Eliana Willis

Some 4,000 ICT graduates are thought to enter the Czech Republic’s tech industry each year.
Image: Getty / Joe Daniel Price

ZDNet Recommends

Each year, around 4,000 ICT graduates in the Czech Republic enter its tech and IT industry. According to some estimates, the IT sector in the country employs more than 300,00 people, with the demand for talent growing every day. The mix of startups, well-established tech firms and global companies opening offices or branches in Prague makes the Czech capital a popular destination for the country’s tech workforce.Software developers themselves say they are mostly motivated by the opportunity to learn and to work on interesting projects, as well as the quality of life that Prague offers.See also: Managers aren’t worried about keeping their IT workers happy. That’s bad for everyone.Thirty-seven-year-old SQM developer Martin Bohm has been living in Prague for 10 years, moving from neighboring Slovakia. For him, working in the Czech capital is the highlight of his career so far.”Opportunities in Prague are huge, skilled IT workers are needed and this is also visible on many job offer portals. This place has its spirit, cultural and historical; the difference with western EU countries is visible, but in a positive sense.” Bohm tells ZDNet.”The ratio between income and expenses is very well balanced, as the IT industry also offers high and above-average income.”

Several tech companies are looking to capitalize on this talent, with US cybersecurity company SentinelOne among them. Last month, the company launched its new office and innovation center in Prague. The company plans to hire 300 staff and create product development functions in Prague that will augment its existing teams in the Americas, Asia, and elsewhere in Europe. Prague will become the heart of SentinelOne’s European operations with a planned $45 million investment over the next three years.
Image: SentinelOne
SentinelOne’s total investment in the Czech Republic will exceed $45 million over the next three years. The company plans to hire across a number of engineering disciplines, such as kernel, frontend, backend, validation and data engineering, as well as in data science and detection. 

Innovation

With this investment, Prague will become the heart of SentinelOne’s European operations and the center of its global product development. This makes it an important strategic investment for the company, says SentinelOne COO, Nicholas Warner, and as such, access to talent will be crucial.”The Czech education system produces engineers of a particularly high caliber, so we see it as the ideal base to help us build our technology. We’re impressed with the math, science, critical thinking, and language skills of the talent pool,” Warner tells ZDNet. Martin Matula, the company’s VP of engineering, is the site lead for its operations in the Czech Republic. He joined SentinelOne from Avast, another successful cybersecurity company with its roots in the Czech Republic. The Czech Republic and Slovakia have created a number of successful cybersecurity companies. Matula believes this is why the region has such an abundance of tech talent.”We have a solid base of a talent pool for backend engineers, Java and JVM-based technologies. There are many SaaS companies based here, so when it comes to the experience of working with public cloud, developing microservices, public cloud backend, frontend, [and] quality assurance, I feel that we are doing pretty well on that front,” he tells ZDNet.Old dogs, new tricksPrague is also home to some of the Czech Republic’s biggest names in tech. 2N Telekomunikace, a developer and manufacturer of IP intercoms and access control systems, is considered one of the country’s IT pioneers. Founded in 1991, the company has since become a leader in the global access control market and has experienced an average growth of 20% annually since being acquired by Swedish video surveillance giant, Axis, in 2016.The demand for contactless technology in the workplace — something 2N has also been working on in recent years — is helping to fuel further growth for the company. “The value of technology in managing access to buildings or floor levels is becoming more widely recognized now,” 2N chief executive, Michal Kratochvil, tells ZDNet. 2N has ambitious plans to expand throughout Australia, Europe and the US, where the access control market size is expected to reach more than $15 billion by 2027.These regions are less price-sensitive than elsewhere and value innovation more highly, says Kratochvil — something that will prove crucial for the company’s ambitions to transition from analog intercom systems to ‘smart’ IP intercoms.Michal Kratochvil, chief executive of 2N Telekomunikace.
Image: 2N Telekomunikace
Even so, being based in the Czech Republic has significantly influenced the company’s development, Kratochvil says. “2N’s heritage is in the Czech Republic and our products are still developed here. It has proved to be the perfect base from which to grow internationally because the cost base is lower than Western Europe or North America and there is an outstanding talent pool.”With companies like 2N SentinelOne setting up shop in the Czech Republic and creating bountiful opportunities for the country’s software professionals, developers are less likely to move elsewhere.The success of Prague and Brno, another Czech city with a booming IT ecosystem, in attracting many of the world’s leading tech companies also means that tech also takes the pressure off relying on overseas talent.See also: Tech skills: Four ways you can get the right mix.Meanwhile, developers are able to work with companies that are serious about their workers’ career development. Organizational charts transformations — where employees are allowed to work for other parts of the business — and project relocations are becoming very common in the Czech Republic, says Bohn.”When it comes to personal growth, absolutely, companies I worked for are investing time for continuous employee development,” he says. “There is definitely big potential in the industry.”For Matula, no bigger is this potential than in the Czech Republic’s budding cyber-ecosystem. “There are lots of opportunities in Prague for starting up other R&D centers for e-commerce and other different domains, but I think cybersecurity is the future. Even now, it influences relationships between countries, it influences even how wars are being conducted,” he says.”In this region, the Czech Republic and Slovakia, we have a history of building cybersecurity companies… So, when it comes to cybersecurity, there is really good talent here.” More

