CyberWire Daily - A seemingly legitimate but actually bogus host for a proxy botnet. PowerShell Gallery vulnerabilities. Cyber incident at Clorox. Scamming would be beta-testers. Cyber updates from Russia’s hybrid war.
Episode Date: August 17, 2023Building a proxy botnet. Active flaws in PowerShell Gallery. A cyber incident disrupts Clorox. Scams lure would-be mobile beta-testers. Lessons learned from the Russian cyberattack on Viasat. An updat...e on cyber threats to Starlink. Robert M. Lee from Dragos shares his thoughts on the waves of layoffs that have gone through the industry. Steve Leeper of Datadobi explains mitigating risks associated with illegal data on your network. And hey, world leader: it’s never too late to stop manifesting a chronic cranio-urological condition, as they more-or-less say in the Quantum Realm. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/157 Selected reading. ProxyNation: The dark nexus between proxy apps and malware (AT&T Alien Labs) Massive 400,000 proxy botnet built with stealthy malware infections (BleepingComputer) PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks (Aqua Security) Clorox Operations Disrupted By Cyber-Attack (Infosecurity Magazine) Cyber Criminals Targeting Victims through Mobile Beta-Testing Applications (IC3) FBI warns about scams that lure you in as a mobile beta-tester (Naked Security) Incident response lessons learned from the Russian attack on Viasat (CSO Online) Recent Intel Report Reveals New Starlink Vulnerabilities, Increasing Concerns About the Future of Global Satellite Internet (Debrief) Hacked electronic sign declares “Putin is a dickhead” as Russian ruble slumps (Graham Cluley) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Building a proxy botnet, active flaws in PowerShell gallery,
a cyber incident disrupts Clorox, scams lure would-be mobile beta testers,
lessons learned from the Russian cyber attack on Viasat,
an update on cyber threats to Starlink.
Robert M. Lee from Dragos shares his thoughts on the waves of layoffs
that have gone through the industry.
Steve Leeper of DataDubby explains mitigating risks associated with illegal data on your network.
And world leader, it's never too late to stop manifesting a chronic cranio-urological condition.
I'm Dave Bittner with your CyberWire Intel briefing for Thursday, August 17th, 2023. AT&T Alien Labs has discovered a botnet comprising more than 400,000 proxy exit nodes. The attackers are using a seemingly legitimate company to host the proxies.
Alien Labs says, We identified a company that offers proxy services
wherein proxy requests are rerouted through compromised systems
that have been transformed into residential exit nodes due to malware infiltration.
Although the proxy website claims that its exit nodes come only from users
who have been informed and agreed to the use of the device,
Alien Labs has evidence that malware writers are installing the
proxy silently on infected systems. In addition, as the proxy application is signed, it has no
antivirus detection going under the radar of security companies. The malware is distributed
via social engineering, often posing as cracked software or games. Bleeping Computer wisely notes that users should avoid downloading pirated software
and running executables sourced from dubious locations,
like peer-to-peer networks or sites offering premium software free of charge.
Aqua Security warns that threat actors can spoof package names
in the PowerShell Gallery package repository.
They say, PowerShell Gallery modules are commonly used as part of the cloud deployment process,
especially popular around AWS and Azure to interact with and manage cloud resources.
Therefore, the installation of a malicious module could be fatal to organizations.
Moreover, attackers can exploit another flaw, allowing them to discover unlisted packages and uncover deleted secrets within the registry, which users attempt to hide by unlisting their packages.
The researchers reported the flaws to the Microsoft Security Response Center, and Microsoft says it's working on fixes.
As of August 2023, however,
the flaws remain exploitable. Cleaning product company Clorox disclosed that it sustained a
cyber incident that forced it to take certain systems offline, the record reports. The company
stated in an 8K filing, to the extent possible and in line with its business continuity
plans Clorox has implemented workarounds for certain offline operations in order to continue
servicing its customers the company is coordinating with law enforcement and has hired a cyber
security firm to assist with the recovery while the company didn't specify the nature of the incident, InfoSecurity magazine quotes Jordan Schroeder managing CISO at Barrier Networks as saying the incident response suggests that it may have been a ransomware attack.
