Google cancels Cloud Next because of coronavirus, goes online-only

Google today announced that it is canceling the physical part of Cloud Next, its cloud-focused event and its largest annual conference by far with around 30,000 attendees, over concerns around the current spread of COVID-19.

Given all of the recent conference cancellations, this announcement doesn’t come as a huge surprise, especially after Facebook canceled its F8 developer conference only a few days ago.

Cloud Next was scheduled to run from Apri 6 to 8. Instead of the physical event, Google will now host an online event under the “Google Cloud Next ’20: Digital Connect” moniker. So there will still be keynotes and breakout sessions, as well as the ability to connect with experts.

“Innovation is in Google’s DNA and we are leveraging this strength to bring you an immersive and inspiring event this year without the risk of travel,” the company notes in today’s announcement.

The virtual event will be free and in an email to attendees, Google says that it will automatically refund all tickets to this year’s conference. It will also automatically cancel all hotel reservations made through its conference reservation system.

It now remains to be seen what happens to Google’s other major conference, I/O, which is slated to run from May 12 to 14 in Mountain View. The same holds true for Microsoft’s rival Build conference in Seattle, which is scheduled to start on May 19. These are the two premier annual news events for both companies, but given the current situation, nobody would be surprised if they got canceled, too.

French Firms Rocked by Kasbah Hacker?

A large number of French critical infrastructure firms were hacked as part of an extended malware campaign that appears to have been orchestrated by at least one attacker based in Morocco, KrebsOnSecurity has learned. An individual thought to be involved has earned accolades from the likes of Apple, Dell, and Microsoft for helping to find and fix security vulnerabilities in their products.

In 2018, security intelligence firm HYAS discovered a malware network communicating with systems inside of a French national power company. The malware was identified as a version of the remote access trojan (RAT) known as njRAT, which has been used against millions of targets globally with a focus on victims in the Middle East.

Further investigation revealed the electricity provider was just one of many French critical infrastructure firms that had systems beaconing home to the malware network’s control center.

Other victims included one of France’s largest hospital systems; a French automobile manufacturer; a major French bank; companies that work with or manage networks for French postal and transportation systems; a domestic firm that operates a number of airports in France; a state-owned railway company; and multiple nuclear research facilities.

HYAS said it quickly notified the French national computer emergency team and the FBI about its findings, which pointed to a dynamic domain name system (DNS) provider on which the purveyors of this attack campaign relied for their various malware servers.

When it didn’t hear from French authorities after almost a week, HYAS asked the dynamic DNS provider to “sinkhole” the malware network’s control servers. Sinkholing is a practice by which researchers assume control over a malware network’s domains, redirecting any traffic flowing to those systems to a server the researchers control.

While sinkholing doesn’t clean up infected systems, it can prevent the attackers from continuing to harvest data from infected PCs or sending them new commands and malware updates. HYAS found that despite its notifications to the French authorities, some of the apparently infected systems were still attempting to contact the sinkholed control networks up until late 2019.

“Due to our remote visibility it is impossible for us to determine if the malware infections have been contained within the [affected] organizations,” HYAS wrote in a report summarizing their findings. “It is possible that an infected computer is beaconing, but is unable to egress to the command and control due to outbound firewall restrictions.”

About the only French critical infrastructure vertical not touched by the Kasbah hackers was the water management sector.

HYAS said given the entities compromised — and that only a handful of known compromises occurred outside of France — there’s a strong possibility this was the result of an orchestrated phishing campaign targeting French infrastructure firms. It also concluded the domains associated with this campaign were very likely controlled by a group of adversaries based in Morocco.

“What caught our attention was the nature of the victims and the fact that there were no other observed compromises outside of France,” said Sasha Angus, vice president of intelligence for HYAS. “With the exception of water management, when looking at the organizations involved, each fell within one of the verticals in France’s critical infrastructure strategic plan. While we couldn’t rule out financial crime as the actor’s potential motive, it didn’t appear that the actor leveraged any normal financial crime tools.”

