Source: ITWeb Young professionals with an interest in developing their infosec skills, meeting with like-minded individuals and gaining access to experts in their fields attended phase one of the inaugural #SS17HACK, to be held at ITWeb Security Summit 2017. The preselection process, Ideathon, took place in Tshwane on 22 April. The overall theme, "Innovation in Security", challenged disruptive innovators to build the most secure systems possible, as well as explore new innovative mechanisms for the security sector. The day kicked off early with over 40 aspiring 'hackers' arriving from different parts of Tshwane, Ekurhuleniand the Northern Cape. Their mandate was to spend time learning from experts on topics such as Twitter intelligence, malware threats, ethical hacking and integrating secure coding into the SDLC. They were also given the opportunity to mingle with infosec minds such as Manuel Corregedor of Telspace Systems, Nithen Naidoo of Snode, Ivan Burke and Francois Mouton of CSIR, Ashley Anthony of Isazi Consulting, and Grant Thompson of MTN. They later presented their ideas to this panel. During the ethical hacking session, presented by the CSIR, students got a snapshot of what happens online in any 60 seconds, as well as the number of data breaches over the same period. Over seven billion data records were lost or stolen since 2013, over four-and-a-half million daily and 52 per second. These take place across industries but are more prevalent in the retail and financial sectors. Attendees delved into the types of hackers out there, what phases hacking goes through and the questions ethical hackers need to answer. info|Guardian then provided students with a session on SDLC. Snode Twitter Intelligence Challenge, the next presentation of the morning, exposed how intelligence gleaned from Twitter has been used to track criminals, prevent potential terrorist attacks and monitor its users. Snode also revealed some data pertaining to the real agenda behind the recent #feesmustfall campaign. The students were exposed to the challenges associated with using such data to correctly predict patterns and come up with creative and innovative ways to apply possible solutions. The malware threat presentation by Telspace Systems drew attention to: what is malware really, are the current anti-malware products working and how they work. The afternoon was all about innovation, new ideas and concepts, with nine teams represented. Their ideas ranged from social media education to new voting techniques, facial recognition to artificial intelligence, and machine learning, all from a secure foundation. Only 30 of the over 140 registrants to #SS17HACK will be chosen and will further develop their concept, under the guidance of experts, at the main event on 16 and 17 May. From ideas to reality Judges and mentors at the event had this feedback for the up-and-coming infosec professionals: Ashley Anthony of Isazi Consulting noted: "One of the most important quotes that I think the students should think about based on the presentations that we heard comes from Albert Einstein: If you can't explain it simply, you don't understand it well enough." ITWeb's Ivan Regasek said: "The participants seemed to grasp the various security concerns presented. The problems addressed were largely on point, and ideas generated ranged from good try to brilliant. I trust the problems tackled will give food for thought to the security community at the event, and am much looking forward to the experienced community guiding the ambitious contestants towards hopefully creating real solutions." Manuel Corregedor of Telspace Systems said: "It was really great to meet students with different backgrounds and skill sets in IT. There were some really great ideas and it was good to see some attendees proposing solutions that could be used to better protect the end-user, through the use of technologies such as browser extensions, blockchains, artificial intelligence, mobile applications and biometrics. I am really looking forward to the hackathon, where we will see these ideas come to life and possibly change the world."
