Atlassian brings a table view to Trello

/0 Comments/in /by

Atlassian today announced a number of updates to both its Confluence workspace and its Trello collaboration and project management tool. The focus here, the company says, is on supporting “the next phase of remote work.” Trello alone saw a 73% rise in signups in mid-March 2020, just as companies started shifting to work-from-home, compared to the same time a year ago.

The actual new features are pretty straightforward. The highlight for Trello users is surely the beta version of a table view. This marks the first time the service is giving users this spreadsheet-like overview of what is happening across their various Trello boards. It reminds me quite a bit of Airtable, but what’s maybe more important here than the feature itself is that the Trello team says this is the first of a series of new ways to view data across multiple projects in the application.

Image Credits: Atlassian

As for Confluence, a lot of the new features here are about saving users time (or measuring it). Coming soon, for example, is a bulk content management feature that will allow users to do things like archive multiple pages with a single click, label them or export them, among other things.

Available now are Confluence Smart Links that let you preview content from across the web so that users don’t have to leave their workspace to see important information, as well as real-time feedback on the content in Confluence, with the ability to view, create and resolve in-line comments while in the service’s edit mode.

Image Credits: AtlassianThe last new Confluence feature is Page Insights, which is all about metrics. With this, Confluence adds estimated read time to its page view counts, “making it easier to form quick decisions about when and how to consume content in a busy workday. […] This simplifies the mental process of navigating the endless sea of content.” Who still has the time and energy to read all of those long documents, after all?

“Teams around the world were forced into working remotely, but now many organizations are considering a permanent move to a more distributed work environment,” said Pratima Arora, head of Confluence at Atlassian. “With so many work streams across departments and individuals, it becomes impossible to rely on the old system of email chains as a vehicle for planning and managing work. Leaders need to look at whether they have the right work management system to support collaboration across the organization for the long term.”

Qumulo scores $125M Series E on $1.2B valuation as storage biz accelerates

/0 Comments/in /by

Qumulo, a Seattle storage startup helping companies store vast amounts of data, announced a $125 million Series E investment today on a $1.2 billion valuation.

BlackRock led the round with help from Highland Capital Partners, Madrona Venture Group, Kleiner Perkins and new investor Amity Ventures. The company reports it has now raised $351 million.

CEO Bill Richter says the valuation is more than 2x its most recent round, a $93 million Series D in 2018. While the valuation puts his company in the unicorn club, he says that it’s more important than simple bragging rights. “It puts us in the category of raising at a billion-plus dollar level during a very complicated environment in the world. Actually, that’s probably the more meaningful news,” he told TechCrunch.

It typically hasn’t been easy raising money during the pandemic, but Richter reports the company started getting inbound interest in March just before things started shutting down nationally. What’s more, as the company’s quarter closed at the end of April, they had grown almost 100% year over year, and beaten their pre-COVID revenue estimate. He says they saw that as a signal to take additional investment.

“When you’re putting up nearly 100% year over year growth in an environment like this, I think it really draws a lot of attention in a positive way,” he said. And that attention came in the form of a huge round that closed this week.

What’s driving that growth is that the amount of unstructured data, which plays to the company’s storage strength, is accelerating during the pandemic as companies move more of their activities online. He says that when you combine that with a shift to the public cloud, he believes that Qumulo is well positioned.

Today the company has 400 customers and more than 300 employees, with plans to add another 100 before year’s end. As he adds those employees, he says that part of the company’s core principles includes building a diverse workforce. “We took the time as an organization to write out a detailed set of hiring practices that are designed to root out bias in the process,” he said.

One of the keys to that is looking at a broad set of candidates, not just the ones you’ve known from previous jobs. “The reason for that is that when you force people to go through hiring practices, you open up the position to a broader, more diverse set of candidates and you stop the cycle of continuously creating what I call ‘club memberships’, where if you were a member of the club before you’re a member in the future,” he says.

The company has been around since 2012 and spent the first couple of years conducting market research before building its first product. In 2014 it released a storage appliance, but over time it has shifted more toward hybrid solutions.

