Even as cloud infrastructure growth slows, revenue rises over $30B for quarter

/0 Comments/in /by

The cloud market is coming into its own during the pandemic as the novel coronavirus forced many companies to accelerate plans to move to the cloud, even while the market was beginning to mature on its own.

This week, the big three cloud infrastructure vendors — Amazon, Microsoft and Google — all reported their earnings, and while the numbers showed that growth was beginning to slow down, revenue continued to increase at an impressive rate, surpassing $30 billion for a quarter for the first time, according to Synergy Research Group numbers.

Three Charged in July 15 Twitter Compromise

/0 Comments/in /by

Three individuals have been charged for their alleged roles in the July 15 hack on Twitter, an incident that resulted in Twitter profiles for some of the world’s most recognizable celebrities, executives and public figures sending out tweets advertising a bitcoin scam.

Amazon CEO Jeff Bezos’s Twitter account on the afternoon of July 15.

Nima “Rolex” Fazeli, a 22-year-old from Orlando, Fla., was charged in a criminal complaint in Northern California with aiding and abetting intentional access to a protected computer.

Mason “Chaewon” Sheppard, a 19-year-old from Bognor Regis, U.K., also was charged in California with conspiracy to commit wire fraud, money laundering and unauthorized access to a computer.

A U.S. Justice Department statement on the matter does not name the third defendant charged in the case, saying juvenile proceedings in federal court are sealed to protect the identity of the youth. But an NBC News affiliate in Tampa reported today that authorities had arrested 17-year-old Graham Clark as the alleged mastermind of the hack.

17-year-old Graham Clark of Tampa, Fla. was among those charged in the July 15 Twitter hack. Image: Hillsborough County Sheriff’s Office.

Wfla.com said Clark was hit with 30 felony charges, including organized fraud, communications fraud, one count of fraudulent use of personal information with over $100,000 or 30 or more victims, 10 counts of fraudulent use of personal information and one count of access to a computer or electronic device without authority. Clark’s arrest report is available here (PDF).

On Thursday, Twitter released more details about how the hack went down, saying the intruders “targeted a small number of employees through a phone spear phishing attack,” that “relies on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.”

By targeting specific Twitter employees, the perpetrators were able to gain access to internal Twitter tools. From there, Twitter said, the attackers targeted 130 Twitter accounts, tweeting from 45 of them, accessing the direct messages of 36 accounts, and downloading the Twitter data of seven.

Among the accounts compromised were democratic presidential candidate Joe BidenAmazon CEO Jeff BezosPresident Barack ObamaTesla CEO Elon Musk, former New York Mayor Michael Bloomberg and investment mogul Warren Buffett.

The hacked Twitter accounts were made to send tweets suggesting they were giving away bitcoin, and that anyone who sent bitcoin to a specified account would be sent back double the amount they gave. All told, the bitcoin accounts associated with the scam received more than 400 transfers totaling more than $100,000.

Sheppard’s alleged alias Chaewon was mentioned twice in stories here since the July 15 incident. On July 16, KrebsOnSecurity wrote that just before the Twitter hack took place, a member of the social media account hacking forum OGUsers advertised they could change email address tied to any Twitter account for $250, and provide direct access to accounts for between $2,000 and $3,000 apiece.

The OGUsers forum user “Chaewon” taking requests to modify the email address tied to any twitter account.

On July 17, The New York Times ran a story that featured interviews with several people involved in the attack, who told The Times they weren’t responsible for the Twitter bitcoin scam and had only purchased accounts from the Twitter hacker — who they referred to only as “Kirk.”

One of the people interviewed by The Times used the alias “Ever So Anxious,” and said he was a 19-year from the U.K. In my follow-up story on July 22, it emerged that Ever So Anxious was in fact Chaewon.

The person who shared that information was the principal subject of my July 16 post, which followed clues from tweets sent from one of the accounts claimed during the Twitter compromise back to a 21-year-old from the U.K. who uses the nickname PlugWalkJoe.

That individual shared a series of screenshots showing he had been in communications with Chaewon/Ever So Anxious just prior to the Twitter hack, and had asked him to secure several desirable Twitter usernames from the Twitter hacker. He added that Chaewon/Ever So Anxious also was known as “Mason.”

The negotiations over highly-prized Twitter usernames took place just prior to the hijacked celebrity accounts tweeting out bitcoin scams. PlugWalkJoe is pictured here chatting with Ever So Anxious/Chaewon/Mason using his Discord username “Beyond Insane.”

