InCountry raises $18M more to help SaaS companies store data locally

/0 Comments/in /by

We’re seeing a gradual expansion of national regulations that require data from SaaS applications to be stored locally in the country where it’s sourced and used. Today a startup that’s built a service around that need — specifically, data residency-as-a-service — is announcing some funding to continue building out its company amid strong demand.

InCountry, which provides a set of solutions — comprising software as well as some consultancy — that helps companies comply with local regulations when adopting SaaS products, has raised $18 million in funding.

This is technically an extension to its Series A, but in keeping with the growth of its business, it comes with a big bump to its valuation: the startup is now valued at “north” of $150 million. Founder and CEO Peter Yared said this is more than double the valuation of its previous round a little over a year ago

The money is coming from a mix of strategic and financial investors. It’s being led by Caffeinated Capital and Abu Dhabi’s Mubadala, with participation from new investor Accenture Ventures and previous investors Arbor Ventures, Felicis, Ridge Ventures, Bloomberg Beta and Team Builder Ventures. Accenture is one of InCountry’s key channel partners, reselling the software as part of bigger data management and integration contracts, Yared tells me.

The company has seen a decent bump in its business in the last year, expanding to 90 countries from 65, where it provides guidance and services to store and use data in compliance with legal requirements. Alongside that it has an increasingly long list of software packages that it covers with its products. The list currently includes Salesforce, ServiceNow, Twilio, Mambu and Segment, with customers including a large list of enterprises including stock exchanges, banks and pharmaceutical companies.

“This company was based off a crazy thesis,” Yared said with an almost incredulous laugh (he has a very jocular way of talking, even when he’s being serious). “Now it’s 20 months old, and our customers are banks, pharma giants, stock exchanges. We are proud that large institutions can trust us.”

A big bump in its business in recent times has been in Asia Pacific and the Middle East, which are two main regions when it comes to data residency regulations and therefore ripe ground for winning new customers — one reason why Mubadala is part of this round, Yared said.

“At Mubadala we are committed to backing visionary founders whose innovations fuel economies,” said Ibrahim Ajami, head of Ventures at Mubadala Capital. “Since day one, InCountry’s cloud solution has addressed a massive challenge in this era of regulation by giving businesses the tools to grow internationally while remaining compliant with data residency regulations. We’re doubling down on our investment and are supporting InCountry’s expansion into the MENA region because we believe they are the best team to help drive global business forward.”

Partly due to the growing ubiquity, flexibility and relatively cheap cost of cloud computing, software as a service  has been on a fast growth trajectory for years now. But even within that trend, it has had a huge boost in 2020 as a result of the global health pandemic.

COVID-19 has given the need for remote computing, and being able to access data wherever you happen to be — which in many cases today is no longer in your usual office space. On top of that, we have a lot more “wiggle room” in business, with organizations quickly scaling up and down with demand.

The knock-on effect has been a big boost for SaaS. But that growth has come with some caveats, and one of the biggest alongside security has been around data protection, and specifically national requirements in how data is stored and used. Arguably, SaaS companies have been more concerned with scaling their software and business funnels than they have been with how data is handled and how that has changed in keeping with local regulations, and that’s the opportunity that InCountry has stepped in to fill.

It provides not just a set of software to store and handle data in a secure way, but also an extensive list of legal advisors with expertise at the local level to help companies get their data policies in order. It’s an interesting model: While InCountry’s been an early mover in identifying this market opportunity and building technology to address it, it’s buffered its competitive position not with a sole focus on technology, but an extensive amount of human capital to get each implementation right.

That can prove to be a costly thing to get wrong. In the EU in July, the Court of Justice of the European Union (CJEU) put down the EU-US Privacy Shield — a framework that let businesses transfer personal data between the European Union and the United States while ensuring compliance with data protection regulations. This has impacted some 5,000 companies, which now have to rethink how they handle their data. The fine for not complying with storing data locally means that they can be fined up to 4% of their revenues.

Yared tells me that for now, the main competitor to something like InCountry has been companies building their own policies in house. Some of those solutions would have been done completely in house and some in partnership with integrators, but all of them were hard to scale and were painful to maintain, one reason why companies and their business partners are turning to working with his startup.

“Accenture Ventures is pleased to support InCountry as it continues to expand globally,” said Tom Lounibos, managing director, Accenture Ventures, in a statement. “InCountry’s software solutions are helping companies address the critical issue of becoming and remaining compliant with a multitude of data residency laws. This expansion will help support enterprises as they unlock their business across borders.”

