How to cut through the promotional haze and select a digital building platform

/0 Comments/in /by
Brian Turner
Contributor

Brian Turner, LEED-AP BD&C, leads strategic planning for product development and project work at Buildings IOT. Throughout his career, Brian has provided hands-on expertise to architects, engineers and building owners to design and implement integrated building systems.

Everyone from investors to casual LinkedIn observers has more reasons than ever to look at buildings and wonder what’s going on inside. The property industry is known for moving slowly when it comes to adopting new technologies, but novel concepts and products are now entering this market at a dizzying pace.

However, this ever-growing array of smart-building products has made it confusing for professionals who seek to implement digital building platform (DBP) technologies in their spaces, let alone across their entire enterprise. The waters get even murkier when it comes to cloud platforms and their impact on ROI with regard to energy usage and day-to-day operations.

Breaking down technology decisions into bite-sized pieces, starting with fundamental functions, is the most straightforward way to cut through the promotional haze.

Facility managers, energy professionals and building operators are increasingly hit with daily requests to review the latest platform for managing and operating their buildings. Here are a few tips to help decision-makers clear through the marketing fluff and put DBP platforms to the test.

The why, how and what

Breaking down technology decisions into bite-sized pieces, starting with fundamental functions, is the most straightforward way to cut through the promotional haze. Ask two simple questions: Who on your team will use this technology and what problem will it solve for them? Answers to these questions will help you maintain your key objectives, making it easier to narrow down the hundreds of options to a handful.

Another way to prioritize problems and solutions when sourcing smart-building technology is to identify your use cases. If you don’t know why you need a technology platform for your smart building, you’ll find it difficult to tell which option is better. Further, once you have chosen one, you’ll be hard put to determine if it has been successful. We find use cases draw the most direct line from why to how and what.

For example, let’s examine the why, how and what questions for a real estate developer planning to construct or modernize a commercial office building:

  • Why will people come? — Our building will be full of amenities and technological touches that will make discerning tenants feel comfortable, safe and part of a warm community of like-minded individuals.
  • How will we do it? — Implement the latest tenant-facing technology offering services and capabilities that are not readily available at home. We will create indoor and outdoor environments that make people feel comfortable and happy.
  • What tools, products and technology will we use?

This last question is often the hardest to answer and is usually left until the last possible moment. For building systems integrators, this is where the real work begins.

Focus on desired outcomes

When various stakeholder groups begin their investigations of the technology, it is crucial to define the outcomes everyone hopes to achieve for each use case. When evaluating specific products, it helps to categorize them at high levels.

Several high-level outcomes, such as digital twin enablement, data normalization and data storage are expected across multiple categories of systems. However, only an enterprise building management system includes the most expected outcomes. Integration platform as a service, bespoke reports and dashboarding, analytics as a service and energy-optimization platforms have various enabled and optional outcomes.

The following table breaks down a list of high-level outcomes and aligns them to a category of smart-building platforms available in the market. Expanded definitions of each item are included at the end of this article.

Slack’s new voice, video tools should fit nicely on Salesforce platform after deal closes

/0 Comments/in /by

It’s easy to forget, but Salesforce bought Slack at the end of last year for almost $28 billion, a deal that has yet to close. We don’t know exactly when that will happen, but Slack continues to develop its product roadmap adding new functionality, even while waiting to become part of Salesforce eventually.

Just this morning, the company made official some new tools it had been talking about for some time, including a new voice tool called Slack Huddles, which is available starting today, along with video messaging and a directory service called Slack Atlas.

These tools enhance the functionality of the platform in ways that should prove useful as it becomes part of Salesforce whenever that happens. It’s not hard to envision how integrating Huddles or the video tools (or even Slack Atlas for both internal and external company organizational views) could work when integrated into the Salesforce platform.

Slack CEO Stewart Butterfield says the companies aren’t working together yet because of regulatory limits on communications, but he could definitely see how these tools could work in tandem with Salesforce Service Cloud and Sales Cloud among others and how you can start to merge the data in Salesforce with Slack’s communications capabilities.

“[There’s] this excitement around workflows from the big system of record [in Salesforce] into the communication [in Slack] and having the data show up where the conversations are happening. And I think there’s a lot of potential here for leveraging these indirectly in customer interactions, whether that’s sales, marketing, support or whatever,” he said.

He said that he could also see Salesforce taking advantage of Slack Connect, a capability introduced last year that enables companies to communicate with people outside the company.

“We have all this stuff working inside of Slack Connect, and you get all the same benefits that you would get using Huddles to properly start a conversation, solve some problem or use video as a better way of communicating with [customers],” he said.