The U.S. FBI warns that cybercriminals are spreading malicious mobile beta testing apps.
The apps purport to belong to popular cryptocurrency exchanges
and offer users large payouts if they invest in the currency. The funds are instead sent
directly to the attackers. The criminals are distributing the malicious apps via messages
on dating and networking sites. The FBI says users should not send payment to someone you
have only spoken to online,
even if you believe you have established a relationship with the individual.
CSO Online has an account of the lessons in incident response learned
when Russian cyber operators disrupted Viasat service in Ukraine
during the opening hours of Russia's invasion in February of 2022.
during the opening hours of Russia's invasion in February of 2022.
Viasat and NSA offered their analysis of the incident at Black Hat and DEFCON.
Early on February 24, 2022, as Russian forces were preparing to cross their lines of departure, a well-timed wiper attack disrupted Viasat's KA-band satellite communications,
shutting down thousands of ground-based modems.
The attack began with reconnaissance and then, around midnight, successful access to Viasat's FTP server,
a part of the infrastructure that delivers new software or updates to the modems.
The attackers dropped a wiper binary along with scripts to enumerate the network, interrogate it, and report back the status after the scripts completed execution.
Over roughly three hours, the Russian operators installed the wiper on the targeted terminals and wiped the flash memory of the modems.
When rebooted, the modems became inoperable.
Bias had lost between 40,000 and 45,000 modems. The initial wiper attack was followed by
a distributed denial-of-service attack, which complicated recovery. Viasat identified several
lessons it drew from the experience. First, incident response is a vital security capability.
Second, information sharing is both complicated and vital.
And third, it's important to have a sound baseline understanding of what normal operations look like,
the better to recognize anomalies.
One mystery endures.
How did the Russians obtain the credentials they used to gain access to Viasat's FTP server?
Investigation seems to have ruled out both brute forcing and a zero-day exploit.
An insider threat has not been ruled out. The initial Wiper attack stands out as a Russian success in a record of offensive cyber action that, for the most part, has been mediocre,
falling far short of pre-war expectations. The cyber attack against Viasat was well planned and effectively executed.
It was timed to maximize its combat support effect, and it served a traditional electronic
warfare role, jamming the enemy's communications at a crucial phase of the operation.
The Viasat incident is by now, of course, history, but other satellite communication
services remain potential
targets of cyber attack the telegraph reported saturday that ukraine's state security service
has claimed that russia's gru is attempting to deploy malware against the starlink satellite
communication system with a view to collecting data on ukrain movements. The debrief provided an update on Wednesday,
quoting an SBU report to the effect that the GRU operation represented large-scale cyberattacks
to obtain unauthorized access to Android devices possessed by Ukrainian military personnel for
planning and performing combat missions. The SBU has found 10 malware strains in the campaign, including one info
stealer whose functional purpose is to gather data from the Starlink satellite system. The campaign,
it's important to note, represents collection and not an attempt at disruption. It's espionage,
not sabotage. And finally, the ruble's recent sanctions-induced slide against the dollar, the euro, and other foreign currencies is a matter of some dissatisfaction in Russia.
The government is working to stabilize its money and has for now decided against imposing a freeze on currency trading or related speculation, Radio Free Europe Radio Liberty reports.
or related speculation, Radio Free Europe Radio Liberty reports.
One disgruntled citizen hacked a big outdoor news ticker in the Siberian oil town of Sergut to display the message, Putin is a dunderhead and a thief, 100 rubles to the dollar, you've
lost your effing mind.
Video of the crawler is provided by the Financial Times Moscow bureau chief in a tweet.
Dunderhead, which is not the word he actually used, but we're using it because we're a family show,
isn't a literal translation of the Russian that appears in the message,
but it's close enough in perlocutionary force for government work. We'll just use Dunderhead, or the original,
as allegedly manifesting a chronic cranio-urological condition.
And we'll let it go at that.
Coming up after the break, Robert M. Lee from Dragos
shares his thoughts on the waves of layoffs that have gone through the industry.