On July 22, KrebsOnSecurity interviewed Sheppard/Mason/Chaewon, who confirmed that PlugWalkJoe had indeed asked him to ask Kirk to change the profile picture and display name for a specific Twitter account on July 15. He acknowledged that while he did act as a “middleman” between Kirk and others seeking to claim desirable Twitter usernames, he had nothing to do with the hijacking of the VIP Twitter accounts for the bitcoin scam that same day.

“Encountering Kirk was the worst mistake I’ve ever made due to the fact it has put me in issues I had nothing to do with,” he said. “If I knew Kirk was going to do what he did, or if even from the start if I knew he was a hacker posing as a rep I would not have wanted to be a middleman.”

Feature Spotlight – Enhanced USB & Bluetooth Device Control

/0 Comments/in /by

Back in 2018, we announced Device Control to our platform, offering admins and security teams the ability to manage the use of USB and other peripheral devices across the network. Today, we are excited to announce the latest updates to this feature, which now allows management of USB, Bluetooth and Bluetooth Low Energy devices with the greatest granularity possible. Our updated Device Control feature means IT and SOC teams can ensure business continuity for all end users requiring the use of external devices while limiting the attack surface to the bare minimum.

What Are the Security Risks of USB and other Peripherals?

Peripherals connected via USB or Bluetooth are ubiquitous and still a necessary feature of business devices, from laptops to workstations and even IoT smart devices. The prevalence of peripherals connected to endpoints in the enterprise has not gone unnoticed by malicious actors. A recent report found that cyber threats to operational technology systems through USB removable media devices have almost doubled in the last 12 months, for example. Malware borne on removable media has been used for opening backdoors, establishing persistent remote access and delivering further malicious payloads, among other things.

Attackers have been finding creative ways to lure users into plugging alien USB thumb sticks into their corporate devices. In one incident, hospitality victims were sent an envelope containing a fake BestBuy gift card, along with a USB thumb drive containing malware. USB drives are also a prime vector for the egress of confidential and business critical data, and the recent shift to “work from home” (or anywhere except the office) only adds to the risk of employees connecting non-company sanctioned peripherals to facilitate this new work environment.

In designing this feature we took into account requirements like system stability, interoperability and cross-platform support (Windows and macOS).

Device Control: Simple Policy Management to Add, Block or Restrict Devices

To facilitate implementation, we’ve designed this feature to allow maximum granularity and flexibility when defining an enterprise Device Control policy.

You can set a Device Control policy for the entire enterprise, a specific Site or even a specific Group of devices. Policy is constructed by a set of Device Control rules.

Rule definition starts by selecting the interface type (USB or Bluetooth), then rule type and action. For instance, we can control USB devices based on the following attributes:

  • Vendor ID
  • Class
  • Serial ID
  • Product ID

Then the desired action:

  • Allow Read & Write
  • Allow Read Only
  • Block

This enables the administrator to set fine-grained policies. For example, it is possible to construct a rule that allows specific users to access certain types of USB devices, permits others to use USB removable media to read files only, and blocks all other users from using external USB devices completely.

Bluetooth Security – Plugging the Gaps

The Bluetooth protocol has been riddled with vulnerabilities. Most of these reside in older Bluetooth versions and security-conscious enterprises should refrain from allowing users to connect such devices to corporate endpoints (and, subsequently, networks).

For Bluetooth devices, SentinelOne Device Control makes it possible to allow or restrict the use of all Bluetooth devices, Bluetooth devices according to their type (e.g. keyboard, mouse, headset) or to allow the operation of devices based on the Bluetooth protocol version they support (to reduce the risk stemming from vulnerabilities in older Bluetooth versions).

Flexibility and Control Over Every Device

SentinelOne Device Control allows administrators to easily define policies, but we also recognize that new devices can be introduced to the enterprise every day. We realize that administrators need the flexibility to respond “on the go” and approve new USB devices as they appear on (and are blocked by) the system.

To facilitate this, an administrator can see every case of a device that was blocked in the management console’s Activity Log, and directly from there, approve the blocked device if they choose.

Conclusion

Together with SentinelOne Firewall Control, Device Control provides what some considered the missing pieces to fully replace legacy antivirus (AV) solutions with its next-gen product. Like other features of the platform, these are delivered via SentinelOne’s single agent across all platforms and from the same management console.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about SentinelOne’s Features

Buildots raises $16M to bring computer vision to construction management

/0 Comments/in /by

Buildots, a Tel Aviv and London-based startup that is using computer vision to modernize the construction management industry, today announced that it has raised $16 million in total funding. This includes a $3 million seed round that was previously unreported and a $13 million Series A round, both led by TLV Partners. Other investors include Innogy Ventures, Tidhar Construction Group, Ziv Aviram (co-founder of Mobileye & OrCam), Magma Ventures head Zvika Limon, serial entrepreneurs Benny Schnaider and  Avigdor Willenz, as well as Tidhar chairman Gil Geva.

