Build a digital ops toolbox to streamline business processes with hyperautomation

Reliance on a single technology as a lifeline is a futile battle now. When simple automation no longer does the trick, delivering end-to-end automation needs a combination of complementary technologies that can give a facelift to business processes: the digital operations toolbox.

According to a McKinsey survey, enterprises that have likely been successful with digital transformation efforts adopted sophisticated technologies such as artificial intelligence, Internet of Things or machine learning. Enterprises can achieve hyperautomation with the digital ops toolbox, the hub for your digital operations.

The hyperautomation market is burgeoning: Analysts predict that by 2025, it will reach around $860 billion.

The toolbox is a synchronous medley of intelligent business process management (iBPM), robotic process automation (RPA), process mining, low code, artificial intelligence (AI), machine learning (ML) and a rules engine. The technologies can be optimally combined to achieve the organization’s key performance indicator (KPI) through hyperautomation.

The hyperautomation market is burgeoning: Analysts predict that by 2025, it will reach around $860 billion. Let’s see why.

The purpose of a digital ops toolbox

The toolbox, the treasure chest of technologies it is, helps with three crucial aspects: process automation, orchestration and intelligence.

Process automation: A hyperautomation mindset introduces the world of “automating anything that can be,” whether that’s a process or a task. If something can be handled by bots or other technologies, it should be.

Orchestration: Hyperautomation, per se, adds an orchestration layer to simple automation. Technologies like intelligent business process management orchestrate the entire process.

Intelligence: Machines can automate repetitive tasks, but they lack the decision-making capabilities of humans. And, to achieve a perfect harmony where machines are made to “think and act,” or attain cognitive skills, we need AI. Combining AI, ML and natural language processing algorithms with analytics propels simple automation to become more cognitive. Instead of just following if-then rules, the technologies help gather insights from the data. The decision-making capabilities enable bots to make decisions.

 

Simple automation versus hyperautomation

Here’s a story of evolving from simple automation to hyperautomation with an example: an order-to-cash process.

Microsoft Patch Tuesday, July 2021 Edition

Microsoft today released updates to patch at least 116 security holes in its Windows operating systems and related software. At least four of the vulnerabilities addressed today are under active attack, according to Microsoft.

Thirteen of the security bugs quashed in this month’s release earned Microsoft’s most-dire “critical” rating, meaning they can be exploited by malware or miscreants to seize remote control over a vulnerable system without any help from users.

Another 103 of the security holes patched this month were flagged as “important,” which Microsoft assigns to vulnerabilities “whose exploitation could result in compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources.”

Among the critical bugs is of course the official fix for the PrintNightmare print spooler flaw in most versions of Windows (CVE-2021-34527) that prompted Microsoft to rush out a patch for a week ago in response to exploit code for the flaw that got accidentally published online. That patch seems to have caused a number of problems for Windows users. Here’s hoping the updated fix resolves some of those issues for readers who’ve been holding out.

CVE-2021-34448 is a critical remote code execution vulnerability in the scripting engine built into every supported version of Windows — including server versions. Microsoft says this flaw is being exploited in the wild.

Both CVE-2021-33771 and CVE-2021-31979 are elevation of privilege flaws in the Windows kernel. Both are seeing active exploitation, according to Microsoft.

Chad McNaughton, technical community manager at Automox, called attention to CVE-2021-34458, a remote code execution flaw in the deepest areas of the operating system. McNaughton said this vulnerability is likely to be exploited because it is a “low-complexity vulnerability requiring low privileges and no user interaction.”

Another concerning critical vulnerability in the July batch is CVE-2021-34494, a dangerous bug in the Windows DNS Server that earned a CVSS score (severity) of 9.8 out of a possible 10.

“Both core and full installations are affected back to Windows Server 2008, including versions 2004 and 20H2,” said Aleks Haugom, also with Automox.

“DNS is used to translate IP addresses to more human-friendly names, so you don’t have to remember the jumble of numbers that represents your favorite social media site,” Haugom said. “In a Windows Domain environment, Windows DNS Server is critical to business operations and often installed on the domain controller. This vulnerability could be particularly dangerous if not patched promptly.”

