#SS19Hack Ideathon to offer free security training, idea generation

April 4, 2019

Author: ITWeb

During the run-up to the ITWeb Security Summit 2019, an Ideathon will be held on 6 April, aimed at preparing participants of #SS19Hack, which will run alongside the event.

The Ideathon will consist of a full day of training and idea generation, and will be hosted in an environment that is creative and conducive to stimulating attendees' 'thinking mojos', says Tiyani Nghonyama, COO and CTO of Geekulcha.

The Ideathon will be powered by Snode Technologies, a supporter of the Hackathon since its inception in 2017. The Ideathon runs from 9am to 5pm at iClub in the Tshimologong Digital Precinct, at 41 Juta Street.

Industry leaders will be holding presentations and mentoring the participants throughout the day, including Ivan Regasek (CEO) of ITWeb, Doreen Mokoena from the .ZA Domain Name Authority, Steve Jump from Telkom, Solomon Bhala from PwC, Lee Annamalai from MapIT, Nithen Naidoo from Snode and Ridewaan Hanslo from the CSIR.

Participants will be also be mentored by experts from Micro Focus, PwC, MTN, the session leaders, and Bernard Mashala, who will lead the mentors in Kimberley.

As a host, the Tshimologong Digital Precinct's events and marketing manager, Kendal Makgamathe, says they are excited to be collaborating with ITWeb and Geekulcha. "We look forward to breaking down more barriers to entry into our industry. Hosting the Security Summit Ideathon that feeds into the #SS19 Hackathon allows us to actively support work that seeks to build up the digital and tech innovation ecosystem."

Says Regasek: "We are in our third year, and with support from the start of the many individuals in their capacities or on behalf of their organisations who continue to give their time, I do believe for the past two years we've managed to achieve an event where real thinking, coding and learning happens, although on a small scale.

"We are looking forward to putting it on a bigger stage this year, are very welcome for old and new supporters. We look forward to working with them for a shared purpose, and are hopeful of more support of such efforts all round and in years to come," he adds.

"Tshimologong Precinct, Dr Dwolatzki's dream of an African brain hub still to be fully realised, is one of the places that make me optimistic about the future, and we are thankful it is hosting us for the event. We are looking forward to an excellent agenda of speakers, dedication and inspired ideas from the young participants, and a fun day of learning in the heart of Johannesburg," concludes Regasek.

In addition, Northern Cape Geeks from Kimberley will attend both the Ideathon, as well as another hackathon in May, at Sol Plaatje University. Winners will then join SS19Hack in Sandton, running alongside the ITWeb Security Summit 2019. In addition, several of the sessions from the Johannesburg edition of Ideathon will be live-streamed to Kimberley.

Chairperson of the Geekulcha Student Society at Sol Plaatje University, Barrington Hulana, says he's excited about the Ideathon because it's another chance to assess and build tech capacity in the province.

Rodwyn Grewan, senior manager from DEDAT in the Knowledge and Innovation Economy sub-programme, has been leading these ICT programmes in the province since the inception of the NCDev Ecosystem. He says: "As the world becomes more digitally integrated, cyber security and cyber intelligence become of a greater concern. The challenges and opportunities are not only technical, but social as well. By contributing to support the technical skills, the Hackathon platform is also helping address the socio-technical system."

The programme will feature training session by industry leaders, a ‘Capture The Flag' challenge walk-through by Snode, a pitch session and a prize-giving.

To register for the Ideathon, click here.