Why Sapphire’s Jai Das thinks the Salesforce-Slack deal could succeed

These announcements seem to fall into two main categories: the future of work and in the context of the acquisition. Bret Taylor, Salesforce president and COO certainly seemed to recognize that when discussing the deal with TechCrunch when it was announced back in December. He sees the two companies directly addressing the changing face of work:

“When we say we really want Slack to be this next generation interface for Customer 360, what we mean is we’re pulling together all these systems. How do you rally your teams around these systems in this digital work-anywhere world that we’re in right now where these teams are distributed and collaboration is more important than ever,” Taylor said.

Brent Leary, founder and principal analyst at CRM Essentials says that there is clearly a future of work angle at play as the two companies come together. “I think moves like [today’s Slack announcements] are in response to where things are trending with respect to the future of work as we all find ourselves spending an increasing amount of time in front of webcams and microphones in our home offices meeting and collaborating with others,” he said.

Huddles is an example of how the company is trying to fix that screen fatigue from too many meetings or typing our thoughts. “This kind of ‘audio-first’ capability takes the emphasis off trying to type what we mean in the way we think will get the point across to just being able to say it without the additional effort to make it look right,” he said.

Leary added, “And not only will it allow people to just speak, but also allows us to get a better understanding of the sentiment and emotion that also comes with speaking to people and not having to guess what the intent/emotion is behind the text in a chat.”

As Karissa Bell pointed out on Engadget, Huddles also works like Discord’s chat feature in a business context, which could have great utility for Salesforce tools when it’s integrated with the Salesforce platform

While the regulatory machinations grind on, Slack continues to develop its platform and products. It will of course continue to operate as a stand-lone company, even when the mega deal finally closes, but there will certainly be plenty of cross-platform integrations.

Even if executives can’t discuss what those integrations could look like openly, there has to be a lot of excitement at Salesforce and Slack about the possibilities that these new tools bring to the table — and to the future of work in general — whenever the deal crosses the finish line.

Slack’s new video and voice tools are nod to changing face of work

 

Dispense with the chasm? No way!

/0 Comments/in /by
Geoffrey Moore
Contributor

Known for his seminal book “Crossing the Chasm,” Geoffrey Moore is an author, speaker and adviser who splits his consulting time between startup companies in the Wildcat Venture Partners portfolio and established high-tech enterprises — including Salesforce, Microsoft, Autodesk, F5Networks, Gainsight, Google and Splunk.

Jeff Bussgang, a co-founder and general partner at Flybridge Capital, recently wrote an Extra Crunch guest post that argued it is time for a refresh when it comes to the technology adoption life cycle and the chasm. His argument went as follows:

  1. VCs in recent years have drastically underestimated the size of SAMs (serviceable addressable markets) for their startup investments because they were “trained to think only a portion of the SAM is obtainable within any reasonable window of time because of the chasm.”
  2. The chasm is no longer the barrier it once was because businesses have finally understood that software is eating the world.
  3. As a result, the early majority has joined up with the innovators and early adopters to create an expanded early market. Effectively, they have defected from the mainstream market to cross the chasm in the other direction, leaving only the late majority and the laggards on the other side.
  4. That is why we now are seeing multiple instances of very large high-growth markets that appear to have no limit to their upside. There is no chasm to cross until much later in the life cycle, and it isn’t worth much effort to cross it then.

Now, I agree with Jeff that we are seeing remarkable growth in technology adoption at levels that would have astonished investors from prior decades. In particular, I agree with him when he says:

The pandemic helped accelerate a global appreciation that digital innovation was no longer a luxury but a necessity. As such, companies could no longer wait around for new innovations to cross the chasm. Instead, everyone had to embrace change or be exposed to an existential competitive disadvantage.

But this is crossing the chasm! Pragmatic customers are being forced to adopt because they are under duress. It is not that they buy into the vision of software eating the world. It is because their very own lunches are being eaten. The pandemic created a flotilla of chasm-crossings because it unleashed a very real set of existential threats.

The key here is to understand the difference between two buying decision processes, one governed by visionaries and technology enthusiasts (the early adopters and innovators), the other by pragmatists (the early majority).

The key here is to understand the difference between two buying decision processes, one governed by visionaries and technology enthusiasts (the early adopters and innovators), the other by pragmatists (the early majority). The early group makes their decisions based on their own analyses. They do not look to others for corroborative support. Pragmatists do. Indeed, word-of-mouth endorsements are by far the most impactful input not only about what to buy and when but also from whom.

We Infiltrated a Counterfeit Check Ring! Now What?