Microsoft also patched six vulnerabilities in Exchange Server, an email product that has been under siege all year from attackers. Satnam Narang, staff research engineer at Tenable, noted that while Microsoft says two of the Exchange bugs tackled this month (CVE-2021-34473 and CVE-2021-34523) were addressed as part of its security updates from April 2021, both CVEs were somehow omitted from that April release. Translation: If you already applied the bevy of Exchange updates Microsoft made available in April, your Exchange systems have protection against these flaws.

Other products that got patches today include Microsoft Office, Bing, SharePoint Server, Internet Explorer, and Visual Studio. The SANS Internet Storm Center as always has a nice visual breakdown of all the patches by severity.

Adobe also issued security updates today for Adobe Acrobat and Reader, as well as Dimension, Illustrator, Framemaker and Adobe Bridge.

Chrome and Firefox also recently have shipped important security updates, so if you haven’t done so recently take a moment to save your tabs/work, completely close out and restart the browser, which should apply any pending updates.

The usual disclaimer:

Before you update with this month’s patch batch, please make sure you have backed up your system and/or important files. It’s not uncommon for Windows updates to hose one’s system or prevent it from booting properly, and some updates even have been known to erase or corrupt files.

So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

And if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, see this guide.

As always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips. Also, check out AskWoody, which keeps a close eye out for specific patches that may be causing problems for users.

How to Defeat Adversaries With Real-Time Cyber Threat Intelligence

To respond effectively to an incident, it is essential to understand the big picture: how, when, and why an incident occurred. This is critical because the moment you begin containing a threat, it may set off alarm bells for adversaries, triggering them to accelerate an attack or stealthily change techniques. Responding to a threat without understanding the big picture can lead to an infinite loop where we contain a threat only to wait for the adversary to leverage the same attack methodology again. This is the reason why at least in theory, SOC analysts spend time analyzing how, when, and why an incident occurs.

Unfortunately, in reality, SOC analysts don’t often have the time required to perform these types of in-depth analyses because their incident queues are full, and metrics like average time for mean time to detect (MTTD) or mean time to respond (MTTR), continues to increase. So the question becomes how can an organization acquire the intelligence they need without adding even more work to an already overloaded team?

Enriched Intelligence Through Singularity Signal

Earlier this month, we announced Singularity Signal, our cyber threat intelligence (CTI) platform, and shortly after we announced the general availability of threat intelligence reports for all Singularity Complete customers. Today, we are excited to announce enhancements in how we provide real-time enriched intelligence through Singularity Signal.

Singularity Signal combines artificial- and human-based intelligence to provide context, enrichment, and actionability to cyber data, empowering organizations to stay a step ahead with unparalleled insight into the attacker mindset. The platform performs tactic, technique, and procedure (TTP) analysis and correlation of all incoming threats at scale and in real time through the Singularity Signal AI Engine.

By leveraging the Singularity Signal AI Engine, security professionals can offload much of the previously labor-intensive work that they didn’t have time to get to before. That translates to instant, enriched intelligence for your organization to help you navigate through even the most sophisticated attacks. Singularity Signal is your dedicated AI-based threat researcher who knows your environment and aids your SOC analysts to respond to threats more effectively.

See Enriched Intelligence in Action

From the SentinelOne Singularity Platform console, navigate to the incident that you want to investigate. At a glance, you will gain information on when the threat was first seen, when it was last seen, and the scope of the breach. Additionally, in the Threat Indicators section, you can access real-time TTP analysis and correlation performed by the Singularity Signal AI Engine. At your fingertips, you immediately gain vital insights on each TTP mapped towards the MITRE ATT&CK framework.

In the example above, you are looking at an incident within the SentinelOne management console. Here you can quickly identify that this is a detection of a ransomware campaign, and by leveraging the Singularity Signal AI Engine you are able to get enriched intelligence on what, how, and when the incident occurred as well as insights on how each step of the adversary maps to the tactics, techniques, and procedures (TTP)’s of the MITRE ATT&CK framework.

