Recent

Data Wizards’ Magic Proved Too Strong at #SS18Hack

May 25, 2018

Author: Alastair Waldeck, Head of Marketing (Snode)   One month after the successful Ideathon was held in Johannesburg CBD, the Hackathon participants gathered once again for the main event at Vodacom World in Midrand, the #SS18Hack! In total, 42 infosec aspirants from all around the country arrived for a two-day event that would test their stamina, concentration, teamwork and coding abilities to the limit! The theme of these year’s Hackathon was ‘Man vs Machine – Securing the future of business against an ever-changing threat landscape’; focusing, as the title suggests, on machine learning and creating a solution that could solve real-world security problems that continue to plague many organisations today. The 11 teams arrived early on the morning off 22 May, full of energy and motivation, and immediately started getting to work on their ideas with the guidance from their respective mentors. By the evening of the 22nd, the participants had made themselves comfortable and settled down for a long night of hard work and coding. When delegates from the Security Summit walked in the next day, the room was virtually unrecognisable; bean bags, energy drinks and snacks were scattered everywhere! The long-haul proved too much for some as they caught a quick power nap to give themselves the ability to push through the last few hours before the final presentations and judging. The participants truly had pulled out all the stops to ensure that they can keep going, keep coding, with their eyes constantly focused on the top spot! At half-past two on day two, time was up! The teams now had to pitch their ideas to the judges in the hopes that what they had manage to create was good enough to earn them a place in the winner’s circle. Each team had 6 minutes to present followed by Q&A from the judges. After all the pitches were complete, the judges went away to deliberate as the teams anxiously waited for the results. A few minutes later, it was done, the scores were tallied and the winners were known. Doreen Mokoena, Internet Governance Coordinator at .ZA Doman Name Authority had the honours of announcing the top teams. In third place was team Knowzee who presented a solution that allowed individuals to determine whether or not they were sharing too much information on their social media accounts. First and second place were neck-in-neck with the judges having to discuss long and hard in order to reach a consensus as to whom they believed should be the winner. Moringa IT, a team from Kimberley, ultimately claimed second place. Their idea was a platform that utilised the power of IoT in order to assist farmers with the irrigation of their crops by sensing the moisture levels in the soil and allowing the irrigation systems to automatically determine when and for how long the crops should get irrigated. The magic of team Data Wizards, however, proved to be too much as they claimed top spot at this year’s hackathon! Their solution was to prevent fraudulent activity in real-time at a transactional level. As a transaction occurs, each transaction would be assigned a risk score based on a several factors, this score would then determine whether or not the transaction should be accepted or declined. The winning team walked away with R20 000, followed by the second and third teams receiving R10 000 and R5 000 respectively. We would like to thank everyone who participated in the Hackathon for their hard work and dedication and for assisting in pulling off yet another successful event! Here’s to many more! The #SS18Hack was sponsored by the Northern Cape Department of Economic Development and Tourism, Geekulcha, Snode, The Business Clinic, MTN and CISO Alliances.

