Connect with us

Uncategorized

Recovering from the SolarWinds hack could take 18 months

Published

on

Fully recovering from the SolarWinds hack will take the US government from a year to as long as 18 months, according to the head of the agency that is leading Washington’s recovery.

Brandon Wales, the acting director of CISA, the US Cybersecurity and Infrastructure Agency, says that it will be well into 2022 before officials have fully secured the government networks compromised by Russian hackers. The list includes at least nine federal agencies, including the Department of Homeland Security and the State Department. Even fully understanding the extent of the damage will take months.

“I wouldn’t call this simple,” Wales says. “There are two phases for response to this incident. There is the short-term remediation effort, where we look to remove the adversary from the network, shutting down accounts they control, and shutting down entry points the adversary used to access networks. But given the amount of time they were inside these networks—months—strategic recovery will take time.”

“Given the amount of time they were inside these networks… strategic recovery will take time.”

Brandon Wales, CISA

When the hackers have succeeded so thoroughly and for so long, the answer sometimes can be a complete rebuild from scratch. The hackers made a point of undermining trust in targeted networks, stealing identities, and gaining the ability to impersonate or create seemingly legitimate users in order to freely access victims’ Microsoft 365 and Azure accounts. By taking control of trust and identity, the hackers become that much harder to track.

“Most of the agencies going through that level of rebuilding will take in the neighborhood of 12 to 18 months to make sure they’re putting in the appropriate protections,” Wales says. 

The hack on SolarWinds, a US software firm with customers around the world, was first discovered in November 2020. But American intelligence agencies say Russian hackers first infiltrated in 2019. Subsequent investigation has shown that the hackers started using the company’s products to distribute malware by March 2020, and their first successful breach of the US federal government came early in the summer. That’s a long time to go unnoticed—longer than many organizations keep the kind of expensive forensic logs you need to do the level of investigation required to sniff the hackers out.

SolarWinds Orion, the network management product that was targeted, is used in tens of thousands of corporations and government agencies. Over 17,000 organizations downloaded the infected back door. The hackers were extraordinarily stealthy and specific in targeting, which is why it took so long to catch them—and why it’s taking so long to understand their full impact.

The difficulty of uncovering the extent of the damage was summarized by Brad Smith, the president of Microsoft, in a congressional hearing last week. 

“Who knows the entirety of what happened here?” he said. “Right now, the attacker is the only one who knows the entirety of what they did.”

Kevin Mandia, CEO of the security company FireEye, which raised the first alerts about the attack, told Congress that the hackers prioritized stealth above all else.

“Disruption would have been easier than what they did,” he said. “They had focused, disciplined data theft. It’s easier to just delete everything in blunt-force trauma and see what happens. They actually did more work than what it would have taken to go destructive.”

“This has a silver lining”

CISA first heard about a problem when FireEye discovered that it had been hacked and notified the agency. The company regularly works closely with the US government, and although it wasn’t legally obligated to tell anyone about the hack, it quickly shared news of the compromise with sensitive corporate networks.

It was Microsoft that told the US government federal networks had been compromised. The company shared that information with Wales on December 11, he said in an interview. Microsoft observed the hackers breaking into the Microsoft 365 cloud that is used by many government agencies. A day later, FireEye informed CISA of the back door in SolarWinds, a little-known but extremely widespread and powerful tool. 

This signaled that the scale of the hack could be enormous. CISA’s investigators ended up working straight through the holidays to help agencies hunt for the hackers in their networks.

These efforts were made even more complicated because Wales had only just taken over at the agency: days earlier, former director Chris Krebs had been fired by Donald Trump for repeatedly debunking White House disinformation about a stolen election. 

While headlines about the firing of Krebs focused on the immediate impact on election security, Wales had a lot more on his hands. 

The new man in charge at CISA is now faced with what he describes as “the most complex and challenging” hacking incident the agency has come up against.

The hack will almost certainly accelerate the already apparent rise of CISA by increasing its funding, authority, and support. 

CISA was recently given the legal authority to persistently hunt for cyber threats across the federal government, but Wales says the agency lacks the resources and personnel to carry out that mission. He argues that CISA also needs to be able to deploy and manage endpoint detection systems on computers throughout the federal government in order to detect malicious behavior. Finally, pointing to the fact that the hackers moved freely throughout the Microsoft 365 cloud, Wales says CISA needs to push for more visibility into the cloud environment in order to detect cyber espionage in the future.

In the last year, supporters of CISA have been pushing for it to become the nation’s lead cybersecurity agency. An unprecedented cybersecurity disaster could prove to be the catalyst it needs.

