Flippa raises $11M to match online asset and business buyers, sellers

/0 Comments/in /by

Flippa, an online marketplace to buy and sell online businesses and digital assets, announced its first venture-backed round, an $11 million Series A, as it sees over 600,000 monthly searches from investors looking to connect with business owners.

OneVentures led the round and was joined by existing investors Andrew Walsh (former Hitwise CEO), Flippa co-founders Mark Harbottle and Matt Mickiewicz, 99designs, as well as new investors Catch.com.au founders Gabby and Hezi Leibovich; RetailMeNot.com founders Guy King and Bevan Clarke; and Reactive Media founders Tim O’Neill and Tim Fouhy.

The company, with bases in both Austin and Australia, was started in 2009 and facilitates exits for millions of online business owners, some that operate on e-commerce marketplaces, blogs, SaaS and apps, the newest data integration being for Shopify, Blake Hutchison, CEO of Flippa, told TechCrunch.

Berlin Brands Group, now valued at $1B+, raises $700M to buy and scale merchants that sell on marketplaces like Amazon

He considers Flippa to be “the investment bank for the 99%,” of small businesses, providing an end-to end platform that includes a proprietary valuation product for businesses — processing over 4,000 valuations each month — and a matching algorithm to connect with qualified buyers.

Business owners can sell their companies directly through the platform and have the option to bring in a business broker or advisor. The company also offers due diligence and acquisition financing from Thrasio-owned Yardline Capital and a new service called Flippa Legal.

“Our strategy is verification at the source, i.e. data,” Hutchison said. “Users can currently connect to Stripe, QuickBooks Online, WooCommerce, Google Analytics and Admob for apps, which means they can expose their online business performance with one-click, and buyers can seamlessly assess financial and operational performance.”

Online retail, as a share of total retail sales, grew to 19.6% in 2020, up from 15.8% in 2019, driven largely by the global pandemic as sales shifted online while brick-and-mortar stores closed.

Meanwhile, Amazon has 6 million sellers, and Shopify sellers run over 1 million businesses. This has led to an emergence of e-commerce aggregators, backed by venture capital dollars, that are scooping up successful businesses to grow, finding many through Flippa’s marketplace, Hutchison said.

Flippa has over 3 million registered users and added 300,000 new registered users in the past 12 months. Overall transaction volume grows 100% year over year. Though being bootstrapped for over a decade, the company’s growth and opportunity drove Hutchison to go after venture capital dollars.

“There is a huge movement toward this being recognized as an asset class,” he said. “At the moment, the asset class is undervalued and driving a massive swarm as investors snap up businesses and aggregate them together. We see the future of these aggregators becoming ‘X company for apps’ or ‘X for blogs.’ ”

As such, the new funding will be used to double the company’s headcount to more than 100 people as it builds out its offices globally, as well as establishing outposts in Melbourne, San Francisco and Austin. The company will also invest in marketing and product development to scale its business valuation tool that Hutchison likens to the “Zillow Zestimate,” but for online businesses.

Nigel Dews, operating partner at OneVentures, has been following Flippa since it started. His firm is one of the oldest venture capital firms in Australia and has 30 companies in its portfolio focused on healthcare and technology.

He believes the company will create meaningful change for small businesses. The team combined with Flippa’s ability to connect buyers and sellers puts the company in a strong leadership position to take advantage of the marketplace effect.

“Flippa is an incredible opportunity for us,” he added. “You don’t often get a world-leading business in a brand new category with incredible tailwinds. We also liked that the company is based in Australia, but half of its revenue comes from the U.S.”

E-commerce roll-ups are the next wave of disruption in consumer packaged goods

Airwallex raises $200M at a $4B valuation to double down on business banking

/0 Comments/in /by

Business, now more than ever before, is going digital, and today a startup that’s building a vertically integrated solution to meet business banking needs is announcing a big round of funding to tap into the opportunity. Airwallex — which provides business banking services directly to businesses themselves as well as via a set of APIs that power other companies’ fintech products — has raised $200 million, a Series E round of funding that values the Australian startup at $4 billion.

Lone Pine Capital is leading the round, with new backers G Squared and Vetamer Capital Management, and previous backers 1835i Ventures (formerly ANZi), DST Global, Salesforce Ventures and Sequoia Capital China also participating.

The funding brings the total raised by Airwallex — which has head offices in Hong Kong and Melbourne, Australia — to $700 million, including a $100 million injection that closed out its Series D just six months ago.