‘FATAL’ ERROR

HYAS said the dynamic DNS provider shared information showing that one of the email addresses used to register a key DNS server for the malware network was tied to a domain for a legitimate business based in Morocco.

According to historic records maintained by Domaintools.com [an advertiser on this site], that email address — ing.equipepro@gmail.com — was used in 2016 to register the Web site talainine.com, a now-defunct business that offered recreational vehicle-based camping excursions just outside of a city in southern Morocco called Guelmim.

Archived copies of talainine.com indicate the business was managed by two individuals, including someone named Yassine Algangaf. A Google search for that name reveals a similarly named individual has been credited by a number of major software companies — including Apple, Dell and Microsoft — with reporting security vulnerabilities in their products.

A search on this name at Facebook turned up a page for another now-defunct business called Yamosoft.com that lists Algangaf as an owner. A cached copy of Yamosoft.com at archive.org says it was a Moroccan computer security service that specialized in security audits, computer hacking investigations, penetration testing and source code review.

A search on the ing.equipepro@gmail.com address at 4iq.com — a service that indexes account details like usernames and passwords exposed in Web site data breaches — shows this email address was used to register an account at the computer hacking forum cracked[.]to for a user named “fatal.001.”

A LinkedIn profile for a Yassine Algangaf says he’s a penetration tester from the Guelmim province of Morocco. Yet another LinkedIn profile under the same name and location says he is a freelance programmer and penetration tester. Both profiles include the phrase “attack prevention mechanisms researcher security tools proof of concepts developer” in the description of the user’s job experience.

Searching for this phrase in Google turns up another Facebook page, this time for a “Yassine Majidi,” under the profile name “FatalW01.” A review of Majidi’s Facebook profile shows that phrase as his tag line, and that he has signed several of his posts over the years as “Fatal.001.”

There are also two different Skype accounts registered to the ing.equipepro.com email address, one for Yassine Majidi and another for Yassine Algangaf. There is a third Skype account nicknamed “Fatal.001” that is tied to the same phone number included on talainine.com as a contact number for Yassine Algangaf (+212611604438). A video on Majidi’s Facebook page shows him logged in to the “Fatal.001” Skype account.

On his Facebook profile, Majidi includes screen shots of several emails from software companies thanking him for reporting vulnerabilities in their products. Fatal.001 was an active member on dev-point[.]com, an Arabic-language computer hacking forum. Throughout multiple posts, Fatal.001 discusses his work in developing spam tools and RAT malware.

In this two-hour Arabic language YouTube tutorial from 2014, Fatal.001 explains how to use a RAT he developed called “Little Boy” to steal credit card numbers and passwords from victims. The main control screen for the Little Boy botnet interface includes a map of Morocco.

Reached via LinkedIn, Algangaf confirmed he used the pseudonyms Majidi and Fatal.001 for his security research and bug hunting. But he denied ever participating in illegal hacking activities. He acknowledged that ing.equipepro@gmail.com is his email address, but claims the email account was hacked at some point in 2017.

“It has already been hacked and recovered after a certain period,” Algangaf said. “Since I am a security researcher, I publish from time to time a set of blogs aimed at raising awareness of potential security risks.”

As for the notion that he has somehow been developing hacking programs for years, Algangaf says this, also, is untrue. He said he never sold any copies of the Little Boy botnet, and that this was one of several tools he created for raising awareness.

“In 2013, I developed a platform for security research through which penetration test can be done for phones and computers,” Algangaf said. “It contained concepts that could benefit from a controlled domain. As for the fact that unlawful attacks were carried out on others, it is impossible because I simply have no interest in blackhat [activities].”

The Good, the Bad and the Ugly in Cybersecurity – Week 9

The Good

Back in November we reported on the formation of the ByteCode Alliance, a joint venture involving Mozilla, Fastly and others, to build security components on top of the WebAssembly project. This week, Firefox announced RLBox, in part born out of the fruits of that joint project. RLBox allows Firefox components to run code inside a WebAssembly sandbox, protecting the host OS from any unknown vulnerabilities. The technology will come to Linux users in Firefox 74 and macOS in Firefox 75. Windows support will arrive “soon after”, according to Mozilla.

