Ivanti has acquired security firms MobileIron and Pulse Secure

IT security software company Ivanti has acquired two security companies: enterprise mobile security firm MobileIron, and corporate virtual network provider Pulse Secure.

In a statement on Tuesday, Ivanti said it bought MobileIron for $872 million in stock, with 91% of the shareholders voting in favor of the deal; and acquired Pulse Secure from its parent company Siris Capital Group, but did not disclose the buying price.

The deals have now closed.

Ivanti was founded in 2017 after Clearlake Capital, which owned Heat Software, bought Landesk from private equity firm Thoma Bravo, and merged the two companies to form Ivanti. The combined company, headquartered in Salt Lake City, focuses largely on enterprise IT security, including endpoint, asset, and supply chain management. Since its founding, Ivanti went on to acquire several other companies, including U.K.-based Concorde Solutions and RES Software.

If MobileIron and Pulse Secure seem familiar, both companies have faced their fair share of headlines this year after hackers began exploiting vulnerabilities found in their technologies.

Just last month, the U.K. government’s National Cyber Security Center published an alert that warned of a remotely executable bug in MobileIron, patched in June, allowing hackers to break into enterprise networks. U.S. Homeland Security’s cybersecurity advisory unit CISA said that the bug was being actively used by advanced persistent threat (APT) groups, typically associated with state-backed hackers.

Meanwhile, CISA also warned that Pulse Secure was one of several corporate VPN providers with vulnerabilities that have since become a favorite among hackers, particularly ransomware actors, who abuse the bugs to gain access to a network and deploy the file-encrypting ransomware.


By Zack Whittaker

Ripjar, founded by GCHQ alums, raises $36.8M for AI that detects financial crime

Financial crime as a wider category of cybercrime continues to be one of the most potent of online threats, covering nefarious actives as diverse as fraud, money laundering and funding terrorism. Today, one of the startups that has been building data intelligence solutions to help combat that is announcing a fundraise to continue fueling its growth.

Ripjar, a UK company founded by five data scientists who previously worked together in British intelligence at the Government Communications Headquarters (GCHQ, the UK’s equivalent of the NSA), has raised $36.8 million (£28 million) in a Series B, money that it plans to use to continue expanding the scope of its AI platform — which it calls Labyrinth — and scaling the business.

Labyrinth, as Ripjar describes it, works with both structured and unstructured data, using natural language processing and an API-based platform that lets organizations incorporate any data source they would like to analyse and monitor for activity.

Sources close to the company say that the funding values the startup in the region of £100 million, or about $127 million. Ripjar is currently profitable, the company confirmed.

The funding is being led by Long Ridge Equity Partners, a specialist fintech investor, with previous investors Winton Capital Ltd and Accenture plc also participating. Accenture is a strategic partner: the consultancy/systems integrator uses Ripjar’s tech to work with a number of clients in the financial services sector. Ripjar also has government clients, where its platform is used for counterterrorism work. It declines to disclose any specific names but it does note that its extensive partner list also includes the likes of PWC, BAE Systems, Dow Jones and more.

“We are excited to partner with Long Ridge who bring expertise and resources in scaling fast-growing software companies,” said Jeremy Annis, the co-founder who is both the CEO and CTO of Ripjar. “This investment signals enormous confidence in our world-leading data intelligence technology and ability to protect companies and governments from criminal behaviour which threatens their assets and prosperity. With this funding, we will accelerate the expansion of Ripjar worldwide to provide our customers with the most advanced financial crime solutions, as well as creating new iterations of the Labyrinth platform.”

The startup says that it’s had its biggest year yet — no surprise, given the circumstances. Not only has there been huge shift to online transactions in 2020 because of the rise of the Covid-19 global health pandemic; but a tightening of the world economy has led to more financial scrambling and new nefarious activity, as well as criminal acts to profit from the instability.

That’s led to inking deals with six new enterprise customers and expanding deals with four existing major clients, and Ripjar said that it now has some 20,000 clients globally.

London, as one of the world’s financial centers, has developed a strong reputation for hatching and growing interesting fintech startups, and that has also meant the UK — which also has a strong talent base in artificial intelligence — has become very fertile ground also for startups building services to help protect those fintechs.