The idea behind Buildots is pretty straightforward. The team is using hardhat-mounted 360-degree cameras to allow project managers at construction sites to get an overview of the state of a project and whether it remains on schedule. The company’s software creates a digital twin of the construction site, using the architectural plans and schedule as its basis, and then uses computer vision to compare what the plans say to the reality that its tools are seeing. With this, Buildots can immediately detect when there’s a power outlet missing in a room or whether there’s a sink that still needs to be installed in a kitchen, for example.

“Buildots have been able to solve a challenge that for many seemed unconquerable, delivering huge potential for changing the way we complete our projects,” said Tidhar’s Geva in a statement. “The combination of an ambitious vision, great team and strong execution abilities quickly led us from being a customer to joining as an investor to take part in their journey.”

The company was co-founded in 2018 by Roy Danon, Aviv Leibovici and Yakir Sundry. Like so many Israeli startups, the founders met during their time in the Israeli Defense Forces, where they graduated from the Talpiot unit.

“At some point, like many of our friends, we had the urge to do something together — to build a company, to start something from scratch,” said Danon, the company’s CEO. “For us, we like getting our hands dirty. We saw most of our friends going into the most standard industries like cloud and cyber and storage and things that obviously people like us feel more comfortable in, but for some reason we had like a bug that said, ‘we want to do something that is a bit harder, that has a bigger impact on the world.’ ”

So the team started looking into how it could bring technology to traditional industries like agriculture, finance and medicine, but then settled upon construction thanks to a chance meeting with a construction company. For the first six months, the team mostly did research in both Israel and London to understand where it could provide value.

Danon argues that the construction industry is essentially a manufacturing industry, but with very outdated control and process management systems that still often relies on Excel to track progress.

Image Credits: Buildots

Construction sites obviously pose their own problems. There’s often no Wi-Fi, for example, so contractors generally still have to upload their videos manually to Buildots’ servers. They are also three dimensional, so the team had to develop systems to understand on what floor a video was taken, for example, and for large indoor spaces, GPS won’t work either.

The teams tells me that before the COVID-19 lockdowns, it was mostly focused on Israel and the U.K., but the pandemic actually accelerated its push into other geographies. It just started work on a large project in Poland and is scheduled to work on another one in Japan next month.

Because the construction industry is very project-driven, sales often start with getting one project manager on board. That project manager also usually owns the budget for the project, so they can often also sign the check, Danon noted. And once that works out, then the general contractor often wants to talk to the company about a larger enterprise deal.

As for the funding, the company’s Series A round came together just before the lockdowns started. The company managed to bring together an interesting mix of investors from both the construction and technology industries.

Now, the plan is to scale the company, which currently has 35 employees, and figure out even more ways to use the data the service collects and make it useful for its users. “We have a long journey to turn all the data we have into supporting all the workflows on a construction site,” said Danon. “There are so many more things to do and so many more roles to support.”

Image Credits: Buildots

New Relic is changing its pricing model to encourage broader monitoring

/0 Comments/in /by

In the monitoring world, typically when you spin up a new instance, you pay a fee to monitor it. If you are particularly active in any given month, that can result in a hefty bill at the end of the month. That leads to limiting what you choose to monitor, to control costs. New Relic wants to change that, and today it announced it’s moving to a model where customers pay by the user instead, with a smaller, less costly data component.

The company is also simplifying its product set with the goal of encouraging customers to instrument everything instead of deciding what to monitor and what to leave out to control cost. “What we’re announcing is a completely reimagined platform. We’re simplifying our products from 11 to three, and we eliminate those barriers to standardizing on a single source of truth,” New Relic founder and CEO Lew Cirne told TechCrunch.

The way the company can afford to make this switch is by exposing the underlying telemetry database that it created to run its own products. By taking advantage of this database to track all of your APM, tracing and metric data all in one place, Cirne says they can control costs much better and pass those savings onto customers, whose bills should be much smaller based on this new pricing model, he said.

“Prior to this, there has not been any technology that’s good at gathering all of those data types into a single database, what we would call a telemetry database. And we actually created one ourselves and it’s the backbone of all of our products. [Up until now], we haven’t really exposed it to our customers, so that they can put all their data into it,” he said.