Cross-border fintech Airwallex raises $100M Series D extension at new valuation of $2.6B

Airwallex will be using the funding both to continue investing in its product and technology as well as to continue its geographical expansion and to focus on some larger business targets. The company has started to make some headway into Europe and the U.K. and that will be one big focus, along with the U.S.

The quick succession of funding and rising valuation underscore Airwallex’s traction to date around what CEO and co-founder Jack Zhang describes as a vertically integrated strategy.

That involves two parts. First, Airwallex has built all the infrastructure for the business banking services that it provides directly to businesses with a focus on small and medium enterprise customers. Second, it has packaged up that infrastructure into a set of APIs that a variety of other companies use to provide financial services directly to their customers without needing to build those services themselves — the so-called “embedded finance” approach.

“We want to own the whole ecosystem,” Zhang said to me. “We want to be like the Apple of business finance.”

That seems to be working out so far for Airwallex. Revenues were up almost 150% for the first half of 2021 compared to a year before, with the company processing more than US$20 billion for a global client portfolio that has quadrupled in size. In addition to tens of thousands of SMEs, it also, via APIs, powers financial services for other companies like GOAT, Papaya Global and Stake.

Airwallex got its start like many of the strongest startups do: It was built to solve a problem that the founders encountered themselves. In the case of Airwallex, Zhang tells me he had actually been working on a previous startup idea. He wanted to build the “Blue Bottle Coffee” of Asia Pacific out of Australia, and it involved buying and importing a lot of different materials, packaging and, of course, coffee from all around the world.

“We found that making payments as a small business was slow and expensive,” he said, since it involved banks in different countries and different banking systems, manual efforts to transfer money between them and many days to clear the payments. “But that was also my background — payments and trading — and so I decided that it was a much more fascinating problem for me to work on and resolve.”

Eventually one of his co-founders in the coffee effort came along, with the four co-founders of Airwallex ultimately including Zhang, along with Xijing Dai, Lucy Liu and Max Li.

It was 2014, and Airwallex got attention from VCs early on in part for being in the right place at the right time. A wave of startups building financial services for SMBs were definitely gaining ground in North America and Europe, filling a long-neglected hole in the technology universe, but there was almost nothing of the sort in the Asia Pacific region, and in those earlier days solutions were highly regionalized.

From there it was a no-brainer that starting with cross-border payments, the first thing Airwallex tackled, would soon grow into a wider suite of banking services involving payments and other cross-border banking services.

“In the last six years, we’ve built more than 50 bank integrations and now offer payments across 95 countries, payments through a partner network,” he added, with 43 of those offering real-time transactions. From that, it moved on to bank accounts and “other primitive stuff” with card issuance and more, he said, eventually building an end-to-end payment stack. 

Airwallex has tens of thousands of customers using its financial services directly, and they make up about 40% of its revenues today. The rest is the interesting turn the company decided to take to expand its business.

Airwallex had built all of its technology from the ground up itself, and it found that — given the wave of new companies looking for more ways to engage customers and become their one-stop shop — there was an opportunity to package that tech up in a set of APIs and sell that on to a different set of customers, those who also provided services for small businesses. That part of the business now accounts for 60% of Airwallex’s business, Zhang said, and is growing faster in terms of revenues. (The SMB business is growing faster in terms of customers, he said.)

A lot of embedded finance startups that base their business around building tech to power other businesses tend to stay at arm’s length from offering financial services directly to consumers. The explanation I have heard is that they do not wish to compete against their customers. Zhang said that Airwallex takes a different approach, by being selective about the customers they partner with, so that the financial services they offer would never be the kind that would not be in direct competition. The GOAT marketplace for sneakers, or Papaya Global’s HR platform are classic examples of this.

Checkout is the key to frictionless B2B e-commerce

However, as Airwallex continues to grow, you can’t help but wonder whether one of those partners might like to gobble up all of Airwallex and take on some of that service provision role itself. In that context, it’s very interesting to see Salesforce Ventures returning to invest even more in the company in this round, given how widely the company has expanded from its early roots in software for salespeople into a massive platform providing a huge range of cloud services to help people run their businesses.

For now, it’s been the combination of its unique roots in Asia Pacific, plus its vertical approach of building its tech from the ground up, plus its retail acumen that has impressed investors and may well see Airwallex stay independent and grow for some time to come.