Ahead of Thanksgiving this Thursday, the US Cybersecurity and Infrastructure Agency (CISA) and the FBI have released a warning for critical infrastructure providers to stay vigilant on holidays and weekends, because hackers don’t plan on taking a holiday break. The agency issued a similar warning in August ahead of the Labor Day weekend, warning that ransomware attackers often choose to launch attacks on holidays and weekends, specifically when businesses are likely to be closed. 

ZDNet Recommends

“Recent history tells us that this could be a time when these persistent cyber actors halfway across the world are looking for ways—big and small—to disrupt the critical networks and systems belonging to organizations, businesses, and critical infrastructure,” CISA and the FBI said.  SEE: A winning strategy for cybersecurity (ZDNet special report) The agencies said they had not identified any specific threats. However, they noted that some of the worst ransomware attacks happened on holidays and weekends, including Independence Day and the Mother’s Day weekend. To prepare for potential attacks on the Thanksgiving weekend, the agencies have outlined several key steps organizations can take to minimize the risk of an attack.  These include: identifying key IT security staff who could handle a surge in work after a ransomware attack; implementing multi-factor authentication for remote access and administrative accounts; enforcing strong passwords and avoiding password reuse; ensuring RDP is secure and monitored; and reminding employees not to click on suspicious links. 

Organizations also need to review incident response measures and procedures.  “To reduce the risk of severe business/functional degradation should your organization fall victim to a ransomware attack—review and, if needed, update your incident response and communication plans. These plans should list actions to take—and contacts to reach out to—should your organization be impacted by a ransomware incident.” CISA and the FBI urge users and organizations to take these actions “immediately” to protect themselves against this potential threat. SEE: Ransomware: Industrial services top the hit list – but cyber criminals are diversifying The agencies detailed several major ransomware attacks that aligned with US public holidays:  In May 2021, leading into Mother’s Day weekend, a ransomware gang deployed DarkSide ransomware against Colonial Pipeline. After DarkSide actors gained access to the victim’s network, they deployed ransomware to encrypt victim data and—as a secondary form of extortion—exfiltrated the data before threatening to publish it to further pressure victims into paying the ransom demand.In July 2021, during the Fourth of July holiday weekend, Sodinokibi/REvil ransomware actors attacked Kaseya’s remote monitoring and management tool.While most of these attacks have been attributed to suspected Russian-based hackers, Microsoft last week warned that state-sponsored hackers from Iran are increasingly using ransomware to disrupt their targets. The US, UK and Australia called out Iranian attackers for exploiting known flaws in Fortinet’s VPN and Microsoft Exchange to deploy ransomware.  More

Ethical Hacking: A Hands-on Introduction to Breaking In • By Daniel G Graham • No Starch Press • 376 pages • ISBN 9781718501874 • £41.99 / $49.99   The parlous state of software and IT infrastructure security is also a career opportunity, with malware analysts, security researchers, penetration testers and red teams all in demand. Defenders need to know how attackers think, and what tools they use, so they can assess their own infrastructure for vulnerabilities and learn to detect malicious activity in the network.  In Ethical Hacking: A Hands-on Introduction to Breaking In, Daniel G Graham sets out to deliver a practical guide for learning hacking techniques, and you jump straight into the hands-on guide by creating a set of Linux VMs to host the environment you’re going to break into (since you can’t ethically hack someone else’s environment). You then work through some known vulnerabilities, progressing to capturing traffic, building a botnet and a ransomware server, generating phishing emails and deepfakes.  Although you’ll need to know how to write and run Python code, you don’t need a great deal of expertise to get started because the step-by-step instructions are clear and detailed. Along the way, complex concepts are explained well: if you want to execute ransomware or try to bypass TLS, you need to understand encryption first, you need to understand syscalls and the underpinnings of Linux for rootkits, and likewise hashing for cracking passwords.