Source: ITWeb ITWeb Events, ICT skills development company Geekulcha and cyber security start-up Snode are bringing the first ever hackathon to the ITWeb Security Summit 2017. #SS17HACK is now open for registration and is looking for young, talented individuals who want to develop their skills through learning and innovation, and who have a passion for information security. According to Allyson Towle, conference director from ITWeb, the hackathon is challenging disruptive innovators to build the most secure systems possible, and will also be used to explore new innovative mechanisms for the security sector. Skills development Tiyani Nghonyama, COO of Geekulcha, says: "As far as Security Summit 2017 is concerned, Geekulcha is highly anticipating a skills development drive through the hackathon especially for intermediate developers. We want to instill a culture of consciousness in information security from both the developers and consumers/users of digital solutions." According to him, the hackathon presents the perfect opportunity to discover new talent and valuable skills capacity for various organisations. "We want to send a strong message that there is a need to invest in the collaborative economy and peer-learning platforms such as hackathons." With this in mind, various organisations have been invited to scout talent for work and collaborative opportunities at this event. Nghonyama says the hackathon is hosted against the backdrop of a need to grow skills capacity in cyber security in the country. "We believe building the momentum and equipping fresh talent with critical knowledge, and being exposed to over 500 experts in the ITWeb Security Summit, is a first step towards winning the war as intended." He says it is a collective responsibility to insure innovation capacity continues to grow but grow safely and securely. "We have outlined three key sectors, namely finance, retail and public sector, that need critical defence, and we aim to build 'digital troops' through the hackathon." There will only be 30 spots available, and those wishing to apply need to choose from a number of themes, or suggest their own idea during the registration process. As part of the event, an 'ideathon' will be held on 22 April 2017 where the various stakeholders will make their final selection. 'Must be solved' ideas The mentors and judges have selected a few 'must be solved' ideas: Financial Sector An Artificial Intelligence (AI) and cognitive fraud detection system. Propose a model and system architecture for cheaply but safely distributing pension pay-outs to people in rural areas. Design and develop an OTP system for Internet Banking that doesn't require the use of a mobile phone. Public Sector Twitter intelligence solution. Blockchain voting system. Retail IOT cashless no-point of sale solution. Other Design and develop a system that will note whether your mobile phone is in the vicinity when you log onto your computer and deny access if it isn't. Judging and prizes Judging for the hackathon will take place around 3pm on 17 May 2017, and the winners will be announced to the audience at around 5pm. The judges and mentors for the event include Dino Covotsos from Telspace Systems, Dr Jabu Mtsweni from the CSIR, Marc Silver from Discovery Health, Grant Thompson from MTN, Ivan Regasek from ITWeb, and Yugan Reddy from InfoGuardian. There will be a first prize of R20k, a second price of R10k and third prize of R5k. In addition, entrants stand a chance of being a recipient of one of a number of internships on offer by reputable organisations.
Source: htxt.africa Cyber security firm Snode has taken a look at tweets sorrounding recent #FeesMustFall protests and found some incredibly interesting data. Earlier this year Snode launched a cyber security solution which uses machine learning and algorithms to detect patterns and anomalies in a network. We’ve learned that Snode is quite good at detecting patterns so the team decided to see what sort of patterns they could find while analysing tweets related to #FeesMustFall. This was done by looking at a few things namely; location of tweets and tweets using the #FeesMustFall hashtag. So what did they find? Looking at the locations of tweets Snode found that many tweets about Wits University originated from Pretoria. This Snode says contrasted against the subject of the tweets analysed. Snode also found that users in Pretoria referenced Wits University 14 times more than the University of Pretoria. Another interesting revelation was that of those users in the capital only 3% of #FeesMustFall tweets came from users linked to the Wits University account. The vast majority of tweets referencing the institution – 94% to be precise – were sent from accounts that have political ties. This, says Snode reveals that the #FeesMustFall protests may have been adopted by social media users to draw attention away from the goals of students. Data in pictures Snode says that by further analysing the meta-data in photos shared on Twitter there exists the potential to glean even more data such as the location the photo was taken (using GPS co-ordinates), the type of device the person was using and even a user’s real name. But it doesn’t end there according to Snode co-founder Nithen Naidoo. “There are a host of AI applications available, such as Russia’s FindFace, which allows users to scan a digital image of someone and then discover their online profile. There are therefore a number of tools on hand to benefit law enforcement as much as they do criminals,” said Naidoo. This analysis shows us that you can’t inherently trust everything you read on social media, and perhaps we should be more questioning of what we see rather than sharing something because we think it’s topical. Deep analysis of social media can also help those in positions of power make more informed decisions about what the public sentiment really is. “With regard to socially relevant topics such as the student protests, having cyber intelligence at work can assist in gleaning vital insight,” says the co-founder. “At Snode, we believe having such knowledge can not only help us understand the climate better, but also assist law enforcement and government services to predict and respond to critical events more efficiently,” Naidoo concluded.