“Airwallex has a clear competitive advantage in the digital payments market,” said David Craver, MD at Lone Pine Capital, in a statement. “Its unique Asia-Pacific roots, coupled with its innovative infrastructure, products and services, speak volumes about the business’ global growth opportunities and its impressive expansion in the competitive payment providers space. We are excited to invest in Airwallex at this dynamic time, and look forward to helping drive the company’s expansion and success worldwide.”

Updated to note that the coffee business was in Australia, not Hong Kong.

Bzaar bags $4M to enable US retailers to source home, lifestyle products from India

/0 Comments/in /by

Small businesses in the U.S. now have a new way to source home and lifestyle goods from new manufacturers. Bzaar, a business-to-business cross-border marketplace, is connecting retailers with over 50 export-ready manufacturers in India.

The U.S.-based company announced Monday that it raised $4 million in seed funding, led by Canaan Partners, and including angel investors Flipkart co-founder Binny Bansal, PhonePe founders Sameer Nigam and Rahul Chari, Addition founder Lee Fixel and Helion Ventures co-founder Ashish Gupta.

Nishant Verman and Prasanth Nair co-founded Bzaar in 2020 and consider their company to be like a “fair without borders,” Verman put it. Prior to founding Bzaar, Verman was at Bangalore-based Flipkart until it was acquired by Walmart in 2018. He then was at Canaan Partners in the U.S.

“We think the next 10 years of global trade will be different from the last 100 years,” he added. “That’s why we think this business needs to exist.”

Traditionally, small U.S. buyers did not have feet on the ground in manufacturing hubs, like China, to manage shipments of goods in the same way that large retailers did. Then Alibaba came along in the late 1990s and began acting as a gatekeeper for cross-border purchases, Verman said. U.S. goods imports from China totaled $451.7 billion in 2019, while U.S. goods imports from India in 2019 were $87.4 billion.

Bzaar screenshot. Image Credits: Bzaar

Small buyers could buy home and lifestyle goods, but it was typically through the same sellers, and there was not often a unique selection, nor were goods available handmade or using organic materials, he added.

With Bzaar, small buyers can purchase over 10,000 wholesale goods on its marketplace from other countries like India and Southeast Asia. The company guarantees products arrive within two weeks and manage all of the packaging logistics and buyer protection.

Verman and Nair launched the marketplace in April and had thousands users in three continents purchasing from the platform within six months. Meanwhile, products on Bzaar are up to 50% cheaper than domestic U.S. platforms, while SKU selection is growing doubling every month, Verman said.

The new funding will enable the company to invest in marketing to get in front of buyers and invest on its technology to advance its cataloging feature so that goods pass through customs seamlessly. Wanting to provide new features for its small business customers, Verman also intends to create a credit feature to enable buyers to pay in installments or up to 90 days later.

“We feel this is a once-in-a-lifetime shift in how global trade works,” he added. “You need the right team in place to do this because the problem is quite complex to take products from a small town in Vietnam to Nashville. With our infrastructure in place, the good news is there are already shops and buyers, and we are stitching them together to give buyers a seamless experience.”

Startups are transforming global trade in the COVID-19 era

 

Fivetran hauls in $565M on $5.6B valuation, acquires competitor HVR for $700M

/0 Comments/in /by

Fivetran, the data connectivity startup, had a big day today. For starters it announced a $565 million investment on a $5.6 billion valuation, but it didn’t stop there. It also announced its second acquisition this year, snagging HVR, a data integration competitor that had raised more than $50 million, for $700 million in cash and stock.

The company last raised a $100 million Series C on a $1.2 billion valuation, increasing the valuation by over 5x. As with that Series C, Andreessen Horowitz was back leading the round, with participation from other double dippers General Catalyst, CEAS Investments, Matrix Partners and other unnamed firms or individuals. New investors ICONIQ Capital, D1 Capital Partners and YC Continuity also came along for the ride. The company reports it has now raised $730 million.

The HVR acquisition represents a hefty investment for the startup, grabbing a company for a price that is almost equal to all the money it has raised to date, but it provides a way to expand its market quickly by buying a competitor. Earlier this year Fivetran acquired Teleport Data as it continues to add functionality and customers via acquisition.

“The acquisition — a cash and stock deal valued at $700 million — strengthens Fivetran’s market position as one of the data integration leaders for all industries and all customer types,” the company said in a statement.