New Relic Telemetry Data. Image Credit: New Relic

The company is distilling the product set into three main categories. The first is the Telemetry Data Platform, which offers a single way to gather any events, logs or traces, whether from their agents or someone else’s or even open-source monitoring tools like Prometheus.

The second product is called Full-stack Observability. This includes all of their previous products, which were sold separately, such as APM, mobility, infrastructure and logging. Finally they are offering an intelligence layer called New Relic AI.

Cirne says by simplifying the product set and changing the way they bill, it will save customers money through the efficiencies they have uncovered. In practice, he says, pricing will consist of a combination of users and data, but he believes their approach will result in much lower bills and more cost certainty for customers.

“It’ll vary by customer, so this is just a rough estimate, but imagine that the typical New Relic bill under this model will be a 70% per user charge and 30% data charge, roughly, but so if that’s the case, and if you look at our competitors, 100% of the bill is data,” he said.

The new approach is available starting today. Companies can try it with a 100 GB single-user account.

Atlassian acquires asset management company Mindville

/0 Comments/in /by

Atlassian today announced that it has acquired Mindville, a Jira-centric enterprise asset management firm based in Sweden. Mindville’s more than 1,700 customers include the likes of NASA, Spotify and Samsung.

Image Credits: Atlassian

With this acquisition, Atlassian is getting into a new market, too, by adding asset management tools to its lineup of services. The company’s flagship product is Mindville Insights, which helps IT, HR, sales, legal and facilities to track assets across a company. It’s completely agnostic as to which assets you are tracking, though, given Atlassian’s user base, most companies will likely use it to track IT assets like servers and laptops. But in addition to physical assets, you also can use the service to automatically import cloud-based servers from AWS, Azure and GCP, for example, and the team has built connectors to services like Service Now and Snow Software, too.

Image Credits: Mindville

“Mindville Insight provides enterprises with full visibility into their assets and services, critical to delivering great customer and employee service experiences. These capabilities are a cornerstone of IT Service Management (ITSM), a market where Atlassian continues to see strong momentum and growth,” Atlassian’s head of tech teams Noah Wasmer writes in today’s announcement.

Co-founded by Tommy Nordahl and Mathias Edblom, Mindville never raised any institutional funding, according to Crunchbase. The two companies also didn’t disclose the acquisition price.

Like some of Atlassian’s other recent acquisitions, including Code Barrel, the company was already an Atlassian partner and successfully selling its service in the Atlassian Marketplace.

“This acquisition builds on Atlassian’s investment in [IT Service Management], including recent acquisitions like Opsgenie for incident management, Automation for Jira for code-free automation, and Halp for conversational ticketing,” Atlassian’s Wasmer writes.

The Mindville team says it will continue to support existing customers and that Atlassian will continue to build on Insight’s tools while it works to integrate them with Jira Service Desk. That integration, Atlassian argues, will give its users more visibility into their assets and allow them to deliver better customer and employee service experiences.

Image Credits: Mindville

“We’ve watched the Insight product line be used heavily in many industries and for various disciplines, including some we never expected! One of the most popular areas is IT Service Management where Insight plays an important role connecting all relevant asset data to incidents, changes, problems, and requests,” write Mindville’s founders in today’s announcement. “Combining our solutions with the products from Atlassian enables tighter integration for more sophisticated service management, empowered by the underlying asset data.”

Atlassian acquires Code Barrel, makers of Automation for Jira

Atlassian acquires Halp to bring Slack integration to the forefront

Is Your Chip Card Secure? Much Depends on Where You Bank

/0 Comments/in /by

Chip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe. But a recent series of malware attacks on U.S.-based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have implemented the technology to sidestep key chip card security features and effectively create usable, counterfeit cards.

A chip-based credit card. Image: Wikipedia.

Traditional payment cards encode cardholder account data in plain text on a magnetic stripe, which can be read and recorded by skimming devices or malicious software surreptitiously installed in payment terminals. That data can then be encoded onto anything else with a magnetic stripe and used to place fraudulent transactions.

Newer, chip-based cards employ a technology known as EMV that encrypts the account data stored in the chip. The technology causes a unique encryption key — referred to as a token or “cryptogram” — to be generated each time the chip card interacts with a chip-capable payment terminal.