Source: gadget.co.za Cyber intelligence and analytics specialist, Snode, recently used its tools to analyse the #FeesMustFall protest and delve deeper within Twitter, offering enriched insight beyond 140 characters. Social media platforms such as Twitter may be divisive, but its significance cannot be overlooked. Cyber intelligence and analytics specialist, Snode, believes the potential applications for social media are yet to be fully realised. “As a source of intelligence, Twitter is a valuable source of intelligence and it should be utilised by business and law enforcement. It is an open-source data-rich platform and needs to be leveraged in the best way possible,” notes CIO and co-founder of Snode, Nithen Naidoo. Using the recent #FeesMustFall protests as a case study to showcase the enriched capabilities of cyber intelligence, Snode was able to apply its analytical tools to delve deeper into the anatomy of the Tweets, and even discover that outside influencers were making an impact. The university fee protests are a hot topic of conversation in South Africa. The dialogue is been most prevalent on Twitter, where numerous messages have been exchanged under the guise of creating a discourse around the cost of tertiary education. Interestingly though, Snode’s analysts have unearthed some other key insights not obvious to most people. Delving deeper To gain a deeper understanding of the underlying forces driving the #FeesMustFall protests, Snode analysts have fused various social media conversations to identify emerging trends associated with, and patterns of behaviour fuelling, this massive campaign. The most telling finding is that many of the tweets did not originate from the same location that the message was referencing. In particular, the majority of tweets mentioning the University of Witwatersrand were found to have been sent from Pretoria, nearly 65 kilometres away. In fact, Snode detected an anomaly in which tweets from South Africa’s capital with the #FeesMustFall hashtag referenced Wits 14 times more than they did in their own city’s university protest. Accompanying this anomaly was the fact that only 3% of #FeesMustFall tweets came from users linked to the @WitsUniversity handle, as opposed to a staggering total of 94% from politically affiliated Twitter accounts. According to Naidoo, it can be inferred that there was another agenda being played out, and the #FeesMustFall protests are being abused by some social media users to draw attention to other topics, ultimately misrepresenting the true aim of students. True potential While the potential for social media to be misused by a small percentage of users, Snode says that victims of crime and law enforcement have the ability to fight back. The company’s real time processing for example, can dissect a myriad of information contained within a Tweet, including a Twitter user’s (real) name, origin of the Tweet (longitude and latitude), device type (iPhone or Android), and place of residence (e.g. city or hometown). “If users share an image on Twitter for example, the metadata contained within that photo can offer us a wide ranging array of insights,” says Naidoo. “There are a host of AI applications available, such as Russia’s FindFace, which allows users to scan a digital image of someone and then discover their online profile. There are therefore a number of tools on hand to benefit law enforcement as much as they do criminals,” he continued. In the right hands, this kind of machine assisted analytics can empower social media platforms such as Twitter to help make data-driven decisions, notes Naidoo. In the US, a number of American agencies are already using deep analysis within Twitter to track down dissidents, according to Saudi scientist Hala Al-Dosari in a recent interview with Bloomberg Businessweek. “South Africa needs to use available technology correctly, especially when it comes to tackling issues like crime within the country. With regard to socially relevant topics such as the student protests, having cyber intelligence at work can assist in gleaning vital insight. At Snode, we believe having such knowledge can not only help us understand the climate better, but also assist law enforcement and government services to predict and respond to critical events more efficiently,” says Naidoo.
This is MEST Africa’s second annual MEST Africa Challenge, a Pan-African pitch competition for scale-ups based in Ghana, Nigeria, Kenya, South Africa or Cote d’Ivoire who are ready to expand into new markets. Out of nearly 1 000 applicants from across the continent, 50 finalists (10 in each region) were chosen to pitch at the regional finals in Accra, Lagos, Nairobi, Cape Town and Abidjan, held on 27 and 28 February. Finalists from each regional pitch included: Cote d'Ivoire: Seekewa, a financing platform that allows Internet users and companies from all over the world to support small agricultural projects in Africa through a voucher system.Ghana: Ozé, a data insights company that helps businesses make data-driven financial decisions and achieve growth to improve performance. Kenya: WayaWaya, a fintech company that provides seamless transactions into and within Africa for individuals and businesses.Nigeria: AMPZ.TV, the 'LinkedIn for Sports' that is developing the next generation of Etos, Drogbas and Aubameyangs through technology.South Africa: Snode Technologies, a platform that provides real-time cybersecurity for businesses both locally and internationally. These finalists attended the MEST Africa Summit in Nairobi, Kenya, 10-12 June 2019, where they once again competed head-to-head, this time on a global stage for $50k in equity investment and the opportunity to join the Pan-African MEST incubator community. Each finalist was allowed just 5 minutes to pitch their company’s profile to the judges and to convince them that they have what it takes to rapidly expand and grow with the African market as well as abroad. This year, the