Fivetran snares $100M Series C on $1.2B valuation for data connectivity solution

While that may smack of corporate marketing-speak, there is some truth to it, as pulling data from multiple sources, sometimes in siloed legacy systems, is a huge challenge for companies, and both Fivetran and HVR have developed tools to provide the pipes to connect various data sources and put it to work across a business.

Data is central to a number of modern enterprise practices, including customer experience management, which takes advantage of customer data to deliver customized experiences based on what you know about them, and data is the main fuel for machine learning models, which use it to understand and learn how a process works. Fivetran and HVR provide the nuts and bolts infrastructure to move the data around to where it’s needed, connecting to various applications like Salesforce, Box or Airtable, databases like Postgres SQL or data repositories like Snowflake or Databricks.

Whether bigger is better remains to be seen, but Fivetran is betting that it will be in this case as it makes its way along the startup journey. The transaction has been approved by both companies’ boards. The deal is still subject to standard regulatory approval, but Fivetran is expecting it to close in October.

The Good, the Bad and the Ugly in Cybersecurity – Week 38

/0 Comments/in /by

The Good

A few new developments occured this week in the saga that is REvil ransomware. First off, REvil appears to have reactivated its infrastructure and has renewed its attacks, so far on a slightly smaller scale. New victims are appearing on their blog, and affiliates have resurfaced in specific underground forums in an effort to save some face and assure the world that they are kind and gentle cybercriminals.

However, the good news is that this week we also saw the release of a “master decrypter” for previous REvil victims.

The decrypter was the fruit of a joint collaboration between Bitdefender and “trusted law enforcement partners’. While it won’t help victims of the latest wave of REvil attacks, it does provide a simple and effective way for those who were hit prior to REvil’s recent hiatus after the Kaseya and other high profile attacks to recover previously encrypted assets. As a reminder, SentinelOne Singularity will prevent REvil ransomware attacks as well as the associated TTPs.

The Bad

This was a particularly colorful week with regards to Apple and their emergency patch for a set of security vulnerabilities that enabled the deployment and use of NSO Group spyware. At the heart of these matters is an exploit dubbed FORCEDENTRY, which takes advantage of a vulnerability in Apple’s Core Graphics framework.

What makes FORCEDENTRY so worrisome for users is that it does not require any user interaction to exploit, and since CoreGraphics is common to all Apple’s OS platforms, it can be leveraged against Apple’s iOS, iPadOS, watchOS, and macOS devices. Needless to say, the potentially exposed population is quite large and diverse. The flaw was originally reported by the Citizen Lab, who discovered it during an investigation into an iOS device belonging to a Saudi activist. The device had been infected by the NSO Group’s Pegasus spyware.

The bug was assigned CVE-2021-30860, and an emergency patch was released on September 13, 2021. It is believed that this flaw has been actively used against high-profile targets in the activist world as early as June 2020. Specially-crafted PDF documents can be used to deliver the exploit to targets, and it is simply the act of the receiving the PDF that leads to the infection. A truly scary zero-click exploit.

Apple has released updates to address this and other issues. However, users of older systems be aware: on the Mac, only Catalina and Big Sur have been patched for this vulnerability, so the almost 20% of Mac users still running macOS Mojave and earlier are out of luck. iPhone users require iOS 14.8 or later to receive the fix, while watchOS needs to be running 7.6.2 or higher.

The Ugly

This week, three agents tied to “Project Ravenadmitted to working against the United States government at the direction of the United Arab Emirates.

Under a deal designed to avoid prosecution, the three operatives were held to admit to working as spies for the U.A.E and ultimately violating U.S. laws, including the selling of military secrets and technology. As part of “Project Raven”, the individuals were responsible for multiple intrusions into networks within the borders of the United States. In addition, they located and stole “sophisticated cyber intrusion tools” without the obviously required permission. These individuals were all considered lone “mercenaries” or “hackers-for-hire”.

While the full outcome is yet to be determined, the deal they struck appears to require the agents to pay a sum of $1.69 million dollars and to relinquish all security clearance privileges in the United States.