Ripjar’s raise, and rise, come within months of two other companies building AI to combat fraud and financial crime also raising money and growing. In July, ComplyAdvantage, which has also been building a database and platform to help combat financial crime, announced a $50 million raise. And a week before that, another UK company also building AI for financial and other cybercrime detection, Quantexa, raised $64.7 million.

Ripjar counts both of these, as well as bigger targets like Palantir, among its competitors. As is most likely, the big institutions that are grappling with financial crime are most likely using a several companies’ technology at the same time.

Indeed, with the issue of money laundering alone a $2 trillion problem (with only 1-2% of that ever identified and recovered), you can see why, at least for right now, banks, governments and others would be willing to put multiple resources on the problem to try to tackle it.

“Financial institutions, corporates and government agencies face ever-increasing risks associated with financial crime and cyber threats” said Kevin Bhatt, a Managing Partner at Long Ridge, in a statement. “We believe Ripjar is well-positioned to provide artificial intelligence solutions that will allow its clients to reduce the cost of compliance, while uncovering new threats through automation. We are incredibly excited to partner with Ripjar to support their continued growth and look forward to working closely with the Ripjar team as they expand to new geographies, customers, and verticals.”


By Ingrid Lunden

A SonicWall cloud bug exposed corporate networks to hackers

A newly discovered bug in a cloud system used to manage SonicWall firewalls could have allowed hackers to break into thousands of corporate networks.

Enterprise firewalls and virtual private network appliances are vital gatekeepers tasked with protecting corporate networks from hackers and cyberattacks while still letting in employees working from home during the pandemic. Even though most offices are empty, hackers frequently look for bugs in critical network gear in order to break into company networks to steal data or plant malware.

Vangelis Stykas, a researcher at security firm Pen Test Partners, found the new bug in SonicWall’s Global Management System (GMS), a web app that lets IT departments remotely configure their SonicWall devices across the network.

But the bug, if exploited, meant any existing user with access to SonicWall’s GMS could create a user account with access to any other company’s network without permission.

From there, the newly created account could remotely manage the SonicWall gear of that company.

In a blog post shared with TechCrunch, Stykas said there were two barriers to entry. Firstly, a would-be attacker would need an existing SonicWall GMS user account. The easiest way — and what Stykas did to independently test the bug — was to buy a SonicWall device.

The second issue was that the would-be attacker would also need to guess a unique seven-digit number associated with another company’s network. But Stykas said that this number appeared to be sequential and could be easily enumerated, one after the other.

Once inside a company’s network, the attacker could deliver ransomware directly to the internal systems of their victims, an increasingly popular tactic for financially driven hackers.

SonicWall confirmed the bug is now fixed. But Stykas criticized the company for taking more than two weeks to patch the vulnerability, which he described as “trivial” to exploit.

“Even car alarm vendors have fixed similar issues inside three days of us reporting,” he wrote.

A SonicWall spokesperson defended the decision to subject the fix to a “full” quality check before it was rolled out, and said it is “not aware” of any exploitation of the vulnerability.


By Zack Whittaker

SentinelOne raises $200M at a $1.1B valuation to expand its AI-based endpoint security platform

As cybercrime continues to evolve and expand, a startup that is building a business focused on endpoint security has raised a big round of funding. SentinelOne — which provides a machine learning-based solution for monitoring and securing laptops, phones, containerised applications and the many other devices and services connected to a network — has picked up $200 million, a Series E round of funding that it says catapults its valuation to $1.1 billion.

The funding is notable not just for its size but for its velocity: it comes just eight months after SentinelOne announced a Series D of $120 million, which at the time valued the company around $500 million. In other words, the company has more than doubled its valuation in less than a year — a sign of the cybersecurity times.

This latest round is being led by Insight Partners, with Tiger Global Management, Qualcomm Ventures LLC, Vista Public Strategies of Vista Equity Partners, Third Point Ventures, and other undisclosed previous investors all participating.

Tomer Weingarten, CEO and co-founder of the company, said in an interview that while this round gives SentinelOne the flexibility to remain in “startup” mode (privately funded) for some time — especially since it came so quickly on the heels of the previous large round — an IPO “would be the next logical step” for the company. “But we’re not in any rush,” he added. “We have one to two years of growth left as a private company.”

While cybercrime is proving to be a very expensive business (or very lucrative, I guess, depending on which side of the equation you sit on), it has also meant that the market for cybersecurity has significantly expanded.