/0 Comments/in /by

Imagine waking up each morning knowing the identities of thousands of people who are about to be mugged for thousands of dollars each. You know exactly when and where each of those muggings will take place, and you’ve shared this information in advance with the authorities each day for a year with no outward indication that they are doing anything about it. How frustrated would you be?

A counterfeit check image [redacted] that was intended for a person helping this fraud gang print and mail phony checks tied to a raft of email-based scams. One fraud-fighting group is intercepting hundreds to thousands of these per day.

Such is the curse of the fraud fighter known online by the handles “Brianna Ware” and “B. Ware” for short, a longtime member of a global group of volunteers who’ve infiltrated a cybercrime gang that disseminates counterfeit checks tied to a dizzying number of online scams.

For the past year, B. Ware has maintained contact with an insider from the criminal group that’s been sending daily lists of would-be victims who are to receive counterfeit checks printed using the real bank account information of legitimate companies.

“Some days we’re seeing thousands of counterfeit checks going out,” B. Ware said.

The scams used in connection with the fraudulent checks vary widely, from fake employment and “mystery shopper” schemes to those involving people who have been told they can get paid to cover their cars in advertisements (a.k.a. the “car wrap” scam).

A form letter mailed out with a counterfeit check urges the recipient to text a phone number after the check has been deposited.

Most of the counterfeit checks being disseminated by this fraud group are in amounts ranging from $2,500 to $5,000. The crimes that the checks enable are known variously as “advanced fee” scams, in that they involve tricking people into making payments in anticipation of receiving something of greater value in return.

But in each scheme the goal is the same: Convince the recipient to deposit the check and then wire a portion of the amount somewhere else. A few days after the check is deposited, it gets invariably canceled by the organization whose bank account information was on the check. And then person who deposited the phony check is on the hook for the entire amount.

“Like the car wrap scam, where they send you a check for $5,000, and you agree to keep $1,000 for your first payment and send the rest back to them in exchange for the car wrap materials,” B. Ware said. “Usually the check includes a letter that says they want you to text a specific phone number to let them know you received the check. When you do that, they’ll start sending you instructions on how and where to send the money.”

A typical confirmation letter that accompanies a counterfeit check for a car wrap scam.

Traditionally, these groups have asked recipients to transit money via wire transfer. But these days, B. Ware said, the same crooks are now asking people to forward the money via mobile applications like CashApp and Venmo.

B. Ware and other volunteer fraud fighters believe the fake checks gang is using people looped into phony employment schemes and wooed through online romance scams to print the counterfeit checks, and that other recruits are responsible for mailing them out each day.

“More often than not, the scammers creating the shipping labels will provide those to an unwitting accomplice, or the accomplice is told to log in to an account and print the labels,” B. Ware explained.

Often the counterfeit checks and labels forwarded by B. Ware’s informant come with notes attached indicating the type of scam with which they are associated.

“Sometimes they’re mystery shopper scams, and other times it’s overpayment for an item sold on Craigslist,” B. Ware said. “We don’t know how the scammers are getting the account and routing numbers for these checks, but they are drawn on real companies and always scan fine through a bank’s systems initially. The recipients can deposit them at any bank, but we try to get the checks to the banks when we can so they have a heads up.”

SHRINKING FROM THE FIREHOSE?

Roughly a year ago, B. Ware’s group started sharing its intelligence with fraud investigators at FedEx and the U.S. Postal Service — the primary delivery mechanisms for these counterfeit checks.

Both the USPS and FedEx have an interest in investigating because the fraudsters in this case are using stolen shipping labels paid for by companies who have no idea their FedEx or USPS accounts are being used for such purposes.

“In most cases, the name of the sender will be completely unrelated to what’s being sent,” B. Ware said. “For example, you’ll see a label for a letter to go out with a counterfeit check for a car wrap scam, and the sender on the shipping label will be something like XYZ Biological Resources.”

But B. Ware says a year later, there is little sign that anyone is interested in acting on the shared intelligence.

“It’s so much information that they really don’t want it anymore and they’re not doing anything about it,” B. Ware said of FedEx and the USPS. “It’s almost like they’re turning a blind eye. There are so many of these checks going out each day that instead of trying to drink from the firehouse, they’re just turning their heads.”

FedEx did not respond to requests for comment. The U.S. Postal Inspection Service responded with a statement saying it “does not comment publicly on its investigative procedures and operational protocols.”

ANY METHOD THAT WORKS

Ronnie Tokazowski is a threat researcher at Agari, a security firm that has closely tracked many of the groups behind these advanced fee schemes [KrebsOnSecurity interviewed Tokazowski in 2018 after he received a security industry award for his work in this area].