On another note, this week SentinelLabs disclosed details around CVE-2021-3437, an HP OMEN Gaming Hub Escalation of Privilege and Denial of Service vulnerability in HP OMEN PCs. This high-severity flaw affects millions of HP devices and can be exploited to achieve kernel-level privileges, potentially offering full control of the targeted host. While gaming PCs aren’t usually found on the enterprise network, a vulnerable device in the home could be just as harmful to work when so many of us are connecting our company devices to our home networks these days.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Ketch raises another $20M as demand grows for its privacy data control platform

/0 Comments/in /by

Six months after securing a $23 million Series A round, Ketch, a startup providing online privacy regulation and data compliance, brought in an additional $20 million in A1 funding, this time led by Acrew Capital.

Returning with Acrew for the second round are CRV, super{set} (the startup studio founded by Ketch’s co-founders CEO Tom Chavez and CTO Vivek Vaidya), Ridge Ventures and Silicon Valley Bank. The new investment gives Ketch a total of $43 million raised since the company came out of stealth earlier this year.

In 2020, Ketch introduced its data control platform for programmatic privacy, governance and security. The platform automates data control and consent management so that consumers’ privacy preferences are honored and implemented.

Ketch raises $23M to automate privacy and data compliance

Enterprises are looking for a way to meet consumer needs and accommodate their rights and consents. At the same time, companies want data to fuel their growth and gain the trust of consumers, Chavez told TechCrunch.

There is also a matter of security, with much effort going into ransomware and malware, but Chavez feels a big opportunity is to bring security to the data wherever it lies. Once the infrastructure is in place for data control it needs to be at the level of individual cells and rows, he said.

“If someone wants to be deleted, there is a challenge in finding your specific row of data,” he added. “That is an exercise in data control.”

Ketch’s customer base grew by more than 300% since its March Series A announcement, and the new funding will go toward expanding its sales and go-to-market teams, Chavez said.

Ketch app. Image Credits: Ketch

This year, the company launched Ketch OTC, a free-to-use privacy tool that streamlines all aspects of privacy so that enterprise compliance programs build trust and reduce friction. Customer growth through OTC increased five times in six months. More recently, Qonsent, which developing a consent user experience, is using Ketch’s APIs and infrastructure, Chavez said.

When looking for strategic partners, Chavez and Vaidya wanted to have people around the table who have a deep context on what they were doing and could provide advice as they built out their products. They found that in Acrew founding partner Theresia Gouw, whom Chavez referred to as “the OG of privacy and security.”

Gouw has been investing in security and privacy for over 20 years and says Ketch is flipping the data privacy and security model on its head by putting it in the hands of developers. When she saw more people working from home and more data breaches, she saw an opportunity to increase and double down on Acrew’s initial investment.

She explained that Ketch is differentiating itself from competitors by taking data privacy and security and tying it to the data itself to empower software developers. With the OTC tool, similar to putting locks and cameras on a home, developers can download the API and attach rules to all of a user’s data.

“The magic of Ketch is that you can take the security and governance rules and embed them with the software and the piece of data,” Gouw added.

3 adtech and martech VCs see major opportunities in privacy and compliance

Defy Partners leads $3M round into sales intelligence platform Aircover

/0 Comments/in /by

Aircover raised $3 million in seed funding to continue developing its real-time sales intelligence platform.

Defy Partners led the round with participation from Firebolt Ventures, Flex Capital, Ridge Ventures and a group of angel investors.

The company, headquartered in the Bay Area, aims to give sales teams insights relevant to closing the sale as they are meeting with customers. Aircover’s conversational AI software integrates with Zoom and automates parts of the sales process to lead to more effective conversations.

“One of the goals of launching the Zoom SDK was to provide developers with the tools they need to create valuable and engaging experiences for our mutual customers and integrations ecosystem,” said Zoom’s CTO Brendan Ittelson via email. “Aircover’s focus on building sales intelligence directly into the meeting, to guide customer-facing teams through the entire sales cycle, is the type of innovation we had envisioned when we set out to create a broader platform.”

Aircover’s founding team of Andrew Levy, Alex Young and Andrew’s brother David Levy worked together at Apteligent, a company co-founded and led by Andrew Levy, that was sold to VMware in 2017.

Chatting about pain points on the sales process over the years, Levy said it felt like the solution was always training the sales team more. However, by the time everyone was trained, that information would largely be out-of-date.

Instead, they created Aircover to be a software tool on top of video conferencing that performs real-time transcription of the conversation and then analysis to put the right content in front of the sales person at the right time based on customer issues and questions. This means that another sales expert doesn’t need to be pulled in or an additional call scheduled to provide answers to questions.