Sometimes, you may be in a situation where you need additional information—that’s when proactive or reactive threat hunting is critical. Historically, in order to succeed, SOC analysts needed to first familiarize themselves with an often very complex threat hunting platform, the respective data schema of their telemetry sources, then how to build threat hunting queries for Indicator of Compromise (IOC), Indicator of Attack (IOA), or specific adversary lookup. SentinelOne’s Deep Visibility capability pairs direct access to all the structured data of an organization with an easy-to-learn query language, making it a powerful tool for threat hunters.

In the example above, we are in the Deep Visibility feature within the SentinelOne management console. With just one line, we can look up all the endpoints on who might have a particular file based on an hash value.

Next, save time building threat hunting queries by simply leveraging SentinelOne Hunter to instantly look up threat hunting queries for specific adversaries, TTPs, and other types of IOC and IOAs.

By simply using the search function in Hunter, you are quickly able to find relevant threat hunting queries. In this example, I looked for all the threat hunting queries related to the adversary group named Hafnium. I can again take this query and run it instantly in Deep Visibility within the SentinelOne management console with one click.

Summary

The cyber threat landscape continues to evolve rapidly. As a result, in many organizations, the time to detect and contain a threat continues to increase. Most security teams today are too overloaded with long incident queues to perform in-depth, meaningful analysis as part of their incident investigation. Singularity Signal leverages the Signal AI Engine to perform real-time threat modeling, incident correlation, and TTP analysis at scale, delivering enriched intelligence that you can use to respond more effectively to threats.

To explore more ways Singularity Signal is helping enterprises around the world take a new approach to threat intelligence, read more here.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Quantexa raises $153M to build out AI-based big data tools to track risk and run investigations

As financial crime has become significantly more sophisticated, so too have the tools that are used to combat it. Now, Quantexa — one of the more interesting startups that has been building AI-based solutions to help detect and stop money laundering, fraud, and other illicit activity — has raised a growth round of $153 million, both to continue expanding that business in financial services and to bring its tools into a wider context, so to speak: linking up the dots around all customer and other data.

“We’ve diversified outside of financial services and working with government, healthcare, telcos and insurance,” Vishal Marria, its founder and CEO, said in an interview. “That has been substantial. Given the whole journey that the market’s gone through in contextual decision intelligence as part of bigger digital transformation, was inevitable.”

The Series D values the London-based startup between $800 million and $900 million on the heels of Quantexa growing its subscriptions revenues 108% in the last year.

Warburg Pincus led the round, with existing backers Dawn Capital, AlbionVC, Evolution Equity Partners (a specialist cybersecurity VC), HSBC, ABN AMRO Ventures and British Patient Capital also participating. The valuation is a significant hike up for Quantexa, which was valued between $200 million and $300 million in its Series C last July. It has now raised over $240 million to date.

Quantexa got its start out of a gap in the market that Marria identified when he was working as a director at Ernst & Young tasked with helping its clients with money laundering and other fraudulent activity. As he saw it, there were no truly useful systems in the market that efficiently tapped the world of data available to companies — matching up and parsing both their internal information as well as external, publicly available data — to get more meaningful insights into potential fraud, money laundering and other illegal activities quickly and accurately.

Quantexa’s machine learning system approaches that challenge as a classic big data problem — too much data for a humans to parse on their own, but small work for AI algorithms processing huge amounts of that data for specific ends.

Its so-called “Contextual Decision Intelligence” models (the name Quantexa is meant to evoke “quantum” and “context”) were built initially specifically to address this for financial services, with AI tools for assessing risk and compliance and identifying financial criminal activity, leveraging relationships that Quantexa has with partners like Accenture, Deloitte, Microsoft and Google to help fill in more data gaps.

The company says its software — and this, not the data, is what is sold to companies to use over their own datasets — has handled up to 60 billion records in a single engagement. It then presents insights in the form of easily digestible graphs and other formats so that users can better understand the relationships between different entities and so on.

Today, financial services companies still make up about 60% of the company’s business, Marria said, with 7 of the top 10 UK and Australian banks and 6 of the top 14 financial institutions in North America among its customers. (The list includes its strategic backer HSBC, as well as Standard Chartered Bank and Danske Bank.)

