Information Technology

Crowdstrike published its third-quarter financial results on Wednesday, beating market estimates with solid growth from subscription customers. Crowdstrike’s total Q3 revenue was $380.1 million, a 63% increase over a year prior. Non-GAAP net income came to $41.1 million or 17 cents per share. The cybersecurity company added 1,607 net new subscription customers in the quarter for a total of 14,687 subscription customers as of October 31. That represents 75% year-over-year growth. Subscription revenue was $357 million, a 67% increase. 

Analysts were expecting earnings of 10 cents per share on revenue of $364.19 million. “CrowdStrike delivered a robust third quarter with broad-based strength across multiple areas of the business leading to net new ARR growth accelerating and ending ARR growing 67% year-over-year to surpass the $1.5 billion milestone,” said George Kurtz, CrowdStrike’s co-founder and chief executive officer. “Our outstanding results this quarter demonstrate the flywheel effect of our platform and reflect continued strong customer adoption for our core products in addition to the growing success of our newer product initiatives including identity protection, log management, and cloud. With our leading technology, unmatched platform, and approach to stopping breaches, we continue to eclipse our competitors and extend our leadership position.”Crowdstrike’s annual recurring revenue (ARR) increased 67% year-over-year and grew to $1.51 billion as of October 31. Of that, $170 million was net new ARR added in the quarter. 

In addition to adding a record number of net new subscribers in the quarter, Crowdstrike reported solid growth in the portion of subscribers adopting multiple modules. CrowdStrike’s subscription customers that have adopted four or more modules, five or more modules, and six or more modules increased to 68%, 55%, and 32%, respectively, as of October 31. For the third quarter, the company expects total revenue in the range of $406.5 million and $412.3 million.Burt Podbere, CrowdStrike’s chief financial officer, added that the company managed to maintain high unit economics while generating strong operating and free cash flow. “Given the growth drivers of our business, as well as our exceptional third-quarter performance and momentum into the fourth quarter, we are once again raising our guidance for the fiscal year 2022,” Podbere said. 

Tech Earnings More

The vast majority of Brazilian companies plan to boost their cybersecurity budgets in 2022; a new study carried out by consulting firm PwC has found.

According to the Global Digital Trust Insights Survey 2022, the increase in cyberattacks in Brazil is among the key concerns of business decision-makers in Brazil, with each threat requiring a different response, new tools and training so teams can be prepared for future incidents. This scenario has prompted 83% of Brazilian organizations to plan for an increase in spending on cybersecurity in the coming year, the research has found. This compares with the predicted rise in budgets cited by 69% of those polled. “In Brazil, both CEOs and other top executives believe the cybersecurity mission is changing and playing an important role in building trust and expanding their businesses. They now see the importance of the data they have”, said Eduardo Batista, a partner at PwC Brazil.The study suggests that 45% of Brazilian companies estimate an increase of 10% or more in investments in data security, compared to 26% worldwide. Only 14% of Brazilian leaders expressed the same levels of concern in relation to cybersecurity in 2020, against 8% worldwide. In 2021, 50% of the companies polled by PwC claimed to have allocated up to 10% of their technology budget to security-related actions.Despite the predicted rise in investments around cybersecurity, the study points to a lack of a more sophisticated understanding around third-party and supply chain risks. However, Brazil has better numbers than their global counterparts in that front. According to the research, around 24% of firms globally have little or no understanding of that type of risk, while around 18% of Brazilian companies have that level of perception, both in terms of understanding the risks and carrying out related actions.Moreover, the study points to an “expectation gap” among leaders regarding top executive involvement in cyber issues. While Brazilian CEOs say they are likely to get involved after a company breach or when contacted by regulators, other executives on their team say this is seldom the case.