“We are anticipating that knowledge and parsing it out at key moments to provide more leverage to subject matter experts,” Andrew Levy told TechCrunch. “It’s like a sales assistant coming in to handle any issue.”

He considers Aircover in a similar realm with other sales team solutions, like Chorus.ai, which was recently scooped up by ZoomInfo, and Gong, but sees his company carving out space in real-time meeting experiences. Other tools also record the meetings, but to be reviewed after the call is completed.

“That can’t change the outcome of the sale, which is what we are trying to do,” Levy added.

The new funding will be used for product development. Levy intends to double his small engineering team by the end of the month.

He calls what Aircover is doing a “large interesting problem we are solving that requires some difficult technology because it is real time,” which is why the company was eager to partner with Bob Rosin, partner at Defy Partners, who joins Aircover’s board of directors as part of the investment.

Rosin joined Defy in 2020 after working on the leadership teams of Stripe, LinkedIn and Skype. He said sales and customer teams need tools in the moment, and while some are useful in retrospect, people want them to be live, in front of the customer.

“In the early days, tools helped before and after, but in the moment when they need the most help, we are not seeing many doing it,” Rosin added. “Aircover has come up with the complete solution.”

The essential revenue software stack

 

Zoom looks beyond video conferencing as triple-digit 2020 growth begins to slow

/0 Comments/in /by

It’s been a heady 12-18 months for Zoom, the decade-old company that experienced monster 2020 growth and more recently, a mega acquisition with the $14.7 billion Five9 deal in July. That addition is part of a broader strategy the company has been undertaking the last couple of years to move beyond its core video conferencing market into adjacencies like phone, meeting management and messaging, among other things. Here’s a closer look at how the plan is unfolding.

As the pandemic took hold in March 2020, everyone from businesses to schools to doctors and and places of worship moved online. As they did, Zoom video conferencing became central to this cultural shift and the revenue began pouring in, ushering in a period of sustained triple-digit growth for the company that only recently abated.

Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

/0 Comments/in /by

A jury in California today reached a guilty verdict in the trial of Matthew Gatrel, a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel’s conviction comes roughly two weeks after his co-conspirator pleaded guilty to criminal charges related to running the services.

The user interface for Downthem[.]org.

Prosecutors for the Central District of California charged Gatrel, 32, and his business partner Juan “Severon” Martinez of Pasadena, Calif. with operating two DDoS-for-hire or “booter” services — downthem[.]org and ampnode[.]com.

Despite admitting to FBI agents that he ran these booter services (and turning over plenty of incriminating evidence in the process), Gatrel opted to take his case to trial, defended the entire time by public defenders. Facing the prospect of a hefty sentence if found guilty at trial, Martinez pleaded guilty on Aug. 26 to one count of unauthorized impairment of a protected computer.

Gatrel was convicted on all three charges of violating the Computer Fraud and Abuse Act, including conspiracy to commit unauthorized impairment of a protected computer, conspiracy to commit wire fraud, and unauthorized impairment of a protected computer.

Investigators say Downthem helped some 2,000 customers launch debilitating digital assaults at more than 200,000 targets, including many government, banking, university and gaming Web sites.

Prosecutors alleged that in addition to running and marketing Downthem, the defendants sold huge, continuously updated lists of Internet addresses tied to devices that could be used by other booter services to make attacks far more powerful and effective. In addition, other booter services also drew firepower and other resources from Ampnode.

Booter and stresser services let customers pick from among a variety of attack methods, but almost universally the most powerful of these methods involves what’s known as a “reflective amplification attack.” In such assaults, the perpetrators leverage unmanaged Domain Name Servers (DNS) or other devices on the Web to create huge traffic floods.

Ideally, DNS servers only provide services to machines within a trusted domain — such as translating an Internet address from a series of numbers into a domain name, like example.com. But DNS reflection attacks rely on consumer and business routers and other devices equipped with DNS servers that are (mis)configured to accept queries from anywhere on the Web.

Attackers can send spoofed DNS queries to these DNS servers, forging the request so that it appears to come from the target’s network. That way, when the DNS servers respond, they reply to the spoofed (target) address.

The bad guys also can amplify a reflective attack by crafting DNS queries so that the responses are much bigger than the requests. For example, an attacker could compose a DNS request of less than 100 bytes, prompting a response that is 60-70 times as large. This “amplification” effect is especially pronounced if the perpetrators query dozens of DNS servers with these spoofed requests simultaneously.