Fresh off $200M Series D, Gong acquires early-stage startup Vayo

/0 Comments/in /by

Gong announced a $200 million Series D investment just last month, and loaded with fresh cash, the company wasted no time taking advantage. Today, it announced it was buying early-stage Isreali sales technology startup Vayo. The companies did not share terms of the deal, but Gong CEO Amit Bendov said the deal closed a couple of weeks ago.

The two companies match up quite well from a tech standpoint. While Gong searches unstructured data like emails and phone call transcripts and finds nuggets of data, Vayo looks at structured data, which is essentially the output of the Gong search process. What’s more, it handles large amounts of data at scale.

“Vayo helps find customer interactions at a large scale to identify trends like customers likely to churn or usage is going up, or your deals are starting to slow down — and they do this for structured data at scale,” Bendov told TechCrunch.

He said this ability to identify trends was really what attracted him to the company, even though it was still at an early stage of development. “It’s a perfect fit for Gong. We take unstructured data — emails, audio calls video calls — and extract insights. Customers, especially with a large organization, don’t want to see individual interactions but high order insights […] and they’ve developed [a solution] to identify trends on large data volumes for customer interactions,” he said.

Vayo was founded in 2018 and raised $1.7 million in seed capital, according to Crunchbase. Joining forces with Gong gives them an opportunity to develop the technology inside a company that’s growing quickly and is extremely well capitalized, having raised more than $300 million in the last 18 months.

Avshi Avital, CEO at Vayo, who has joined Gong with his four fellow employees, gave a familiar argument for selling the company. “With Gong we found the perfect partner to realize this mission faster and maximize the impact of the technology we built given the scale of their customer base and growth potential,” he said.

The plan is to fold the Vayo tech into the Gong platform, a process that will take three to six months, according to Bendov.

Gong raises another $200M on $2.2B valuation

Google Cloud lets businesses create their own text-to-speech voices

/0 Comments/in /by

Google launched a few updates to its Contact Center AI product today, but the most interesting one is probably the beta of its new Custom Voice service, which will let brands create their own text-to-speech voices to best represent their own brands.

Maybe your company has a well-known spokesperson for example, but it would be pretty arduous to have them record every sentence in an automated response system or bring them back to the studio whenever you launch a new product or procedure. With Custom Voice, businesses can bring in their voice talent to the studio and have them record a script provided by Google. The company will then take those recordings and train its speech models based on them.

As of now, this seems to be a somewhat manual task on Google’s side. Training and evaluating the model will take “several weeks,” the company says and Google itself will conduct its own tests of the trained model before sending it back to the business that commissioned the model. After that, the business must follow Google’s own testing process to evaluate the results and sign off on it.

For now, these custom voices are still in beta and only American English is supported so far.

It’s also worth noting that Google’s review process is meant to ensure that the result is aligned with its internal AI Principles, which it released back in 2018.

Like with similar projects, I would expect that this lengthy process of creating custom voices for these contact center solutions will become mainstream quickly. While it will just be a gimmick for some brands (remember those custom voices for stand-alone GPS systems back in the day?), it will allow the more forward-thinking brands to distinguish their own contact center experiences from those of the competition. Nobody likes calling customer support, but a more thoughtful experience that doesn’t make you think you’re talking to a random phone tree may just help alleviate some of the stress at least.

The BLINDINGCAN RAT and Malicious North Korean Activity

/0 Comments/in /by

There has been a great deal of coverage lately around malicious activities attributed to North Korea (and/or adjacent entities). Most recently, this has culminated in the release of MAR (Malware Analysis Report) AR20-232A, which covers activities associated with the BLINDINGCAN RAT. This tool is the latest in a very long line of tools which allow attackers to maintain access to target environments as well as establish ongoing control of infected hosts. In this post, we give an overview of this campaign in context of other related campaigns, describing its infection vector, execution and high-level behavior.

Infection Vector

As we know, email phishing attacks are still the dominant method of delivering malware when it comes to these types of attacks. The BLINDINGCAN campaigns are no different, but their phishing lure comes with an interesting twist: malicious documents utilized in the campaign masquerade as job offers and postings from high-value defense contractors such as Boeing.

This isn’t the first time such a lure has been used. Sophisticated attackers have sought to mimic entities in the defense, military, and government space in the past. This is especially true, historically, with campaigns tied to North Korea. Even early on in 2020, Operation North Star followed a very similar modus operandi, and by some accounts these campaigns may be related.