Stealthy Seattle Storage Startup Qumulo Snags $40M Investment

Emergence’s Jason Green thinks some of the tech backlash is justified, but the B2B opportunities still outweigh the challenges

/0 Comments/in /by

Jason Green, co-founder and partner at Emergence, is one of the leading VCs investing in enterprise startups at the moment. But even with the focus on B2B, many of their companies have become household names — Zoom, Yammer, Box and Salesforce among them.

Now, we’re all living in a climate where everything has been turned upside down. Meetings are virtual, the future economy and collective health of the world are unknowns, and being an investor — or a founder — comes with completely new parameters and rules of engagement.

We sat down with Green for an enlightening hour to talk about the challenges of all that, plus making deals, running a business, and suddenly finding your quiet, B2B name being turned into a verb. It was an interesting conversation, worth a read for enterprise startups and investors, but — similar to how B2B can spill into consumer — equally insightful for many more.

Extra Crunch Live is our new virtual speaker series for Extra Crunch members. Folks can ask their own questions live during the chat, with guests that include Aileen Lee, Kirsten Green, Mark Cuban and many, many more. You can check out the schedule here.

Below, you’ll find a lightly edited transcript of our recent chat with Green.

How is sourcing impacted in the current climate?

Sourcing is not much different. We follow the same due diligence process, so when we make an investment, the whole team basically dives in and does due diligence. So we make manager references and customer calls and spend time with each of the management team having one-on-ones. In some ways, it was better. First of all, we could very easily do breakout rooms with each of the individual management team members and then come back. So there was this dynamism to the meeting that we hadn’t had before. We were able to basically record it and share it with folks that couldn’t participate. So all of us had all the information when we were making the decision together. That was pretty special, actually. So it took a little bit longer, it probably took about 50% longer than we would have done otherwise. But I think actually, now knowing what we’ve done, we could probably compress it back to our normal timeframe. So I think in a lot of ways, we’ve learned like a lot of folks that we can do things remotely that we probably didn’t think were possible before. Hopefully, we’ll see how the investment turns out, but we’re super excited about it.

Are you considering more startups outside the Valley, and how are they viewing their own place outside the Valley?

Puppet announces $40 million debt round from BlackRock

/0 Comments/in /by

Puppet, the Portland, Oregon-based infrastructure automation company, announced a $40 million debt round today from BlackRock Investments.

CEO Yvonne Wassenaar says the company sees this debt round as part of a longer-term relationship with BlackRock . “What’s interesting, and I think part of the reason why we decided to go with BlackRock, is that typically when you look at how they invest this is the first step of a much longer-term relationship that we will have with them over time that has different elements that we can tap into as the company scales,” Wassenaar told TechCrunch.

In terms of the arrangement, rather than BlackRock taking a stake in the company, Puppet will pay back the money. “We’ve borrowed a sum of money that we will pay back over time. BlackRock does have a board observer seat, and that’s really because they’re very interested in working with us on how we grow and accelerate the business,” Wassenaar said.

Puppet has been in the process of rebuilding its executive team, with Wassenaar coming on board about 18 months ago. Last year she brought in industry veterans Erik Frieberg and Paul Heywood as CMO and CRO, respectively. This year she brought in former Cloud Foundry Foundation director Abby Kearns to be CTO.

All of these moves are with an eye to a future IPO, says Wassenaar. “We’re looking at how do we progress ultimately, ideally on a path to an IPO, and what is it going to take for Puppet to go through that journey,” she said.

She points out that in some ways, the pandemic has forced companies to look more closely at automation solutions like the ones that Puppet provides. “What’s really interesting is […] that the pandemic in many ways has put wind in our sails in terms of the need for corporations to automate and think about how they leverage and extend from a technology perspective going forward,” she said.

As Puppet continues to grow, she says that diversity is a core organizational value, and that while the company has made progress from a gender perspective (as illustrated by the presence of her and Kearns in the C Suite), they still are working at being more racially diverse.