The government charged that Gatrel and Martinez constantly scanned the Internet for these misconfigured devices, and then sold lists of Internet addresses tied to these devices to other booter service operators.

Gatrel’s sentencing is scheduled for January 27, 2022. He faces a statutory maximum sentence of 35 years in federal prison. However, given the outcome of past prosecutions against other booter service operators, it seems unlikely that Gatrel will spend much time in jail.

The case against Gatrel and Martinez was brought as part of a widespread crackdown on booter services in Dec. 2018, when the FBI joined with law enforcement partners overseas to seize 15 different booter service domains.

Federal prosecutors and DDoS experts interviewed at the time said the operation had three main goals: To educate people that hiring DDoS attacks is illegal, to destabilize the flourishing booter industry, and to ultimately reduce demand for booter services.

The jury is still out on whether any of those goals have been achieved with lasting effect.

The original complaint against Gatrel and Martinez is here (PDF).

Encouraging Women to Embrace Cybersecurity Superpowers

/0 Comments/in /by

Cybersecurity is a huge problem. We often hear that. But have you considered that Cybersecurity also has a huge problem? Namely, the gaping gender imbalance in the workforce. Only a minority of the world’s information security workforce are women. According to one study, women in North America represent a mere 14% of the total cybersecurity workforce, while in Europe, it is up to 7%, and in the Middle East, it touches up to only 5%, which is alarming for the global cyber industry.

With so much room for growth and improvement, support for diverse leadership can go beyond providing resources for an organization’s existing team. SentinelOne is going a step further, taking a direct approach to increase diversity not only through its hiring practices and inclusive culture but also by supporting and sponsoring women in cybersecurity events.

One such event was the Women in Cybersecurity (WiCyS) Conference held last week in Denver. This conference brings together women from cybersecurity industries, academia, government, nonprofits, and research to share their knowledge and expertise while networking and mentoring. The event is a two-day conference packed with lightning talks, keynote speakers, panel discussions, workshops, Birds of a Feather sessions, and multiple opportunities to network.

SentinelOne was proud to sponsor the event, kicking it off with a powerful keynote by our Chief People Officer, Divya Ghatak, who talked about the change in culture needing to start right at the top.

Divya Ghatak, Chief People Officer, SentinelOne

“As a female leader, it’s very important for me to support a culture of diversity and inclusion at SentinelOne. It starts right at the top with our leadership team and is core to innovation and hyper-growth.” – Divya Ghatak, Chief People Officer, SentinelOne.

As an organization, gender diversity is a priority to us and we interviewed a few SentinelOne women who were fortunate to represent the company at the WiCyS conference. They spoke about their experience attending the conference and how it feels to be a part of a company that supports the initiative from the ground up. Take a look:

Megan Calidonna, Senior Technical Recruitment Manager

“Being able to sponsor and participate in an event specifically for women in cybersecurity brought me so much joy. As a recruiter, I feel blessed to be able to help guide women coming into cybersecurity.”

Cybersecurity has historically been male dominated, like most of the STEM workforce, and WiCyS has created a space that makes education, networking, and career opportunities in cybersecurity obtainable to the female population. The level of passion, excitement, and talent at this conference was unmatched. We met with women ranging from high school students to proven leaders in this space, and every person was there to empower one another to succeed. I am grateful to work alongside brilliant women who continuously inspire me and support an organization.

Resha Chheda, Director, Product Marketing

“I feel so ​​proud to work in a company with leaders who not only actively promote women in cybersecurity but also recognize the correlation between diversity and business success.”

Like it or not, it’s hard to ignore the white elephant in the room in the form of the very obvious gender imbalance in cybersecurity. I have been in cybersecurity since 2008, and more often than not, I am the only woman working on a given project. Thankfully, the gender gap has not gone unnoticed. Many companies have various initiatives to support and recruit women and empower them to succeed in their careers. WiCyS is one such conference, which provides a fantastic opportunity to meet like-minded leaders. I was blown away by a network of women ready to inspire and lead other women to their own success.

Karen Evenson, Senior Technical Writer

“I love that SentinelOne supports and encourages women to go after their dreams.”

Women in Cybersecurity mean that we have the talent and knowledge to work in a highly technical industry. My experience at the conference allowed me to meet some of these smart, highly technical women that make a difference in both the educational and industrial point of view.