CISA maintains a running repository of North Korean / Hidden Cobra related advisories and details. Their alerts cover campaigns from 2017 to present, including (but not limited to):

  • WannaCry – Massively destructive “ransomware” with SMB spreading capabilities.
  • Delta Charlie – Backdoor and Denial-of-Service tool set
  • Volgmer – Backdoor
  • FALLCHILL – Full-function RAT
  • BANKSHOT – RAT and proxy/tunneling tool set
  • HARDRAIN – RAT and proxy tool set w/ Android support
  • SHARPKNOT – MBR Wiper
  • TYPEFRAME – RAT and proxy/tunneling tool set
  • KEYMARBLE – Full-function RAT
  • FASTCash – RAT and proxy/tunneling tool set (Financial attacks)
  • BADCALL – RAT and proxy tool set w/ Android support
  • ELECTRICFISH – proxy/tunneling tool set
  • HOPLIGHT – proxy/tunneling tool set with pseudo-SSL spoofing
  • ARTFULPIE – Downloader and launcher tool set
  • CROWDEDFLOUNDER – Full-function RAT
  • TAINTEDSCRIBE – Downloader and launcher with LFSR (LInear Feedback Shift Register) support
  • COPPERHEDGE – Full-function RAT, cryptocurrency and crypto-exchange focused.

In short, the DPRK has a long history of these types of campaigns and it does not appear to be letting up in frequency or aggressiveness. Moreover, North Korea is no stranger to playing the ‘long-game’. Reflecting back on earlier attacks from the region (e.g., Operation Troy, Ten Days of Rain, Dark Seoul, and the Sony attack) we see similar tactics and aggressiveness.

The BLINDINGCAN campaign has been specifically focused on defense and aerospace targets, primarily based in Europe and the United States. According to AR20-232a: “The FBI has high confidence that HIDDEN COBRA actors are using malware variants in conjunction with proxy servers” along with “compromised infrastructure from multiple countries to host its command and control (C2) infrastructure”.

The objective of these attacks is to gain intelligence and to understand the key technologies that fall under the umbrella of the targeted entity, as well as those adjacent to them (contactors, partners, etc.)

BLINDINGCAN RAT: Execution and Behavior

The malicious documents themselves, upon launch, attempt to exploit CVE-2017-0199. This particular flaw allows for remote code execution via maliciously crafted documents. More specifically, CVE-2017-0199 is a result of the flawed processing of RTF files and elements by way of a potent combination of object links and HTA payloads.

This vulnerability is a common vector of attack for malicious actors, and despite the flaw being patched long ago, attackers bet on the fact (often successfully) that at least some of their targets will still be exposed to the flaw, allowing them to achieve their foothold.

You can see this behavior immediately upon launching one of the malicious documents.

The samples we analyzed reach out to a remote server (C2) for additional components. Once established, a keylogging and clipboard monitoring component is dropped, and additional information is extracted from the targeted hosts. WMI commands are utilized to gleen basic system details:

start iwbemservices::execquery - select * from win32_computersystemproduct

The RAT component (e.g., 58027c80c6502327863ddca28c31d352e5707f5903340b9e6ccc0997fcb9631d) can be found in both 32 and 64 bit varieties. The executable payloads employ multiple levels of obfuscation.

Configuration data for the RAT is embedded in the payloads and is both encrypted and encoded. Embedded configuration artifacts are AES-encrypted with a hard-coded key. Upon decrypting, the resulting data is then decoded via XOR. Strings in the malware are RC4 encrypted.

The RAT module will initially pull basic system data. The aforementioned WMI command is part of this system reconnaissance process. In this stage, the malware will pull local network data, system name, OS version details, processor/platform details and MAC address details, and then push this data to the C2.

The core RAT feature set boils down to the following:

  • Gather and transmit defined set of System features
  • Create, terminate and manipulate processes
  • Create, terminate and manipulate files
  • Self-updating / self-deletion (cleaning of malicious code from the system when necessary)

Conclusion

While the malware and implants discussed here are specific to operations attributed to North Korea, the delivery and weaponization states are common to most other APT groups and non-nation-state backed campaigns.

The key takeaways here are 1) it is important to keep abreast of the evolution of malicious attacks generated from this region, but also 2) we can apply what we have learned from other past attacks to improve our posture and reduce overall exposure, along with the potential negative repercussions of suffering from such an attack. Prevention, as always, is key. The SentinelOne Singularity Platform is fully capable of detecting and preventing malicious activity associated with HIDDEN COBRA and BLINDINGCAN.