Tokazowski said it’s likely the group B. Ware has infiltrated is involved in a myriad other email fraud schemes, including so-called “business email compromise” (BEC) or “CEO scams,” in which the fraudsters impersonate executives at a company in the hopes of convincing someone at the firm to wire money for payment of a non-existent invoice. According to the FBI, BEC scams netted thieves nearly $2 billion in 2020 — far more than any other type of cybercrime.

In a report released in 2019 (PDF), Agari profiled a group it dubbed “Scattered Canary” that is operating principally out of West Africa and dabbles in a dizzying array of schemes, including BEC and romance scams, FEMA and SBA loans, unemployment insurance fraud, counterfeit checks and of course money laundering.

Image: Agari.

Tokazowski said he doesn’t know if the group B. Ware is watching has any affiliation with Scattered Canary. But he said his experience with Scattered Canary shows these groups tend to make money via any and all methods that reliably produce results.

“One of the things that came out of the Scattered Canary report was that the actors we saw doing BEC scams were the same actors doing the car wrap and various Craigslist scams involving fake checks,” he said. “The people doing this type of crime will have tutorials on how to run the scam, how to wire money out for unemployment fraud, how to target people on Craigslist, and so on. It’s very different from the way a Russian hacking group might go after one industry vertical or piece of software or focus on one or two types of fraud. They will follow any method they can that works.”

Tokazowski said he’s taken his share of flack from people on social media who say his focus on West African nations as the primary source of these advanced fee and BEC scams is somehow racist [KrebsOnSecurity experienced a similar response to the 2013 stories, Spy Service Exposes Nigerian ‘Yahoo Boys’, and ‘Yahoo Boys’ Have 419 Facebook Friends].

But Tokazowski maintains he has been one of the more vocal proponents of the idea that trying to fight these problems by arresting those involved is something of a Sisyphean task, and that it makes way more sense to focus on changing the economic realities in places like Nigeria, which has been a hotbed of advanced fee activity for decades.

Nigeria has the world’s second-highest unemployment rate — rising from 27.1 percent in 2019 to 33 percent in 2020, according to the National Bureau of Statistics. The nation also is among the world’s most corrupt, according to 2020 findings from Transparency International.

“Education is definitely one piece, as raising awareness is hands down the best way to get ahead of this,” Tokazowski said. “But we also need to think about ways to create more business opportunities there so that people who are doing this to put food on the table have more legitimate opportunities. Unfortunately, thanks to the level of corruption of government officials, there are a lot of cultural reasons that fighting this type of crime at the source is going to be difficult.”

GitHub previews new AI tool that makes coding suggestions

/0 Comments/in /by

GitHub has unveiled a new product that leverages artificial intelligence to help you write code more efficiently. Named GitHub Copilot, today’s new product can suggest lines of code and even sometimes entire functions.

GitHub has partnered with OpenAI to develop this tool. It doesn’t replace developers, it’s just a tool that should improve productivity and make it easier to learn how to code. GitHub frames this new tool as an AI pair programmer.

The model behind GitHub Copilot has been trained on billions of lines of code — many of them are hosted and available publicly on GitHub itself. When you’re writing code, GitHub Copilot suggests code as you type. You can cycle through suggestions, accept or reject them.

In order to figure out what you’re currently coding, GitHub Copilot tries to parse the meaning of a comment, the name of the function you are writing or the past couple of lines. The company shows a few demos on its website.

Image Credits: GitHub

In particular, you can describe a function in plain English in a comment and then convert it to actual code. If you’re getting started with a new language or you’ve been using no-code or low-code tools in the past, that feature could be useful.

If you’re writing code every day, GitHub Copilot can be used to work with a new framework or library. You don’t have to read the documentation from start to finish as GitHub Copilot already knows the specific functions and features of the framework you’re working with. It could also replace many Stack Overflow queries.

GitHub Copilot integrates directly with Visual Studio Code. You can install it as an extension or use it in the cloud with GitHub Codespaces. Over time, the service should improve based on how you interact with GitHub Copilot. As you accept and reject suggestions, those suggestions should get better.

Currently available as a technical preview, GitHub plans to launch a commercial product based on GitHub Copilot. It currently works best with Python, JavaScript, TypeScript, Ruby and Go.

Image Credits: GitHub

Sources: SentinelOne expects to raise over $1B in NYSE IPO tomorrow, listing with a $10B market cap

/0 Comments/in /by

After launching its IPO last week with an expected listing price range of $26 to $29 per share, cybersecurity company SentinelOne is going public tomorrow with some momentum behind it. Sources close to the deal tell us that the company, which will be trading under the ticker “S” on the New York Stock Exchange, is expecting to raise over $1 billion in its IPO, putting its valuation at around $10 billion.