“Where I believe we have a lot more work and there’s a lot more focus right now is further complementing that [gender diversity] from a racial perspective. And it’s an area that I have personally taken on, and I’m committed to making changes in the company as we go forward to support more racial diversity as well,” she said.

Previously the company had raised almost $150 million, with the most recent round being a $42 million Series F in 2018, according to Crunchbase data. The company previously took $22 million in debt financing in 2016, prior to Wassenaar coming on board.

Puppet names former Cloud Foundry Foundation executive director Abby Kearns as CTO

In the cloud era, building on platforms you don’t own is normal

/0 Comments/in /by

When Salesforce launched Force.com in 2007, it was the culmination of years of work to bring together a way to customize Salesforce and eventually to build applications on top of the platform. By using a set of Salesforce services, companies could take advantage of work that SFDC had already done, speeding up building time and reducing time to market. Today, the successor of Force.com is called Salesforce Platform.

But going that route didn’t come without some risk, because back in 2007 building atop a Platform as a Service (PaaS) wasn’t a common way of developing software. Even by 2012 when nCino launched its banking software solutions on Force.com, it likely raised some eyebrows by using a cloud platform as the backbone of its fintech offering.

Even though it probably took resolve, the approach worked, as evidenced this week when nCino went public — a debut that was met with a strong investor response. And nCino is notably not the first time that a company built atop Salesforce’s PaaS has gone public; nCino’s own IPO follows Veeva’s 2013 debut.

But astute observers for the Salesforce ecosystem will note that other successful companies have been built on the Salesforce cloud. As you will see, many successful companies have benefited from building on top of Salesforce.

Feature Spotlight – Introducing the New Threat Center

/0 Comments/in /by

We’re excited to announce our new Threat Center, offering a range of new features and a complete redesign of our threat management interface in the SentinelOne console. Threat Center helps your security team manage threats faster and easier, while at the same time enabling analysts to dive even deeper into the data. The new features are available to all customers with the latest Kauai release.

In this feature spotlight, we’ll explore what’s new with Threat Center and show how analysts can handle threat management more effectively than ever before.

What Problems Do Threat Hunters Face?

Our on-device agent delivers a wealth of information to the console, but to maximize effective use of it, we wanted to redesign our interface around the way analysts work in solving their day-to-day problems. In essence, we wanted to provide streamlined workflows to help analysts meet the following challenges:

  • Understanding that a new threat exists, without the burden of alert fatigue
  • Accessing all relevant data with a minimum of UI interactions
  • The ability to rapidly perform top-down analysis on a new threat
  • The ability to take different mitigation measures from a single window
  • Easy access to logging and improved collaboration features

Our new Threat Center has three tabs, ‘Overview’, ‘Explore’ and ‘Timeline’ and a one-stop-shop mitigation window that together effectively handle these challenges. Let’s see how it works.

Understanding the Threat

From the Incidents page, click on a threat to go to the new Threat Center interface.

You’ll see there are three tabs, Overview, Explore, and Timeline, with the new Status bar common to each for fast, effective threat management.

The new interface immediately allows you to see the status of a threat and what the agent’s AI thinks about it.

It allows you and your team to see at a glance:

  • The Threat Status – has the threat been mitigated by policy or not?
  • The AI Confidence Level – is the threat regarded as suspicious or malicious?
  • The Analyst Verdict and Incident Status – mark up the threat so the rest of the team knows whether it’s in progress or not yet been dealt with.

In the Overview tab, right below the Status bar you’ll see network history, which will instantly answer questions such as:

  • Is this the first time the threat has been identified on my network?
  • If not, when was it first seen and last seen?

You can also click from there to directly begin a new hunt for the threat in Deep Visibility.

Without changing the view, you can also see right from the same page detailed information such as:

  • Which process initiated the threat
  • Which detection engine identified it and whether it was statically or dynamically detected
  • How the threat is classified. For example, whether it is ransomware, a backdoor or a trojan
  • Whether the process is signed and verified, and if so, by whom.