Indicators of Compromise

SHA256
6a3446b8a47f0ab4f536015218b22653fff8b18c595fbc5b0c09d857eba7c7a1
8b53b519623b56ab746fdaf14d3eb402e6fa515cde2113a07f5a3b4050e98050
58027c80c6502327863ddca28c31d352e5707f5903340b9e6ccc0997fcb9631d
7933716892e0d6053057f5f2df0ccadf5b06dc739fea79ee533dd0cec98ca971

SHA1
0ecc687d741c7b009c648ef0de0a5d47213f37ff
3f6ef29b86bf1687013ae7638f66502bcf883bfd
9feef1eed2a8a5cbfe1c6478f2740d8fe63305e2
C70edfaf2c33647d531f7df76cd4e5bb4e79ea2e

Domains
agarwalpropertyconsultants[.]com
curiofirenze[.]com
automercado.co[.]cr

MITRE ATT&CK
Phishing: Spearphishing Attachment [T1566]
Command and Scripting Interpreter: PowerShell [T1059]
Exploitation for Client Execution [T1203]
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder [T1547]
Process Injection [T1055]
Deobfuscate/Decode Files or Information [T1140]
System Time Discovery [T1124]
Account Discovery [T1087]
Query Registry [T1012]
Process Discovery [T1424]
System Owner/User Discovery [T1033]
Automated Collection [T1119
Data from Local System [T1533]]
Remote File Copy [T1544
Automated Exfiltration [T1020]]
Exfiltration Over C2 Channel [T1041]

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

The Good, the Bad and the Ugly in Cybersecurity – Week 35

/0 Comments/in /by

The Good

This week’s “Good” story also has a few sobering lessons. A Russian national has been arrested in the U.S. on charges of conspiracy related to an attempted cyber attack on electronic vehicle manufacturer Tesla. Egor Kriuchkov is accused of attempting to bribe a Tesla employee with an offer of $1m in Bitcoin in return for installing malware on the company’s network as well as providing details about the company’s infrastructure.

Kriuchkov, who was nabbed by the FBI as he tried to leave the country, allegedly told the unnamed employee that his Russian-based team of cyber criminals would first steal data from Tesla and then hit them with a ransom demand for $4 million dollars. The criminals intended to mount a DDoS attack at the time the malware was installed in order to distract the security team. Kriuchkov allegedly claimed that this method had been successful against other high-profile targets and had netted the gang similar amounts. It is believed that Kriuchkov may have been referring to the ransomware attack on Carlson Wagonlit Travel earlier this month.

Recruiting insiders as a means of breaching security controls is a technique one would normally associate with nation-state actors engaged in espionage, but clearly cyber crime gangs are also both able and willing to invest in the ‘long game’ too, particularly when the rewards are so rich. Kudos to the Tesla employee for thwarting what could have been, in the words of Tesla CEO Elon Musk, a very “serious attack” on the company.

The Bad

Unfortunately, for every attack thwarted, there are so many that are not. This week, researchers have detailed how notorious QakBot (aka QBot, QuakBot) malware has been evolving from banking trojan to malware delivery platform, not unlike Emotet, TrickBot and other so-called “Swiss Army knife” tools. Development this year has been rapid, with at least 15 iterations noted between January and August. Recent QakBot activity has been driven my malspam, but attacks have also been targeting the government and military, as well as manufacturing, across Europe and the United States.

QakBot’s success rides on the back of an MO that is depressingly familiar: a phishing mail leveraging a reply chain attack carries a poisoned document utilizing Visual Basic to download second-stage payloads and communicate with the attacker’s C2 (C&C) server. There is some suggestion that QakBot is also being delivered by rival platform Emotet in some cases.

The malware has the ability to function as a backdoor, and some variants contain a plugin that allows the operators to control the infected device by means of a VNC connection. Stealing credentials and harvesting emails for use in further malspam campaigns are primary objectives, but the malware can also recruit victims’ devices into a botnet and even use them as control servers for other machines. Researchers say QakBot operators have the ability to conduct bank transactions on the victim’s machine without their knowledge.


Source: Check Point

Defending against this malware, like so many others, is primarily a matter of stopping the initial vector of code execution through phishing. Users are also advised to look out for the usual lures such as job advertisements, COVID-19 and Election 2020 themed subjects, along with unexpected invoice and payment reminders.

The Ugly

Attackers are always looking for new infection vectors, and what could be better for them (and worse for us) than an unpatched vulnerability in one of the world’s most widely used sharing platforms, Google Drive? This week a researcher discovered that non-executable documents uploaded and shared to Google Drive can be surreptitiously switched out for malicious executables without warning thanks to the Manage Versions feature.

The proof of concept shows that a file shared among users as, say, Invoice.pdf could be updated to Invoice.exe and the same link to the original file, if clicked, would now execute the malicious file without any warning to the users. To make matters worse, despite the fact that some anti-malware tools might recognize the file as malicious, Google Chrome appears to implicitly trust anything downloaded directly from Google Drive.