Last week, when the company first announced the IPO, it was projected that it would raise $928 million at the top end of its range, giving SentinelOne a valuation of around $7 billion. Coming in at a $10 billion market capitalization would make SentinelOne the most valuable cybersecurity IPO to date.

A source said that the road show has been stronger than anticipated, in part because of the strength of one of its competitors, CrowdStrike, which is publicly traded and currently sitting at a market cap of $58 billion.

The other reason for the response is a slightly grimmer one: Cybersecurity continues to be a major issue for businesses of all sizes, public organizations, governments and individuals. “No one wants to see another SolarWinds, and there is no reason that there shouldn’t be more than one or two strong players,” a source said.

As is the bigger trend in cybersecurity, Israel-hatched, Mountain View-based SentinelOne‘s approach to combat that is artificial intelligence — and in its case specifically, a machine-learning-based solution that it sells under the brand Singularity that focuses on endpoint security, working across the entire edge of the network to monitor and secure laptops, phones, containerised applications and the many other devices and services connected to a network.

Last year, endpoint security solutions were estimated to be around an $8 billion market, and analysts project that it could be worth as much as $18.4 billion by 2024 — another reason why SentinelOne may have moved up the timetable on its IPO (last year the company’s CEO Tomer Weingarten had told me he thought the company had one or two years left as a private company before considering an IPO, a timeline it clearly decided was worth speeding up).

SentinelOne raised $267 million on a $3.1 billion valuation led by Tiger Global as recently as last November, but it has been expanding rapidly. Growth last quarter was 116% compared to the same period a year before, and it now has more than 4,700 customers and annual recurring revenue of $161 million, according to its S-1 filing. It is also still not profitable, posting a net loss of $64 million in the last quarter.

Why ‘blaming the intern’ won’t save startups from cybersecurity liability

Feature Spotlight: Gain Intelligence & Insight With Threat Center

/0 Comments/in /by

Most organizations today have adopted cyber threat intelligence (CTI) capabilities with the goal of leveraging evidence-based knowledge about existing and emerging threats to defend against attacks faster and more proactively. But as a security professional, chances are your eyes glaze over when you hear “threat intelligence reporting”. This is probably because most intelligence reports you’ve read have lacked insight, weren’t actionable, and were delivered too late to be effective. Today’s approach to threat intelligence reporting is no longer sustainable against an evolving threat landscape.

We need to rethink how we build and utilize threat intelligence reporting as an industry. CTI reports should help security professionals understand the full context around a threat and take tangible steps to mitigate risk.

This includes an understanding of how an attack’s kill chain maps to tactics, techniques, and procedures (TTPs), relevant Indicators of Compromise (IOCs), relevant Indicators of Attack (IOAs), attribution where appropriate, and most importantly, actionable guidance in the form of sample queries for threat hunting and other preventative steps to close gaps and fine-tune.

Rather than growing the mountain of information they deliver to their customers, it’s time that cyber threat intelligence (CTI) solutions help teams achieve their ultimate goal: keeping their organizations protected in the face of evolving threats by outsmarting, outmaneuvering, and outpacing attackers.

To help you tackle the challenges of today’s threat intelligence reporting, we’re excited to introduce Threat Center to Singularity Signal’s suite of threat intelligence capabilities.

Gain Intelligence & Insight With Threat Center

Threat Center, the newest Singularity Signal threat intelligence capability available on the Singularity Platform, centralizes all of the actionable threat intelligence reporting published by SentinelOne’s leading threat researchers and analysts in one simple view.

These threat intelligence reports are designed to provide security professionals everything they need to respond to emerging threats as they arise, including targeted campaigns from known adversaries, new global outbreaks, critical vulnerabilities, and newly-discovered attack patterns. The Singularity Signal AI engine draws from commercial sources, OSINT projects, SIGINT operations, dark web research, and our own user base to identify these emergent threats.

With Threat Center, you gain direct access to a contemporary library of reports that are focused on helping you understand and outsmart even the most advanced, prolific adversaries. This includes Singularity Signal Threat Intelligence Reports, which are regularly published as new adversaries, global campaigns, and attack patterns arise, and retrospective Monthly Digests published by WatchTower, our intelligence-driven threat hunting service.

The threat intelligence reports showcased in Threat Center are designed to be more insightful, contextualized, and—most importantly—actionable than many intelligence reports available today. Rather than providing information for information’s sake and hyper-focusing on threat attribution, threat intelligence reporting powered by Singularity Signal distils intelligence down to its most relevant details and arms security professionals with the guidance and tools they need to take immediate action in their environment—before attackers have a chance to strike.