But alongside those — spurred by a huge shift in the market to relying significantly more on wider data sets, to businesses updating their systems in recent years, and the fact that, in the last year, online activity has in many cases become the “only” activity — Quantexa has expanded more significantly into other sectors.

“The Financial crisis [of 2007] was a tipping point in terms of how financial services companies became more proactive, and I’d say that the pandemic has been a turning point around other sectors like healthcare in how to become more proactive,” Marria said. “To do that you need more data and insights.”

So in the last year in particular, Quantexa has expanded to include other verticals facing financial crime, such as healthcare, insurance, government (for example in tax compliance), and telecoms/communications, but in addition to that, it has continued to diversify what it does to cover more use cases, such as building more complete customer profiles that can be used for KYC (know your customer) compliance or to serve them with more tailored products. Working with government, it’s also seeing its software getting applied to other areas of illicit activity, such as tracking and identifying human trafficking.

In all, Quantexa has “thousands” of customers in 70 markets. Quantexa cites figures from IDC that estimate the market for such services — both financial crime and more general KYC services — is worth about $114 billion annually, so there is still a lot more to play for.

“Quantexa’s proprietary technology enables clients to create single views of individuals and entities, visualized through graph network analytics and scaled with the most advanced AI technology,” said Adarsh Sarma, MD and co-head of Europe at Warburg Pincus, in a statement. “This capability has already revolutionized the way KYC, AML and fraud processes are run by some of the world’s largest financial institutions and governments, addressing a significant gap in an increasingly important part of the industry. The company’s impressive growth to date is a reflection of its invaluable value proposition in a massive total available market, as well as its continued expansion across new sectors and geographies.”

Interestingly, Marria admitted to me that the company has been approached by big tech companies and others that work with them as an acquisition target — no real surprises there — but longer term, he would like Quantexa to consider how it continues to grow on its own, with an independent future very much in his distant sights.

“Sure, an acquisition to the likes of a big tech company absolutely could happen, but I am gearing this up for an IPO,” he said.

The Good, the Bad and the Ugly in Cybersecurity – Week 28

The Good

This week sees another victory for law enforcement in the fight against cybercrime. An approximately two-year long investigation dubbed ‘Operation Lyrebird’ has culminated in the capture of an individual with a long trail of fraud and cybercrime offenses. The suspect was taken into custody by the Moroccan police according to INTERPOL. The individual, who goes by the hacker alias “Dr HeX”, is tied to a number of activities including credit card fraud, website intrusions, phishing attacks and more. He is also known as the creator of a multi-script tool called ‘ZombiBot’, which exists in various versions.

“Dr HeX” has been active, in current capacity, since at least 2009, but more recently was known for phishing kits. These ‘kits’ are sold to low-level actors for very little money. They serve to simplify and automate as much of the phishing attack process as possible. Typical phishing kits include templates for masquerading as various well-known websites such as bank login pages, shopping login pages, and company portals) along with the requisite scripts and config files to properly trick and redirect victims. These items are often sold in open forums, Telegram channels and the like.

During the course of their investigation, investigators were able to follow a rather direct trail of OSINT clues to identify “Dr HeX”. Once they tied the ‘Dr HeX’ moniker to a valid email address, they were quickly able to identify the individual and confirm his ties to multiple additional phishing and fraud campaigns. Hats off to the Morroccan Police, INTERPOL, and Group-IB on the successful operation.

The Bad

It did not take cybercriminals long to begin using the Kaseya attack as a social engineering lure. Within two days of the incident, spam campaigns were observed which lure victims into installing Cobalt Strike payloads masquerading as security updates from Kaseya. From that point, anything is possible with regards to data theft or additional code execution.

The scope of this attack is quite large, as is the accompanying flurry of information for, about, and around it. The attackers are very much preying on the ‘state of confusion’ (or shock for some). At the end of the day, we can always expect the adversary to capitalize on anything at all times.