Also, if you want to analyze the threat or detonate it in your own sandbox, you can fetch the threat file directly from the same view.

Fast, Easy Access to All Relevant Data

Sometimes, there might be a delay before an analyst starts to review a threat. Many things could have changed during that period: the OS may have changed version, different users could have logged into the endpoint, the protection policy may have changed and more. For this reason, below the threat details we show a snapshot of the endpoint as it was at detection time.

On the left side of the snapshot, we show the real-time data that we think is the most important to the analyst during investigation. The analyst can see if there are other threats that need attention, whether the endpoint is currently online, and whether the endpoint is quarantined from the network.

If you are using our new CWPP Agent, you can get full visibility about the pod on which the threat was detected, and afterward, take any action directly on the pod like quarantining the threat or any other available mitigation action.

Even better, from this one interface, you can initiate multiple actions, such as view real-time data about the endpoint, start a remote shell, quarantine the endpoint and more.

Rapid Top-Down Analysis with Threat Center

We want to help the analyst understand why the on-device agent AI convicted the threat. We do this by showing the analyst which MITRE techniques were being used as part of the detected attack in the Threat Indicators view on the right-side of the Overview tab.

If the analyst needs more information on any of those, the MITRE ATT&CK TTPs are hotlinks that will open the relevant page from the MITRE website.

For Analysts Who Need More, There Is Explore

But there’s much more to explore in our new UI for the analyst or team that wants to dig further down into the details of the attack. Click the ‘Explore’ tab and you can view the entire attack storyline, find what triggered the threat, what tools and commands the attacker used, and most important of all, how to prevent this attack from occurring again.

Analysts can easily see all processes, files, registry modifications, network activity and other interesting events related to the threat. The Explore tab shows what each process did, which files it created or modified, which child processes it created, what network actions occurred like IP connections and DNS queries, whether there were Registry changes, and much more.

All this data can be viewed in the Process Tree view or through a tabular view at the bottom of the page.

Every Activity Logged in the Threat Timeline

The third major tab in the new Threat Center is the Incident Timeline in the ‘Timeline’ tab.

Logging actions and decisions has always been a crucial responsibility of the analyst. It can be used both during and after an investigation in situations such as

  • Improving analysis – tracking each action and explanatory notes that the analyst makes on each threat
  • Improving team collaboration – what did another investigator do, and when?
  • Going back in time to understand who decided, say, to add an item to the exclusions list and why.

That’s why we created the Timeline. This tool captures every activity of the analyst, the console and the Agent that is related to the threat. In the Timeline, you can find mitigation actions, endpoint activities, notes, mitigation reports, fetched logs, and more.

Know What You Want To Do? Use Our One-Stop-Shop Mitigation Window

Sometimes, the analysis process eats up time, but once we know what action we need to take, we want to take that mitigation action without delay.

To facilitate that, Threat Center enables the analyst to take all the required actions needed to complete work on the threat. With one click, the analyst can rollback the threat or perform any of the other available mitigation actions. The threat can be added to Exclusions, marked as resolved, and notes can be added to explain the rationale behind the decisions taken.

See What The Agent Really Did To The Threat

Visibility is always important. It’s not enough to say that we “mitigated” the threat. Analysts want to know what exactly the Agent did and when.

This is why we provide full visibility about what the Agent did: how many processes were killed, which files were quarantined, which new files created by the threat that we deleted, and which items were rolled back and to what state.

On top of that, if the analyst needs more than a summary view, the full report is just a single click away.

Conclusion

Analysts have a big responsibility, and sometimes they see lots of threats on a single shift.

We want to make sure they can analyze a threat in minimum time, make use of decisions taken in the past on similar threats, reduce manual mistakes, collaborate with the team and understand how to avoid those threats in the future. We believe the new Threat Center offers teams the most effective way to achieve those goals, but we’re not done yet. We continue to listen to customer feedback and to innovate, so you can be sure you’ll see more features and improvements to Threat Center in future releases.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Gmail for G Suite gets deep integrations with Chat, Meet, Rooms and more

/0 Comments/in /by

Google is launching a major update to its G Suite productivity tools today that will see a deep integration of Gmail, Chat, Meet and Rooms on the web and on mobile, as well as other tools like Calendar, Docs, Sheets and Slides. This integration will become available in the G Suite early adopter program, with a wider roll-out coming at a later time.