See It In Action: Threat Center

From the SentinelOne Singularity Platform console, you can access rich threat intelligence reporting and proactive guidance in just a few clicks.

Threat Center features Singularity Signal Reports, which are designed to give you a continuous look into the evolving threat landscape and provide actionable guidance on how to pre-empt advanced cyber attackers as they emerge. Each Singularity Signal Report outlines relevant background and details on advanced persistent threats (APTs), nation-state groups, or novel attacker techniques, and how they might affect your organization; this includes relevant IOC and TTP details to be leveraged for hunting, investigation, and more.

Singularity Signal Reports are published on a weekly cadence in Threat Center, in addition to Singularity Signal Flash Reports that may be published as emergent, critical threats arise. These reports are available to all Singularity Complete customers at no additional cost.


Inside Threat Center, you can also find our Monthly WatchTower Threat Hunting Digests.

WatchTower is SentinelOne’s intelligence-driven threat hunting service targeting global APT campaigns, novel attacker techniques, and emerging trends in cybercrime. Leveraging the Singularity Signal AI engine, WatchTower analyzes all-source intelligence data at scale to hunt for (and help remediate) rising threats in your environment. Every month, our WatchTower analysts publish a digest of key trends and takeaways observed in hunts performed over the previous month across the global threat landscape.

Threat Center will provide Vigilance & WatchTower customers with the first look at the Monthly Threat Hunting Digest in its TLP: Amber edition. One week later, the TLP: White report, which excludes any sensitive TTPs or adversary details, will become generally available in Threat Center to all SentinelOne customers.

Summary

Starting this week, SentinelOne customers will start receiving unique, actionable threat intelligence reports in the Singularity Platform through Threat Center. Threat Center is your hub for proactive and reactive threat intelligence reports that are relevant, reliable, and recovery-focused, all curated by the industry’s most knowledgeable researchers and analysts.

With Singularity Signal Reports, you can take proactive steps to stay ahead of rising threats from within the Singularity platform, then understand overall trends in the global threat landscape—including impact by industry, region, and more—with the WatchTower Monthly Threat Hunting digests.

Now that you’re equipped with the right insights and tools, we wish you happy hunting!

Singularity Signal
Join our webinar to learn more about data-driven intelligence.

Save Your Spot

About Singularity Signal

Singularity Signal is an open threat intelligence platform that combines artificial- and human-based intelligence to provide context, enrichment, and actionability to cyber data, empowering organizations to stay a step ahead with unparalleled insight into the attacker mindset.

To explore more ways Singularity Signal is helping enterprises around the world take a new approach to threat intelligence, read more here.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

The Good, the Bad and the Ugly in Cybersecurity – Week 26

/0 Comments/in /by

The Good

We always applaud international cooperation on fighting cybercrime. This week, the EU and the US announced a joint operation to fight ransomware. Secretary of Homeland Security Alejandro Mayorkas said that a new ransomware working group would address “the scourge of ransomware that has hurt the U.S” and many other countries.

The new trans-Atlantic cyber cooperation will work across several fronts. Known and would-be cyber criminals can look forward to increased law enforcement action, no matter where in the world they are hiding. The working group will seek to put increased pressure on states that harbor known criminals or turn a blind eye to cyber crime activity, either through extradition or local prosecution. At the same time, the group plans to raise public awareness on how to protect networks from ransomware and to discourage payments by highlighting the increased risk that rewarding criminals brings.

Meanwhile, the EU is also developing resources to boost regional collaboration across the bloc with the launch of a multi-national, rapid-response Joint Cyber Unit. The EU-wide task force will aim to launch operations against ongoing attacks by pooling the cyber security resources of its member states. Based in Brussels, Belgium, at the EU’s cybersecurity agency, the Joint Cyber Unit is expected to be fully operational in early 2023.

The Bad

This week’s good news didn’t come soon enough for the Belgian city of Liege, unfortunately. The country’s third largest city has been hit by Ryuk ransomware, according to local radio and TV stations.

The attack has disrupted the municipality’s IT network and online services, including public services and police. At the time of writing, services such as town hall appointments, birth registrations, weddings and burial services are either canceled or postponed as municipality employees struggle to access the relevant IT systems.

A statement on the municipality website said that the city was suffering from “a large-scale targeted computer attack, obviously of a criminal nature”. Analysis on the scale of the attack and its consequences is ongoing. The statement went on to say that the City authorities were “doing everything to restore the situation as soon as possible”.