Endpoint security, the area where SentinelOne concentrates its efforts, last year was estimated to be around an $8 billion market, and analysts project that it could be worth as much as $18.4 billion by 2024.

Driving it is the single biggest trend that has changed the world of work in the last decade. Everyone — whether a road warrior or a desk-based administrator or strategist, a contractor or full-time employee, a front-line sales assistant or back-end engineer or executive — is now connected to the company network, often with more than one device. And that’s before you consider the various other “endpoints” that might be connected to a network, including machines, containers and more. The result is a spaghetti of a problem. One survey from LogMeIn, disconcertingly, even found that some 30% of IT managers couldn’t identify just how many endpoints they managed.

“The proliferation of devices and the expanding network are the biggest issues today,” said Weingarten. “The landscape is expanding and it is getting very hard to monitor not just what your network looks like but what your attackers are looking for.”

This is where an AI-based solution like SentinelOne’s comes into play. The company has roots in the Israeli cyberintelligence community but is based out of Mountain View, and its platform is built around the idea of working automatically not just to detect endpoints and their vulnerabilities, but to apply behavioral models, and various modes of protection, detection and response in one go — in a product that it calls its Singularity Platform that works across the entire edge of the network.

“We are seeing more automated and real-time attacks that themselves are using more machine learning,” Weingarten said. “That translates to the fact that you need defence that moves in real time as with as much automation as possible.”

SentinelOne is by no means the only company working in the space of endpoint protection. Others in the space include Microsoft, CrowdStrike, Kaspersky, McAfee, Symantec and many others.

But nonetheless, its product has seen strong uptake to date. It currently has some 3,500 customers, including three of the biggest companies in the world, and “hundreds” from the global 2,000 enterprises, with what it says has been 113% year-on-year new bookings growth, revenue growth of 104% year-on-year, and 150% growth year-on-year in transactions over $2 million. It has 500 employees today and plans to hire up to 700 by the end of this year.

One of the key differentiators is the focus on using AI, and using it at scale to help mitigate an increasingly complex threat landscape, to take endpoint security to the next level.

“Competition in the endpoint market has cleared with a select few exhibiting the necessary vision and technology to flourish in an increasingly volatile threat landscape,” said Teddie Wardi, MD of Insight Partners, in a statement. “As evidenced by our ongoing financial commitment to SentinelOne along with the resources of Insight Onsite, our business strategy and ScaleUp division, we are confident that SentinelOne has an enormous opportunity to be a market leader in the cybersecurity space.”

Weingarten said that SentinelOne “gets approached every year” to be acquired, although he didn’t name any names. Nevertheless, that also points to the bigger consolidation trend that will be interesting to watch as the company grows. SentinelOne has never made an acquisition to date, but it’s hard to ignore that, as the company to expand its products and features, that it might tap into the wider market to bring in other kinds of technology into its stack.

“There are definitely a lot of security companies out there,” Weingarten noted. “Those that serve a very specific market are the targets for consolidation.”


By Ingrid Lunden

Satori Cyber raises $5.25M to help businesses protect their data flows

The amount of data that most companies now store — and the places they store it — continues to increase rapidly. With that, the risk of the wrong people managing to get access to this data also increases, so it’s no surprise that we’re now seeing a number of startups that focus on protecting this data and how it flows between clouds and on-premises servers. Satori Cyber, which focuses on data protecting and governance, today announced that it has raised a $5.25 million seed round led by YL Ventures.

“We believe in the transformative power of data to drive innovation and competitive advantage for businesses,” the company says. “We are also aware of the security, privacy and operational challenges data-driven organizations face in their journey to enable broad and optimized data access for their teams, partners and customers. This is especially true for companies leveraging cloud data technologies.”

Satori is officially coming out of stealth mode today and launching its first product, the Satori Cyber Secure Data Access Cloud. This service provides enterprises with the tools to provide access controls for their data, but maybe just as importantly, it also offers these companies and their security teams visibility into their data flows across cloud and hybrid environments. The company argues that data is “a moving target” because it’s often hard to know how exactly it moves between services and who actually has access to it. With most companies now splitting their data between lots of different data stores, that problem only becomes more prevalent over time and continuous visibility becomes harder to come by.