competition was fierce, with each scale-up having its own unique strengths and bringing something unique to the table. The judges had a hard-task of deciding which of these finalists were worthy of top spot. In the evening of 11 June 2019, the judges had reached a conclusion. Unable to agree on which of the MEST African Challenge finalists had the potential to make the largest impact on the continent, the judges decided to award Ozé from Ghana, Snode Technologies from South Africa, and WayaWaya from Kenya, each with $50k investment and support from Microsoft! “We are excited to partner with MEST,” said Microsoft Senior Director, Chris Lwanga. “At Microsoft our mission is to empower every person and every organization on the planet to achieve more.” The winner of this year’s challenge will join MEST Africa's portfolio along with last year's winner, Nigeria's smart accounting platform, Accounteer, which has since gone on to expand into Kenya and raise additional funding. Niyi Adegboye, Senior Business Developer at Accounteer who presented the winning pitch in 2018, has said: “It was an amazing experience participating in the MEST Africa Challenge 2018. Accounteer is proud to be a part of the MEST portfolio today.” Since winning the Challenge, Accounteer has expanded from Nigeria into Kenya, and has received follow-on funding from Microtraction. About Snode Technologies Eight years ago, it decided that the way we approach defence is flawed because of how easy it is becoming to bypass security controls. The World Economic Forum lists cybercrime as one of the top ten risks facing mankind. By 2021, the global cybersecurity spend will be over $1 Trillion, and we would have lost $6 Trillion to cybercriminals. It was clear that an innovative solution was required to address the risks associated with cybersecurity globally. With this in mind, the Guardian cybersecurity platform was developed with the sole purpose to gain insight into prevailing patterns, which are not visible to the human eye, allowing users to identify attacks before they happen. Snode, and the Guardian platform’s, unique approach to cybersecurity leverages advanced mathematical algorithms and the power of machine learning to process dynamic data, regardless of format, at scale, and in real-time. The Guardian platform passively monitors all activity on the network and provides organisations with a “single source of truth” by seamlessly integrating into their network and providing them with a consolidated, interactive dashboard coupled with contextual alerting that enables analysts to proactively respond to all threats. Its target audience is varied, but its ability to passively defend infrastructure, without affecting critical business operations, has made it attractive to mining, logistics and telecommunication businesses. Over the next 2–3 years, Snode hopes to scale to the rest of Africa, South East Asia and the Middle East, and says winning the MEST Africa Challenge finals “gives us the platform to access new African markets, build brand awareness and trust across the continent.”
Author: ITWeb With the first day of ITWeb’s 2019 Security Summit underway at the Sandton Convention Centre in Johannesburg, 50 young tech enthusiasts are participating in this years’ Hackathon event sponsored by PwC. The hackathon, held by ITWeb in conjunction with ICT skills development company Geekulcha and Snode Technologies, aims to nurture individuals who are keen to develop their skills through learning and innovation, and who have a passion for cyber security. Running for the third time alongside the summit, this year’s hackathon is themed ‘Protecting connected citizens in the 4IR’. Aptly called #SS19hack, the hackathon has participants as young as 13 participating and engaging with industry leaders. Lerouro Mogeora, aged 13, is the youngest participant this year, while for 14-year old Sifiso Nkabinde this is the second year at the event. Those participating range from high school pupils to students from the Vaal University, the Tshwane University of Technology and the University of the Witwatersrand. There are 13 teams hacking it out, creating secure IoT applications. As they code, they need to identify at least three vulnerabilities within their applications utilising OWASP, an open source cyber security platform for checking common vulnerabilities. OWASP also has tools to assist the coders in improving the security of their software. A week ago, at a similar hackathon event in Kimberly, eight teams were competing, with the winning team there creating a solution that provides encrypted file share and messaging applications for government ministries. The top three teams from the event will also have their projects judged alongside those in Johannesburg. The overall winning team from the two Hackathons will win R20 000 sponsored by Micro Focus, with the second and third placed teams winning R10 000 and R5 000 respectively, courtesy of MTN. An added bonus for the top team in Johannesburg is that they will be awarded the Tshimologong Precinct Security Summit Hackathon trophy. The #SS19hack continues during the second day of the ITWeb Security Summit 2019. Mentors Ivan Regasek, CEO, ITWebRidewaan Hanslo, CSIR Steve Jump, TelkomSolomon Bhala, PwCBernard Mashala, Transet Nithen Naidoo, SnodeFrancois Mouton, CyanreIcconies Ramatsakane, PwCGift Nyembe, PwCMarco Loots, PwCMichael van Rensburg, SnodeTsholofelo Rantao, PwCThulisile Dlamini, Ikusasa Tech Solutions Panel of judges Doreen Mokoena, ZADNALucy Motsieloa, PwCSeth Robbertse, Micro FocusKendal Makgamathe, TshimologongSorene Assefa, Cyber Czar