The G Suite team has been working on this project for about a year, though it fast-tracked the Gmail/Meet integration, which was originally scheduled to be part of today’s release, as part of its response to the COVID-19 pandemic.

At the core of today’s update is the idea that we’re all constantly switching between different modes of communication, be that email, chat, voice or video. So with this update, the company is bringing all of this together, with Gmail being the focal point for the time being, given that this is where most users already find themselves for hours on end anyway.

Google is branding this initiative as a ‘better home for work’ and in practice, it means that you’ll not just see deeper integrations between products, like a fill calendaring and file management experience in Gmail, but also the ability to have a video chat open on one side of the window while collaboratively editing a document in real-time on the other.

Image Credits: Google

According to G Suite VP and GM Javier Soltero, the overall idea here is not just to bring all of these tools closer together to reduce the task-switching that users have to do.

Image Credits: Google

“We’re announcing something we’ve been working on since a little bit before I even joined Google last year: a new integrated workspace designed to bring together all the core components of communication and collaboration into a single surface that is not just about bringing these ingredients into the same pane of glass, but also realizes something that’s greater than the sum of its parts,” he told me ahead of today’s announcement. “The degree of integration across the different modes of communication, specifically email, chat, and video calling and voice video calling along with our existing physical existing strength in collaboration.”

Just like on the web, Google also revealed some of its plans when it first announced its latest major update to Gmail for mobile in May, with its Meet integration in the form of a new bar at the bottom of the screen for moving between Mail and Meet. With this, it’s expanding this to include native Chat and Rooms support as well. Soltero noted that Google things of these four products as the “four pillars of the integrated workspace.” Having them all integrated into a single app means you can manage the notification behavior of all of them in a single place, for example, and without the often cumbersome task-switching experience on mobile.

For now, these updates are specific to G Suite, though similar to Google’s work around bringing Meet to consumers, the company plans to bring this workspace experience to consumers as well, but what exactly that will look like still remains to be seen. “Right now we’re really focused. The people who urgently need this are those involved in productivity scenarios. This idea of ‘the new home for work’ is much more about collaboration that is specific to professional settings, productivity and workplace settings,” Soltero said.

But there is more…

Google is also announcing a few other feature updates to its G Suite line today. Chat rooms, for example, are now getting shared files and tasks, with the ability to assign tasks and to invite users from outside your company into rooms. These rooms now also let you have chats open on one side and edit a document on the other, all without switching to a completely different web app.

Also new is the ability in Gmail to search not just for emails but also chats, as well as new tools to pin important rooms and new ‘do not disturb’ and ‘out of office’ settings.

One nifty new feature of these new integrated workspaces is that Google is also working with some of its partners to bring their apps into the experience. The company specifically mentions DocuSign, Salesforce and Trello. These companies already offer some deep Gmail integrations, including integrations with the Gmail sidebar, so we’ll likely see this list expand over time.

Meet itself, too, is getting some updates in the coming weeks with ‘knocking controls’ to make sure that once you throw somebody out of a meeting, that person can’t come back, and safety locks that help meeting hosts decide who can chat or present in a meeting.

Image Credits:

Google Meet shows up in Gmail inboxes, a few years too late

‘Wormable’ Flaw Leads July Microsoft Patches

/0 Comments/in /by

Microsoft today released updates to plug a whopping 123 security holes in Windows and related software, including fixes for a critical, “wormable” flaw in Windows Server versions that Microsoft says is likely to be exploited soon. While this particular weakness mainly affects enterprises, July’s care package from Redmond has a little something for everyone. So if you’re a Windows (ab)user, it’s time once again to back up and patch up (preferably in that order).