That’s not the only update Mozilla have been working on as they continue to impress by adding security features to their Firefox browser that should really make a difference. This week, the browser was also updated with a new encrypted-DNS service for US-based users. The encrypted DNS over HTTPS (DoH) protocol will ensure that DNS lookups are not snooped on by 3rd parties, such as your ISP, some of whom have been up to no good by selling customers’ real-time location data and delivering targeted ads without consent.

The Bad

There’s been a lot of headlines this week about kr00k, aka CVE-2019-15126. This is a vulnerability in Broadcom and Cypress Wi-Fi chips that could allow unauthorized decryption of some WPA2-encrypted traffic and which is said to affect over a billion devices. An attacker would need to be in Wi-Fi range and would only be able to capture a limited amount of traffic. Even so, that could represent a serious leak, particularly if the underlying communication was not itself encrypted (e.g., such as using http rather than https, or chat apps that do not encrypt messages prior to transmission). 

Among many devices vulnerable to the flaw, at least 14 Cisco products are said to be affected. The networking hardware giant says it is actively working on patches and that there is no workaround. Apple users on iOS 13.2 or above and macOS Catalina 10.15.1 or higher have already received patches several months ago. 

The Ugly

As we predicted, Maze ransomware has started a trend among fellow cyber criminals, who’ve caught on to the enticing prospect of ‘naming and shaming’ victims to add extra incentive to pay. Now, DoppelPaymer have added themselves to the list of ransomware operators who are doubling up on this new twist in the extortion racket. Aside from Maze and now DoppelPaymer, Sodinokibi and Nemty are also intent on playing the shame game. 

To that end, DoppelPaymer ransomware operators have this week published their own “Leaks” site, listing victims who have been attacked along with details of infected machines and sample files. For one recent victim, the site claims to have compromised 1438 devices.

The attackers have recently added 3 more victims to the original 4 published when the site went up earlier this week, and the signs are that the number will continue to increase. According to reports, the operators have themselves stated that they plan on performing more data exfiltration now that they have created their own leaks site. The site’s URL, which we’ll refrain from publishing here, is helpfully tagged by most browsers as being a dangerous phishing site, so that should help to keep most of the general public away. Unfortunately, that won’t stop the data being shared with other criminals, who will be only too interested in exploiting it any way they can. 

This kind of technique only adds to the dilemma for victims of ransomware as to whether they should pay or not pay, and underscores the need to ensure cybersecurity 101 for every organization: get protected before you get pwned


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

DocuSign acquires Seal Software for $188M to enhance its AI chops

Contract management service DocuSign today announced that it is acquiring Seal Software for $188 million in cash. The acquisition is expected to close later this year. DocuSign, it’s worth noting, previously invested $15 million in Seal Software in 2019.

Seal Software was founded in 2010, and, while it may not be a mainstream brand, its customers include the likes of PayPal, Dell, Nokia and DocuSign itself. These companies use Seal for its contract management tools, but also for its analytics, discovery and data extraction services. And it’s these AI smarts the company developed over time to help businesses analyze their contracts that made DocuSign acquire the company. This can help them significantly reduce their time for legal reviews, for example.

“Seal was built to make finding, analyzing, and extracting data from contracts simpler and faster,” Seal Software CEO John O’Melia said in today’s announcement. “We have a natural synergy with DocuSign, and our team is excited to leverage our AI expertise to help make the Agreement Cloud even smarter. Also, given the company’s scale and expansive vision, becoming part of DocuSign will provide great opportunities for our customers and partners.”

DocuSign says it will continue to sell Seal’s analytics tools. What’s surely more important to DocuSign, though, is that it will also leverage the company’s AI tools to bolster its DocuSign CLM offering. CLM is DocuSign’s service for automating the full contract life cycle, with a graphical interface for creating workflows and collaboration tools for reviewing and tracking changes, among other things. And integration with Seal’s tools, DocuSign argues, will allow it to provide its customers with a “faster, more efficient agreement process,” while Seal’s customers will benefit from deeper integrations with the DocuSign Agreement Cloud.