Virtually all chip-based cards still have much of the same data that’s stored in the chip encoded on a magnetic stripe on the back of the card. This is largely for reasons of backward compatibility since many merchants — particularly those in the United States — still have not fully implemented chip card readers. This dual functionality also allows cardholders to swipe the stripe if for some reason the card’s chip or a merchant’s EMV-enabled terminal has malfunctioned.

But there are important differences between the cardholder data stored on EMV chips versus magnetic stripes. One of those is a component in the chip known as an integrated circuit card verification value or “iCVV” for short — also known as a “dynamic CVV.”

The iCVV differs from the card verification value (CVV) stored on the physical magnetic stripe, and protects against the copying of magnetic-stripe data from the chip and the use of that data to create counterfeit magnetic stripe cards. Both the iCVV and CVV values are unrelated to the three-digit security code that is visibly printed on the back of a card, which is used mainly for e-commerce transactions or for card verification over the phone.

The appeal of the EMV approach is that even if a skimmer or malware manages to intercept the transaction information when a chip card is dipped, the data is only valid for that one transaction and should not allow thieves to conduct fraudulent payments with it going forward.

However, for EMV’s security protections to work, the back-end systems deployed by card-issuing financial institutions are supposed to check that when a chip card is dipped into a chip reader, only the iCVV is presented; and conversely, that only the CVV is presented when the card is swiped. If somehow these do not align for a given transaction type, the financial institution is supposed to decline the transaction.

The trouble is that not all financial institutions have properly set up their systems this way. Unsurprisingly, thieves have known about this weakness for years. In 2017, I wrote about the increasing prevalence of “shimmers,” high-tech card skimming devices made to intercept data from chip card transactions.

A close-up of a shimmer found on a Canadian ATM. Source: RCMP.

More recently, researchers at Cyber R&D Labs published a paper detailing how they tested 11 chip card implementations from 10 different banks in Europe and the U.S. The researchers found they could harvest data from four of them and create cloned magnetic stripe cards that were successfully used to place transactions.

There are now strong indications the same method detailed by Cyber R&D Labs is being used by point-of-sale (POS) malware to capture EMV transaction data that can then be resold and used to fabricate magnetic stripe copies of chip-based cards.

Earlier this month, the world’s largest payment card network Visa released a security alert regarding a recent merchant compromise in which known POS malware families were apparently modified to target EMV chip-enabled POS terminals.

“The implementation of secure acceptance technology, such as EMV® Chip, significantly reduced the usability of the payment account data by threat actors as the available data only included personal account number (PAN), integrated circuit card verification value (iCVV) and expiration date,” Visa wrote. “Thus, provided iCVV is validated properly, the risk of counterfeit fraud was minimal. Additionally, many of the merchant locations employed point-to-point encryption (P2PE) which encrypted the PAN data and further reduced the risk to the payment accounts processed as EMV® Chip.”

Visa did not name the merchant in question, but something similar seems to have happened at Key Food Stores Co-Operative Inc., a supermarket chain in the northeastern United States. Key Food initially disclosed a card breach in March 2020, but two weeks ago updated its advisory to clarify that EMV transaction data also was intercepted.

“The POS devices at the store locations involved were EMV enabled,” Key Food explained. “For EMV transactions at these locations, we believe only the card number and expiration date would have been found by the malware (but not the cardholder name or internal verification code).”

While Key Food’s statement may be technically accurate, it glosses over the reality that the stolen EMV data could still be used by fraudsters to create magnetic stripe versions of EMV cards presented at the compromised store registers in cases where the card-issuing bank hadn’t implemented EMV correctly.

Earlier today, fraud intelligence firm Gemini Advisory released a blog post with more information on recent merchant compromises — including Key Food — in which EMV transaction data was stolen and ended up for sale in underground shops that cater to card thieves.

“The payment cards stolen during this breach were offered for sale in the dark web,” Gemini explained. “Shortly after discovering this breach, several financial institutions confirmed that the cards compromised in this breach were all processed as EMV and did not rely on the magstripe as a fallback.”

Gemini says it has verified that another recent breach — at a liquor store in Georgia — also resulted in compromised EMV transaction data showing up for sale at dark web stores that sell stolen card data. As both Gemini and Visa have noted, in both cases proper iCVV verification from banks should render this intercepted EMV data useless to crooks.

Gemini determined that due to the sheer number of stores affected, it’s extremely unlikely the thieves involved in these breaches intercepted the EMV data using physically installed EMV card shimmers.

“Given the extreme impracticality of this tactic, they likely used a different technique to remotely breach POS systems to collect enough EMV data to perform EMV-Bypass Cloning,” the company wrote.