Proof: SA Is First In Line For Emerging Advanced Attacks

May 21, 2018

Author: Alastair Waldeck, Head of Marketing (Snode)   In an article published by ITWeb last week, Nithen Naidoo (Snode Founder and CEO) stated that South Africa is often first in line for newly emerging, advanced attacks. Developing economies such as Bangladesh, Vietnam and South Africa are viewed as soft, and lucrative, targets by organised crime syndicates with highly advanced cyber capabilities due to the fact that they have not made the same kind of security investments as their developed nation counterparts. One of the interesting findings mentioned in the article was the increasing trend of Snode clients being affected by an old "commercial-grade" Trojan called FinSpy, which was widely reported in 2013. "The malware is not necessarily new but the attack vectors to deliver the malware are new and quite advanced. This is similar to the Terdot malware, which delivered the old Zeus Trojan.", stated Naidoo. At the same time we were detecting this type of activity within our SA client base, AlienVault’s Open Threat Exchange (OTX) reported the discovery of a new version of FinFisher, a malware that is currently evading notice and leveraging social media to threaten critics in Turkey and beyond. It is specifically coded in order to appear as simple criminal malware, however there are several forensic artefacts which provide a clear indication that the agent identified is in fact FinSpy. The most substantial change in this latest version when compared to the original FinSpy malware is the steps it has taken to address the failures that led to the original software’s discovery and acknowledgement by security researchers. FinSpy infects its targets by redirecting the user, when downloading an application, to a version of an application that is infected with the FinFisher malware. This then allows the attacker to perform several activities such as live surveillance through webcams and microphones, keylogging, and exfiltration of files. The fact that this trend of the new, emerging FinFisher malware was detected by the Snode Guardian Cybersecurity Platform at the same time as organisations abroad is proof that South Africa is indeed a prime target for new and advanced cyberattacks. The need for South African organisations to not only ensure that they have adequate security measures in place to detect, prevent and respond against these attacks but also to share their threat intelligence and disclose when and how they are being attacked, is now more crucial than ever. In this ever-changing technological landscape, organisations are forced to find new ways to increase their security posture and minimise their risk. The Snode Guardian cybersecurity platform utilises learning machines, mathematics, and a synergy between both human and artificial intelligence (Intelligence Amplification) to monitor, detect and proactively respond to all threats on every device within your network, from traditional network devices through to BYOD, cloud and IoT devices. Naidoo will be presenting at the upcoming ITWeb Security Summit, and delegates attending his talk will learn about the emerging threats we see in Snode's South African client environments, as well as the key issues affecting the majority of its South African clients. He will also discuss the defence strategies clients have used that best address these issues. The ITWeb Security Summit is southern Africa’s definitive conference and expo for information security, IT and business professionals. This year, over 70 expert speakers will deliver key insights across 7 tracks, including workshops and training courses during the expanded 5-day event. The ITWeb Security Summit will be staged at Vodacom World, Midrand, from 22 – 23 May 2018; and CTICC Cape Town on 29 May 2018. Focused and interactive workshops as well as in-depth training courses will be run in the days around the main conference and exhibition. For more information, go to www.securitysummit.co.za. For information on Security Summit Cape Town, click here.

Young Minds Prepare For #SS18 Hack

April 21, 2018

Author: Alastair Waldeck, Head of Marketing (Snode)   A group of motivated young men and women gathered in the offices of The Business Clinic in Johannesburg CBD early on Saturday morning for the 2nd Annual #SS18Hack Ideathon. The Ideathon provided these aspiring cybersecurity and IT professionals with an opportunity to meet and greet with some of the top minds in the industry as well as to learn a thing or two from the four main workshops presented on the day. The Ideathon serves as pre-selection event for the larger, main event; the #SS18 Hackathon which will be held at Vodaworld in Midrand on the 22-23 May. The day began with an introduction from Mr Lucky Litelu (Executive Chairman and CEO of ICRD GROUP) and the sponsorship team of Tiyani Ngonyama (COO, Geekulcha), Allyson Towle (Senior Conference Director, ITWeb Events) and Alastair Waldeck (Head of Marketing, Snode). Our first speaker of the day was Ridewaan Hanslo from the CSIR who gave the attendees a comprehensive overview of Web App Security by providing several examples of different types of attacks, attackers, interactive examples how to practically identify and prevent these attacks as well as how to ensure that your next application is created with security as a priority. Second up was our very own Founder and CEO, Nithen Naidoo. He provided an introduction to the AI and Infosec industry by discussing the latest tools and methods within the cybersecurity and data analytics industry as well as how to analyse vast quantities of data in real-time in order to pull various insights, detect anomalies and trends and to be able to predict and defend against ever-evolving cyberattacks. After a quick break where the guys were able to refuel, get to know one another, ask questions and discuss ideas with the presenters, sponsors and other attendees, we returned to our seats for the 3rd workshop of the day. Francois Mouton from the CSIR was up next. Francois gave us a presentation on Ethical Hacking with a focus on his speciality, social engineering. By providing us with some simple, everyday examples of how human’s inherent trust can be our own downfall, he made us realise how simple a cyberattack can really be and how our perception of a cybercriminal being a person in a hoodie hiding behind a laptop is far from the truth. Last, but certainly not least, Kimoon Kim from Siatik spoke us through the concepts of Big Data and Machine Learning. By focusing on powerful platforms that are readily available for us to use such as Google Cloud and BigQuery, the attendees discovered how to easily analyse all their data, regardless of size, in real-time. The rest of the day was spent brainstorming ideas, absorbing even more information and inspiration from the mentors and speakers, and coming up with ideas that will not only take them through to the next round in Midrand, but also to potentially win them top spot at the #SS18 Hackathon later next month! The top three teams with the ideas that showed most potential were: - Bro-Coders - CleverKleva - TechnoGeeks - A special mention went to team Nosey. We look forward to seeing everyone again in a month’s time and would like to thank all the sponsors and speakers for their involvement in making this event successful!   Sponsors for the event: Snode, ITWeb, Geekulcha, The Business Clinic, Northern Cape Department of Economic Development and Tourism.