Microsoft’s Cortana drops consumer skills as it refocuses on business users

With the next version of Windows 10, coming this spring, Microsoft’s Cortana digital assistant will lose a number of consumer skills around music and connected homes, as well as some third-party skills. That’s very much in line with Microsoft’s new focus for Cortana, but it may still come as a surprise to the dozens of loyal Cortana fans.

Microsoft is also turning off Cortana support in its Microsoft Launcher on Android by the end of April and on older versions of Windows that have reached their end-of-service date, which usually comes about 36 months after the original release.

cortana

As the company explained last year, it now mostly thinks of Cortana as a service for business users. The new Cortana is all about productivity, with deep integrations into Microsoft’s suite of Office tools, for example. In this context, consumer services are only a distraction, and Microsoft is leaving that market to the likes of Amazon and Google .

Because the new Cortana experience is all about Microsoft 365, the subscription service that includes access to the Office tools, email, online storage and more, it doesn’t come as a surprise that the assistant’s new feature will give you access to data from these tools, including your calendar, Microsoft To Do notes and more.

And while some consumer features are going away, Microsoft stresses that Cortana will still be able to tell you a joke, set alarms and timers, and give you answers from Bing.

For now, all of this only applies to English-speaking users in the U.S. Outside of the U.S., most of the productivity features will launch in the future.

Superhuman CEO Rahul Vohra on waitlists, freemium pricing and future products

The “Sent via Superhuman iOS” email signature has become one of the strangest flexes in the tech industry, but its influence is enduring, as the $30 per month invite-only email app continues to shape how a wave of personal productivity startups are building their business and product strategies.

I had a chance to chat with Superhuman CEO and founder Rahul Vohra earlier this month during an oddly busy time for him. He had just announced a dedicated $7 million angel fund with his friend Todd Goldberg (which I wrote up here) and we also noted that LinkedIn is killing off Sales Navigator, a feature driven by Rapportive, which Vohra founded and later sold in 2012. All the while, his buzzy email company is plugging along, amassing more interested users. Vohra tells me there are now more than 275,000 people on the waitlist for Superhuman.

Below is a chunk of my conversation with Vohra, which has been edited for length and clarity.


TechCrunch: When you go out to raise funding and a chunk of your theoretical user base is sitting on a waitlist, is it a little tougher to determine the total market for your product?

Rahul Vohra: That’s a good question. When we were doing our Series B, it was very easily answered because we’re one of a cohort of companies, that includes Notion and Airtable and Figma, where the addressable market — assuming you can build a product that’s good enough — is utterly enormous.

With my last company, Rapportive, there was a lot of conversation around, “oh, what’s the business model? What’s the market? How many people need this?” This almost never came up in any fundraising conversation. People were more like, “well, if this thing works, obviously the market is basically all of prosumer productivity and that is, no matter how you define it, absolutely huge.”

Notivize makes it easier for non-technical teams to optimize app notifications

A new startup called Notivize aims to give product teams direct access to one of their most important tools for increasing user engagement — notifications.

The company has been testing the product with select customers since last year and says it has already sent hundreds of thousands of notifications. And this week, it announced that it has raised $500,000 in seed funding led by Heroic Ventures.

Notivize co-founder Matt Bornski has worked at a number of startups including AppLovin and Wink, and he said he has “so many stories I can tell you about the time it takes to change a notification that’s deeply embedded in your stack.”

To be clear, Bornski isn’t talking about a simple marketing message that’s part of a scheduled campaign. Instead, he said that the “most valuable” notifications (e.g., the ones that users actually respond to) are usually driven by activity in an app.

For example, it might sound obvious to send an SMS message to a customer once the product they’ve purchased has shipped, but Bornski said that actually creating a notification like that would normally require an engineer to write new code.

“There’s the traditional way that these things are built: The product team specs out that we need to send this email when this happens, or send this SMS or notification when this happens, then the engineering team will go in and find the part of the code where they detect that such a thing has happened,” he said. “What we really want to do is give [the product team] the toolkit, and I think we have.”