If recent incidents are anything to go by, the outage could last several weeks. The recent ransomware attack on fellow EU-member Ireland’s healthcare systems occurred six weeks ago and left the country’s publicly funded healthcare system severely disrupted. At this time, the Irish Health Services Executive (HSE) has decrypted 75% of the affected servers, but it is likely to take months to effect a full recovery. This Wednesday, HSE said that the cost of recovery so far amounted to $120 million, but the total damage could rise to as high as $600 million.

The Ugly

Police in the coastal resort of Benidorm, Spain, arrested a British man this week after a tip off from Australian police led them to discover he was in possession of 1,000 videos of naked children, which the alleged perpetrator had obtained by hacking into home security cameras around the world. The accused, working as a babysitter and private tutor, was also engaged in sexually harassing youngsters online and acting as a facilitator for the exchange of child porn on the darkweb. Reports said the police had found evidence of Bitcoin transfers to Romania to people involved in child pornography.

In Florida, another tip led to the arrest of Donnie Pearce. Google tipped off local law authorities after Pearce allegedly uploaded 38 images of child sexual abuse to the web. Google sent Pearce’s details to the National Center for Missing and Exploited Children, and St. Johns County Sheriff’s Office (FL) seized 15 electronic devices belonging to the accused. Pearce has been charged with 13 counts of possessing obscene materials.

We usually include cases of cyber offenders being apprehended under the “Good” category, but sadly, these cases are just the tip of the iceberg in the cyber child porn pandemic. Just this week, law enforcement authorities arrested men in Cape Coral (FL), Blasdell (NY), Hendersonville (Tenn), Joliet (IL), Fulton (Missouri), Upper Allen (Pa), Mechanicsburg (PA), Layton (Utah), Barstow (CA), and Hatboro (Pa) for child pornography-related offenses.

It seems that the combination of the relative anonymity of the darknet, cryptocurrencies, social networks, messaging applications and smartphones makes the production, storage and distribution of such obscene materials too easy, extending the number of people participating in child-related crimes.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Edge Delta raises $15M Series A to take on Splunk

/0 Comments/in /by

Seattle-based Edge Delta, a startup that is building a modern distributed monitoring stack that is competing directly with industry heavyweights like Splunk, New Relic and Datadog, today announced that it has raised a $15 million Series A funding round led by Menlo Ventures and Tim Tully, the former CTO of Splunk. Previous investors MaC Venture Capital and Amity Ventures also participated in this round, which brings the company’s total funding to date to $18 million.

“Our thesis is that there’s no way that enterprises today can continue to analyze all their data in real time,” said Edge Delta co-founder and CEO Ozan Unlu, who has worked in the observability space for about 15 years already (including at Microsoft and Sumo Logic). “The way that it was traditionally done with these primitive, centralized models — there’s just too much data. It worked 10 years ago, but gigabytes turned into terabytes and now terabytes are turning into petabytes. That whole model is breaking down.”

Image Credits: Edge Delta

He acknowledges that traditional big data warehousing works quite well for business intelligence and analytics use cases. But that’s not real-time and also involves moving a lot of data from where it’s generated to a centralized warehouse. The promise of Edge Delta is that it can offer all of the capabilities of this centralized model by allowing enterprises to start to analyze their logs, metrics, traces and other telemetry right at the source. This, in turn, also allows them to get visibility into all of the data that’s generated there, instead of many of today’s systems, which only provide insights into a small slice of this information.

While competing services tend to have agents that run on a customer’s machine, but typically only compress the data, encrypt it and then send it on to its final destination, Edge Delta’s agent starts analyzing the data right at the local level. With that, if you want to, for example, graph error rates from your Kubernetes cluster, you wouldn’t have to gather all of this data and send it off to your data warehouse where it has to be indexed before it can be analyzed and graphed.

With Edge Delta, you could instead have every single node draw its own graph, which Edge Delta can then combine later on. With this, Edge Delta argues, its agent is able to offer significant performance benefits, often by orders of magnitude. This also allows businesses to run their machine learning models at the edge, as well.

Image Credits: Edge Delta

“What I saw before I was leaving Splunk was that people were sort of being choosy about where they put workloads for a variety of reasons, including cost control,” said Menlo Ventures’ Tim Tully, who joined the firm only a couple of months ago. “So this idea that you can move some of the compute down to the edge and lower latency and do machine learning at the edge in a distributed way was incredibly fascinating to me.”