“This has a silver lining,” said Mark Montgomery, who served as executive director of the Cyberspace Solarium Commission, in a phone call. “This is among the most significant malicious cyber acts ever conducted against the US government. The story will continue to get worse for several months as more understanding of what happened is revealed. That will help focus the incoming administration on this issue. They have a lot of priorities, so it would be easy for cyber to get lost in the clutter. That’s not going to happen now.”

Lyron Foster is a Hawaii based African American Musician, Author, Actor, Blogger, Filmmaker, Philanthropist and Multinational Serial Tech Entrepreneur.

Continue Reading
Comments

Uncategorized

Vietnamese electric motorbike startup Dat Bike raises $2.6M led by Jungle Ventures

Published

on

Son Nguyen, founder and chief executive officer of Dat Bike on one of the startup's motorbikes

Son Nguyen, founder and chief executive officer of Dat Bike

Dat Bike, a Vietnamese startup with ambitions to become the top electric motorbike company in Southeast Asia, has raised $2.6 million in pre-Series A funding led by Jungle Ventures. Made in Vietnam with mostly domestic parts, Dat Bike’s selling point is its ability to compete with gas motorbikes in terms of pricing and performance. Its new funding is the first time Jungle Ventures has invested in the mobility sector and included participation from Wavemaker Partners, Hustle Fund and iSeed Ventures.

Founder and chief executive officer Son Nguyen began learning how to build bikes from scrap parts while working as a software engineer in Silicon Valley. In 2018, he moved back to Vietnam and launched Dat Bike. More than 80% of households in Indonesia, Malaysia, Thailand and Vietnam own two-wheeled vehicles, but the majority are fueled by gas. Nguyen told TechCrunch that many people want to switch to electric motorbikes, but a major obstacle is performance.

Nguyen said that Dat Bike offers three times the performance (5 kW versus 1.5 kW) and 2 times the range (100 km versus 50 km) of most electric motorbikes in the market, at the same price point. The company’s flagship motorbike, called Weaver, was created to compete against gas motorbikes. It seats two people, which Nguyen noted is an important selling point in Southeast Asian countries, and has a 5000W motor that accelerates from 0 to 50 km per hour in three seconds. The Weaver can be fully charged at a standard electric outlet in about three hours, and reach up to 100 km on one charge (the motorbike’s next iteration will go up to 200 km on one charge).

Dat Bike’s opened its first physical store in Ho Chi Minh City last December. Nguyen said the company “has shipped a few hundred motorbikes so far and still have a backlog of orders.” He added that it saw a 35% month-over-month growth in new orders after the Ho Chi Minh City store opened.

At 39.9 million dong, or about $1,700 USD, Weaver’s pricing is also comparable to the median price of gas motorbikes. Dat Bike partners with banks and financial institutions to offer consumers twelve-month payment plans with no interest.

“These guys are competing with each other to put the emerging middle class of Vietnam on the digital financial market for the first time ever and as a result, we get a very favorable rate,” he said.

While Vietnam’s government hasn’t implemented subsidies for electric motorbikes yet, the Ministry of Transportation has proposed new regulations mandating electric infrastructure at parking lots and bike stations, which Nguyen said will increase the adoption of electric vehicles. Other Vietnamese companies making electric two-wheeled vehicles include VinFast and PEGA.

One of Dat Bike’s advantages is that its bikes are developed in house, with locally-sourced parts. Nguyen said the benefits of manufacturing in Vietnam, instead of sourcing from China and other countries, include streamlined logistics and a more efficient supply chain, since most of Dat Bike’s suppliers are also domestic.

“There are also huge tax advantages for being local, as import tax for bikes is 45% and for bike parts ranging from 15% to 30%,” said Nguyen. “Trade within Southeast Asia is tariff-free though, which means that we have a competitive advantage to expand to the region, compare to foreign imported bikes.”

Dat Bike plans to expand by building its supply chain in Southeast Asia over the next two to three years, with the help of investors like Jungle Ventures.

In a statement, Jungle Ventures founding partner Amit Anand said, “The $25 billion two-wheeler industry in Southeast Asia in particular is ripe for reaping benefits of new developments in electric vehicles and automation. We believe that Dat Bike will lead this charge and create a new benchmark not just in the region but potentially globally for what the next generation of two-wheeler electric vehicles will look and perform like.”

Continue Reading

Uncategorized

Binance Labs leads $1.6M seed round in DeFi startup MOUND, the developer of Pancake Bunny

Published

on

Decentralized finance startup MOUND, known for its yield farming aggregator Pancake Bunny, has raised $1.6 million in seed funding led by Binance Labs. Other participants included IDEO CoLab, SparkLabs Korea and Handshake co-founder Andrew Lee.

Built on Binance Smart Chain, a blockchain for developing high-performance DeFi apps, MOUND says Pancake Bunny now has over 30,000 daily average users, and has accumulated more than $2.1 billion in total value locked (TVL) since its launch in December 2020.