Notivize rule

So with Notivize, non-coding members of the product and marketing team can write “if-then” rules that will trigger a notification. And this, Bornski said, also makes it easier to “A/B test and optimize your copy and your send times and your channels” to ensure that your notifications are as effective as possible.

He added that companies usually don’t build this for themselves, because when they’re first building an app, it’s “not a rational thing to invest your time and effort in when you’re just testing the market or you’re struggling for product market fit.” Later on, however, it can be challenging to “go in and rip out all the old stuff” — so instead, you can just take advantage of what Notivize has already built.

Bornski also emphasized that the company isn’t trying to replace services that provide the “plumbing” for notifications. Indeed, Notivize actually integrates with SendGrid and Twilio to send the notifications.

“The actual sending is not the core value [of what we do],” he said. “We’re improving the quality of what you’re paying for, of what you send.”

Notivize allows customers to send up to 100 messages per month for free. After that, pricing starts at $14.99 per month.

“The steady march of low-code and no-code solutions into the product management and marketing stack continues to unlock market velocity and product innovation,” said Heroic Ventures founder Michael Fertik in a statement. “Having been an early investor in several developer platforms, it is clear that Notivize has cracked the code on how to empower non-technical teams to manage critical yet complex product workflows.”

FCC Proposes to Fine Wireless Carriers $200M for Selling Customer Location Data

The U.S. Federal Communications Commission (FCC) today proposed fines of more than $200 million against the nation’s four largest wireless carriers for selling access to their customers’ location information without taking adequate precautions to prevent unauthorized access to that data. While the fines would be among the largest the FCC has ever levied, critics say the penalties don’t go far enough to deter wireless carriers from continuing to sell customer location data.

The FCC proposed fining T-Mobile $91 million; AT&T faces more than $57 million in fines; Verizon is looking at more than $48 million in penalties; and the FCC said Sprint should pay more than $12 million.

An FCC statement (PDF) said “the size of the proposed fines for the four wireless carriers differs based on the length of time each carrier apparently continued to sell access to its customer location information without reasonable safeguards and the number of entities to which each carrier continued to sell such access.”

The fines are only “proposed” at this point because the carriers still have an opportunity to respond to the commission and contest the figures. The Wall Street Journal first reported earlier this week that the FCC was considering the fines.

The commission said it took action in response to a May 2018 story broken by The New York Times, which exposed how a company called Securus Technologies had been selling location data on customers of virtually any major mobile provider to law enforcement officials.

That same month, KrebsOnSecurity broke the news that LocationSmart — a data aggregation firm working with the major wireless carriers — had a free, unsecured demo of its service online that anyone could abuse to find the near-exact location of virtually any mobile phone in North America.

In response, the carriers promised to “wind down” location data sharing agreements with third-party companies. But in 2019, Joseph Cox at Vice.com showed that little had changed, detailing how he was able to locate a test phone after paying $300 to a bounty hunter who simply bought the data through a little-known third-party service.

Gigi Sohn is a fellow at the Georgetown Law Institute for Technology Law and Policy and a former senior adviser to former FCC Chair Tom Wheeler in 2015. Sohn said this debacle underscores the importance of having strong consumer privacy protections.

“The importance of having rules that protect consumers before they are harmed cannot be overstated,” Sohn said. “In 2016, the Wheeler FCC adopted rules that would have prevented most mobile phone users from suffering this gross violation of privacy and security. But [FCC] Chairman Pai and his friends in Congress eliminated those rules, because allegedly the burden on mobile wireless providers and their fixed broadband brethren would be too great. Clearly, they did not think for one minute about the harm that could befall consumers in the absence of strong privacy protections.”

Sen. Ron Wyden (D-Ore.), a longtime critic of the FCC’s inaction on wireless location data sharing, likewise called for more string consumer privacy laws, calling the proposed punishment “comically inadequate fines that won’t stop phone companies from abusing Americans’ privacy the next time they can make a quick buck.”

“Time and again, from Facebook to Equifax, massive companies take reckless disregard for Americans’ personal information, knowing they can write off comparatively tiny fines as the cost of doing business,” Wyden said in a written statement. “The only way to truly protect Americans’ personal information is to pass strong privacy legislation like my Mind Your Own Business Act [PDF] to put teeth into privacy laws and hold CEOs personally responsible for lying about protecting Americans’ privacy.”

