Author: MEST Africa On February 28, 2019, MEST Incubator Cape Town welcomed over 100 people to watch the MEST Africa Challenge regional pitch competition. After assessing nine top startups based on their validated problem and solution, business model, market size, MVP, competitor analysis, go-to-market execution and team buildup, the judges were excited to announce the winner from South Africa was Snode Technologies, a cybersecurity and intelligence business that leverages mathematics to analyse data in real-time at scale. Eight years ago, Snode Founder and CEO Nithen Naidoo decided that the way we approach defense is flawed because of how easy it is becoming to bypass security controls. The World Economic Forum lists cybercrime as one of the top ten risks facing mankind. By 2021, the global cybersecurity spend will be over $1 Trillion, and we would have lost $6 Trillion to cybercriminals. Nithen decided a more innovative solution was required to address the risks associated with cybersecurity globally. He created Snode to gain insight into prevailing patterns, which are not visible to the human eye, allowing users to identify attacks before they happen. Snode’s unique approach to cybersecurity leverages advanced mathematical algorithms and the power of machine learning to process dynamic data, in any format, at any scale, in real-time. Its target audience is varied, as its ability to passively defend infrastructure, without affecting critical business operations, has made it attractive to mining, logistics and telecommunication businesses. When asked why people will be excited about their company, Snode told us, “This is an innovative African solution that has been embraced globally due to its effectiveness, efficiency and simplicity. It solves a serious global problem, in a truly African way, using our local creativity and ingenuity.” Over the next 2–3 years, Snode hopes to scale to the rest of Africa, South East Asia and the Middle East, and says winning the MEST Africa Challenge finals would “give us the platform to access new African markets, build brand awareness and trust across the continent.” MEST and Microsoft look forward to welcoming the Snode Technologies team to the finals at the MEST Africa Summit in June!
Author: ITWeb During the run-up to the ITWeb Security Summit 2019, an Ideathon will be held on 6 April, aimed at preparing participants of #SS19Hack, which will run alongside the event. The Ideathon will consist of a full day of training and idea generation, and will be hosted in an environment that is creative and conducive to stimulating attendees' 'thinking mojos', says Tiyani Nghonyama, COO and CTO of Geekulcha. The Ideathon will be powered by Snode Technologies, a supporter of the Hackathon since its inception in 2017. The Ideathon runs from 9am to 5pm at iClub in the Tshimologong Digital Precinct, at 41 Juta Street. Industry leaders will be holding presentations and mentoring the participants throughout the day, including Ivan Regasek (CEO) of ITWeb, Doreen Mokoena from the .ZA Domain Name Authority, Steve Jump from Telkom, Solomon Bhala from PwC, Lee Annamalai from MapIT, Nithen Naidoo from Snode and Ridewaan Hanslo from the CSIR. Participants will be also be mentored by experts from Micro Focus, PwC, MTN, the session leaders, and Bernard Mashala, who will lead the mentors in Kimberley. As a host, the Tshimologong Digital Precinct's events and marketing manager, Kendal Makgamathe, says they are excited to be collaborating with ITWeb and Geekulcha. "We look forward to breaking down more barriers to entry into our industry. Hosting the Security Summit Ideathon that feeds into the #SS19 Hackathon allows us to actively support work that seeks to build up the digital and tech innovation ecosystem." Says Regasek: "We are in our third year, and with support from the start of the many individuals in their capacities or on behalf of their organisations who continue to give their time, I do believe for the past two years we've managed to achieve an event where real thinking, coding and learning happens, although on a small scale. "We are looking forward to putting it on a bigger stage this year, are very welcome for old and new supporters. We look forward to working with them for a shared purpose, and are hopeful of more support of such efforts all round and in years to come," he adds. "Tshimologong Precinct, Dr Dwolatzki's dream of an African brain hub still to be fully realised, is one of the places that make me optimistic about the future, and we are thankful it is hosting us for the event. We are looking forward to an excellent agenda of speakers, dedication and inspired ideas from the young participants, and a fun day of learning in the heart of Johannesburg," concludes Regasek. In addition, Northern Cape Geeks from Kimberley will attend both the Ideathon, as well as another hackathon in May, at Sol Plaatje University. Winners will then join SS19Hack in Sandton, running alongside the ITWeb Security Summit 2019. In addition, several of the sessions from the Johannesburg edition of Ideathon will be live-streamed to Kimberley. Chairperson of the Geekulcha Student Society at Sol Plaatje University, Barrington Hulana, says he's excited about the Ideathon because it's another chance to assess and build tech capacity in the province. Rodwyn Grewan, senior manager from DEDAT in the Knowledge and Innovation Economy sub-programme, has been leading these ICT programmes in the province since the inception of the NCDev Ecosystem. He says: "As the world becomes more digitally integrated, cyber security and cyber intelligence become of a greater concern. The challenges and opportunities are not only technical, but social as well. By contributing to support the technical skills, the Hackathon platform is also helping address the socio-technical system." The programme will feature training session by industry leaders, a ‘Capture The Flag' challenge walk-through by Snode, a pitch session and a prize-giving. To register for the Ideathon, click here.