Standard Bank Business users are the targets in latest phishing attack

March 20, 2019

Author: Snode Technologies Security researchers at Snode Technologies, a cybersecurity and data analytics company based in Gauteng, have recently uncovered an ongoing malicious phishing attack specifically targeted at Standard Bank Business users. The victims of this attack received a mail, seemingly from Standard Bank, that informed them that they had outstanding payments due to SARS and, in order to view the details of this outstanding payment, they had to click on the attachment. At a quick glance, the mail could potentially fool, even more vigilant users, into believing that it could indeed be legitimate. All the “normal” Standard Bank branding and imagery is visible, and the sender’s email address appears to be a legitimate Standard Bank domain. So then, the question is how did these attackers manage to use a seemingly legitimate address, subsequently bypass spam filters, and still manage to trick users into filling in their details?  To understand this, Snode’s security researchers performed a deep-dive analysis to uncover the true method and motivation for this phishing attack. Header Analysis First, a deep header analysis was conducted on one of the emails received to understand just exactly how the attackers used a standardbank.co.za email address. What was found is that the attackers were using an unprotected open email relay service (ecoenergo.com.ua, mail.ecoenergo.com.ua, to spoof the sender address as “Standard Bank <ibsupport@standardbank.co.za>” This top-level domain (standardbank.co.za) was specifically crafted to bypass technical controls like spam filters. Spam Filter Pass Through Secondly, in order to understand how this attack bypassed the spam filters, it’s important to understand that spam filters will, in most cases, allow spoofed emails through if the *SPF (Sender Policy Framework) check results in a “Pass” or “Soft Fail”.  In this attempt, it was found that the attacker manipulated the header to trick the SPF record in resolving the original sender domain to the original sender IP, and not resolving to standardbank.co.za. When this happens, it exposes the original email relay (mail.ecoenergo.com.ua) but allows the email to pass through the filters. Below is an example of the ongoing phishing campaign: Figure1: An example of what the user will see when receiving the phishing mail. Social Engineering In the above screenshot of the sample mail, the copy asks the user to open the attached .pdf file to view the “…Pending payment from SARS.” When examining the attachment, it is evident that the file extension is “.pdf.html”. Once clicked, the user saves and opens a local HTML file (as opposed to the intended PDF). This HTML file initially loads a GoDaddy shortened URL in the user’s browser and then redirects to a URL that would look something like this: ‘https://zREDACTEDq/gti/onlinebanking.standardbank.co.za’. This final redirect changes as the phishing domains are reported and flagged as malicious by Google. Below are examples of live and burned domains hosting the phishing attack: Figure 2: Example of a live phishing domain. Figure 3: Example of a domain which has been burned. Taking a Closer Look After a domain is burned, a new deployment is spun up: Due to the rapid pace of deployment that the attacker requires in order to keep new phishing domains live and un-flagged, the process of deployment is done hastily and as a result the root directory of the web server is directory indexed – which reveals a .zip file used for these quick deployments. Within the source code, the inner workings of the web-server is revealed. This gave the security researchers at Snode access to the results of the phishing attack – saved on the web-hosted directory of each spun up domain.  The results that were uncovered included confidential information such as email addresses, passwords, client IPs, user agents, telephone numbers, and OTP attempts (the phishing server indefinitely loops, asking the user for the most recent OTP). At the time of this write-up, the phishing attack has been observed over a period of 3 days and in excess of 500 submissions have been made to the phishing website(s).


Representing South Africa in the MEST Africa Challenge finals

April 10, 2019

Author: MEST Africa On February 28, 2019, MEST Incubator Cape Town welcomed over 100 people to watch the MEST Africa Challenge regional pitch competition. After assessing nine top startups based on their validated problem and solution, business model, market size, MVP, competitor analysis, go-to-market execution and team buildup, the judges were excited to announce the winner from South Africa was Snode Technologies, a cybersecurity and intelligence business that leverages mathematics to analyse data in real-time at scale. Eight years ago, Snode Founder and CEO Nithen Naidoo decided that the way we approach defense is flawed because of how easy it is becoming to bypass security controls. The World Economic Forum lists cybercrime as one of the top ten risks facing mankind. By 2021, the global cybersecurity spend will be over $1 Trillion, and we would have lost $6 Trillion to cybercriminals. Nithen decided a more innovative solution was required to address the risks associated with cybersecurity globally. He created Snode to gain insight into prevailing patterns, which are not visible to the human eye, allowing users to identify attacks before they happen. Snode’s unique approach to cybersecurity leverages advanced mathematical algorithms and the power of machine learning to process dynamic data, in any format, at any scale, in real-time. Its target audience is varied, as its ability to passively defend infrastructure, without affecting critical business operations, has made it attractive to mining, logistics and telecommunication businesses. When asked why people will be excited about their company, Snode told us, “This is an innovative African solution that has been embraced globally due to its effectiveness, efficiency and simplicity. It solves a serious global problem, in a truly African way, using our local creativity and ingenuity.” Over the next 2–3 years, Snode hopes to scale to the rest of Africa, South East Asia and the Middle East, and says winning the MEST Africa Challenge finals would “give us the platform to access new African markets, build brand awareness and trust across the continent.” MEST and Microsoft look forward to welcoming the Snode Technologies team to the finals at the MEST Africa Summit in June!