Business Email Compromise | What is BEC (And How Can You Defend Against It)?

While ransomware has been making all the headlines recently, criminals have been reaping far more rewards under the radar through Business Email Compromise (also known as ‘Email Account Compromise’), netting at least 17 times more per incident than ransomware. BEC/EAC, a relatively low-tech kind of financial fraud, yields high returns for the scammers with minimal risk. In this post, we take a look at how the Business Email Compromise scam works and how you can defend your organization against it. 

How Serious Is Business Email Compromise?

Business Email Compromise was the number one source of financial loss due to internet related crime in 2019, and by some margin. To put it in context, stats from the FBI suggest that losses due to ransomware averaged out at around $4,400 per incident and totalled just shy of $9 million in the U.S across 2019. In contrast, losses due to BEC were around 17 times higher, at $75,000 per incident, and amounted to a total financial loss north of $1.7 billion for the same period. 

Of all financial losses due to internet crime recorded by the FBI during 2019 – in sum, around $3.5 billion worth – BEC accounted for around 50% of the total. 

image of financial loss according to internet crime type in 2019

What is Business Email Compromise?

Business Email Compromise is a type of fraud in which organizations are tricked into making wire transfers to a third party that they falsely believe is a legitimate external supplier from overseas. 

The scam begins by either compromising or spoofing the email account of an executive or senior manager who is able to authorize other employees, such as those in Finance or Accounts Payable, to make wire transfers. 

The first part of the scam typically involves either a targeted phishing (aka spear-phishing) attack or credential theft through keyloggers. For example, a C-Suite executive may be targeted with a phishing attack that installs a Remote Access Trojan (RAT) to harvest credentials and other useful business information.

After that, the account is used to instruct other employees to complete a wire transfer request from a fake supplier. For example, a spoofed or hijacked account of a C-Suite executive may be used to send an internal email that reads something like the following:

image of example of BEC fraud email

Overseas banks, often in China, are used by the criminals to receive the funds. 

Necessarily, there is an element of social engineering involved as the attackers need to convince someone to push the wire transfer through. Social engineering may also be used in order to steal passwords and compromise or spoof the initial account. 

How Can You Defend Against BEC?

As we’ve seen above, Business Email Compromise revolves around three interrelated factors: email, people, and wire transfers.

Confirm Your Wire Transfers

Your company should always confirm wire transfer requests by some medium other than email: verify the request via a phone call through a known legitimate company number (not one provided in the email), a workplace communication channel like Slack, or even better face-to-face in person or via tele-conferencing software. 

Ideally, your company should put in place a policy for secondary confirmation for wire transfers such that everyone knows the drill. Demands not to initiate communication through any other medium than email (itself hardly a confidential means of communication) should be treated with suspicion.

Enable Multi-Factor Authentication

Protecting your users email accounts from compromise should also be high on your priority list. Although not perfect, 2FA and MFA will prevent by far and away the majority of account takeover attempts. Hardware security keys like Yubikey and others are worth considering for certain use cases.

How to Detect Malicious Emails

Having a strategy to protect your users against malicious emails is the third, and absolutely vital, pillar of your defensive strategy. Email has long proven to be the malicious actor’s best friend. It’s been estimated that anywhere between 80% – 95% of all enterprise attacks propagate through email, so this is definitely where you need to concentrate your efforts. 

Aside from the actual textual content of an email, which can be used to socially engineer individuals to take actions that may be harmful to their own or their organization’s interest, there are two main technical risks associated with emails: malicious attachments and links.

Strategies for Dealing with Malicious Attachments

In Business Email Compromises, attackers may use attachments to run executable code that can drop a RAT in order to install keyloggers, backdoors and other post-exploitation tools to help steal credentials and useful data such as contacts and previous email correspondence. BEC scammers typically spend some time profiling their victims in order to craft content that is as convincing as possible to pull off the social engineering aspect of the scam. For that reason, it’s important that you look at a range of options for preventing attachments from executing code. 