The new funding will be used to expand Pancake Bunny and develop new products. MOUND recently launched Smart Vaults and plans to unveil Cross-Chain Collateralization in about a month, bringing the startup closer to its goal of covering a wide range of DeFi use cases, including farming, lending and swapping.

Smart Vaults are for farming single asset yields on leveraged lending products. It also automatically checks if the cost of leveraging may be more than anticipated returns and can actively lend assets for MOUND’s cross-chain farming.

Cross-Chain Collateralization is cross-chain yield farming that lets users keep original assets on their native blockchain instead of relying on a bridge token. The user’s original assets serve as collateral when the Bunny protocol borrows assets on the Binance Smart Chain for yield farming. This allows users to keep assets on native blockchains while giving them liquidity to generate returns on the Binance Smart Chain.

In statement, Wei Zhou, Binance chief financial officer, and head of Binance Labs and M&A’s, said “Pancake Bunny’s growth and MOUND’s commitent to execution are impressive. Team MOUND’s expertise in live product design and servie was a key factor in our decision to invest. We look forward to expanding the horizons of Defi together with MOUND.”

Continue Reading

Uncategorized

Battery Resourcers raises $20M to commercialize its recycling-plus-manufacturing operations

Published

on

As a greater share of the transportation market becomes electrified, companies have started to grapple with how to dispose of the thousands of tons of used electric vehicle batteries that are expected to come off the roads by the end of the decade.

Battery Resourcers proposes a seemingly simple solution: recycle them. But the company doesn’t stop there. It’s engineered a “closed loop” process to turn that recycled material into nickel-manganese-cobalt cathodes to sell back to battery manufacturers. It is also developing a process to recover and purify graphite, a material used in anodes, to battery-grade.

Battery Resourcers’ business model has attracted another round of investor attention, this time with a $20 million Series B equity round led by Orbia Ventures, with injections from At One Ventures, TDK Ventures, TRUMPF Venture, Doral Energy-Tech Ventures and InMotion Ventures. Battery Resourcers CEO Mike O’Kronley declined to disclose the company’s new valuation.

The cathode and anode, along with the electrolyzer, are major components of battery architecture, and O’Kronley told TechCrunch it is this recycling-plus-manufacturing process that distinguishes the company from other recyclers.

“When we say that we’re on the verge of revolutionizing this industry, what we are doing is we are making the cathode active material — we’re not just recovering the metals that are in the battery, which a lot of other recyclers are doing,” he said. “We’re recovering those materials, and formulating brand new cathode active material, and also recovering and purifying the graphite active material. So those two active materials will be sold to a battery manufacturer and go right back into the new battery.”

“Other recycling companies, they’re focused on recovering just the metals that are in [batteries]: there’s copper, there’s aluminum, there’s nickel, there’s cobalt. They’re focused on recovering those metals and selling them back as commodities into whatever industry needs those metals,” he added. “And they may or may not go back into a battery.”

The company says its approach could reduce the battery industry’s reliance on mined metals — a reliance that’s only anticipated to grow in the coming decades. A study published last December found that demand for cobalt could increase by a factor of 17 and nickel by a factor of 28, depending on the size of EV uptake and advances in battery chemistries.

Thus far, the company’s been operating a demonstration-scale facility in Worcester, Massachusetts, and has expanded into a facility in Novi, Michigan, where it does analytical testing and material characterization. Between the two sites, the company can make around 15 tons of cathode materials a year. This latest funding round will help facilitate the development of a commercial-scale facility, which Battery Resourcers said in a statement will boost its capacity to process 10,000 tons of batteries per year, or batteries from around 20,000 EVs.

Another major piece of its proprietary recycling process is the ability to take in both old and new EV batteries, process them and formulate the newest kind of cathodes used in today’s batteries. “So they can take in 10-year-old batteries from a Chevy Volt and reformulate the metals to make the high-Ni cathode active materials in use today,” a company spokesman explained to TechCrunch.

Battery Resourcers is already receiving inquiries from automakers and consumer electronics companies, O’Kronley said, though he did not provide additional details. But InMotion Ventures, the venture capital arm of Jaguar Land Rover, said in a statement its participation in the round as a “significant investment.”

“[Battery Resourcers’] proprietary end-to-end recycling process supports Jaguar Land Rover’s journey to become a net zero carbon business by 2039,” InMotion managing director Sebastian Peck said.

Battery Resourcers was founded in 2015 after being spun out from Massachusetts’ Worcester Polytechnic Institute. The company has previously received support from the National Science Foundation and the U.S. Advanced Battery Consortium, a collaboration between General Motors, Ford Motor Company and Fiat Chrysler Automobiles.

Continue Reading

Trending