Also this week, our researchers discovered a potential new RaaS-in-the-making in the form of something calling itself “EP918” Ransomware service. The actor(s) behind this early-stage setup claim to be offering a “powerful FUD ransomware” for between $300 and $500. At the lower tier, the ransomware is available as a “script to be embedded in a website”. The upper tier offers buyers a unique ransomware payload embedded in a malicious PDF file. It is then up to the buyer to distribute the malware as they see fit. Both Bitcoin (BTC) and Monero (XMR) payments are supported. While many of these underground Ransomware-as-a-Service offerings ironically turn out to be scams aimed at (would-be) criminals, others are genuine ransomware services that are later seen in real-world attacks. SentinelLabs will be keeping its eye on this one.

The Ugly

If there is one event that dominated our landscape this week, it would have to be the wide-reaching attack against Kaseya VSA. Attackers leveraged a sly combination of LOLBins, Microsoft Defender and a zero-day exploit to distribute the REvil ransomware to thousands of endpoints. This was a well-staged attack, with very deliberate timing as well (holiday weekend in the United States). This attack became quite complex rather quickly, affecting both Kaseya and the connected customers they provide services to. There is a level of trust there that these attackers are taking direct advantage of.

It is believed that this is one of the largest mass-scale ransomware-deployments to date. REvil has yet to fully ‘comment’ apart from a very short update on their public “blog” in which they claim “more than a million systems were infected”. For a mere $70 million (later revised to $50 million) in Bitcoin, the gang offer “everyone will be able to recover from attack in less than an hour”.

Following the initial incident, Kaseya has been releasing frequent updates via both video and their blogs. At this stage most of the services for On-Premise customers are back online and SaaS services should not be far behind. That said, the issue is still unfolding and there will be much to learn in the coming weeks.

Incidents like this illustrate the need to have full visibility and understanding into your infrastructure, shared and otherwise. A good deal of security is built on a certain level of assumed “trust”. It is wise to not take that trust for granted and continually review your ties and connections to third party dependencies. Understand and analyse your ingress points from both the outside and from the perspective of connected vendors and partners. The action being taken on this issue has been ‘good’. But the ‘ugliness’ here lies in the knowledge that this will not be the last attack of this nature.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

3 analysts weigh in: What are Andy Jassy’s top priorities as Amazon’s new CEO?

It’s not easy following a larger-than-life founder and CEO of an iconic company, but that’s what former AWS CEO Andy Jassy faces this week as he takes over for Jeff Bezos, who moves into the executive chairman role. Jassy must deal with myriad challenges as he becomes the head honcho at the No. 2 company on the Fortune 500.

How he handles these challenges will define his tenure at the helm of the online retail giant. We asked several analysts to identify the top problems he will have to address in his new role.

Ensure a smooth transition

Handling that transition smoothly and showing investors and the rest of the world that it’s business as usual at Amazon is going to be a big priority for Jassy, said Robin Ody, an analyst at Canalys. He said it’s not unlike what Satya Nadella faced when he took over as CEO at Microsoft in 2014.

Handling the transition smoothly and showing investors and the rest of the world that it’s business as usual at Amazon is going to be a big priority for Jassy.

“The biggest task is that you’re following Jeff Bezos, so his overarching issue is going to be stability and continuity. … The eyes of the world are on that succession. So managing that I think is the overall issue and would be for anyone in the same position,” Ody said.

Forrester analyst Sucharita Kodali said Jassy’s biggest job is just to keep the revenue train rolling. “I think the biggest to-do is to just continue that momentum that the company has had for the last several years. He has to make sure that they don’t lose that. If he does that, I mean, he will win,” she said.

Maintain company growth

As an online retailer, the company has thrived during COVID, generating $386 billion in revenue in 2020, up more than $100 billion over the prior year. As Jassy takes over and things return to something closer to normal, will he be able to keep the revenue pedal to the metal?

Cloud security platform Netskope boosts valuation to $7.5B following $300M raise

Netskope, focused on Secure Access Service Edge architecture, announced Friday a $300 million investment round on a post-money valuation of $7.5 billion.

The oversubscribed insider investment was led by ICONIQ Growth, which was joined by other existing investors, including Lightspeed Venture Partners, Accel, Sequoia Capital Global Equities, Base Partners, Sapphire Ventures and Geodesic Capital.