Graham steps through common hacking techniques, creating deepfake video and audio, exploring how publicly available information is interconnected with Maltego to reveal information about an organisation’s staff and infrastructure, downloading databases of cracked and breached passwords, looking for exposed vulnerable devices with Masscan, Shodan and Nessus, building Trojans and Linux rootkits (you’ll need to know C coding for this), using SQL injection to extract usernames and passwords from websites, cross-site scripting attacks and privilege escalation once you get into a network. You’re unlikely to discover your own zero days, but you will learn fuzzing, and how to exploit the OpenSSL Heartbleed vulnerability. Along the way, Graham introduces other hacking tools like King Phisher, the swaks SMTP auditing tool in Kali Linux, John the Ripper for password cracking, Hydra for automating brute force password attacks and many others.  The chapter on attacking domain servers, Active Directory and Kerberos on large Windows networks could probably be expanded to fill a book of its own, but if you’re a Windows network admin and you don’t already know how to use Mimikatz, even this quick survey of the approaches hackers will take should be something of a wake-up call. (Microsoft has extensive guidance on remediating many of the issues covered here.)  While this book will help even a relative beginner to become familiar with a wide range of tools that are useful to hackers, it is — as promised — a hands-on introduction. Readers will be in a position to explore further, and the final chapter talks you through hardening a hosted VM that you can use for actual ethical hacking. It also mentions some tantalising advanced targets like industrial systems and cellular infrastructure, although readers won’t immediately be in a position to go after those without doing quite a bit of extra work. 

Even if you don’t plan to do any active ethical hacking, it should be a salutary warning to anyone in IT that hacking tools are both sophisticated and widely available. There are plenty of tutorials aimed at using them maliciously, so the detail in this book doesn’t increase the risk to those with vulnerable systems. If you do want to pursue this as a career, Ethical Hacking will guide you through the first steps.  Read more book reviews More

A Nigerian man has been arrested in connection to a scheme attempting to lure insiders to deploy ransomware on employer systems.

On November 22, security expert Brian Krebs reported that the man, Oluwaseun Medayedupin, was arrested by Nigerian authorities on Friday. The suspect is allegedly linked to a ‘ransom your employer’ scheme investigated by Abnormal Security in August. Customers of the cybersecurity firm were sent emails with the subject “Partnership affiliate offer,” requesting that the recipient considered becoming an accomplice in a cyberattack.  The emails offered a 40% cut of an anticipated $2.5 million ransomware payment in Bitcoin (BTC), made after the recipients installed the DemonWare ransomware on their employer’s systems.  A Microsoft Outlook email address and Telegram handle were provided for interested parties. Abnormal Security researchers reached out under the guise of a fictional person and confirmed they were sent a ransomware executable hosted on two file-sharing websites. However, the ransomware ‘cut’ on offer was reduced to between $120,000 — $250,000 once the team began communicating with the scheme’s operator.   

The team suspected the ransomware initiative may be of Nigerian origin. When queried, the threat actor said he was attempting to build a social network for Africa called Sociogram and shared his LinkedIn profile containing his full name.   “According to the actor, he collects his targeting information from LinkedIn, which, in addition to other commercial services that sell access to similar data, is a common method scammers use to obtain contact information for employees,” Abnormal Security said. “[…] he had originally intended to send his targets — all senior-level executives — phishing emails to compromise their accounts, but after that was unsuccessful, he pivoted to this ransomware pretext.” Medayedupin then reached out to Krebs following his report, asking that the name Sociogram be removed, but at the same time, neither confirming nor denying Abnormal Security’s investigation. Another message followed via a domain registrar, calling “Mr. Krebson” a “clout chasing monger.” Charges are expected to be brought against Medayedupin, reportedly 23 years of age, this week.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

A severe PHP deserialization vulnerability leading to code execution has been patched in Imunify360. 