Being able to change file version without doing a check on the file type seems like a dangerous flaw that attackers could exploit in spearphishing campaigns: share an innocent file with a user, encourage them to collaborate, then switch it out for malware, and the next time they visit the link…

It’s not immediately clear from the report whether Google plans to address this problem in the future, but until Google enforce file type validation in the ‘Manage Versions’ feature, this is a risk that all Google Drive users should be aware of.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Steno raises $3.5 million led by First Round to become an extension of law offices

/0 Comments/in /by

The global legal services industry was worth $849 billion in 2017 and is expected to become a trillion-dollar industry by the end of next year. Little wonder that Steno, an LA-based startup, wants a piece.

Like most legal services outfits, what it offers are ways for law practices to run more smoothly, including in a world where fewer people are meeting in conference rooms and courthouses and operating instead from disparate locations.

Steno first launched with an offering that centers on court reporting. It lines up court reporters, as well as pays them, removing both potential headaches from lawyers’ to-do lists.

More recently, the startup has added offerings like a remote deposition videoconferencing platform that it insists is not only secure but can manage exhibit handling and other details in ways meant to meet specific legal needs.

It also, very notably, has a lending product that enables lawyers to take depositions without paying until a case is resolved, which can take a year or two. The idea is to free attorneys’ financial resources — including so they can take on other clients — until there’s a payout. Of course, the product is also a potentially lucrative one for Steno, as are most lending products.

We talked earlier this week with the company, which just closed on a $3.5 million seed round led by First Round Capital (it has now raised $5 million altogether).

Unsurprisingly, one of its founders is a lawyer named Dylan Ruga who works as a trial attorney at an LA-based law group and knows first-hand the biggest pain points for his peers.

More surprising is his co-founder, Gregory Hong, who previously co-founded the restaurant reservation platform Reserve, which was acquired by Resy, which was acquired by American Express. How did Hong make the leap from one industry to a seemingly very different one?

Hong says he might not have gravitated to the idea if not for Ruga, who was Resy’s trademark attorney and who happened to send Hong the pitch behind Steno to get Hong’s advice. He looked it over as a favor, then he asked to get involved. “I just thought, ‘This is a unique and interesting opportunity,’ and said, ‘Dylan, let me run this.’ ”

Today the 19-month-old startup has 20 full-time employees and another 10 part-time staffers. One major accelerant to the business has been the pandemic, suggests Hong. Turns out tech-enabled legal support services become even more attractive when lawyers and everyone else in the ecosystem is socially distancing.

Hong suggests that Steno’s idea to marry its services with financing is gaining adherents, too, including amid law groups like JML Law and Simon Law Group, both of which focus largely on personal injury cases.

Indeed, Steno charges — and provides financing — on a per-transaction basis right now, even while its revenue is “somewhat recurring,” in that its customers constantly have court cases.

Still, a subscription product is being considered, says Hong. So are other uses for its videoconferencing platform. In the meantime, says Hong, Steno’s tech is “built very well” for legal services, and that’s where it plans to remain focused.

Sendgrid Under Siege from Hacked Accounts

/0 Comments/in /by

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime.

Image: Wikipedia

Many companies use Sendgrid to communicate with their customers via email, or else pay marketing firms to do that on their behalf using Sendgrid’s systems. Sendgrid takes steps to validate that new customers are legitimate businesses, and that emails sent through its platform carry the proper digital signatures that other companies can use to validate that the messages have been authorized by its customers.

But this also means when a Sendgrid customer account gets hacked and used to send malware or phishing scams, the threat is particularly acute because a large number of organizations allow email from Sendgrid’s systems to sail through their spam-filtering systems.

To make matters worse, links included in emails sent through Sendgrid are obfuscated (mainly for tracking deliverability and other metrics), so it is not immediately clear to recipients where on the Internet they will be taken when they click.

Dealing with compromised customer accounts is a constant challenge for any organization doing business online today, and certainly Sendgrid is not the only email marketing platform dealing with this problem. But according to multiple emails from readers, recent threads on several anti-spam discussion lists, and interviews with people in the anti-spam community, over the past few months there has been a marked increase in malicious, phishous and outright spammy email being blasted out via Sendgrid’s servers.

Rob McEwen is CEO of Invaluement.com, an anti-spam firm whose data on junk email trends are used to improve the spam-blocking technologies deployed by several Fortune 100 companies. McEwen said no other email service provider has come close to generating the volume of spam that’s been emanating from Sendgrid accounts lately.

“As far as the nasty criminal phishes and viruses, I think there’s not even a close second in terms of how bad it’s been with Sendgrid over the past few months,” he said.