Netskope co-founder and CEO Sanjay Beri told TechCrunch that since its founding in 2012, the company’s mission has been to guide companies through their digital transformation by finding what is most valuable to them — sensitive data — and protecting it.

“What we had before in the market didn’t work for that world,” he said. “The theory is that digital transformation is inevitable, so our vision is to transform that market so people could do that, and that is what we are building nearly a decade later.”

With this new round, Netskope continues to rack up large rounds: it raised $340 million last February, which gave it a valuation of nearly $3 billion. Prior to that, it was a $168.7 million round at the end of 2018.

Similar to other rounds, the company was not actively seeking new capital, but that it was “an inside round with people who know everything about us,” Beri said.

“The reality is we could have raised $1 billion, but we don’t need more capital,” he added. “However, having a continued strong balance sheet isn’t a bad thing. We are fortunate to be in that situation, and our destination is to be the most impactful cybersecurity company in the world.

Beri said the company just completed a “three-year journey building the largest cloud network that is 15 milliseconds from anyone in the world,” and intends to invest the new funds into continued R&D, expanding its platform and Netskope’s go-to-market strategy to meet demand for a market it estimated would be valued at $30 billion by 2024, he said.

Even pre-pandemic the company had strong hypergrowth over the past year, surpassing the market average annual growth of 50%, he added.

Today’s investment brings the total raised by Santa Clara-based Netskope to just over $1 billion, according to Crunchbase data.

With the company racking up that kind of capital, the next natural step would be to become a public company. Beri admits that Netskope could be public now, though it doesn’t have to do it for the traditional reasons of raising capital or marketing.

“Going public is one day on our path, but you probably won’t see us raise another private round,” Beri said.

 

Spike in “Chain Gang” Destructive Attacks on ATMs

Last summer, financial institutions throughout Texas started reporting a sudden increase in attacks involving well-orchestrated teams that would show up at night, use stolen trucks and heavy chains to rip Automated Teller Machines (ATMs) out of their foundations, and make off with the cash boxes inside. Now it appears the crime — known variously as “ATM smash-and-grab” or “chain gang” attacks — is rapidly increasing in other states.

Four different ATM “chain gang” attacks in Texas recently. Image: Texas Bankers Association.

The Texas Bankers Association documented at least 139 chain gang attacks against Texas financial institutions in the year ending November 2020. The association says organized crime is the main source of the destructive activity, and that Houston-based FBI officials have made more than 50 arrests and are actively tracking about 250 individuals suspected of being part of these criminal rings.

From surveillance camera footage examined by fraud investigators, the perpetrators have followed the same playbook in each incident. The bad guys show up in the early morning hours with a truck or tractor that’s been stolen from a local construction site.

Then two or three masked men will pry the front covering from the ATM using crowbars, and attach heavy chains to the cash machine. The canisters of cash inside are exposed once the crooks pull the ATM’s safe door off using the stolen vehicle.

In nearly all cases, the perpetrators are done in less than five minutes.

Tracey Santor is the bond product manager for Travelers, which insures a large number of financial institutions against this type of crime. Santor said investigators questioning some of the suspects learned that the smash-and-grabs are used as a kind of initiation for would-be gang members.

“One of the things they found out during the arrest was the people wanting to be in the gang were told they had to bring them $250,000 within a week,” Santor said. “And they were given instructions on how to do it. I’ve also heard of cases where the perpetrators put construction cones around the ATM so it looks to anyone passing by that they’re legitimately doing construction at the site.”

Santor said the chain gang attacks have spread to other states, and that in the year ending June 2021 Travelers saw a 257 percent increase in the number of insurance claims related to ATM smash-and-grabs.

That 257 percent increase also includes claims involving incidents where attackers will crash a stolen car into a convenience store, and then in the ensuing commotion load the store’s ATM into the back of the vehicle and drive away.

In addition to any cash losses — which can often exceed $200,000 — replacing destroyed ATMs and any associated housing can take weeks, and newer model ATMs can cost $80,000 or more.

“It’s not stopping,” Santor said of the chain gang attacks. “In the last year we counted 32 separate states we’ve seen this type of attack in. Normally we are seeing single digits across the country. 2021 is going to be the same or worse for us than last year.”