Stas Alforov, Gemini’s director of research and development, said financial institutions that aren’t performing these checks risk losing the ability to notice when those cards are used for fraud.

That’s because many banks that have issued chip-based cards may assume that as long as those cards are used for chip transactions, there is virtually no risk that the cards will be cloned and sold in the underground. Hence, when these institutions are looking for patterns in fraudulent transactions to determine which merchants might be compromised by POS malware, they may completely discount any chip-based payments and focus only on those merchants at which a customer has swiped their card.

“The card networks are catching on to the fact that there’s a lot more EMV-based breaches happening right now,” Alforov said. “The larger card issuers like Chase or Bank of America are indeed checking [for a mismatch between the iCVV and CVV], and will kick back transactions that don’t match. But that is clearly not the case with some smaller institutions.”

For better or worse, we don’t know which financial institutions have failed to properly implement the EMV standard. That’s why it always pays to keep a close eye on your monthly statements, and report any unauthorized transactions immediately. If your institution lets you receive transaction alerts via text message, this can be a near real-time way to keep an eye out for such activity.

Cybercrime and Cybersecurity in a Post-Covid World

/0 Comments/in /by

The first half of 2020 has come and gone. I’m certain that no one who made any predictions regarding cybersecurity trends would have guessed correctly that a new virus would send the world into a whirlwind, closing entire countries, stopping all air travel and forcing the largest companies to send all their employees to work from home.

Given this predicament, it would be challenging to try and predict how the second half of the year will unfold. Still, we’ve learnt so much in the last six months, let’s see if we can’t come up with some credible estimations.

Home Alone or in the Company of Cybercriminals?

Let’s start with the users (or victims). Covid-19 sent millions of people home: some permanently (having been laid off) and some to continue working out of office. This overnight transformation seems to be quasi-permanent; some of the worlds’ largest companies (Twitter, Facebook, Shopify, Zillow) have already declared this would be a viable work option for any employee who would prefer it.

Even in more traditional markets, change is happening. One of Japan’s largest employees, Fujitsu Ltd. will cut its office space by 50% over the next three years, encouraging 80,000 office workers to primarily work from home. Today, 42% of U.S. workers are currently working from home (WFH), and some surveys suggest that even after the pandemic subsides and offices reopen, organizations will allow some (or all) of their employees to continue to work remotely.

With millions of people working from home, there is an enormous attack surface ripe for the taking by malicious actors. It is no trivial task to provide the same levels of security for all these employees, operating outside the (relatively) safe perimeter of their offices and local intranet. Furthermore, with time and with numerous IT “temptations” (like letting your kids use your work laptop for browsing) employees’ awareness levels can be eroded, leading to an increase in their vulnerability to cyber crime.

Prediction– WFH will continue to be a major security headache for organizations unless they invest in enhancing and maintaining the security levels of employees regardless of location.
Return to Base | The CISO’s Guide to Preparing A COVID-19 Exit Strategy
Use this time to plan ahead for a secure return to office work.

Learn More

Post-Covid Opportunities for Cybercrime

Cybercrime has boomed during the Covid-19 pandemic. The FBI Internet Crime Complain Center (IC3) reported a 300% increase in cybercrime complaints.

Traffic to hacking-related sites and searches for hacking related information and tutorials have skyrocketed during the months of March-May, indicating many “n00bs” (newbie hackers) are looking into studying a new profession. Many cybercriminal activities of the past months were related to the virus; the Telco Security Alliance reported a 2000% increase in COVID-19 Cyber threats in the month of March alone.

While overall numbers of cybercriminal activity is on the rise, specific segments are doing better than others. For instance, the demand for stolen credit cards has dropped in the pandemic, while “old-school” scams (advertising of fake or inappropriate drugs and medical equipment, dubious investment opportunities and more) are on the rise. As for the corporate world, cybercriminals seem to have become more brazen, employing much more aggressive techniques and showing a desire for quick monetization over long term profit.

Prediction– Cybercrime will continue to rise. Attackers will increasingly target enterprises and organizations with aggressive malware and custom ransomware designed both to steal and cripple. Tactics like extortion to prevent the publishing of stolen information or the auctioning off of stolen information will become more widespread as means for criminals to effect a quick win.

Cyber Policing – Are The Good Guys Increasing?