Author: Snode Technologies Security researchers at Snode Technologies, a cybersecurity and data analytics company based in Gauteng, have recently uncovered an ongoing malicious phishing attack specifically targeted at Standard Bank Business users. The victims of this attack received a mail, seemingly from Standard Bank, that informed them that they had outstanding payments due to SARS and, in order to view the details of this outstanding payment, they had to click on the attachment. At a quick glance, the mail could potentially fool, even more vigilant users, into believing that it could indeed be legitimate. All the “normal” Standard Bank branding and imagery is visible, and the sender’s email address appears to be a legitimate Standard Bank domain. So then, the question is how did these attackers manage to use a seemingly legitimate address, subsequently bypass spam filters, and still manage to trick users into filling in their details? To understand this, Snode’s security researchers performed a deep-dive analysis to uncover the true method and motivation for this phishing attack. Header Analysis First, a deep header analysis was conducted on one of the emails received to understand just exactly how the attackers used a standardbank.co.za email address. What was found is that the attackers were using an unprotected open email relay service (ecoenergo.com.ua, mail.ecoenergo.com.ua, 220.127.116.11) to spoof the sender address as “Standard Bank <firstname.lastname@example.org>” This top-level domain (standardbank.co.za) was specifically crafted to bypass technical controls like spam filters. Spam Filter Pass Through Secondly, in order to understand how this attack bypassed the spam filters, it’s important to understand that spam filters will, in most cases, allow spoofed emails through if the *SPF (Sender Policy Framework) check results in a “Pass” or “Soft Fail”. In this attempt, it was found that the attacker manipulated the header to trick the SPF record in resolving the original sender domain to the original sender IP, and not resolving to standardbank.co.za. When this happens, it exposes the original email relay (mail.ecoenergo.com.ua) but allows the email to pass through the filters. Below is an example of the ongoing phishing campaign: Figure1: An example of what the user will see when receiving the phishing mail. Social Engineering In the above screenshot of the sample mail, the copy asks the user to open the attached .pdf file to view the “…Pending payment from SARS.” When examining the attachment, it is evident that the file extension is “.pdf.html”. Once clicked, the user saves and opens a local HTML file (as opposed to the intended PDF). This HTML file initially loads a GoDaddy shortened URL in the user’s browser and then redirects to a URL that would look something like this: ‘https://zREDACTEDq/gti/onlinebanking.standardbank.co.za’. This final redirect changes as the phishing domains are reported and flagged as malicious by Google. Below are examples of live and burned domains hosting the phishing attack: Figure 2: Example of a live phishing domain. Figure 3: Example of a domain which has been burned. Taking a Closer Look After a domain is burned, a new deployment is spun up: Due to the rapid pace of deployment that the attacker requires in order to keep new phishing domains live and un-flagged, the process of deployment is done hastily and as a result the root directory of the web server is directory indexed – which reveals a .zip file used for these quick deployments. Within the source code, the inner workings of the web-server is revealed. This gave the security researchers at Snode access to the results of the phishing attack – saved on the web-hosted directory of each spun up domain. The results that were uncovered included confidential information such as email addresses, passwords, client IPs, user agents, telephone numbers, and OTP attempts (the phishing server indefinitely loops, asking the user for the most recent OTP). At the time of this write-up, the phishing attack has been observed over a period of 3 days and in excess of 500 submissions have been made to the phishing website(s).