Increased law enforcement scrutiny of the crime in Texas might explain why a number of neighboring states are seeing a recent uptick in the number of chain gang attacks, said Elaine Dodd, executive vice president of the fraud division for the Oklahoma Bankers Association.

“We have a lot of it going on here now and they’re getting good at it,” Dodd said. “The numbers are surging. I think since Texas has focused law enforcement attention on this it’s spreading like fingers out from there.”

Chain gang members at work on a Texas bank ATM. Image: Texas Bankers Association.

It’s not hard to see why physical attacks against ATMs are on the rise. In 2019, the average amount stolen in a traditional bank robbery was just $1,797, according to the FBI.

In contrast, robbing ATMs is way less risky and potentially far more rewarding for the perpetrators. That’s because bank ATMs can typically hold hundreds of thousands of dollars in cash.

Dodd said she hopes to see more involvement from federal investigators in fighting chain gang attacks, and that it would help if more of these attacks were prosecuted as bank robberies, which can carry stiff federal penalties. As it is, she said, most incidents are treated as property crimes and left to local investigators.

“We had a rash of three attacks recently and contacted the FBI, and were told, ‘We don’t work these,’” Dodd said. “The FBI looks at these attacks not as bank robbery, but just the theft of cash.”

In January, Texas lawmakers are introduced legislation that would make destroying an ATM a third degree felony offense. Such a change would mean chain gang members could be prosecuted with the same zeal Texas applies to people who steal someone’s livestock, a crime which is punishable by 2-10 years in prison and a fine of up to $10,000 (or both).

“The bottom line is, right now bank robbery is a felony and robbing an unattended ATM is not,” Santor said.

KrebsOnSecurity checked in with the European ATM Security Team (EAST), which maintains statistics about fraud of all kinds targeting ATM operators in Europe. EAST Executive Director Lachlan Gunn said overall physical attacks on ATMs in Europe have been a lot quieter since the pandemic started.

“Attacks fell right away during the lockdowns and have started to pick up a little as the restrictions are eased,” Gunn said. “So no major spike here, although [the United States is] further ahead when it comes to the easing of restrictions.”

Gunn said the most common physical attacks on European ATMs continue to involve explosives —  such as gas tanks and solid explosives that are typically stolen from mining and construction sites.

“The biggest physical attack issue in Europe remains solid explosive attacks, due to the extensive collateral damage and the risk to life,” Gunn said.

The Texas Bankers Association report, available here (PDF), includes a number of recommended steps financial institutions can take to reduce the likelihood of being targeted by chain gangs.

Dropbox is reimagining the workplace with Dropbox Studios

The pandemic has been a time for a lot of reflection on both a personal and business level. Tech companies in particular are assessing whether they will ever again return to a full-time, in-office approach. Some are considering a hybrid approach and some may not go back to a building at all. Amidst all this, Dropbox has decided to reimagine the office with a new concept they are introducing this week called Dropbox Studios.

Dropbox CEO and co-founder Drew Houston sees the pandemic as a forcing event, one that pushes companies to rethink work through a distributed lens. He doesn’t think that many businesses will simply go back to the old way of working. As a result, he wanted his company to rethink the office design with one that did away with cube farms with workers spread across a landscape of cubicles. Instead, he wants to create a new approach that takes into account that people don’t necessarily need a permanent space in the building.

“We’re soft launching or opening our Dropbox Studios [this] week in the U.S., including the one in San Francisco. And we took the opportunity as part of our focus to reimagine the office into a collaborative space that we call a studio,” Houston told me.

Houston says that the company really wanted to think about how to incorporate the best of working at home with the best of working at the office collaborating with colleagues. “We focused on having really great curated in-person experiences, some of which we coordinate at the company level and then some of which you can go into our studios, which have been refitted to support more collaboration,” he said.

Dropbox Studio coffee shop

Dropbox Studio coffee shop. Image Credits: Dropbox

To that end, they have created a lot of soft spaces with a coffee shop to create a casual feel, conference rooms for teams to have what Houston called “on-site off-sites” and classrooms for organized group learning. The idea is to create purpose-built spaces for what would work best in an office environment and what people have been missing from in-person interactions since they were forced to work at home by the pandemic, while letting people accomplish more individual work at home.