Re-invented Zeus malware Terdot, defied explanation, but cannot defeat detection

December 6, 2017

Author: Nithen Naidoo, Founder and CEO (Snode)   During October 2017, Snode's cybersecurity platform (Guardian) found an increasing trend in SA networks being infected by the well-known Zeus malware. Although the Zeus Trojan (discovered back in July 2007) is still considered one of the most prolific malware variants affecting the Internet today; the retro plague perplexed our analysts. The finding’s fallacy is that most (if not all) traditional anti-malware controls today can reliably defend against the Zeus malware threat. At the time, we could not explain how a 10-year-old Trojan was (as reported by our learning machine) effortlessly propagating through large SA corporate networks; unhindered and undetected. A fitting explanation was later provided courtesy of the global security technology firm, Bitdefender. Bitdefender’s researchers released a paper (mid November 2017) on the discovery of a new “Zeus inspired” Trojan, called Terdot. A surprising insight from their research is that they first discovered the Trojan in October 2016; which highlights a challenge in our machine-assisted analytics. You see, the machine-learnt Zeus malware's "pattern of behaviour" was now mimicked by Terdot. As a matter of fact, Snode's learning machine could only learn to accurately identify Terdot, by unlearning everything it knew about the Zeus malware. Hence why our learning machine is augmented by our (human) analysts as it allowed us to reliably distinguish between these two malware variants. Now, it is not often that a cybersecurity vendor will openly discuss the flaws in their machine learning and pattern recognition software. However, at Snode we do not build software, we deliver solutions (and we value transparency). This is why our machine-assisted analytics is backed by (and never delivered without) our human intelligence. Something to keep in mind, if you believe that AI-supported threat detection (neural network based pattern recognition) software will transcend your security posture to a cybersecurity nirvana, it won't, at least not yet. However, by enhancing your posture with such technology (defence in depth), you wont get trapped in a false sense of security, solely relying on the latest antivirus signatures to save you. Keep in mind that Terdot, was circulating in the wild for an entire year without signature-based detection. I would like to thank and give credit to the Bitdefender Research Labs for making the Terdot discovery. For more information, you can find the full research paper here.

Popular

Snode wins big at the MEST Africa Challenge 2019

June 12, 2019

This is MEST Africa’s second annual MEST Africa Challenge, a Pan-African pitch competition for scale-ups based in Ghana, Nigeria, Kenya, South Africa or Cote d’Ivoire who are ready to expand into new markets.  Out of nearly 1 000 applicants from across the continent, 50 finalists (10 in each region) were chosen to pitch at the regional finals in Accra, Lagos, Nairobi, Cape Town and Abidjan, held on 27 and 28 February. Finalists from each regional pitch included: Cote d'Ivoire: Seekewa, a financing platform that allows Internet users and companies from all over the world to support small agricultural projects in Africa through a voucher system.Ghana: Ozé, a data insights company that helps businesses make data-driven financial decisions and achieve growth to improve performance. Kenya: WayaWaya, a fintech company that provides seamless transactions into and within Africa for individuals and businesses.Nigeria: AMPZ.TV, the 'LinkedIn for Sports' that is developing the next generation of Etos, Drogbas and Aubameyangs through technology.South Africa: Snode Technologies, a platform that provides real-time cybersecurity for businesses both locally and internationally. These finalists attended the MEST Africa Summit in Nairobi, Kenya, 10-12 June 2019, where they once again competed head-to-head, this time on a global stage for $50k in equity investment and the opportunity to join the Pan-African MEST incubator community. Each finalist was allowed just 5 minutes to pitch their company’s profile to the judges and to convince them that they have what it takes to rapidly expand and grow with the African market as well as abroad.  This year, the competition was fierce, with each scale-up having its own unique strengths and bringing something unique to the table. The judges had a hard-task of deciding which of these finalists were worthy of top spot.  In the evening of 11 June 2019, the judges had reached a conclusion. Unable to agree on which of the MEST African Challenge finalists had the potential to make the largest impact on the continent, the judges decided to award Ozé from Ghana, Snode Technologies from South Africa, and WayaWaya from Kenya, each with $50k investment and support from Microsoft!  “We are excited to partner with MEST,” said Microsoft Senior Director, Chris Lwanga. “At Microsoft our mission is to empower every person and every organization on the planet to achieve more.” The winner of this year’s challenge will join MEST Africa's portfolio along with last year's winner, Nigeria's smart accounting platform, Accounteer, which has since gone on to expand into Kenya and raise additional funding. Niyi Adegboye, Senior Business Developer at Accounteer who presented the winning pitch in 2018, has said: “It was an amazing experience participating in the MEST Africa Challenge 2018. Accounteer is proud to be a part of the MEST portfolio today.” Since winning the Challenge, Accounteer has expanded from Nigeria into Kenya, and has received follow-on funding from Microtraction. About Snode Technologies Eight years ago, it decided that the way we approach defence is flawed because of how easy it is becoming to bypass security controls. The World Economic Forum lists cybercrime as one of the top ten risks facing mankind. By 2021, the global cybersecurity spend will be over $1 Trillion, and we would have lost $6 Trillion to cybercriminals. It was clear that an innovative solution was required to address the risks associated with cybersecurity globally. With this in mind, the Guardian cybersecurity platform was developed with the sole purpose to gain insight into prevailing patterns, which are not visible to the human eye, allowing users to identify attacks before they happen. Snode, and the Guardian platform’s, unique approach to cybersecurity leverages advanced mathematical algorithms and the power of machine learning to process dynamic data, regardless of format, at scale, and in real-time.  The Guardian platform passively monitors all activity on the network and provides organisations with a “single source of truth” by seamlessly integrating into their network and providing them with a consolidated, interactive dashboard coupled with contextual alerting that enables analysts to proactively respond to all threats. Its target audience is varied, but its ability to passively defend infrastructure, without affecting critical business operations, has made it attractive to mining, logistics and telecommunication businesses. Over the next 2–3 years, Snode hopes to scale to the rest of Africa, South East Asia and the Middle East, and says winning the MEST Africa Challenge finals “gives us the platform to access new African markets, build brand awareness and trust across the continent.”