Author: Alastair Waldeck, Head of Marketing (Snode) One month after the successful Ideathon was held in Johannesburg CBD, the Hackathon participants gathered once again for the main event at Vodacom World in Midrand, the #SS18Hack! In total, 42 infosec aspirants from all around the country arrived for a two-day event that would test their stamina, concentration, teamwork and coding abilities to the limit! The theme of these year’s Hackathon was ‘Man vs Machine – Securing the future of business against an ever-changing threat landscape’; focusing, as the title suggests, on machine learning and creating a solution that could solve real-world security problems that continue to plague many organisations today. The 11 teams arrived early on the morning off 22 May, full of energy and motivation, and immediately started getting to work on their ideas with the guidance from their respective mentors. By the evening of the 22nd, the participants had made themselves comfortable and settled down for a long night of hard work and coding. When delegates from the Security Summit walked in the next day, the room was virtually unrecognisable; bean bags, energy drinks and snacks were scattered everywhere! The long-haul proved too much for some as they caught a quick power nap to give themselves the ability to push through the last few hours before the final presentations and judging. The participants truly had pulled out all the stops to ensure that they can keep going, keep coding, with their eyes constantly focused on the top spot! At half-past two on day two, time was up! The teams now had to pitch their ideas to the judges in the hopes that what they had manage to create was good enough to earn them a place in the winner’s circle. Each team had 6 minutes to present followed by Q&A from the judges. After all the pitches were complete, the judges went away to deliberate as the teams anxiously waited for the results. A few minutes later, it was done, the scores were tallied and the winners were known. Doreen Mokoena, Internet Governance Coordinator at .ZA Doman Name Authority had the honours of announcing the top teams. In third place was team Knowzee who presented a solution that allowed individuals to determine whether or not they were sharing too much information on their social media accounts. First and second place were neck-in-neck with the judges having to discuss long and hard in order to reach a consensus as to whom they believed should be the winner. Moringa IT, a team from Kimberley, ultimately claimed second place. Their idea was a platform that utilised the power of IoT in order to assist farmers with the irrigation of their crops by sensing the moisture levels in the soil and allowing the irrigation systems to automatically determine when and for how long the crops should get irrigated. The magic of team Data Wizards, however, proved to be too much as they claimed top spot at this year’s hackathon! Their solution was to prevent fraudulent activity in real-time at a transactional level. As a transaction occurs, each transaction would be assigned a risk score based on a several factors, this score would then determine whether or not the transaction should be accepted or declined. The winning team walked away with R20 000, followed by the second and third teams receiving R10 000 and R5 000 respectively. We would like to thank everyone who participated in the Hackathon for their hard work and dedication and for assisting in pulling off yet another successful event! Here’s to many more! The #SS18Hack was sponsored by the Northern Cape Department of Economic Development and Tourism, Geekulcha, Snode, The Business Clinic, MTN and CISO Alliances.
