Today: As is tradition, AWS released all the news that won't make the re:Invent keynote ahead of time, the Allen Institute for AI introduces a powerful and truly open-source AI model, and the quote of the week.
This era of enterprise software is either the dawn of a new era of corporate productivity or the most hyped money pit since the metaverse. ServiceNow's Amit Zavery talks about the impact of generative AI, how SaaS companies should think about AI models, and his decision to leave Google Cloud.
Today: the fallout from a hack that has already affected millions continues to grow, a mini funding roundup before the holiday weekend, and the quote of the week.
Welcome to Runtime! Today: the fallout from a hack that has already affected millions continues to grow, a mini funding roundup before the holiday weekend, and the quote of the week.
Was this email forwarded to you? Sign up here to get Runtime each week.
Making progress?
It's hard to believe it's only been a little over a month since governments and businesses around the world discovered that sensitive data had been stolen thanks to a vulnerability in Progress Software's MOVEit file-transfer application. Ever since late May, the list of victims has continued to grow and security experts don't think we're out of the woods just yet.
Over 140 separate organizations have reported being hit by the attacks, Techcrunch reported Thursday, and by Friday the financial services provider for millions of teachers in the U.S. confirmed that it had also been affected. While the MOVEit attack bears resemblance to other ransomware attacks in the past, this situation is playing out a little differently.
Most recent ransomware attacks we've seen were designed to encrypt the victim's sensitive data, bringing their operations to a halt.
Two years ago the Colonial Pipeline attack closed gas stations up and down the East Coast because the energy company was unable to bill customers for its services after its servers were locked, and it shut down the actual pipeline operation as a precaution.
Colonial Pipeline paid the ransom — which security experts advise companies not to do — and was given a decryption tool, but that tool worked so poorly that in the end the company recovered its data with backup tools a week later.
In this case, the Clop ransomware group believed to be behind the attacks isn't shutting down servers, which would alert victims immediately that something was wrong.
Instead, it is dribbling out the names of affected organizations over a period of weeks and threatening to release that data to the public unless money changes hands.
"It's sort of a new business model for them," Huntress senior researcher John Hammond told SC Media.
And by targeting a file-transfer tool that was designed to "guarantee the reliability of core business processes and transfer sensitive data," according to Progress Software, it's almost certain that the stolen data contains some of the most valuable information shared by victims and their customers.
The timing of the discovery of the flaw means it could have affected MOVEit customers that followed best practices and rushed to patch their software upon discovery of the vulnerability, and they still might not know if their data has been stolen.
And that's not even accounting for MOVEit customers that haven't patched their systems yet, which would be cybersecurity malpractice on their part but happens all the time.
The majority of ransomware attacks in 2022 targeted vulnerabilities that were at least three years old and for which patches had been released, according to Dark Reading.
It's relatively simple for a sophisticated attacker to target older versions of enterprise software still in use because businesses were scared to break other applications by applying the patch.
But given the news this week that SolarWinds security executives were targeted by a preliminary SEC investigation over that supply-chain security incident, the price for running insecure software could be about to skyrocket.
A MESSAGE FROM HASHICORP
Operational cloud maturity is the key to helping enterprises get the most from multi-cloud, slash costs, and maximize ROI with respect to speed, risk, and efficiency. Highly mature organizations are less likely to waste money on avoidable cloud spending, have an easier time dealing with cloud security issues, and better cope with the ongoing shortage of cloud skills. See the third annual State of Cloud Strategy Survey, commissioned by HashiCorp and conducted by Forrester Consulting.
Enterprise funding
(Runtime will be off for the Fourth of July holiday next Tuesday, so here's a mini roundup of new funding raised by enterprise tech startups this week.)
Fly.io raised $77 million to expand its boutique public cloud services, and wrote a very funny blog post about the whole thing.
“We at JPMorgan Chase will not roll out generative AI until we can mitigate all of the risks." Larry Feinstein, head of global tech strategy at JPMorgan Chase, during the Databricks Data + AI Summit.
TSMC was hit with a ransomware attack by the LockBit organization, which demanded $70 million to prevent it from publishing data stolen from the chip maker through one of its IT suppliers.
Developers working with Twitter's APIs are running into a lot of technical issues weeks after the company jacked up prices for those APIs, according to Mashable.
Operational cloud maturity is the key to helping enterprises get the most from multi-cloud, slash costs, and maximize ROI with respect to speed, risk, and efficiency. Highly mature organizations are less likely to waste money on avoidable cloud spending, have an easier time dealing with cloud security issues, and better cope with the ongoing shortage of cloud skills. See the third annual State of Cloud Strategy Survey, commissioned by HashiCorp and conducted by Forrester Consulting.
Thanks for reading — Runtime is off Tuesday for the holiday, see you Thursday!
Tom Krazit has covered the technology industry for over 20 years, focused on enterprise technology during the rise of cloud computing over the last ten years at Gigaom, Structure and Protocol.
Today: As is tradition, AWS released all the news that won't make the re:Invent keynote ahead of time, the Allen Institute for AI introduces a powerful and truly open-source AI model, and the quote of the week.
Today: Microsoft shores up its AI strategy heading into a pivotal year, Meta is getting into the AI SaaS business with the former leader of Salesforce's AI division, and the latest enterprise funding.
Today: OpenAI would rather ChatGPT users spend more time using its tool than other "copilots," HPE rolls out a new supercomputer design, and the quote of the week.