Authorities are aware of this situation and are working to mitigate these threats, starting with increased cooperation between nations like the World Economic Forum’s Partnership Against Cybercrime. This initiative launched in April 2020 with the mission to explore ways to amplify public-private collaboration and fight global cybercrime. Enhanced cooperation between national law enforcement agencies is also expected to increase with some great results already in: witness the takedown of EncroChat (an encrypted phone network widely used by criminal by French and Dutch law enforcement and judicial authorities, Europol and Eurojust).

Meanwhile, law enforcement agencies are making advances in their efforts to facilitate the reporting of cyber crime. For instance, the UK National Cyber Security Center launched a dedicated email for reporting online scams, and they have received an astonishing 1 million complaints in under 2 months.

In similar fashion, the state of Michigan inaugurated a dedicated phone line to call for free round-the-clock support and advice regarding cybercrime. The UK is also resorting to more active means, such as launching a paid online ads campaign designed to target young people searching for cybercrime services, and offer them legitimate alternatives instead.

Prediction– Cyber policing by international and national agencies will experience improved collaboration and efficiency, bringing more cybercriminals to justice.

Hacktivism – Playing a Dangerous Game

Although not financially motivated, these offensive cyber activists have been more prominent of late. Recent social unrest in the US has unleashed a flurry of hacktivist activities, including DDoS attacks against municipalities and police stations. This year, we’ve seen data leaks of millions of police and FBI records and aggressive social media attacks against the US administration, President Trump and even the popular social media app Tiktok.

While not directly endangering corporates and individuals, these activities can be directed against individuals or organizations perceived to oppose the principles of the hacker collective.

Prediction– Hacktivist actions are closely related to contemporary events and social unrest. What happens next depends very much on the situation in the US and the run up to the US 2020 elections. A nation at war with itself will undoubtedly lead to a rise in hacktivist activities.

Conclusion

The past 6 months have been truly unique. While it is too soon to estimate the long-lasting effect of Covid-19 on our way of living, it is very likely that this period has caused the biggest change to the work landscape since the invention of the modern office, and as such, has greatly increased organizations and individuals’ vulnerability to nefarious cyber activities.

It’s not all bad news, though; law enforcement agencies are waking up to the scale of the problem and increasing cooperation, and organizations need to understand that the situation is not outside of their control. Manage your risk, deploy a capable behavioral AI solution that prevents, detects and undoes the damage from known and unknown threats, and force cybercriminals to look elsewhere for the easy pickings. If you would like to see how SentinelOne can help protect your business, whether your workforce is at home or in the office, contact us today or request a free demo.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Hevo draws in $8 million Series A for its no-code data pipeline service

/0 Comments/in /by

Hevo founders Manish Jethani and Sourabh Agarwal.

According to data pipeline startup Hevo, many small to medium-sized companies juggle more than 40 different applications to manage sales, marketing, finance, customer support and other operations. All of these applications are important sources of data that can be analyzed to improve a company’s performance. That data often remains separate, however, making it difficult for different teams to collaborate.

Hevo enables its clients’ employees to integrate data from more than 150 different sources, including enterprise software from Salesforce and Oracle, even if they don’t have any technical experience. The company announced today that it has raised an $8 million Series A round led by Singapore-based venture capital firm Qualgro and Lachy Groom, a former executive at payments company Stripe.

The round, which brings Hevo’s total raised so far to $12 million, also included participation from returning investors Chiratae Ventures and Sequoia Capital India’s early-stage startup program Surge. The company was first covered by TechCrunch when it raised seed funding in 2017.

Hevo’s Series A will be used to increase the number of integrations available on its platform, and hire sales and marketing teams in more countries, including the United States and Singapore. The company currently has clients in 16 markets, including the U.S., India, France, Australia and Hong Kong, and counts payments company Marqeta among its customers.

In a statement, Puneet Bysani, tech lead manager at Marqeta, said, “Hevo saved us many engineering hours, and our data teams could focus on creating meaningful KPIs that add value to Marqeta’s business. With Hevo’s pre-built connectors, we were able to get data from many sources into Redshift and Snowflake very quickly.”

Based in Bangalore and San Francisco, Hevo was founded in 2017 by chief executive officer Manish Jethani and chief technology officer Sourabh Agarwal. The two previously launched SpoonJoy, a food delivery startup that was acquired by Grofers, one of India’s largest online grocery delivery services, in 2015. Jethani and Agarwal spent a year working at Grofers before leaving to start Hevo.

Hevo originated in the challenges Jethani and Agarwal faced while developing tech for SpoonJoy’s order and delivery system.

“All of our team members would come to us and say, ‘hey, we want to look at these metrics,’ or we would ask our teams questions if something wasn’t working. Oftentimes, they would not have the data available to answer those questions,” Jethani told TechCrunch.