On Thursday 23 May 2019, we attended the Freshworks Networking Meet talking about the impact of an increasingly connected world. In 2019, the influence of IoT, cloud, and BYOD have a dramatic impact, not only in our personal lives, but also in the world of business. It is crucial that organisations shift their thinking from a historic view of cybersecurity as a “grudge purchase” to something that is vital to the running of your organisation, is crucial for success and can often win battles in the boardroom. Our Founder and CEO, Nithen Naidoo, spoke about the changes we have seen in our client environments, especially with the workforce becoming increasingly dominated by millennials who expect to be connected at all times. Unlike traditional antivirus software, DLPs and firewalls, the Guardian platform is able to detect even the smallest changes in your networked environment and provides organisations with an unprecedented level of visibility and control of their network. It allows businesses across the globe to identify and prevent potential data exfiltration, malware infections and avoid catastrophic ransomware attacks such as the well-known Wannacry malware. Once the floor was opened for questions, the audience raised concerns around how secure (1) Mac vs Windows Operating Systems are and (2) mobile vs desktop platforms, with a mention of the recent Huawei-Google ban. The long and short of it is that there is no one platform that is more or less secure than another, every system contains some form of vulnerability and can be exploited just as easily, the question comes in around what is most lucrative for the attacker. The myth of a Mac being more secure than a Windows PC is largely due to the fact that there are simply more Windows PCs out there and most organisations across the globe make use of Windows Operating Systems as the norm. Attackers, like businesses, often focus on ROI and will always focus their attention on where they believe they can have the greatest impact. When it comes to the mobile industry, mobile malware is growing at a rapid rate and often mobile devices are a greater concern than laptop or desktop devices as many users often blindly accept permissions on all their applications and are generally more trusting when it comes to a potentially “life-changing” application that appears on the app store. This poses a particular risk to organisations as these devices are often brought into the office and are connecting to the corporate network, allowing the malware to spread though the network and impact the business productivity and reputation. Following Naidoo’s keynote, we joined a panel discussion chatting about creating a balance between organisational productivity and enterprise security in the age of consumerisation. Naidoo was joined by Darren Bilse (Systems and Technology Manager at Spark Schools), Andre Fredericks (CIO at Indie Sanlam) and Greg Lock (Senior Solution Architect at ITEC South Africa); moderating the panel was Saurabh Prabhuzantye (Business Head – MEA at Freshworks). Topics covered in the panel covered everything from how consumerisation of IT has impacted the organisations for which the panellists’ work, to how migration to the cloud has brought both benefits and challenges to IT heads and CIOs around the world, to understanding what you are buying and whether or not it suits your organisation and the needs of your team on the ground; real world problems facing real world organisations. The meet was a great information and knowledge sharing platform, allowing vendors and customers alike to openly share their opinions and experiences and to leverage off of the combined knowledge of South African and global IT professionals. We would like to thank the Freshworks team for inviting us to participate in this event and look forward to working with them in the future!
The Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) have issued a joint Malware Analysis Report (AR19-129A) on a new malware variant used by the North Korean government. This malware was detected while tracking the malicious activities of the North Korean-backed hacking group Hidden Cobra (also known as Lazarus) and has been identified as Electricfish. Lazarus Group is a cybercrime group made up of an unknown number of individuals. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them over the last decade. A notable attack by the group is the attack on Sony Pictures in 2014, which was the start to one of the largest corporate breaches in recent history. The hackers were able to cripple the Sony network for several days and gain access to valuable insider information including previously unreleased films and the personal information of approximately 4,000 past and present employees. The group was also able to access internal emails and reveal some very speculative practices going on at Sony. This latest report on Electricfish, published on the US-CERT website, comes with a detailed analysis of one malicious 32-bit executable file found to be infected with Lazarus' Electricfish malware. In this file, the malware appears to implement a custom protocol that creates a connection between the infected host and an external, malicious, destination host, bypassing authentication controls to reach outside of the network. Once a connection has been established, the Electricfish malware is able to funnel internet traffic between the two machines allowing the malicious actors to funnel information collected from compromised computers to servers that they control. The full, detailed report and analysis for the Electricfish malware sample as well as a full list of Indicators of Compromise (IoC’s) are available within the AR19-129A advisory.
Nithen Naidoo, Founder and CIO, Snode talks about: what the company does and how; how Snode Guardian can identify cyber-attacks; how the company has been funded; and future plans.
The second in a series of videos from the PHP Meetup event hosted at the Hello Group on 16 January 2018.
The first in a series of videos from the PHP Meetup event hosted at the Hello Group on 16 January 2018.
Snode is a data analytics platform that is designed to make the lives of whomever uses it easier, to assist in solving problems that were previously thought impossible, and to ultimately make a fundamental difference in the world as we know it.