According to PwC’s Batista, the top management of businesses must “ensure that risks are monitored and that the security model is simple, but efficient to prevent these risks from bringing real impacts to the company, such as the shutdown of the operation, loss of profit and damage to the corporate image.”Only a third of organizations worldwide have advanced data trust practices. According to the study, Brazilian businesses fare better for all practices, such as the adoption of processes and technologies for encryption resources. For example, 53% of the Brazilian companies polled has audited the security of third parties or suppliers, while less than half of the global companies surveyed have done so. For 77% of Brazilian leaders polled, organizations have become too complex to protect (compared to 75% worldwide). Board members, IT and security leaders are concerned that this difficulty exposes their organizations to cyber and privacy risks. The findings of the PwC study suggest a potential shift in spending attitudes towards cybersecurity in Brazil. A separate study published in February 2021 has found that most Brazilian firms failed to increase security spending through COVID-19. According to the survey carried out by consulting firm Marsh on behalf of Microsoft, 84% of organizations failed to boost their security spend since March 2020, even though 30% of those polled saw an increase in malicious attacks. More

The use of cloud computing applications has grown significantly in the last two years as the Covid-19 pandemic forced many organisations to adapt to remote working.Many of those businesses may never go back to being fully on-premises, either because they are switching to a permanently remote model or a hybrid model where employees balance their time between working remotely and working from the office.

Special Report

Managing the Multicloud

It’s easier than ever for enterprises to take a multicloud approach, as AWS, Azure, and Google Cloud Platform all share customers. Here’s a look at the issues, vendors and tools involved in the management of multiple clouds.

Read More

While this has brought benefits, the increased use of cloud applications and services also brings security risks. Employees can now access corporate applications from anywhere — and that can be exploited by cyber criminals.A successful phishing email attack, or a leaked or easily-guessed username and password, could provide an attacker with access to a user account and a gateway to the entire network. And because the user is remote, potentially malicious activity might not get picked up until it’s too late, if at all.Hybrid cloud is becoming increasingly common in enterprises, because using multiple different public and private clouds can provide benefits when it comes to agility and combining different providers to optimise environments and workloads throughout the organisation. There’s also the benefit that if one cloud service suffers an outage, the business can keep operating, because there’s the ability to keep running from multiple services.But just as cloud usage brings additional security risks if not managed correctly, this is multiplied in a hybrid cloud environment.”This complexity and these differences can lead to the opportunity for adversaries,” says Kevin Bocek, VP Security Strategy and Threat Intelligence for Venafi. 

SEE: A winning strategy for cybersecurity (ZDNet special report)The ease of setting up cloud computing accounts means it can be done by anyone — developers, administrators or other IT staff. This can be often be done without the involvement, or even knowledge, of security teams.”We’re dealing with this new environment where security teams don’t have control, and they have to really change the way that we’ve been trained for the last 20 or 30 years,” says Bocek.Some organisations, when deploying cloud based services, may believe that the security element is handled entirely by the vendor, when this often isn’t the case.

That can lead to misunderstandings about configuration and issues surrounding the security of potentially internet-facing services — and the data that could be exposed if such services aren’t secured properly.”What we’ve observed during our investigations is also a lot of misconfiguration in the cloud, and it’s coming back to the lack of skills, and ability for the people to really understand what they are doing. They are just clicking ‘next’, and they are not really looking at what they’re doing. At the end of the day, they might expose interesting information for the attacker,” says David Grout, EMEA CTO at Mandiant,  As a cybersecurity company, Mandiant is often called to investigate security incidents, a quarter of which involve public cloud assets. Like any other software, cloud-based platforms need their security managed — and that starts with applying patches and security updates as soon as possible after they become available. That’s because, just like other software and applications, vulnerabilities can be uncovered in cloud suites. And once they’ve been disclosed, cyber criminals and other malicious attackers will attempt to exploit unpatched instances — and it’s the responsibility of the cloud user, not the vendor, to actually apply these updates.”People think that they will be covered by the cloud providers, but at the end of the day, the applications are yours and you need to manage the patching,” says Grout.In order to manage and patch, security needs to be aware of what software and services are being used. If IT is procuring multiple cloud services, it can be difficult to keep track, but knowing the extent of the infrastructure is key when it comes to keeping it secure. This applies to cloud services too.”If you have a multi cloud platform — or even a single cloud strategy — at the end of the day, you need to find a way to collect all the information in one single platform,” says Grout.One of the most important things that can be done to stop attacks is to apply multi-factor authentication to all users of all cloud services. That additional barrier can protect against the vast majority of attacks that attempt to steal identities required to access cloud services.MORE ON CYBERSECURITY More