The company is planning on dedicated studios in major cities like San Francisco, Seattle, Tokyo and Tel Aviv with smaller on-demand spaces operated by partners like WeWork in other locations.

Dropbox Studio Classroom

Dropbox Studio classroom space. Image Credits: Dropbox

As Houston said when he appeared at TechCrunch Disrupt last year, his company sees this as an opportunity to be on the forefront of distributed work and act as an example and a guide to help other companies as they undertake similar journeys.

“When you think more broadly about the effects of the shift to distributed work, it will be felt well beyond when we go back to the office. So we’ve gone through a one-way door. This is maybe one of the biggest changes to knowledge work since that term was invented in 1959,” Houston said last year.

He recognizes that they have to evaluate how this is going to work and iterate on the design as needed, just as the company iterates on its products and they will be evaluating the new spaces and the impact on collaborative work and making adjustments when needed. To help others, Dropbox is releasing an open-source project plan called the Virtual First Toolkit.

The company is going all-in with this approach and will be subletting much of its existing office space as it moves to this new way of working and its space requirements change dramatically. It’s a bold step, but one that Houston believes his company is uniquely positioned to undertake, and he wants Dropbox to be an example to others on how to reinvent the way we work.

Rootly nabs $3.2M seed to build SRE incident management solution inside Slack

As companies look for ways to respond to incidents in their complex microservices-driven software stacks, SREs — site reliability engineers — are left to deal with the issues involved in making everything work and keeping the application up and running. Rootly, a new early-stage startup wants to help by building an incident-response solution inside of Slack.

Today the company emerged from stealth with a $3.2 million seed investment. XYZ Venture Capital led the round with participation from 8VC, Y Combinator and several individual tech executives.

Rootly co-founder and CEO Quentin Rousseau says that he cut his SRE teeth working at Instacart. When he joined in 2015, the company was processing hundreds of orders a day, and when he left in 2018 it was processing thousands. It was his job to make sure the app was up and running for shoppers, consumers and stores even as it scaled.

He said that while he was at Instacart, he learned to see patterns in the way people responded to an issue and he had begun working on a side project after he left looking to bring the incident response process under control inside of Slack. He connected with co-founder JJ Tang, who had started at Instacart after Rousseau left in 2018, and the two of them decided to start Rootly to help solve these unique problems that SREs face around incident response.

“Basically we want people to manage and resolve incidents directly in Slack. We don’t want to add another layer of complexity on top of that. We feel like there are already so many tools out there and when things are chaotic and things are on fire, you really want to focus quickly on the resolution part of it. So we’re really trying to be focused on the Slack experience,” Rousseau explained.

The Rootly solution helps SREs connect quickly to their various tools inside Slack, whether that’s Jira or Zendesk or DataDog or PagerDuty, and it compiles an incident report in the background based on the conversation that’s happening inside of Slack around resolving the incident. That will help when the team meets for an incident post-mortem after the issue is resolved.

The company is small at the moment with fewer than 10 employees, but it plans to hire some engineers and sales people over the next year as they put this capital to work.

Tang says that they have built diversity as a core component of the company culture, and it helps that they are working with investor Ross Fubini, managing partner at lead investor XYZ Venture Capital. “That’s also one of the reasons why we picked Ross as our lead investor. [His firm] has probably one of the deepest focuses around [diversity], not only as a fund, but also how they influence their portfolio companies,” he said.

Fubini says there are two main focuses in building diverse companies including building a system to look for diverse pools of talent, and then building an environment to help people from underrepresented groups feel welcome once they are hired.
“One of our early conversations we had with Rootly was how do we both bring a diverse group in and benefit from a diverse set of people, and what’s going to both attract them, and when they come in make them feel like this is a place that they belong,” Fubini explained.

The company is fully remote right now with Rousseau in San Francisco and Tang in Toronto, and the plan is to remain remote whenever offices can fully reopen. It’s worth noting that Rousseau and Tang are members of the current Y Combinator batch.