“Until now, security teams have relied on a combination of highly segregated and restrictive data access and one-off technology-specific access controls within each data store, which has only slowed enterprises down,” said Satori Cyber CEO and Co-founder Eldad Chai. “The Satori Cyber platform streamlines this process, accelerates data access and provides a holistic view across all organizational data flows, data stores and access, as well as granular access controls, to accelerate an organization’s data strategy without those constraints.”

Both co-founders previously spent nine years building security solutions at Imperva and Incapsula (which acquired Imperva in 2014). Based on this experience, they understood that onboarding had to be as easy as possible and that operations would have to be transparent to the users. “We built Satori’s Secure Data Access Cloud with that in mind, and have designed the onboarding process to be just as quick, easy and painless. On-boarding Satori involves a simple host name change and does not require any changes in how your organizational data is accessed or used,” they explain.

 

 


By Frederic Lardinois

Cyber-skills platform Immersive Labs raises $40M in North America expansion

Immersive Labs, a cybersecurity skills platform, has raised $40 million in its Series B, the company’s second round of funding this year following an $8 million Series A in January.

Summit Partners led the fundraise with Goldman Sachs participating, the Bristol, U.K.-based company confirmed.

Immersive, led by former GCHQ cybersecurity instructor James Hadley, helps corporate employees learn new security skills by using real, up-to-date threat intelligence in a “gamified” way. Its cybersecurity learning platform uses a variety of techniques and psychology to build up immersive and engaging cyber war games to help IT and security teams learn. The platform aims to help users better understand cybersecurity threats, like detecting and understanding phishing and malware reverse-engineering.

It’s a new take on cybersecurity education, which the company’s founder and chief executive Hadley said the ever-evolving threat landscape has made traditional classroom training “obsolete.”

“It creates knowledge gaps that increase risk, offer vulnerabilities and present opportunities for attackers,” said Hadley.

The company said it will use the round to expand further into the U.S. and Canadian markets from its North American headquarters in Boston, MA.

Since its founding in 2017, Immersive already has big customers to its name, including Bank of Montreal and Citigroup, on top of its U.K. customers, including BT, the National Health Service, and London’s Metropolitan Police.

Goldman Sachs, an investor and customer, said it was “impressed” by Immersive’s achievements so far.

“The platform is continually evolving as new features are developed to help address the gap in cyber skills that is impacting companies and governments across the globe,” said James Hayward, the bank’s executive director.

Immersive said it has 750% year-over-year growth in annual recurring revenues and over 100 employees across its offices.


By Zack Whittaker

Arceo.ai raises $37 million to expand cyber insurance coverage and access

Critical cyber attacks on both businesses and individuals have been grabbing headlines at an alarming rate. Cybersecurity has moved from a background risk for enterprises to a critical day-to-day threat to business operations, forcing executive teams to pour time and hundreds of billions in capital into monitoring and prevention efforts.

Yet even as investment in security ticks up, the frequency and cost of cybercrime to businesses continues to rapidly accelerate, with the World Economic Forum estimating the economic loss due to cybercrime could reach $3 trillion by 2020.

More companies are now turning to cyber insurance as a means of mitigating financial exposure. However, for traditional insurers, cybersecurity remains a relatively nascent and unfamiliar issue, requiring risk-assessment data points and methodologies largely different from those seen in traditional insurance products. As a result, businesses often struggle to get the scale of cybersecurity coverage they require.

Arceo.ai is hoping to expand the size and scope of the cyber insurance market for both insurers and companies, by providing insurers with effective real-time data, analytics and context, necessary for safely and efficiently underwrite cyber risk.

This morning, Arceo took a major step in achieving that goal, announcing the company has raised a $37 million round of funding led by Lightspeed Venture Partners and Founders Fund with participation from CRV and  UL Ventures.

Using an expansive set of global sources across a customer’s digital footprint, Arceo.AI collects internal, external and macro cyber risk data which it uses to evaluate a company’s security and cyber risk management behavior. By automating the data collection process and connecting it with insurer underwriting processes, Arceo is able to keep its data and policy assessments up to date in real-time and enable faster, more efficient quotes.

A vital component of Arceo’s platform is its analytics offering. Using patented data science and cyber risk models, Arceo generates analytics-driven insights for insurance carriers, brokers and end-insured customers. For end-insured customers, Arceo helps companies understand whether they’re using the best mitigation strategies by providing policy recommendations and industry benchmarking to help contextualize day-to-day cyber behavior and hygiene. For underwriters, Arceo can provide specific insurance recommendations based on particular policy coverages.