Attachment filtering can be used in a number of ways to help mitigate code execution. For example, email scanning software could be used to change file formats of attachments so that they cannot execute hidden code. 

While this may be effective to a certain extent, it suffers from the drawback that it may prevent users from carrying out ordinary business tasks with documents that need to be edited or returned in their original format. Given that impact, user-resistance could be high.

A better solution would involve content disarm and reconstruction (CDR), which deconstructs the attachment and removes harmful content. This has the benefit of being both highly effective and meeting low user-resistance, since the process is transparent at the user level. 

Dealing with Macros, Archives and Whitelists

It’s also a wise idea to disable or restrict Macros, as many attacks make use of Microsoft Office’s VBA scripting language to call out to C2 servers and download malicious payloads.

Also, ensure that your email scanning software deals with archives properly. Compressed files can bypass some unsophisticated scanning engines if they do not decompress files fully. Attackers have been known to append archive files to other files like images, which some security software might overlook.

Be careful with (or avoid) whitelisting files by extension: it’s a simple trick for attackers to bypass such whitelisting rules by renaming executable files with non-executable file extensions. If whitelisting attachments is a must, at least use a policy that whitelists by file typing – scanning the file to examine its format – to avoid the easiest of bypasses. 

Dealing with Links and Sender Verification

For emails that contain malicious links, one strategy used by some organizations is to defang hyperlinks in emails so that they are unclickable. This forces the user to copy and paste the link into a browser, a conscious process that provides an opportunity for users to pause and consider what they are doing.

Again, however, the issue is that whenever security impacts productivity and convenience, you will meet some user resistance. This security measure has the twin drawbacks of being both inconvenient and fallible, in the sense that introducing the delay still does not guarantee the user will not visit the link, so proceed with this policy with caution.

Another strategy to consider for dealing with emails is sender verification, such as through DMARC and SPF/DKIM. These technologies can help flag up fake sender identities (i.e., spoofed accounts), but they may not help in cases where the account belongs to a legitimate member of an organization but has been compromised by an attacker.

Finally, ensure that you are protecting against both malicious attachments and malicious links by arming your endpoints with an AI-driven security solution that can detect and block malicious code as it attempts to execute regardless of its origin: file or fileless, link or Macro. 

Conclusion

Verifying wire transfers and enabling multi-factor authentication are simple, effective ways to get ahead of scammers intent on Business Email Compromise. On top of that, consider the practicality of the techniques we’ve mentioned above as part of a layered, defense-in-depth approach.

While Business Email Compromise scams target the weakest link – busy staff trying their best to be productive – an automated, behavioral security solution like SentinelOne can also ensure that attempts to install RATs, keyloggers and other malware are stopped in their tracks.

If you would like to see how SentinelOne’s Singularity platform can protect your enterprise from all attacks, including Business Email Compromise, contact us or request a free demo.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

London-based Gyana raises $3.9M for a no-code approach to data science

Coding and other computer science expertise remain some of the more important skills that a person can have in the working world today, but in the last few years, we have also seen a big rise in a new generation of tools providing an alternative way of reaping the fruits of technology: “no-code” software, which lets anyone — technical or non-technical — build apps, games, AI-based chatbots, and other products that used to be the exclusive terrain of engineers and computer scientists.

Today, one of the newer startups in the category — London-based Gyana, which lets non-technical people run data science analytics on any structured dataset — is announcing a round of £3 million to fuel its next stage of growth.

Led by U.K. firm Fuel Ventures, other investors in this round include Biz Stone of Twitter, Green Shores Capital and U+I , and it brings the total raised by the startup to $6.8 million since being founded in 2015.

Gyana (Sanskrit for “knowledge”) was co-founded by Joyeeta Das and David Kell, who were both pursuing post-graduate degrees at Oxford: Das, a former engineer, was getting an MBA, and Kell was doing a Ph. D. in physics.

Das said the idea of building this tool came out of the fact that the pair could see a big disconnect emerging not just in their studies, but also in the world at large — not so much a digital divide, as a digital light year in terms of the distance between the groups of who and who doesn’t know how to work in the realm of data science.