Trying to filter out bad emails coming from a major email provider that so many legitimate companies rely upon to reach their customers can be a dicey business. If you filter the emails too aggressively you end up with an unacceptable number of “false positives,” i.e., benign or even desirable emails that get flagged as spam and sent to the junk folder or blocked altogether.

But McEwen said the incidence of malicious spam coming from Sendgrid has gotten so bad that he recently launched a new anti-spam block list specifically to filter out email from Sendgrid accounts that have been known to be blasting large volumes of junk or malicious email.

“Before I implemented this in my own filtering system a week ago, I was getting three to four phone calls or stern emails a week from angry customers wondering why these malicious emails were getting through to their inboxes,” McEwen said. “And I just am not seeing anything this egregious in terms of viruses and spams from the other email service providers.”

In an interview with KrebsOnSecurity, Sendgrid parent firm Twilio acknowledged the company had recently seen an increase in compromised customer accounts being abused for spam. While Sendgrid does allow customers to use multi-factor authentication (also known as two-factor authentication or 2FA), this protection is not mandatory.

But Twilio Chief Security Officer Steve Pugh said the company is working on changes that would require customers to use some form of 2FA in addition to usernames and passwords.

“Twilio believes that requiring 2FA for customer accounts is the right thing to do, and we’re working towards that end,” Pugh said. “2FA has proven to be a powerful tool in securing communications channels. This is part of the reason we acquired Authy and created a line of account security products and services. Twilio, like other platforms, is forming a plan on how to better secure our customers’ accounts through native technologies such as Authy and additional account level controls to mitigate known attack vectors.”

Requiring customers to use some form of 2FA would go a long way toward neutralizing the underground market for compromised Sendgrid accounts, which are sold by a variety of cybercriminals who specialize in gaining access to accounts by targeting users who re-use the same passwords across multiple websites.

One such individual, who goes by the handle “Kromatix” on several forums, is currently selling access to more than 400 compromised Sendgrid user accounts. The pricing attached to each account is based on volume of email it can send in a given month. Accounts that can send up to 40,000 emails a month go for $15, whereas those capable of blasting 10 million missives a month sell for $400.

“I have a large supply of cracked Sendgrid accounts that can be used to generate an API key which you can then plug into your mailer of choice and send massive amounts of emails with ensured delivery,” Kromatix wrote in an Aug. 23 sales thread. “Sendgrid servers maintain a very good reputation with [email service providers] so your content becomes much more likely to get into the inbox so long as your setup is correct.”

Neil Schwartzman, executive director of the anti-spam group CAUCE, said Sendgrid’s 2FA plans are long overdue, noting that the company bought Authy back in 2015.

Single-factor authentication for a company like this in 2020 is just ludicrous given the potential damage and malicious content we’re seeing,” Schwartzman said.

“I understand that it’s a task to invoke 2FA, and given the volume of customers Sendgrid has that’s something to consider because there’s going to be a lot of customer overhead involved,” he continued. “But it’s not like your bank, social media account, email and plenty of other places online don’t already insist on it.”

Schwartzman said if Twilio doesn’t act quickly enough to fix the problem on its end, the major email providers of the world (think Google, Microsoft and Apple) — and their various machine-learning anti-spam algorithms — may do it for them.

“There is a tipping point after which receiving firms start to lose patience and start to more aggressively filter this stuff,” he said. “If seeing a Sendgrid email according to machine learning becomes a sign of abuse, trust me the machines will make the decisions even if the people don’t.”

COVID-19 is driving demand for low-code apps

/0 Comments/in /by

Now that the great Y Combinator rush is behind us, we’re returning to a topic many of you really seem to care about: no-code and low-code apps and their development.

We’ve explored the theme a few times recently, once from a venture-capital perspective, and another time building from a chat with the CEO of Claris, an Apple subsidiary and an early proponent of low-code work.

Today we’re adding notes from a call with Appian CEO Matt Calkins that took place yesterday shortly after the company released its most recent earnings report.

The Exchange explores startups, markets and money. You can read it every morning on Extra Crunch, or get The Exchange newsletter every Saturday.

Appian is built on low-code development. Having gone public back in 2017, it is the first low-code IPO we can think of. With its Q2 results reported on August 6, we wanted to dig a bit more into what Calkins is seeing in today’s market so we can better understand what is driving demand for low- and no-code development, specifically, and demand for business apps more generally in 2020.

As you can imagine, COVID-19 and the accelerating digital transformation are going to come up in our notes. But, first, let’s take a look at Appian’s quarter quickly before digging into how its low-code-focused CEO sees the world.