Top of the heap this month in terms of outright scariness is CVE-2020-1350, which concerns a remotely exploitable bug in more or less all versions of Windows Server that attackers could use to install malicious software simply by sending a specially crafted DNS request.

Microsoft said it is not aware of reports that anyone is exploiting the weakness (yet), but the flaw has been assigned a CVSS score of 10, which translates to “easy to attack” and “likely to be exploited.”

“We consider this to be a wormable vulnerability, meaning that it has the potential to spread via malware between vulnerable computers without user interaction,” Microsoft wrote in its documentation of CVE-2020-1350. “DNS is a foundational networking component and commonly installed on Domain Controllers, so a compromise could lead to significant service interruptions and the compromise of high level domain accounts.”

CVE-2020-1350 is just the latest worry for enterprise system administrators in charge of patching dangerous bugs in widely-used software. Over the past couple of weeks, fixes for flaws with high severity ratings have been released for a broad array of software products typically used by businesses, including Citrix, F5, Juniper, Oracle and SAP. This at a time when many organizations are already short-staffed and dealing with employees working remotely thanks to the COVID-19 pandemic.

The Windows Server vulnerability isn’t the only nasty one addressed this month that malware or malcontents can use to break into systems without any help from users. A full 17 other critical flaws fixed in this release tackle security weaknesses that Microsoft assigned its most dire “critical” rating, such as in Office, Internet Exploder, SharePoint, Visual Studio, and Microsoft’s .NET Framework.

Some of the more eyebrow-raising critical bugs addressed this month include CVE-2020-1410, which according to Recorded Future concerns the Windows Address Book and could be exploited via a malicious vcard file. Then there’s CVE-2020-1421, which protects against potentially malicious .LNK files (think Stuxnet) that could be exploited via an infected removable drive or remote share. And we have the dynamic duo of CVE-2020-1435 and CVE-2020-1436, which involve problems with the way Windows handles images and fonts that could both be exploited to install malware just by getting a user to click a booby-trapped link or document.

Not to say flaws rated “important” as opposed to critical aren’t also a concern. Chief among those is CVE-2020-1463, a problem within Windows 10 and Server 2016 or later that was detailed publicly prior to this month’s Patch Tuesday.

Before you update with this month’s patch batch, please make sure you have backed up your system and/or important files. It’s not uncommon for a particular Windows update to hose one’s system or prevent it from booting properly, and some updates even have been known to erase or corrupt files. Last month’s bundle of joy from Microsoft sent my Windows 10 system into a perpetual crash state. Thankfully, I was able to restore from a recent backup.

So do yourself a favor and backup before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.

Also, keep in mind that Windows 10 is set to apply patches on its own schedule, which means if you delay backing up you could be in for a wild ride. If you wish to ensure the operating system has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches whenever it sees fit, see this guide.

As always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips. Also, keep an eye on the AskWoody blog from Woody Leonhard, who keeps a reliable lookout for buggy Microsoft updates each month.

Look Who’s Back? It’s DDoS!

/0 Comments/in /by

Starting on the afternoon of June 15, a wide outage appeared to be affecting ISPs, social media platforms and mobile carriers. A Twitter account associated with Anonymous announced that the US was currently under “a major DDoS attack.” It included a map showing the US being bombarded by internet traffic from all over the globe.

The internet was soon abuzz with speculations about “the world’s largest ever DDoS attack”. But was it?

Matthew Prince, CEO at DDoS protection company Cloudflare, answered with his own tweet, stating that the outage wasn’t the result of a massive-scale DDoS attack. It was, rather, “far more boring,” Prince said, resulting from US carrier T-Mobile making network configuration changes that “went badly,” affecting both its voice and data networks.

Later that day, T-Mobile CEO Mike Sievert issued a statement confirming the voice and text issues, blaming “an IP traffic related issue that has created significant capacity issues in the network core throughout the day.” The issue was eventually resolved in the early hours of June 16.