“Everyone talks about using data to inform decision making, and the world becoming data-driven, but actually that proposition is available to less than one percent of the world,” she said.

Out of that, the pair decided to work on building a platform that Das describes as a way to empower “citizen data scientists,” by letting users upload any structured data set (for example, a .CSV file) and running a series of queries on it to be able to visualise trends and other insights more easily.

While the longer term goal may be for any person to be able to produce an analytical insight out of a long list of numbers, the more practical and immediate application has been in enterprise services and building tools for non-technical knowledge workers to make better, data-driven decisions.

To prove out its software, the startup first built an app based on the platform that it calls Neera (Sanskrit for “water”), which specifically parses footfall and other “human movement” metrics, useful for applications in retail, real estate and civic planning — for example to determine well certain retail locations are performing, footfall in popular locations, decisions on where to place or remove stores, or how to price a piece of property.

Starting out with the aim of mid-market and smaller companies — those most likely not to have in-house data scientists to meet their business needs — startup has already picked up a series of customers that are actually quite a lot bigger than that. They include Vodafone, Barclays, EY, Pret a Manger, Knight Frank and the UK Ministry of Defense. It says it has some £1 million in contracts with these firms currently.

That, in turn, has served as the trigger to raise this latest round of funding and to launch Vayu (Sanskrit for “air”) — a more general purpose app that covers a wider set of parameters that can be applied to a dataset. So far, it has been adopted by academic researchers, financial services employees, and others that use analysis in their work, Das said.

With both Vayu and Neera, the aim — refreshingly — is to make the whole experience as privacy-friendly as possible, Das noted. Currently, you download an app if you want to use Gyana, and you keep your data local as you work on it. Gyana has no “anonymization” and no retention of data in its processes, except things like analytics around where your cursor hovers, so that Gyana knows how it can improve its product.

“There are always ways to reverse engineer these things,” Das said of anonymization. “We just wanted to make sure that we are not accidentally creating a situation where, despite learning from anaonyised materials, you can’t reverse engineer what people are analysing. We are just not convinced.”

While there is something commendable about building and shipping a tool with a lot of potential to it, Gyana runs the risk of facing what I think of as the “water, water everywhere” problem. Sometimes if a person really has no experience or specific aim, it can be hard to think of how to get started when you can do anything. Das said they have also identified this, and so while currently Gyana already offers some tutorials and helper tools within the app to nudge the user along, the plan is to eventually bring in a large variety of datasets for people to get started with, and also to develop a more intuitive way to “read” the basics of the files in order to figure out what kinds of data inquiries a person is most likely to want to make.

The rise of “no-code” software has been a swift one in the world of tech spanning the proliferation of startups, big acquisitions, and large funding rounds. Companies like Airtable and DashDash are aimed at building analytics leaning on interfaces that follow the basic design of a spreadsheet; AppSheet, which is a no-code mobile app building platform, was recently acquired by Google; and Roblox (for building games without needing to code) and Uncorq (for app development) have both raised significant funding just this week. In the area of no-code data analytics and visualisation, there are biggies like Tableau, as well as Trifacta, RapidMiner and more.

Gartner predicts that by 2024, some 65% of all app development will be made on low- or no-code platforms, and Forrester estimates that the no- and low-code market will be worth some $10 billion this year, rising to $21.2 billion by 2024.

That represents a big business opportunity for the likes of Gyana, which has been unique in using the no-code approach specifically to tackle the area of data science.

However, in the spirit of citizen data scientists, the intention is to keep a consumer version of the apps free to use as it works on signing up enterprise users with more enhanced paid products, which will be priced on an annual license basis (currently clients are paying between $6,000 and $12,000 depending on usage, she said).

“We want to do free for as long as we can,” Das said, both in relation to the data tools and the datasets that it will offer to users. “The biggest value add is not about accessing premium data that is hard to get. We are not a data marketplace but we want to provide data that makes sense to access,” adding that even with business users, “we’d like you to do 90% of what you want to do without paying for anything.”