Ultimately, Arceo looks to provide both insurers and the insured with actionable answers to key questions such as how one assesses cyber risk, how one determines what risks can be mitigated with technology alone, how one knows which systems are best and whether those systems are being used appropriately.

Raj Shah

Arceo.ai Chairman Raj Shah. Image via Arceo.ai

In an interview with TechCrunch, Arceo Chairman Raj Shah explained that the company’s background expertise, proprietary data systems, and deep pedigree in both the security and insurance truly differentiate Arceo from competing solutions. For starters, both Shah and Arceo co-founder and CEO Vishaal Hariprasad have spent close to the entirety of their careers in national security and cybersecurity. Hariprasad started his career in the Airforce’s first cohort of cyber warfare officers, before teaming up with Shah to start Morta Security in 2012, a security startup the two sold to Palo Alto networks in just roughly two years.

After selling the company, Shah and Hariprasad remained in the security world before realizing that there was a natural intersection between security and insurance, and a real opportunity for risk transfer solutions.

“Having studied the market, we saw that people are spending more and more dollars on cybersecurity products… There are hundreds of thousands of new vendors every year… Spend is going up, but we don’t feel any safer!” Shah told TechCrunch.

“That’s when we said ‘Hey, we need to move beyond just thinking about technology points and products, and think about holistic cyber risk management.’ And this is where insurance has historically done a great job. Putting a price on behavior and making people think and letting them take risks… From life and death and health to buyers and property and casualty. And so cyber is that next class risk… So that’s really why we started the business. We wanted to provide a real way to manage the cyber stress that they’re facing and that will impact every single one of our digital lives.”

Since the company’s founding, Raj and Vishaal have been joined by a deep network of cyber and insurance experts. Today, Arceo also announced that Hemant Shah, founder and former CEO of catastrophe risk modeling company RMS has joined Arceo’s Board of Directors. Additionally, earlier this month, the company announced that Mario Vitale, the former CEO of publically-traded insurance companies Willis Towers Watson and Zurich Insurance Group, would be joining the Arceo team as the company’s President.

The company noted that participation from high-profile industry vets like Hemant and Mario not only further advance Arceo’s competitive advantage but also acts as another major validation of the company’s future and work to date.

According to Arceo Chairman Raj Shah, after years of investing in R&D, the latest funds will be used towards expansion efforts and scaling Arceo to the broader ecosystem of insurance and brokers. Longer-term, the company hopes to offer the most complete combined cybersecurity and risk transfer solution to insurers and the insured, easing the stress around cyber threats for both enterprises and individuals and ultimately improving broader cyber resiliency.

If you’d like to hear more from Arceo’s Raj Shah, Raj will also be joining us this year on the Extra Crunch stage at TechCrunch Disrupt SF, where he’ll discuss how founders and companies should think about potential US government investment. We hope to see you there!


By Arman Tabatabai

Axonius, a cybersecurity asset management startup, raises $20M in Series B

Cybersecurity asset management startup Axonius has raised $20 million in its second round of funding this year.

Venture capital firm OpenView led the Series B, joining existing investors in bringing $37 million to date following the startup’s $13 million Series A in February.

The security startup, founded in 2017, helps companies keep track of their enterprise assets, such as how many clouds, computers and devices are on their network. The logic goes that if you know what you have — including devices plugged into your network by employees or guests — you can keep track and discover holes in your enterprise security. That insight allows enterprises to enforce security policies to keep the rest of the network safe — like installing endpoint security software, or blocking devices from connecting to the network altogether.

Axonius’ co-founder and chief executive Dean Sysman said the company takes a different approach to asset management.

“You can’t secure what you don’t know about,” he told TechCrunch. “Almost everything you’re doing in security relies on a foundation of knowing your assets and how they stack up against your security policies. Once you get that foundation taken care of, everything else you do will benefit,” he said.

Instead, Axonius integrates with over a hundred existing security and management solutions to build up a detailed picture of an entire organization.

Clearly it’s a strategy that’s paying off.

The company already has big-name clients like The New York Times and Schneider Electric, as well as a handful of customers in the Fortune 500.