While the incident seems to be a case of crying wolf, denial of service attacks are, in fact, making something of a comeback. Those branding themselves as Anonymous hacktivists are partly to blame.

Riots and Denial of Service

During the recent waves of riots sweeping the US, members of the hacktivist group launched several DDoS attacks against law enforcement agencies and municipalities. Minneapolis website was hit by a DDoS attack, followed by an attack on the Minneapolis Police Department.

On the law enforcement side, the latest victim is the Atlanta Police Department’s website.

This isn’t surprising. In the past, DDoS was the weapon of choice for this group. What is surprising is that this time around, the attacks weren’t limited to anarchists fighting the establishment. Subsequent attacks were launched from the opposite end of the political spectrum, targeting advocacy groups that fight for Black rights. 

Cloudflare saw 1120 times as many attacks in May as it did in April.

“In fact, those groups went from having almost no attacks at all in April, to attacks peaking at 20,000 requests per second on a single site,” the company said. Others may have also been victimized after taking a side in the Black Lives Matter debate, including government and military websites, Cloudflare said.

Cybercrime and DDoS

But DDoS isn’t just used to punish political opponents. It can also be a formidable tool in the hands of cyber criminals. The method is crude, but effective: Cybercriminals demand a ransom, threatening to unleash an attack that will knock a targeted victim offline for a considerable amount of time, costing it in terms of both traffic and associated revenue if it refuses to pay. A slightly more sophisticated business model was employed by vDOS—a now-defunct DDoS as a Service shop run by two young criminals from Israel. Arrested nearly four years ago, the pair was sentenced last week, having been given a mere 6 months of community service plus a meager fine and probation. While it’s extremely rare that DDoS enablers get caught and sentenced, the actual sentence is disappointing, given the scope of their crimes: they facilitated the launch of 2 million attacks and netted about USD $600,000.

But money isn’t the only criminal motive for launching DDoS attacks. Shame can also be a reason.

Naturalized US citizen Andrew Rakhshan, previously convicted in Canada for fraud in 2013, was sentenced last week to a maximum of five years in prison and ordered to pay over $500,000 after being found guilty of launching DDoS attacks against several websites. When one target—the website Leagle.com—refused to pay, Rakhshan next tried to bribe its operators. Finally, he threatened to DDoS the site—a threat he carried out by using a DDoS for hire service in January 2015.

A Global Decline in DDoS Attacks, But a Surge During Covid-19 Months

While DDoS attacks seem to be fewer in number, they’re getting bigger and more complicated. A new report suggests that DDoS attacks are bigger on average, longer and more sophisticated, with some combining up to 30 attack methods in one assault.

And while the overall trend is a decline in DDoS, Covid-19 has brought with it a surge of denial-related activities. There’s been a significant increase in DDOS attack volumes during March, April and May, with the aggregate volume of DDoS traffic now at 40% to 50% above pre-pandemic levels from February, according to telecom operator Nokia Deepfield.

New Techniques, Targets and Records

Traditional DDoS methods have been around for decades, and most attacks can be successfully mitigated by DDoS protection solutions.

But that may not be the case for much longer.

Researchers from Tel Aviv University and the Interdisciplinary Center of Herzliya in Israel discovered a new technique that could allow a relatively small number of computers to carry out DDoS attacks on a massive scale. The new technique, which the researchers called NXNSAttack, takes advantage of vulnerabilities in common DNS software. The NXNSAttack technique can cause a DNS server to perform hundreds of thousands of requests every time a hacker’s machine sends just one, effectively amplifying the attacker’s firepower tenfold. This means an attacker has to compromise a relatively small number of machines to achieve massive impact: something that up until now has required the creation of a huge botnet.

At this point, the race to the DDoS championship is wide open. The most prominent DDoS attack against a specific website—a large hosting provider used by a number of political and social sites—happened in early June, topping a bandwidth of 1.44 terabits per second and 385 million packets-per-second. Akamai, which repelled the attack, wouldn’t name the victim site, but it did mention that the provider was targeted for “social” reasons, which might indicate the motive was similar to the political attacks associated with the Black Lives Matter debate, as described above.