Then at Grofers, Jethani and Agarwal realized that even large companies face the same challenges. They decided to work on a solution to allow companies to quickly integrate data sources.

For example, a marketing team at an e-commerce company might have data about its advertising on social media platforms, and how much traffic campaigns bring to their website or app. But they might not have access to data about how many of those visitors actually make purchases, or if they become repeat customers. By building a data pipeline with Hevo, they can bring all that information together.

Hevo is designed to serve all sectors, including e-commerce, healthcare and finance. In order to use it, companies sign up for Hevo’s services on its website and employees enter their credentials for software supported by the platform. Then Hevo automatically extracts and organizes the data from those sources and prepares it for cloud-based data warehouses, such as Amazon Redshift and Snowflake. A user dashboard allows companies to customize integrations or hide sensitive data.

Hevo is among several “no code, low code” startups that have recently raised venture capital funding for building tools that enable non-developers to add features to their existing software. The founders say its most direct competitor is Fivetran, an Oakland, California-based company that also builds pipelines to move data to warehouses and prepare it for analysis.

Jethani said Hevo differentiates by “optimizing our product for non-technical users.”

“The number of companies who need to use data is very high and there is not enough talent available in the market. Even if it is available, it is very competitive and expensive to hire that engineering talent because big companies like Google and Amazon are also competing for the same talent,” he added. “So we felt that there has to be some democratization of who can use this technology.”

Hevo also focuses on integrating data in real time, which is especially important for companies that provide on-demand deliveries or services. During the COVID-19 pandemic, Jethani says e-commerce clients have used Hevo to manage an influx in orders as people under stay-at-home orders purchase more items online. Companies are also relying on Hevo to help organize and manage data as their employees continue to work remotely.

In a statement about the funding, Qualgro managing partner Heang Chhor said, “Hevo provides a truly innovative solution for extracting and transforming data across multiple data sources — in real time with full automation. This helps enterprises to fully capture the benefit of data flowing though the many databases and software they currently use. Hevo’s founders are the type of globally-minded entrepreneurs that we like to support.”

Hearsay, maker of compliant tools for financial services, deepens ties with Salesforce

/0 Comments/in /by

Financial services companies like banks and insurance tend to be heavily regulated. As such, they require a special level of security and auditability. Hearsay, which makes compliant communications tools for these types of companies, announced a new partnership with Salesforce today, enabling smooth integration with Salesforce CRM and marketing automation tools.

The company also announced that Salesforce would be taking a minority stake in Hearsay, although company co-founder and CEO Clara Shih, did not provide any details on that part of the announcement.

Shih says the company created the social selling category when it launched 10 years ago. Today, it provides a set of tools like email, messaging and websites along with a governance layer to help financial services companies interact with customers in a compliant way. Their customers are primarily in banking, insurance, wealth management and mortgages.

She said that they realized if they could find a way to share the data they were collecting with the Hearsay tool set with CRM and marketing automation software in an automated way, it would make greater use of this information than it could on its own. To that end, they have created a set of APIs to enable that with some built-in connectors. The first one will be to connect Hearsay to Salesforce, with plans to add other vendors in the future.

“It’s about being able to connect [data from Hearsay] with the CRM system of record, and then analyzing it across thousands, if not tens of thousands of advisors or bankers in a single company, to uncover best practices. You could then use that information like GPS driving directions that help every advisor behave in the moment and reach out in the moment like the very best advisor would,” Shih explained.

In practice, this means sharing the information with the customer data platform (CDP), the CRM and marketing automation tooling to deliver more intelligent targeting based on a richer body of information. So the advisor can use information gleaned from everything he or she knows about the client across the set of tools to deliver a more meaningful personal message instead of a targeted ad or an email blast. As Shih points out, the ad might even make sense, but could be tone deaf depending on the circumstances.

“What we focus on is this human-client experience, and that can only be delivered in the last mile because it’s only with the advisor that many clients will confide in these very important life events and life decisions, and then conversely, it’s only in the last mile that the trusted advisor can deliver relationship advice,” she said.

She says what they are trying to do by combining streams of data about the customer is build loyalty in a way that pure technology solutions just aren’t capable of doing. As she says, nobody says they are switching banks because it has the best chat bot.

Hearsay was founded in 2009 and has raised $51 million, as well as whatever other money Salesforce will be adding to the mix with today’s investment. Other investors include Sequoia and NEA Associates. Its last raise was way back in 2013, a $30 million Series C.