Author: ITWeb With the first day of ITWeb’s 2019 Security Summit underway at the Sandton Convention Centre in Johannesburg, 50 young tech enthusiasts are participating in this years’ Hackathon event sponsored by PwC. The hackathon, held by ITWeb in conjunction with ICT skills development company Geekulcha and Snode Technologies, aims to nurture individuals who are keen to develop their skills through learning and innovation, and who have a passion for cyber security. Running for the third time alongside the summit, this year’s hackathon is themed ‘Protecting connected citizens in the 4IR’. Aptly called #SS19hack, the hackathon has participants as young as 13 participating and engaging with industry leaders. Lerouro Mogeora, aged 13, is the youngest participant this year, while for 14-year old Sifiso Nkabinde this is the second year at the event. Those participating range from high school pupils to students from the Vaal University, the Tshwane University of Technology and the University of the Witwatersrand. There are 13 teams hacking it out, creating secure IoT applications. As they code, they need to identify at least three vulnerabilities within their applications utilising OWASP, an open source cyber security platform for checking common vulnerabilities. OWASP also has tools to assist the coders in improving the security of their software. A week ago, at a similar hackathon event in Kimberly, eight teams were competing, with the winning team there creating a solution that provides encrypted file share and messaging applications for government ministries. The top three teams from the event will also have their projects judged alongside those in Johannesburg. The overall winning team from the two Hackathons will win R20 000 sponsored by Micro Focus, with the second and third placed teams winning R10 000 and R5 000 respectively, courtesy of MTN. An added bonus for the top team in Johannesburg is that they will be awarded the Tshimologong Precinct Security Summit Hackathon trophy. The #SS19hack continues during the second day of the ITWeb Security Summit 2019. Mentors Ivan Regasek, CEO, ITWebRidewaan Hanslo, CSIR Steve Jump, TelkomSolomon Bhala, PwCBernard Mashala, Transet Nithen Naidoo, SnodeFrancois Mouton, CyanreIcconies Ramatsakane, PwCGift Nyembe, PwCMarco Loots, PwCMichael van Rensburg, SnodeTsholofelo Rantao, PwCThulisile Dlamini, Ikusasa Tech Solutions Panel of judges Doreen Mokoena, ZADNALucy Motsieloa, PwCSeth Robbertse, Micro FocusKendal Makgamathe, TshimologongSorene Assefa, Cyber Czar
On Thursday 23 May 2019, we attended the Freshworks Networking Meet talking about the impact of an increasingly connected world. In 2019, the influence of IoT, cloud, and BYOD have a dramatic impact, not only in our personal lives, but also in the world of business. It is crucial that organisations shift their thinking from a historic view of cybersecurity as a “grudge purchase” to something that is vital to the running of your organisation, is crucial for success and can often win battles in the boardroom. Our Founder and CEO, Nithen Naidoo, spoke about the changes we have seen in our client environments, especially with the workforce becoming increasingly dominated by millennials who expect to be connected at all times. Unlike traditional antivirus software, DLPs and firewalls, the Guardian platform is able to detect even the smallest changes in your networked environment and provides organisations with an unprecedented level of visibility and control of their network. It allows businesses across the globe to identify and prevent potential data exfiltration, malware infections and avoid catastrophic ransomware attacks such as the well-known Wannacry malware. Once the floor was opened for questions, the audience raised concerns around how secure (1) Mac vs Windows Operating Systems are and (2) mobile vs desktop platforms, with a mention of the recent Huawei-Google ban. The long and short of it is that there is no one platform that is more or less secure than another, every system contains some form of vulnerability and can be exploited just as easily, the question comes in around what is most lucrative for the attacker. The myth of a Mac being more secure than a Windows PC is largely due to the fact that there are simply more Windows PCs out there and most organisations across the globe make use of Windows Operating Systems as the norm. Attackers, like businesses, often focus on ROI and will always focus their attention on where they believe they can have the greatest impact. When it comes to the mobile industry, mobile malware is growing at a rapid rate and often mobile devices are a greater concern than laptop or desktop devices as many users often blindly accept permissions on all their applications and are generally more trusting when it comes to a potentially “life-changing” application that appears on the app store. This poses a particular risk to organisations as these devices are often brought into the office and are connecting to the corporate network, allowing the malware to spread though the network and impact the business productivity and reputation. Following Naidoo’s keynote, we joined a panel discussion chatting about creating a balance between organisational productivity and enterprise security in the age of consumerisation. Naidoo was joined by Darren Bilse (Systems and Technology Manager at Spark Schools), Andre Fredericks (CIO at Indie Sanlam) and Greg Lock (Senior Solution Architect at ITEC South Africa); moderating the panel was Saurabh Prabhuzantye (Business Head – MEA at Freshworks). Topics covered in the panel covered everything from how consumerisation of IT has impacted the organisations for which the panellists’ work, to how migration to the cloud has brought both benefits and challenges to IT heads and CIOs around the world, to understanding what you are buying and whether or not it suits your organisation and the needs of your team on the ground; real world problems facing real world organisations. The meet was a great information and knowledge sharing platform, allowing vendors and customers alike to openly share their opinions and experiences and to leverage off of the combined knowledge of South African and global IT professionals. We would like to thank the Freshworks team for inviting us to participate in this event and look forward to working with them in the future!
The Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) have issued a joint Malware Analysis Report (AR19-129A) on a new malware variant used by the North Korean government. This malware was detected while tracking the malicious activities of the North Korean-backed hacking group Hidden Cobra (also known as Lazarus) and has been identified as Electricfish. Lazarus Group is a cybercrime group made up of an unknown number of individuals. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them over the last decade. A notable attack by the group is the attack on Sony Pictures in 2014, which was the start to one of the largest corporate breaches in recent history. The hackers were able to cripple the Sony network for several days and gain access to valuable insider information including previously unreleased films and the personal information of approximately 4,000 past and present employees. The group was also able to access internal emails and reveal some very speculative practices going on at Sony. This latest report on Electricfish, published on the US-CERT website, comes with a detailed analysis of one malicious 32-bit executable file found to be infected with Lazarus' Electricfish malware. In this file, the malware appears to implement a custom protocol that creates a connection between the infected host and an external, malicious, destination host, bypassing authentication controls to reach outside of the network. Once a connection has been established, the Electricfish malware is able to funnel internet traffic between the two machines allowing the malicious actors to funnel information collected from compromised computers to servers that they control. The full, detailed report and analysis for the Electricfish malware sample as well as a full list of Indicators of Compromise (IoC’s) are available within the AR19-129A advisory.
Author: ITWeb Africa "Intriguingly challenging," is how one student described ITWeb's 2019 #SS19Hack Ideathon, held at the Tshimologong Digital Innovation Precinct in Braamfontein this past weekend. The ideathon is a build-up to the third annual cyber security-focused hackathon that will run alongside ITWeb Security Summit 2019 from 27 to 31 May. Organised by ITWeb in partnership with Snode Technologies and Geekulcha, the full-day software development training and brainstorming event hosted a bunch of young tech enthusiasts eager to learn new skills and solve problems. Mixo Ngoveni, founder of Geekulcha, told ITWeb the aim of the #SS19Hack Ideathon, and ultimately the hackathon in May, is to improve cyber security skills, tools and capabilities in the country. "With this one in particular, it is all about protecting the connected citizen." Those in attendance (students, tech entrepreneurs, software and hardware developers, designers and analysts) were welcomed by Kendal Makgamathe, community manager at Tshimologong, and Ivan Regasek, ITWeb CEO. The participants were separated into two teams: the red team (the attackers) and the blue team (the defence). Nithen Naidoo, founder and CEO of Snode Technologies, said the idea behind breaking the teams into two was about the "gamification" concepts, and making it more exciting for both the players and supporters. Ridewaan Hanslo, software engineer, advisor and researcher at CSIR, told the blue team: "You are the people that must find solutions. They [hackers] get glorified by finding problems; that's typically how it works." Steve Jump, head of corporate information security governance at Telkom, was one of the mentors and spoke to students about the importance of "securing by design" when writing software. Solomon Bhala, senior manager of cyber threat detection and response at PwC, gave a detailed credit card fraud presentation that had teams actively participating and asking questions around cyber attacks and credit card fraud. Naidoo noted Snode is working with PwC and a few large security companies to offer all the participants three-month internships so they can take the skills they have learned at the #SS19Hack Ideathon and implement them. They would get to work with knowledgeable cyber security teams, get paid, and potentially become full-time employees of those companies. "So it is a great opportunity not just for us to nurture talent but to source it for other cyber security companies."
Nithen Naidoo, Founder and CIO, Snode talks about: what the company does and how; how Snode Guardian can identify cyber-attacks; how the company has been funded; and future plans.
The second in a series of videos from the PHP Meetup event hosted at the Hello Group on 16 January 2018.
The first in a series of videos from the PHP Meetup event hosted at the Hello Group on 16 January 2018.
Snode is a data analytics platform that is designed to make the lives of whomever uses it easier, to assist in solving problems that were previously thought impossible, and to ultimately make a fundamental difference in the world as we know it.