Results, expectations

Appian had a pretty good Q2. The company reported $66.8 million in revenue for the three-month period, ahead of market expectations that it would report around $61 million, though collected analyst estimates varied. The low-code platform also beat on per-share profit, reporting a $0.12 per-share loss after adjustments. Analysts had expected a far worse $0.25 per-share deficit.

The period was better than expected, certainly, but it was not a quarter that showed sharp year-over-year growth. There’s a reason for that: Appian is currently shedding professional services revenue (lower-margin, human-powered stuff) for subscription incomes (higher-margin, software-powered stuff). So, as it exchanges one type of revenue for another with total subscription revenue rising a little over 12% in Q2 2020 compared to the year-ago quarter, and professional services revenue falling around 10%, the company’s growth will be slow but the resulting revenue mix improvement is material.

Most importantly, inside of its larger subscription result for the quarter ($41.4 million) were its cloud subscription revenues, worth $29.6 million for the quarter and up 30% compared to the year-ago period. Summing, the company’s least lucrative revenues are falling as its most lucrative accelerate at the fastest clip of any of its cohorts. That’s what you’d want to see if you are an Appian bull.

Shares in the technology company are up around 45% this year. With that, we can get started.

Salesforce confirms it’s laying off around 1,000 people in spite of monster quarter

/0 Comments/in /by

In what felt like strange timing, Salesforce has confirmed a report in yesterday’s Wall Street Journal that it was laying off around 1,000 people, or approximately 1.9% of the company’s 54,000 strong workforce. This news came in spite of the company reporting a monster quarter on Tuesday, in which it passed $5 billion in quarterly revenue for the first time.

In fact, Wall Street was so thrilled with Salesforce’s results, the company’s stock closed up an astonishing 26% yesterday, adding great wealth to the company’s coffers. It seemed hard to reconcile such amazing financial success with this news.

Yet it was actually something that president and chief financial officer Mark Hawkins telegraphed in Tuesday’s earnings call with industry analysts, although he didn’t come right and use the L (layoff) word. Instead he couched that impending change as a reallocation of resources.

And he talked about strategically shifting investments over the next 12-24 months. “This means we’ll be redirecting some of our resources to fuel growth in areas that are no longer as aligned with the business priority will be now deemphasized,” Hawkins said in the call.

This is precisely how a Salesforce spokesperson put it when asked by TechCrunch to confirm the story. “We’re reallocating resources to position the company for continued growth. This includes continuing to hire and redirecting some employees to fuel our strategic areas, and eliminating some positions that no longer map to our business priorities. For affected employees, we are helping them find the next step in their careers, whether within our company or a new opportunity,” the spokesperson said.

It’s worth noting that earlier this year, Salesforce CEO Marc Benioff pledged there would be no significant layoffs for 90 days.

The 90-day period has long since passed and the company has decided the time is right to make some adjustments to the workforce.

It’s worth contrasting this with the pledge that ServiceNow CEO Bill McDermott made a few weeks after the Benioff tweet, promising not to lay off a single employee for the rest of this year, while also pledging to hire 1,000 people worldwide the remainder of this year, while bringing in 360 summer interns.

Salesforce’s Benioff pledges no ‘significant’ layoffs for 90 days

How Salesforce beat its own target to reach $20B run rate ahead of schedule

/0 Comments/in /by

Salesforce launched in 1999, one of the early adherents to what would eventually be called SaaS and cloud computing. On Tuesday, the company reached a huge milestone when it surpassed $5 billion in revenue, putting the SaaS giant on a $20 billion run rate for the first time.

Salesforce revenue has been on a firm upward trajectory for years now, but when the company reached $10 billion in revenue in November 2017, CEO Marc Benioff set the goal for $20 billion right then and there, and five years hence the company beat that goal pretty easily. Here’s what he said at the time:

In fact as the fastest growing enterprise software company ever to reach $10 billion, we are now targeting to grow the company organically to more than $20 billion by fiscal year 2022 and we plan to do that to be the fastest enterprise software company ever to get to $20 billion.

There are lots of elements that have led to that success. As the Salesforce platform evolved, the company has also had an aggressive acquisition strategy, and companies are moving to the cloud faster than ever before. Yet Salesforce has been able to meet that lofty 2017 goal early, while practicing his own unique form of responsible capitalism in the midst of a pandemic.

The platform play

While there are many factors contributing to the company’s revenue growth, one big part of it is the platform. As a platform, it’s not only about providing a set of software tools like CRM, marketing automation and customer service, it’s also giving customers the ability to build solutions to meet their needs on top of that, taking advantage of the work that Salesforce has done to build its own software stack.