#SS19Hack underway at Security Summit 2019

May 28, 2019

Author: ITWeb With the first day of ITWeb’s 2019 Security Summit underway at the Sandton Convention Centre in Johannesburg, 50 young tech enthusiasts are participating in this years’ Hackathon event sponsored by PwC. The hackathon, held by ITWeb in conjunction with ICT skills development company Geekulcha and Snode Technologies, aims to nurture individuals who are keen to develop their skills through learning and innovation, and who have a passion for cyber security.  Running for the third time alongside the summit, this year’s hackathon is themed ‘Protecting connected citizens in the 4IR’.  Aptly called #SS19hack, the hackathon has participants as young as 13 participating and engaging with industry leaders. Lerouro Mogeora, aged 13, is the youngest participant this year, while for 14-year old Sifiso Nkabinde this is the second year at the event. Those participating range from high school pupils to students from the Vaal University, the Tshwane University of Technology and the University of the Witwatersrand.  There are 13 teams hacking it out, creating secure IoT applications. As they code, they need to identify at least three vulnerabilities within their applications utilising OWASP, an open source cyber security platform for checking common vulnerabilities. OWASP also has tools to assist the coders in improving the security of their software. A week ago, at a similar hackathon event in Kimberly, eight teams were competing, with the winning team there creating a solution that provides encrypted file share and messaging applications for government ministries. The top three teams from the event will also have their projects judged alongside those in Johannesburg. The overall winning team from the two Hackathons will win R20 000 sponsored by Micro Focus, with the second and third placed teams winning R10 000 and R5 000 respectively, courtesy of MTN.  An added bonus for the top team in Johannesburg is that they will be awarded the Tshimologong Precinct Security Summit Hackathon trophy.  The #SS19hack continues during the second day of the ITWeb Security Summit 2019. Mentors Ivan Regasek, CEO, ITWebRidewaan Hanslo, CSIR Steve Jump, TelkomSolomon Bhala, PwCBernard Mashala, Transet Nithen Naidoo, SnodeFrancois Mouton, CyanreIcconies Ramatsakane, PwCGift Nyembe, PwCMarco Loots, PwCMichael van Rensburg, SnodeTsholofelo Rantao, PwCThulisile Dlamini, Ikusasa Tech Solutions  Panel of judges Doreen Mokoena, ZADNALucy Motsieloa, PwCSeth Robbertse, Micro FocusKendal Makgamathe, TshimologongSorene Assefa, Cyber Czar       