Sysman said the bulk of the funding will go towards the expansion of its sales and marketing teams but also the continued improvement and development of its product. “We’re hitting the gas and continuing to bring our solution to as many organizations in the market as we can,” he said.

Axonius said OpenView partner Mackey Craven, who focuses on cloud computing and enterprise infrastructure companies, will join the board of directors following the fundraise.


By Zack Whittaker

Cybereason raises $200 million for its enterprise security platform

Cybereason, which uses machine learning to increase the number of endpoints a single analyst can manage across a network of distributed resources, has raised $200 million in new financing from SoftBank Group and its affiliates. 

It’s a sign of the belief that SoftBank has in the technology, since the Japanese investment firm is basically doubling down on commitments it made to the Boston-based company four years ago.

The company first came to our attention five years ago when it raised a $25 million financing from investors, including CRV, Spark Capital and Lockheed Martin.

Cybereason’s technology processes and analyzes data in real time across an organization’s daily operations and relationships. It looks for anomalies in behavior across nodes on networks and uses those anomalies to flag suspicious activity.

The company also provides reporting tools to inform customers of the root cause, the timeline, the person involved in the breach or breaches, which tools they use and what information was being disseminated within and outside of the organization.

For co-founder Lior Div, Cybereason’s work is the continuation of the six years of training and service he spent working with the Israeli army’s 8200 Unit, the military incubator for half of the security startups pitching their wares today. After his time in the military, Div worked for the Israeli government as a private contractor reverse-engineering hacking operations.

Over the last two years, Cybereason has expanded the scope of its service to a network that spans 6 million endpoints tracked by 500 employees, with offices in Boston, Tel Aviv, Tokyo and London.

“Cybereason’s big data analytics approach to mitigating cyber risk has fueled explosive expansion at the leading edge of the EDR domain, disrupting the EPP market. We are leading the wave, becoming the world’s most reliable and effective endpoint prevention and detection solution because of our technology, our people and our partners,” said Div, in a statement. “We help all security teams prevent more attacks, sooner, in ways that enable understanding and taking decisive action faster.”

The company said it will use the new funding to accelerate its sales and marketing efforts across all geographies and push further ahead with research and development to make more of its security operations autonomous.

“Today, there is a shortage of more than three million level 1-3 analysts,” said Yonatan Striem-Amit, chief technology officer and co-founder, Cybereason, in a statement. “The new autonomous SOC enables SOC teams of the future to harness technology where manual work is being relied on today and it will elevate  L1 analysts to spend time on higher value tasks and accelerate the advanced analysis L3 analysts do.”

Most recently the company was behind the discovery of Operation SoftCell, the largest nation-state cyber espionage attack on telecommunications companies. 

That attack, which was either conducted by Chinese-backed actors or made to look like it was conducted by Chinese-backed actors, according to Cybereason, targeted a select group of users in an effort to acquire cell phone records.

As we wrote at the time:

… hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts of call records — including times and dates of calls, and their cell-based locations — on at least 20 individuals.

Researchers at Boston-based Cybereason, who discovered the operation and shared their findings with TechCrunch, said the hackers could track the physical location of any customer of the hacked telcos — including spies and politicians — using the call records.

Lior Div, Cybereason’s co-founder and chief executive, told TechCrunch it’s “massive-scale” espionage.

Call detail records — or CDRs — are the crown jewels of any intelligence agency’s collection efforts. These call records are highly detailed metadata logs generated by a phone provider to connect calls and messages from one person to another. Although they don’t include the recordings of calls or the contents of messages, they can offer detailed insight into a person’s life. The National Security Agency  has for years controversially collected the call records of Americans from cell providers like AT&T and Verizon (which owns TechCrunch), despite the questionable legality.

It’s not the first time that Cybereason has uncovered major security threats.

Back when it had just raised capital from CRV and Spark, Cybereason’s chief executive was touting its work with a defense contractor who’d been hacked. Again, the suspected culprit was the Chinese government.

As we reported, during one of the early product demos for a private defense contractor, Cybereason identified a full-blown attack by the Chinese — 10,000 thousand usernames and passwords were leaked, and the attackers had access to nearly half of the organization on a daily basis.

The security breach was too sensitive to be shared with the press, but Div says that the FBI was involved and that the company had no indication that they were being hacked until Cybereason detected it.


By Jonathan Shieber

Some sage security advice after Radiohead’s unreleased music hack

Bad news: Radiohead was hacked.