Bret Taylor, president and chief operating officer at Salesforce, says the platform has played a huge role in the company’s success. “Actually our platform is behind a huge part of Salesforce’s momentum in multiple ways. One, which is one thing we’ve talked a lot about, is just the technology characteristics of the platform, namely that it’s low code and fast time to value,” he said.

He added, “I would say that these low-code platforms and the ability to stand up solutions quickly is more relevant than ever before because our customers are going to have to respond to changes in their business faster than ever before,” he said.

He pointed to nCino, a company built on top of Salesforce that went public last month as a prime example of this. The company was built on Salesforce, sold in the AppExchange marketplace and provides a way for banking customers to do business online, taking advantage of all that Salesforce has built to do that.

How Salesforce paved the way for the SaaS platform approach

The acquisition strategy

Another big contributing factor to the company’s success is that beyond the core CRM product it brought to the table way back in 1999, it has built a broad set of marketing, sales and service tools and as it has done that, it has acquired many companies along the way to accelerate the product road map.

The biggest of those acquisitions by far was the $15.7 billion Tableau deal, which closed just about a year ago. Taylor sees data fueling the push to digital we are seeing during the pandemic, and Tableau is a key part of that.

“Tableau is so strategic, both from a revenue and also from a technology strategy perspective,” he said. That’s because as companies make the shift to digital, it becomes more important than ever to help them visualize and understand that data in order to understand their customers’ requirements better.

“Fundamentally when you look at what a company needs to do to thrive in an all-digital world, it needs to be able to respond to [rapid] changes, which means creating a culture around that data,” he said. This enables companies to respond more quickly to changes like new customer demands or shifts in the supply chain.

“All of that is about data, and I think the reason why Tableau grew so much this past quarter is that I think that the conversation around data when you’re digitizing your entire company and digitizing the entire economy, data is more strategic than it ever was,” he said.

With that purchase, combined with the $6.5 billion MuleSoft acquisition in 2018, the company feels like it has a way to capture and visualize data wherever it lives in the enterprise. “It’s worth noting how complementary MuleSoft and Tableau are together. I think of MuleSoft as unlocking all your enterprise data, whether it’s on a legacy system or a modern system, and Tableau enables us to understand it, and so it’s a really strategic overall value proposition because we can come up with a really complete solution around data,” Taylor said.

Salesforce closes $15.7B Tableau deal

Capitalism with some heart

Benioff was happy to point out in an appearance on Mad Money Tuesday that even as he has made charity and volunteerism a core part of his organization, he has still delivered solid returns for his shareholders. He told Mad Money host Jim Cramer, “This is a victory for stakeholder capitalism. It shows you can do good and do well.” This is a statement he has made frequently in the past to show that you can be a good corporate citizen and give back to your community, while still making money.

Those values are what separates the company from the pack says Paul Greenberg, founder and principal analyst at 56 Group and author of CRM at the Speed of Light. “Salesforce’s genius, and a large part of the reason I don’t expect any serious slowdown in that extraordinary growth, is that they manage to align the technology business with corporate social responsibility in a way that makes them stand out from any other company,” Greenberg told TechCrunch.

Yesterday’s numbers come after Q1 2021, in which the company offered softer guidance as it was giving some of its customers, suffering from the impact of the pandemic, more financial flexibility. As it turns out, that didn’t seem to hurt them, and the guidance for next quarter is looking good too: $5.24 billion to $5.25 billion, up approximately 16% year over year, according to the company.

It’s worth noting that while Benioff pledged no new layoffs for 90 days at the start of the pandemic, with that time now ending, The Wall Street Journal reported yesterday that the company was planning to eliminate 1,000 roles out of the organization’s 54,000 total employees, while giving those workers 60 days to find other roles in the company.

Getting to $20 billion

Certainly getting to that $20 billion run rate is significant, as is the speed with which they were able to achieve that goal, but Taylor sees an evolving company, one that is different than the one it was in 2017 when Benioff set that goal.

“I would say the reason we’ve been able to accelerate is through organic [growth], innovation and acquisitions to really build out this vision of a complete customer [picture]. I think it’s more important than ever before,” he said.

He says that when you look at the way the platform has changed, it’s been about bringing multiple customer experience capabilities together under a single umbrella, and giving customers the tools they need to build these out.

“I think we as a company have constantly redefined what customer relationship management means. It’s not just opportunity management for sales teams. It’s customer service, it’s e-commerce, it’s digital marketing, it’s B2B, it’s B2C. It’s all of the above,” he said.

Salesforce at 20 offers lessons for startup success