Cybersecurity companies Presidio and Crowdstrike are partnering with Amazon Web Services (AWS) for a new Ransomware Mitigation Kit designed to provide organizations with tools to deal with attacks before and after they occur. 

ZDNet Recommends

Best security key 2021

While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Read More

The kit combines the security capabilities of Presidio, CrowdStrike, and AWS’ company CloudEndure, addressing the five pillars of the NIST Cybersecurity Framework.Sandy Carter, a vice president at AWS, said there is no one silver bullet when it comes to mitigating ransomware attacks and other cyber incidents but explained that protection “requires a layered approach and a team that is on top of emerging threats and capable of maximizing the benefits of industry-leading security technology such as the combination of Presidio, CrowdStrike and AWS.”The companies said the kit will provide “end-to-end white-glove service to identify and protect against cyber threats, detect, and respond to risks as they occur and recover all critical data and applications prior to the breach.”Leveraging technology from CrowdStrike and CloudEndure, the kit offers enterprises visibility and breach protection across a range of digital assets, a beefed-up cloud security foundation, detection and attack prevention capabilities, as well as response and attack mitigation tools. The kit also has backup recovery features that help organizations restore lost or compromised data. “The ability for an organization to identify and respond to cybersecurity incidents could mean the difference between a minor disruption and a potentially catastrophic event. Tens of thousands of cybersecurity events occur on a daily basis that have the potential to cripple an organization for weeks or months at a time,” said David Trader, field CISO at Presidio. 

“It’s not a matter of if your organization will experience a crippling cyber event; it’s a matter of when. Preparation is critical.”

AWS re:Invent More

Leveraging its threat analysis team’s expertise and broad visibility, VMware’s Carbon Black is rolling out a new service that helps organizations respond and contain cybersecurity threats or breaches. The new Carbon Black Cloud Managed Detection and Response (MDR) for endpoints and workloads is supported by analysts with decades of experience. They monitor and analyze data for customers in the VMware Carbon Black Cloud using advanced machine learning and algorithmic toolsets. The threat analysis team “has not only expertise derived over many years but also the ability to watch the threat landscape over a broad spectrum,” Kal De, VP and GM of VMware’s Security Business Unit, said to ZDNet. “We have approximately a million endpoints under active monitoring at any given point in time… versus an individual [at a customer organization] — their visibility is limited to what’s happening in their particular environment.”The new offering builds on the managed detection capabilities Carbon Black has offered since 2017. Now, if there’s an incident, analysts can proactively reach out to the affected customer and initiate a two-way conversation. They’ll respond to questions regarding alerts and offer recommendations for policy changes customers can take to remediate the threat. Analysts can maintain visibility on a compromised endpoint even after isolating and securing it, and they’ll continue communications until the threat is contained. MDR analysts provide around-the-clock monitoring, which Carbon Black says will help reduce security staffing pressures.”What we’re trying to do is combine machine intelligence with expert eyes that can offer a much higher degree of accuracy in responding to the signal quickly and effectively,” De said. Compared to competing for security products, he said Carbon Black offers a “much more unified boots on ground, human response.” More

Insecure cloud-computing services can be a huge risk for organisations because they’re a regular target for cyber criminals. Researchers have demonstrated how vulnerable or misconfigured cloud services can be, after deploying hundreds of honeypots designed to look like insecure infrastructure, some of which lasted just minutes before being compromised by hackers. Cybersecurity researchers at Palo Alto Networks set up a honeypot compromised of 320 nodes around the world, made up of multiple misconfigured instances of common cloud services, including remote desktop protocol (RDP), secure shell protocol (SSH), server message block (SMB) and Postgres databases. 