Last week, a hacker stole the band’s lead singer Thom Yorke’s private minidisk archive from the band’s third album and subsequent major worldwide hit, “OK Computer.” The hacker demanded $150,000 or they’d release it to the public.

Stuck between a ransom and a hard place, Radiohead released the tapes themselves.

The recordings were “never intended for public consumption” and “only tangentially interesting,” the band said in a post on Facebook. But “instead of complaining – much – or ignoring it, we’re releasing all 18 hours on Bandcamp” in aid of Extinction Rebellion, a climate change group.

Until the end of the month, the stolen recordings will be available for £18 ($23).

There is, though, a lesson to be learned. Holding files for ransom is more common today than ever thanks to ransomware. The event isn’t too dissimilar from a ransomware event. Pay the ransom or lose your files — or worse, have them spread all over the internet. That’s a business’ worst nightmare. We’ve seen ransomware destroy the computer networks of some of the largest companies around the world, like Arizona Beverages, Norsk Hydro and shipping giant Maersk. Ransomware is now a multibillion-dollar business, and it’s growing.

But in any ransom-type situation, the FBI has long told victims of ransomware to never pay. Security experts agree. Simply put, you run the risk of losing your files even if they pay the demand.

ProPublica recently found that even some of the largest ransomware recovery companies are quietly paying the ransom — and passing on the costs to the victim — with mixed results. In many cases, paying the demand failed to recover the files.

If there’s one takeaway from the Radiohead hack, it’s never pay the ransom. Better yet, plan for the worst and have a backup just in case.

Two years after WannaCry, a million computers remain at risk


By Zack Whittaker

RiskRecon’s security assessment services for third party vendors raises $25 million

In June of this year, Chinese hackers managed to install software into the networks of a contractor for the U.S. Navy and steal information on a roughly $300 million top secret submarine program.

Two years ago, hackers infiltrated the networks of a vendor servicing the Australian military and made off with files containing a trove of information on Australian and U.S. military hardware and plans. That hacker stole roughly 30 gigabytes of data, including information on the nearly half-a-trillion dollar F-35 Joint Strike Fighter program.

Third party vendors, contractors, and suppliers to big companies have long been the targets for cyber thieves looking for access to sensitive data, and the reason is simple. Companies don’t know how secure their suppliers really are and can’t take the time to find out.

The Department of Defense can have the best cybersecurity on the planet, but when that moves off to a subcontractor how can the DOD know how the subcontractor is going to protect that data?” says Kelly White, the chief executive of RiskRecon, a new firm that provides audits of vendors’ security profile. 

The problem is one that the Salt Lake City-based executive knew well. White was a former security executive for Zion Bank Corporation after spending years in the cyber security industry with Ernst & Young and TrueSecure — a Washington DC-based security vendor.

When White began work with Zion, around 2% of the company’s services were hosted by third parties, less than five years later and that number had climbed to over 50%. When White identified the problem in 2010, he immediately began developing a solution on his own time. RiskRecon’s chief executive estimates he spent 3,000 hours developing the service between 2010 and 2015, when he finally launched the business with seed capital from General Catalyst .

And White says the tools that companies use to ensure that those vendors have adequate security measures in place basically boiled down to an emailed check list that the vendors would fill out themselves.

That’s why White built the RiskRecon service, which has just raised $25 million in a new round of funding led by Accel Partners with participation from Dell Technologies Capital, General Catalyst, and F-Prime Capital, Fidelity Investments venture capital affiliate.

The company’s software looks at what White calls the “internet surface” of a vendor and maps the different ways in which that surface can be compromised. “We don’t require any insider information to get started,” says White. “The point of finding systems is to understand how well an organization is managing their risk.”

White says that the software does more than identify the weak points in a vendor’s security profile, it also tries to get a view into the type of information that could be exposed at different points on an network,

According to White, the company has over 50 customers among the Fortune 500 who are already using his company’s services across industries like financial services, oil and gas and manufacturing.

The money from RiskRecon’s new round will be used to boost sales and marketing efforts as the company looks to expand into Europe, Asia and further into North America.

“Where there’s not transparency there’s often poor performance,” says White. “Ccybersecurity has gone a long time without true transparency. You can’t have strong accountability without strong transparency.”


By Jonathan Shieber