,” the message concludes. “Call or write to this store and ask to protect your privacy!!!!”

The message above was sent to a customer of RaceTrac Petroleum, an Atlanta company that operates more than 650 retail gasoline convenience stores in 12 southeastern states. The person who shared that screenshot above isn’t a distributor or partner of RaceTrac, but they said they are a RaceTrac rewards member, so the company definitely has their email address and other information.

Several gigabytes of the company’s files — including employee tax and financial records — have been posted to the victim shaming site for the Clop ransomware gang.

In response to questions from KrebsOnSecurity, RaceTrac said it was recently impacted by a security incident affecting one of its third-party service providers, Accellion Inc.

For the past few months, attackers have been exploiting a a zero-day vulnerability in Accellion File Transfer Appliance (FTA) software, a flaw that has been seized upon by Clop to break into dozens of other major companies like oil giant Shell and security firm Qualys.

“By exploiting a previously undetected software vulnerability, unauthorized parties were able to access a subset of RaceTrac data stored in the Accellion File Transfer Service, including email addresses and first names of some of our RaceTrac Rewards Loyalty users,” the company wrote. “This incident was limited to the aforementioned Accellion services and did not impact RaceTrac’s corporate network. The systems used for processing guest credit, debit and RaceTrac Rewards transactions were not impacted.”

The same extortion pressure email has been going out to people associated with the University of California, which was one of several large U.S. universities that got hit with Clop ransomware recently. Most of those university ransomware incidents appeared to be tied to attacks on attacks on the same Accellion vulnerability, and the company has acknowledged roughly a third of its customers on that appliance got compromised as a result.

Clop is one of several ransom gangs that will demand two ransoms: One for a digital key needed to unlock computers and data from file encryption, and a second to avoid having stolen data published or sold online. That means even victims who opt not to pay to get their files and servers back still have to decide whether to pay the second ransom to protect the privacy of their customers.

As I noted in Why Paying to Delete Stolen Data is Bonkers, leaving aside the notion that victims might have any real expectation the attackers will actually destroy the stolen data, new research suggests a fair number of victims who do pay up may see some or all of the stolen data published anyway.

The email in the screenshot above differs slightly from those covered last week by Bleeping Computer, which was the first to spot the new victim notification wrinkle. Those emails say that the recipient is being contacted as they are a customer of the store, and their personal data, including phone numbers, email addresses, and credit card information, will soon be published if the store does not pay a ransom, writes Lawrence Abrams.

“Perhaps you bought something there and left your personal data. Such as phone, email, address, credit card information and social security number,” the Clop gang states in the email.

Fabian Wosar, chief technology officer at computer security firm Emsisoft, said the direct appeals to victim customers is a natural extension of other advertising efforts by the ransomware gangs, which recently included using hacked Facebook accounts to post victim shaming advertisements.

Wosar said Clop isn’t the only ransomware gang emailing victim customers.

“Clop likes to do it and I think REvil started as well,” Wosar said.

Earlier this month, Bleeping Computer reported that the REvil ransomware operation was planning on launching crippling distributed denial of service (DDoS) attacks against victims, or making VOIP calls to victims’ customers to apply further pressure.

“Sadly, regardless of whether a ransom is paid, consumers whose data has been stolen are still at risk as there is no way of knowing if ransomware gangs delete the data as they promise,” Abrams wrote.

The Changing Nature of the Ransomware Menace Today 

/0 Comments/in /by

Ransomware is on the rise again, and dramatically so. Reports on the increases year on year vary: Group-IB’s analysis of more than 500 attacks during their own incident response engagements estimated that increase to be 150% in 2020. Blockchain research firm Chainalysis found a 311% increase, year on year, to the end of 2020 in the number of actual ransomware attacks. Whatever the real figure is, it is a problem that is growing, and businesses and organizations of all shapes and sizes, public and private, are feeling it.

There are many reasons why ransomware is on the rise, and to say it is just down to COVID-19 and bored people working from home clicking on anything that looks interesting simply doesn’t do justice to the real situation.