ZDNet Recommends

The honeypot also included accounts configured to have default or weak passwords — exactly the sort of things that cyber criminals are looking for when trying to breach networks.  SEE: Cloud security in 2021: A business guide to essential tools and best practices And it wasn’t long before cyber criminals discovered the honeypot and looked to exploit it — some of the sites were compromised in minutes while 80% of the 320 honeypots were compromised within 24 hours. All of them had been compromised within a week.  The most attacked application was secure shell, which is a network communication protocol that enables two machines to communicate. Each SSH honeypot was compromised 26 times a day on average. The most attacked honeypot was compromised a total of 169 times in just a single day.  Meanwhile, one attacker compromised 96% of the 80 Postgres honeypots within a single 90-second period. 

“The speed of vulnerability management is usually measured in days or months. The fact that attackers could find and compromise our honeypots in minutes was shocking. This research demonstrates the risk of insecurely exposed services,” said Jay Chen, principal cloud security researcher at Palo Alto Networks.  Exposed or poorly configured cloud services like those deployed in the honeypot make tempting targets for cyber criminals of all kinds.   Several notorious ransomware operations are known to exploit exposed cloud services to gain initial access to the victim’s network in order to eventually encrypt as much as possible and demand a multi-million dollar ransom in exchange for the decryption key.   Meanwhile, nation state-backed hacking groups are also known to target vulnerabilities in cloud services as stealthy means of entering networks in order to conduct espionage, steal data, or deploy malware without detection.  SEE: A winning strategy for cybersecurity (ZDNet special report) And as the research demonstrates, it doesn’t take long for cyber criminals to find exposed internet-facing systems.  “When a vulnerable service is exposed to the internet, opportunistic attackers can find and attack it in just a few minutes. As most of these internet-facing services are connected to some other cloud workloads, any breached service can potentially lead to the compromise of the entire cloud environment,” said Chen.   When it comes to securing accounts used to access cloud services, organisations should avoid using default passwords and users should be provided with multi-factor authentication to create an extra barrier to prevent leaked credentials being exploited.   It’s also vital for organisations to apply security patches when they’re available in order to prevent cyber criminals from taking advantage of known exploits — and it’s a strategy that applies to cloud applications, too.   “The outcome [of the research] reiterates the importance of mitigating and patching security issues quickly. When a misconfigured or vulnerable service is exposed to the internet, it takes attackers just a few minutes to discover and compromise the service. There is no margin of error when it comes to the timing of security fixes,” said Chen. 
MORE ON CYBERSECURITY More

Twitter has announced the expansion of its private information policy to include the sharing of private media, such as photos and videos, without permission from the individuals that are depicted in them, as the social media platform aims to improve user privacy and security.”Sharing personal media, such as images or videos, can potentially violate a person’s privacy, and may lead to emotional or physical harm,” Twitter shared on a blog post. “The misuse of private media can affect everyone, but can have a disproportionate effect on women, activists, dissidents, and members of minority communities. When we receive a report that a Tweet contains unauthorized private media, we will now take action in line with our range of enforcement options.”Under its existing policy, publishing other people’s private information, such as phone numbers, addresses, and IDs, or threatening to expose a person’s private information and incentivising others to do so is already not allowed on Twitter.The company took the opportunity to also outline the actions it would take when it is notified by individuals that they did not give permission to have their private image or video shared. “We will remove it,” the company wrote. It noted, however, the policy would not apply to media featuring “public figures or individuals when media and accompanying Tweet text are shared in the public interest or add value to public discourse”.