Discovered by Cisco Talos researcher Marcin ‘Icewall’ Noga, the vulnerability “could cause a deserialization condition with controllable data and then execute arbitrary code,” leaving web servers open to hijacking. Tracked as CVE-2021-21956 and issued a CVSSv3 score of 8.2, the security flaw is present in CloudLinux’s Imunify360 versions 5.8 and 5.9. Imunify360 is a security suite for Linux web servers including patch management, domain blacklisting, and firewall features.  In a security advisory published on Monday, Cisco Talos said the flaw was found in the Ai-Bolit malware scanner functionality of the software.  The Ai-Bolit component is used to scan and check website-related files, such as .php, .js, or .html content, and is installed natively as a service with root privileges. Within a deobfuscation class of the module, a failure to sanitize data that has been submitted means that arbitrary code execution can be performed during unserialization.  If the software is configured for real-time file system scanning, attackers could trigger an attack by creating a malicious file in the target server, or if a user is duped into performing a scan on a crafted payload file on behalf of the threat actor.  Cisco reported its findings to the vendor on October 1 and coordinated public disclosure was agreed upon. Linux web developers making use of Imunify360 should upgrade their builds to the latest release, at the time of writing, version 6.1. 

ZDNet has reached out to the vendor and we will update when we hear back.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

An audit of Australia’s big four banks by the Office of the Australian Information Commissioner (OAIC) has found that they have been handling consumer data under the Consumer Data Right (CDR) in an open and transparent way, and have demonstrated good privacy practices as it did not find any areas of high privacy risk.As part of the first CDR privacy assessment, the OAIC, which is a co-regulator of the CDR, examined ANZ, Commonwealth Bank, National Australia Bank, and Westpac as they were initial CDR data holders.Each bank was evaluated according to their compliance with privacy safeguard 1, which requires providers to have a CDR policy describing how they manage consumer data and implement internal practices, procedures, and systems to ensure compliance. There are 13 legally binding privacy safeguards under the CDR that set out consumers’ privacy rights and providers’ obligations when collecting and handling their data. Privacy safeguard 1 is considered, as the OAIC puts it, the bedrock privacy safeguard that underpins compliance with all the other privacy safeguards. “Our privacy assessment found the big four banks are generally complying with the bedrock Consumer Data Right privacy safeguard,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said.According to the assessment, all banks have good privacy practices in place, as they each developed a CDR policy that outlined how they managed CDR data and their consumer complaint handling process. It also found the banks were taking steps to establish and promote a culture that respects privacy and good information handling practices when managing CDR data.

“All banks had appointed senior staff responsible for strategic leadership of the CDR regime and officers responsible for day-to-day management of CDR data,” the OAIC audit said.”Three banks demonstrated good privacy practice in limiting access to CDR systems and data to staff with an operational requirement to have access.”The banks generally demonstrated good practice by setting practices, procedures and systems to review their CDR policies on a scheduled basis, as well as following legislative and operational changes. They used existing document control frameworks and specific staff were responsible for reviewing their CDR policy.”At the same time, the audit uncovered areas for improvement. For each bank, the OAIC identified at least one medium privacy risk. One bank had four medium privacy risks, two banks had three, and one bank had one. The majority of medium privacy risks were related to the way the banks have implemented internal practices, procedures, and systems to ensure compliance with their CDR obligations.Off the back of these findings, the OAIC recommended what each bank could do to address the medium privacy risks, such as developing internal practices, procedures, and systems that specifically address compliance with privacy safeguards that diverge from, or are additional obligations to, the Australian Privacy Principles. All banks accepted the OAIC’s recommendations. “Our recommendations and suggestions will assist these data holders and other providers in the system to further embed, review and enhance their privacy practices, so that consumers can continue to use the Consumer Data Right with confidence,” Falk said.On finalising the assessment, the OAIC wrote to the banks outlining its expectation that they respond with a plan for implementing the recommendations. The OAIC will revisit each bank in six months to ensure all the recommendations are fully implemented.”The Consumer Data Right has a strong regulatory framework to protect consumers’ privacy and build confidence in the system,” Falk said.”We are proactively auditing and monitoring providers in the system to ensure these strict privacy safeguards are being upheld, so that consumers can feel confident their data is protected.Australia’s CDR was officially launched on July 1, with the first tranche, an open-banking regime, requiring financial services providers to share customers’ data when requested by the customer.Under CDR, individual customers of the big four banks can request their bank share their “live” data for deposit and transaction accounts and credit and debit cards with accredited data recipients.Earlier this month, amendments to the CDR were made so it could be expanded to the energy sector.Under the amendments, from October 2022, energy product information will be shared so consumers can better compare energy plans, and from November 2022, energy consumers will be able to give consent to share their data about their own energy use and connection with a comparison service or fintech app. “With increased consumer mobility, energy retailers will be encouraged to improve tailoring of services and create better consumer experiences to retain their customers. I’m excited to see this expansion of the CDR across the economy, with telecommunications as the next sector under consideration,” Minister for  Superannuation, Financial Services and the Digital Economy Jane Hume said.Related Coverage More