Edge Delta is able to offer a significantly cheaper service, in large part because it doesn’t have to run a lot of compute and manage huge storage pools itself since a lot of that is handled at the edge. And while the customers obviously still incur some overhead to provision this compute power, it’s still significantly less than what they would be paying for a comparable service. The company argues that it typically sees about a 90 percent improvement in total cost of ownership compared to traditional centralized services.

Image Credits: Edge Delta

Edge Delta charges based on volume and it is not shy to compare its prices with Splunk’s and does so right on its pricing calculator. Indeed, in talking to Tully and Unlu, Splunk was clearly on everybody’s mind.

“There’s kind of this concept of unbundling of Splunk,” Unlu said. “You have Snowflake and the data warehouse solutions coming in from one side, and they’re saying, ‘hey, if you don’t care about real time, go use us.’ And then we’re the other half of the equation, which is: actually there’s a lot of real-time operational use cases and this model is actually better for those massive stream processing datasets that you required to analyze in real time.”

But despite this competition, Edge Delta can still integrate with Splunk and similar services. Users can still take their data, ingest it through Edge Delta and then pass it on to the likes of Sumo Logic, Splunk, AWS’s S3 and other solutions.

Image Credits: Edge Delta

“If you follow the trajectory of Splunk, we had this whole idea of building this business around IoT and Splunk at the Edge — and we never really quite got there,” Tully said. “I think what we’re winding up seeing collectively is the edge actually means something a little bit different. […] The advances in distributed computing and sophistication of hardware at the edge allows these types of problems to be solved at a lower cost and lower latency.”

The Edge Delta team plans to use the new funding to expand its team and support all of the new customers that have shown interest in the product. For that, it is building out its go-to-market and marketing teams, as well as its customer success and support teams.

Edge computing startup Macrometa gets $20M Series A led by Pelion Venture Partners

Deeplite raises $6M seed to deploy ML on edge with fewer compute resources

 

MyBook Users Urged to Unplug Devices from Internet

/0 Comments/in /by

Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a critical flaw that can be triggered by anyone who knows the Internet address of an affected device.

One of many similar complaints on Western Digital’s user forum.

Earlier this week, Bleeping Computer and Ars Technica pointed to a heated discussion thread on Western Digital’s user forum where many customers complained of finding their MyBook Live and MyBook Live Duo devices completely wiped of their data.

“Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability,” the company said in a statement June 24. “In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live and My Book Live Duo devices received its final firmware update in 2015. We understand that our customers’ data is very important. We are actively investigating the issue and will provide an updated advisory when we have more information.”

Western Digital’s brief advisory includes a link to an entry in the National Vulnerability Database for CVE-2018-18472. The NVD writeup says Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root Remote Command Execution bug.

“It can be triggered by anyone who knows the IP address of the affected device, as exploited in the wild in June 2021 for factory reset commands,” NVD wrote.

Examine the CVE attached to this flaw and you’ll notice it was issued in 2018. The NVD’s advisory credits VPN reviewer Wizcase.com with reporting the bug to Western Digital three years ago, back in June 2018.

In some ways, it’s remarkable that it took this long for vulnerable MyBook devices to be attacked: The 2018 Wizcase writeup on the flaw includes proof-of-concept code that lets anyone run commands on the devices as the all-powerful “root” user.

Western Digital’s response at the time was that the affected devices were no longer supported and that customers should avoid connecting them to the Internet. That response also suggested this bug has been present in its devices for at least a decade.

“The vulnerability report CVE-2018-18472 affects My Book Live devices originally introduced to the market between 2010 and 2012,” reads a reply from Western Digital that Wizcase posted to its blog. “These products have been discontinued since 2014 and are no longer covered under our device software support lifecycle. We encourage users who wish to continue operating these legacy products to configure their firewall to prevent remote access to these devices, and to take measures to ensure that only trusted devices on the local network have access to the device.”

A local administration page for the MyBook Live Duo.

Wizcase said the flaw it found in MyBook devices also may be present in certain models of WD MyCloud network attached storage (NAS) devices, although Western Digital’s advisory makes no mention of its MyCloud line being affected.

The vulnerable MyBook devices are popular among home users and small businesses because they’re relatively feature-rich and inexpensive, and can be upgraded with additional storage quite easily. But these products also make it simple for users to access their files remotely over the Internet using a mobile app.

I’m guessing it is primarily users who’ve configured their MyBooks to be remotely accessible who are experiencing these unfortunate drive wipes. Regardless, it’s probably safest to observe Western Digital’s advice and disconnect any MyBooks you have from ethernet access.

If you’d still like to keep your MyBook connected to your local network (at least until you can find a suitable backup for your backups), please make double sure remote access is not enabled in your device settings (see screenshot above).