Freshworks Networking Meet – Consumerisation of IT

May 23, 2019

On Thursday 23 May 2019, we attended the Freshworks Networking Meet talking about the impact of an increasingly connected world. In 2019, the influence of IoT, cloud, and BYOD have a dramatic impact, not only in our personal lives, but also in the world of business. It is crucial that organisations shift their thinking from a historic view of cybersecurity as a “grudge purchase” to something that is vital to the running of your organisation, is crucial for success and can often win battles in the boardroom. Our Founder and CEO, Nithen Naidoo, spoke about the changes we have seen in our client environments, especially with the workforce becoming increasingly dominated by millennials who expect to be connected at all times. Unlike traditional antivirus software, DLPs and firewalls, the Guardian platform is able to detect even the smallest changes in your networked environment and provides organisations with an unprecedented level of visibility and control of their network. It allows businesses across the globe to identify and prevent potential data exfiltration, malware infections and avoid catastrophic ransomware attacks such as the well-known Wannacry malware. Once the floor was opened for questions, the audience raised concerns around how secure (1) Mac vs Windows Operating Systems are and (2) mobile vs desktop platforms, with a mention of the recent Huawei-Google ban. The long and short of it is that there is no one platform that is more or less secure than another, every system contains some form of vulnerability and can be exploited just as easily, the question comes in around what is most lucrative for the attacker. The myth of a Mac being more secure than a Windows PC is largely due to the fact that there are simply more Windows PCs out there and most organisations across the globe make use of Windows Operating Systems as the norm. Attackers, like businesses, often focus on ROI and will always focus their attention on where they believe they can have the greatest impact. When it comes to the mobile industry, mobile malware is growing at a rapid rate and often mobile devices are a greater concern than laptop or desktop devices as many users often blindly accept permissions on all their applications and are generally more trusting when it comes to a potentially “life-changing” application that appears on the app store. This poses a particular risk to organisations as these devices are often brought into the office and are connecting to the corporate network, allowing the malware to spread though the network and impact the business productivity and reputation. Following Naidoo’s keynote, we joined a panel discussion chatting about creating a balance between organisational productivity and enterprise security in the age of consumerisation. Naidoo was joined by Darren Bilse (Systems and Technology Manager at Spark Schools), Andre Fredericks (CIO at Indie Sanlam) and Greg Lock (Senior Solution Architect at ITEC South Africa); moderating the panel was Saurabh Prabhuzantye (Business Head – MEA at Freshworks). Topics covered in the panel covered everything from how consumerisation of IT has impacted the organisations for which the panellists’ work, to how migration to the cloud has brought both benefits and challenges to IT heads and CIOs around the world, to understanding what you are buying and whether or not it suits your organisation and the needs of your team on the ground; real world problems facing real world organisations. The meet was a great information and knowledge sharing platform, allowing vendors and customers alike to openly share their opinions and experiences and to leverage off of the combined knowledge of South African and global IT professionals.  We would like to thank the Freshworks team for inviting us to participate in this event and look forward to working with them in the future!

“Electricfish” – The latest malware from North Korea’s Hidden Cobra government hacking crew.

May 10, 2019

The Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) have issued a joint Malware Analysis Report (AR19-129A) on a new malware variant used by the North Korean government. This malware was detected while tracking the malicious activities of the North Korean-backed hacking group Hidden Cobra (also known as Lazarus) and has been identified as Electricfish. Lazarus Group is a cybercrime group made up of an unknown number of individuals. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them over the last decade. A notable attack by the group is the attack on Sony Pictures in 2014, which was the start to one of the largest corporate breaches in recent history. The hackers were able to cripple the Sony network for several days and gain access to valuable insider information including previously unreleased films and the personal information of approximately 4,000 past and present employees. The group was also able to access internal emails and reveal some very speculative practices going on at Sony.  This latest report on Electricfish, published on the US-CERT website, comes with a detailed analysis of one malicious 32-bit executable file found to be infected with Lazarus' Electricfish malware. In this file, the malware appears to implement a custom protocol that creates a connection between the infected host and an external, malicious, destination host, bypassing authentication controls to reach outside of the network. Once a connection has been established, the Electricfish malware is able to funnel internet traffic between the two machines allowing the malicious actors to funnel information collected from compromised computers to servers that they control. The full, detailed report and analysis for the Electricfish malware sample as well as a full list of Indicators of Compromise (IoC’s) are available within the AR19-129A advisory.

Videos

Nithen Naidoo on South African start-up Snode’s use of Big Data analytics for Cybersecurity

February 26, 2018

Nithen Naidoo, Founder and CIO, Snode talks about: what the company does and how; how Snode Guardian can identify cyber-attacks; how the company has been funded; and future plans.

PHP Meetup (16 Jan 2018) – Part 2

February 15, 2018

The second in a series of videos from the PHP Meetup event hosted at the Hello Group on 16 January 2018.

PHP Meetup (16 Jan 2018) – Part 1

January 25, 2018

The first in a series of videos from the PHP Meetup event hosted at the Hello Group on 16 January 2018.

Snode | Who We Are

September 8, 2017

Snode is a data analytics platform that is designed to make the lives of whomever uses it easier, to assist in solving problems that were previously thought impossible, and to ultimately make a fundamental difference in the world as we know it.