The company added that in instances where account holders share media of individuals to help someone in a crisis situation, it would “try” to assess the context in which the content is shared.”In such cases, we may allow the images or videos to remain on the service,” Twitter said. “For instance, we would take into consideration whether the image is publicly available and/or is being covered by mainstream/traditional media (newspapers, TV channels, online news sites), or if a particular image and the accompanying tweet text adds value to the public discourse, is being shared in public interest, or is relevant to the community.”The expansion of the policy comes a day after Twitter founder and CEO Jack Dorsey announced his resignation, telling employees in a letter that CTO Parag Agrawal would be taking over the position. Twitter has been rolling out a slew of features in a bid to mitigate harmful content on its platform. In September, it rolled out a feature called Safety Mode that temporarily blocks certain accounts for seven days if they are found insulting users or repeatedly sending hateful remarks.Prior to that, Twitter said it was conducting a test that would allow users in the United States, South Korea, and Australia to report misleading tweets.More Twitter News More

A DNA testing company has reported a data breach that leaked the personal information — including Social Security Numbers and banking information — of more than 2 million people, according to a notification letter the company is sending out to those affected. Bleeping Computer, which first reported the breach, said 2,102,436 people had their information exposed by DNA Diagnostics Center, an Ohio-based DNA testing company. In a notice shared on the company’s website, DNA Diagnostics Center said that on August 6, officials with the company discovered “potential unauthorized access to its network, during which there was unauthorized access and acquisition of an archived database that contained personal information collected between 2004 and 2012.”Further investigation revealed that hackers had removed files and folders from portions of the database between May 24 and July 28. “The impacted database was associated with a national genetic testing organization system that DDC acquired in 2012. This system has never been used in DDC’s operations and has not been active since 2012. Therefore, impacts from this incident are not associated with DDC. However, impacted individuals may have had their information, such as Social Security number or payment information, impacted as a result,” the company said in a statement. “Upon learning of this issue, DDC proactively contained and secured the threat and executed a prompt and thorough investigation in consultation with third-party cybersecurity professionals. DDC has also coordinated closely with law enforcement following the discovery of this incident. Our investigation determined that the unauthorized individual(s) potentially removed certain files and folders from portions of our database between May 24, 2021 and July 28, 2021. DDC has been and remains fully operational, and the systems and databases that are actively used by DDC were not infiltrated. The in-depth investigation concluded on October 29, 2021, and DDC has begun notifying individuals potentially affected by this incident.”DDC added that the archived system was never used directly by the company and that anyone whose personal information was accessed is being offered Experian credit monitoring. 

They noted that if you were forced to get a relationship DNA test as a part of court proceedings or got independent, individual testing between 2004 and 2012 but have not received a mailed letter from DDC, you should call 1-855-604-1656 for more information.DDC claimed it is working with cybersecurity experts to “regain possession” of the stolen information but is recommending anyone who thinks their information may be involved to put in place a 1-year “fraud alert” on their credit files. DDC did not respond to requests for comment but noted that it conducts more than one million DNA tests each year. Chris Clements, a vice president at Cerberus Sentinel, criticized DDC for “disingenuously attempting to deflect responsibility for the breach” due to their comments about the system not being associated with their company directly. “It doesn’t matter what organization ‘started’ with the data, once you acquire it, it becomes your responsibility. I might be more forgiving if the data was only recently obtained by DDC, but by now they’ve had it nearly a decade,” Clements said. “If you aren’t aware a given asset exists, you can’t begin to properly secure it. A second observation is the almost three-month delay between the beginning of the breach and first detection. DDC has not revealed what triggered the realization that they had suffered a cyberattack, but most organizations discover a compromise has occurred only when contacted by a third party such as security researchers that have traced a stolen dataset on the dark web back to their company, or when contacted by the threat actor themselves with extortion demands.” More