That attack was impressive, but it was topped by a record, three-day DDoS attack of 2.3 Tbps aimed at AWS servers in February. Amazon published the findings in its recent AWS Shield Threat Landscape Report – Q1 2020, stating that the massive attack was caused by a version of UDP reflection vector called CLDAP reflection.  It was observed with a previously unseen volume of 2.3 Tbps. This is approximately 44% larger than any network volumetric event previously detected on AWS.

Recruiting IoT Devices and Cloud to the Ranks

Last but not least, it’s not just computers taking part in DDoS attacks. Connected devices (also known as “IoT devices” or “smart devices”) are aggressively targeted and recruited into botnets for hire, later to be used for DDoS attacks. A newly discovered vulnerability in UPnP (Universal Plug and Play) can exacerbate this process. The vulnerability—CVE-2020-12695, aka “CallStranger”—allows attackers to subscribe to devices so they can force them to send traffic to any IP address. This enables attackers to launch large-scale, amplified TCP DDoS reflection attacks, by using a spoofed IP address to send a request to a third-party server. The response is much larger in size and is returned to the spoofed IP address of the unwitting victim, creating powerful DDoS attacks.

Summary

DDoS is one of the most established cyber threats. It’s been around for ages. Hence, there’s a general tendency to downplay its severity. It’s true that the overall number of attacks are decreasing, and that modern web infrastructure is more resilient to primitive DDoS attacks than ever before. But given the massive adoption of connected devices by consumers and enterprises, it wouldn’t surprise us to see this attack vector gaining in popularity. Another scenario worth keeping in mind is that DDoS attacks are a perfect smokescreen: they can be used by sophisticated attackers to divert the attention of security teams while the intruders infiltrate the organization in another way.

If you would like to see how SentinelOne can help protect your organization, contact us for a free demo.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

New Acquia platform looks to bring together developers, marketers and data

/0 Comments/in /by

Acquia, the commercial company built on top of the open source Drupal content management system has pushed to be more than a publishing platform in recent years, using several strategic acquisitions to move into managing customer experience, and today the company announced a new approach to developing and marketing on the Drupal Cloud.

This involves bringing together developers and marketers under the umbrella of the new Acquia Open DXP platform. This approach has two main components: “What we’ve been working on is deep integration across our suite and pulling together our new foundational Drupal Cloud offering, and our new foundational Marketing Cloud offering,” Kevin Cochrane, senior vice president of product marketing at Acquia said.

The offerings bring together a set of acquisitions the company made over the last year including Mautic for marketing automation in May 2019, Cohesion for low-code developing in September and AgileOne in December for a customer data platform (CDP).

Cochrane says that the company is leveraging these acquisitions along with tools they developed internally and the upcoming release of Drupal 9 to offer a platform approach for customers where they can build content on the Drupal Cloud side and leverage customer data on the Marketing Cloud side.

On the Drupal Cloud, the company is offering a set of tools that includes an integrated development environment (IDE) where developers can build services, while marketers get a low code offering, where they can drag and drop content and design components from a library of offerings that could come from internal sources or the open source community. It also includes other components like security and content management.

The Marketing Cloud is the data layer where companies collect and manage data about customers with the goal of offering a more personalized and meaningful experience in a digital context.

Marketing automation tooling has shifted in recent years with the goal of providing customers with a unique and meaningful experience using the vast amount of data available to build a more complete picture of the customer and give them what they need, when they need it in a digital context. This has involved building a digital experience platform (DXP) and a customer data platform (CDP).

By pulling together these different elements, Acquia is attempting to put itself in a position to compete directly with big players in this space like Adobe and Salesforce offering a similar unified approach.

Vista Equity Partners bought Acquia last September for $1 billion. At the time, company founder Dries Buytaert said one of the advantages of being part of Vista was to get the resources to compete with larger companies in this space, and today’s announcement could be seen in that light.

Vista Equity Partners buys Acquia for $1B