Of course, the pandemic, subsequent lockdowns and promises of a vaccine have all contributed to the problem, but none of these explain the “commoditization” of ransomware as a threat.

Why Are Ransomware Attacks Increasingly Common?

According to PwC, (and, it has to be said, a little common sense), there are three key reasons behind the increase:

  1. Barriers to entry are dropping. Ransomware-as-a-Service is becoming increasingly popular, allowing relatively unskilled bad actors to access complex tools and the environment from which to run their campaigns. There are also, in a most enterprising fashion, affiliate and channel partner schemes being run. Operators such as Sodinokibi/REvil, NetWalker and Nefilim all provide access to partners in pre-agreed profit-sharing arrangements.
  2. Ransomware activities are scalable. A consequence of the dropping of barriers to entry is that ransomware activities are now more efficient and therefore scalable. The rise of RaaS has meant ransomware activities that were beyond the capabilities of certain bad actors are now inherently accessible, and vitally, profitable.
  3. Existing bad actors are professionalising. There has been an apparent surge of investment in many of the platforms themselves, upgrading their core ransomware systems in an attempt to stay ahead of the game and evade detection.
Ebook: Understanding Ransomware in the Enterprise
This guide will help you understand, plan for, respond to and protect against this now-prevalent threat. It offers examples, recommendations and advice to ensure you stay unaffected by the constantly evolving ransomware menace.

Read Now

The Changing Nature of Ransomware…and Ransomware Operators

There are other elements to consider too. The recent FatFace breach exposed the bargaining tactics of both the attacker and victim, with the ransom being actively negotiated down from $8M to $2M USD. Interestingly the initial figure was determined by the attackers as they had identified that FatFace has cyber insurance to the tune of £7.5M GBP.

How did they ascertain this figure? In what may be described as a multi-channel attack, and possible evidence of honour among thieves, a different ransomware gang stated that they now target firms who they know have cyber insurance, followed shortly after by a possibly (although not confirmed) connected attack on a major seller of… you guessed it… cyber insurance!

A final element to consider is quite how weaponised ransomware has become. Back in 1989, when the first example of ransomware was released, the AIDS/COP Trojan, the creator asked for $189 to be sent to a PO box in Panama. When caught, he was found to be unfit to stand trial but committed all of the money gained to be donated to AIDS research (Dr Joseph Popp was also a Harvard trained anthropologist, consultant for the WHO and worked with the Flying Doctors in Africa). Such magnanimous statements and professional activities are unlikely to be carried out by today’s career criminals!

Another change from early ransomware to today is that nothing is off the table when it comes to extracting money. We saw the negotiation tactics above bring to bear insider knowledge, but criminals also threaten to release the stolen data if a payment isn’t made (and often will anyway), publicly announce the breach in order to shame the company into paying.

If that isn’t bad enough, a Finnish healthcare provider that suffered a ransomware attack had their patients contacted by the criminals and threatened with the disclosure of their deeply private health records unless they also paid a ransom.

What is the True Cost of a Ransomware Attack? | 6 Factors to Consider
The ransom demand may be the headline figure, but it’s not the only, or the biggest, cost to bear.

Read More

Conclusion

Criminals today will use every last ounce of leverage that they have over their victims to maximise profits and return on investment. In fact, they will use financial and emotional triggers to ensure that the victim feels they have little choice to pay and pay quickly. This form of insidious behaviour means a ransomware attack can not only leave someone financially vulnerable but also emotionally vulnerable too, leading to all sorts of long term damage to individuals and institutions alike.

With all of this, it is safe to say that today’s ransomware is nothing like the ransomware of the past. The ransomware of today has moved from playful to malevolent, fundraising to commercial, and annoying to insidious. With criminals thinking strategically, commercially and above all being highly motivated, there doesn’t appear to be any respite from the sheer volume of ransomware threats out there for us to have to deal with.

If you would like to learn more about how SentinelOne can help protect your organization against ransomware attacks, contact us today or request a free demo.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security