Rochelle Fisher, Director of Knowledge

“I am so proud to be a part of SentinelOne, a company that is not only a top sponsor of WiCyS but also gave the conference a great keynote speaker.”

As a remote worker, meeting one of my team members in real life for the first time was the best part of the experience. And with the great sessions, joyful SentinelOne off-hours, fabulous location, and networking with people of all levels of experience and areas of impact – it is saying something to put one event at the top of the list.

Immediately after returning home, I was able to see the impact the conference had on me. A session on measuring inclusion made me more aware of how I speak with my colleagues. A session on the Dark Web made me more aware of our daily work’s impact on the people who fight crime. You can’t slack off when you know your results are, measurably, making the world a better place! And it’s much easier to communicate with the colleagues we bonded with during the conference.

Colleen Gallagher, Senior Go to Market Recruiter

“I am so proud to work for a company that is making real and tangible efforts to close the gender gap in Cybersecurity.”

I was honored to represent SentinelOne at the WiCyS conference. The best moments were greeting women as they approached the SentinelOne booth and asking them what brought them to SentinelOne.

Most said that they were moved by our Chief of People, Divya Ghatak’s keynote to learn more! The women I met were so passionate about cybersecurity! This group of women is well aware that they are part of a new wave of women entering the field, and they will surely lead the way for others.

Drea London Petter, Senior Director, DFIR

“I saw SentinelOne purple on the WiCyS partner board when they posted it on LinkedIn. It made me very proud to know that SentinelOne’s support for diversity and inclusion was not only cultural but financial as well.”

I started my career in 2003 at Defense Computer Forensics Lab. At that time, there were only three females on our entire floor – I was the only female Airman. The lack of diversity in this field has always been obvious. The margins between minorities and majorities are large, and they reach all the way to the top of the leadership chain.

The WiCyS conference shines a light on those margins and provides women of all ages the support and mentorship needed to close them. I am certainly an advocate for diversity in the workplace – but especially within my Digital Forensic and Incident Response team. As investigators, we are constantly challenged by threat actors, new malware variants, and evolving technology. Our own investigative bias can blind us and slow our ability to respond. The best way to tackle that bias is with a diverse team of investigators who can bring their own perspectives to the table each day. Regarding my experience at the conference – I knew I would love it, but what I loved most was meeting the students and prospective candidates. It was refreshing to see their excitement and passion for the industry.

Vivian Ma, Associate Product Marketing Manager

“I am immensely grateful to SentinelOne for opening up this opportunity to join and foster a community of passionate, ambitious women, create shared experiences and learnings, and advance my cybersecurity knowledge and career. What I gained from attending WiCyS will permeate into my own initiatives at SentinelOne and beyond.”

Women in Cybersecurity means bringing valuable, diverse perspectives to an industry and a challenge. We must combat motivated, innovative adversaries with an even greater degree of ingenuity and intelligence. Attending WiCyS was extremely rewarding in that I was not only able to gain a sense of inclusion and motivation from my own SentinelOne team (all of whom I had not met in person yet) but also from a community of inspiring people spanning various geographic regions, roles, levels of experience, and more.

Suzanne Portugal, Head of Education and Enablement

“I am incredibly proud to be part of a company that supports initiatives like WiCys and holds such high value in diversity and ingenuity in the workplace.”

Women in Cybersecurity is an amazing community of inspiring and collaborative professionals that come together to mentor, network, and knowledge-share with the goal of strengthening the pool of women in Cybersecurity. I was very inspired by the WiCyS conference and grateful to be part of such a great network of women.

Kate Vazansky, VP Global Technical Program Management

“I’m glad we’re a key sponsor, and I look forward to seeing SentinelOne take active, intentional steps to increase our diversity in our workforce around the world as we continue to grow at a rapid pace.”

The Women in Cybersecurity conference was a fantastic experience. The diversity was genuinely remarkable, and I really enjoyed talking to everyone who came to visit us at the career fair.

Conclusion

We as an industry still have a long way to go in creating the gender balance in cybersecurity but awareness is the first step to change. The WiCyS conference is one such avenue that helps open up new horizons for women trying to get into cybersecurity. We are glad that we had the opportunity to sponsor and contribute to the event and to continue making a difference.

Interested in Learning More About Life at SentinelOne?

Learn more about SentinelOne’s values here. Explore global career opportunities with SentinelOne here.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security