Steve Leeper of DataDoby explains mitigating risks associated with illegal data on your network.
Stay with us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks. But get this.
More than 8,000 companies
like Atlassian and Quora have continuous visibility
into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection
across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families
at home. Black Cloak's award-winning digital executive protection platform secures their
personal devices, home networks, and connected lives. Because when executives are compromised
at home, your company is at risk. In fact, over one-third of new members discover they've already
been breached. Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
We talk a lot about the importance of taking inventory of the devices on your network,
but what about the data itself?
In these days of abundant, inexpensive online storage,
it's easy for employees to adopt a pack rat behavior with their data,
hanging on to stuff just because they can.
Not to mention stuff that probably shouldn't be on your network to begin with.
Steve Leeper is VP and Product Marketing Manager at DataDoby,
and I checked in with him for insights on managing unstructured data and avoiding trouble.
Effectively, when we say illegal data,
what we're describing is fundamentally data that you do not want on your corporate system,
and that falls into a number of different categories.
So you have governance, risk, and compliance groups. So the GRC groups that are providing the guidelines for
how data is collected, how it's stored, how it's used, how long it's retained, things of that
nature. And those guidelines are going to stipulate certain types of data that you want to keep and
then certain types of data that you do not want on your systems, right? And that's going to vary from organization to organization. When it gets into, you know, truly illegal data, that can happen. And we've
discovered this at some of our customer sites, you know, where copyrighted material has shown up
embedded on corporate file systems, you know, in the form of bit torrents. So music, motion
pictures, you know, that are in torrent files, you know, those are
things that really have no reason to be on corporate file systems. There's also data that
has what we call alternate data streams. And think of that as just being embedding a file within
another file. But it can be very sneaky because you could have a text file that has an executable
embedded in it. And on
the surface, you would never know that, right? And so those kinds of things you may want to know
about because that's data that you don't necessarily want. There's valid uses for that,
but there's also nefarious uses as well with those data streams. And then some other things about
orphan data, which is data that doesn't have any valid business owner, that may be data that you don't necessarily want on your systems anymore, especially if you've divested of another entity or a subsidiary.
You may not want that data on your systems anymore.
You may be obligated to remove it.
And then finally, there's aging data as well, which is a couple of categories of that.
It's just data that gets old over time because people don't access it. It's, you know, used a lot in the beginning and then it cools off. But then you
also have worm data. So write once, read many data sets. And those you find in regulated
environments for, you know, for example, in financial services, you know, they're required
to keep maintained records according to SEC 1784F guidelines. And so they have to maintain
compliance with that. But sometimes they keep
the data longer than they need to, and that can generate some exposure. So when we say illegal
data, there's a lot of little components that build that up and can introduce risk into an
organization. You know, it strikes me that in today's era where storage is basically free,
that in today's era where storage is basically free,
that it's easy to become a pack rat.
You know, there isn't a whole lot of pressure either from corporate or the providers
to go through and be cleaning things out.
Your data buckets tend not to fill up.
Yeah, and it's interesting
that we're starting to see a change with that
because the cost to maintain this,
it's not necessarily free. There's
definitely a spectrum, right? And so you can park some data in some storage classes, which are very,
very inexpensive, but yet most of the data doesn't make its way into those. So what organizations
find is that they're just consuming more and more and more storage,
right? And it's getting untenable. So they're actually starting to look at data
minimization strategies, right? And I don't really like that term that much because it sounds like,
you know, with the tsunami of unstructured data that keeps collecting, it sounds like we're
reversing the trend with data minimization, but that's really not the case. All you're doing is just kind of slowing the tide a little bit there. But minimizing the data has value in terms of there's operational
efficiency aspects of that. You know, if you store less, then you're going to spend less, you know.
But when you're talking about risk management, you know, data that's been removed,
it can't be included in a breach, right, of your systems. It doesn't come into litigation
discovery. It's data that doesn't have to be searched for data subject access requests. So
DSARs, like with GDPR, you can make a request to an organization and say, I want to know what kind
of data you have about me, right? If data has been removed, you don't have to worry about that. It's
kind of a similar thing with like the California Consumer Privacy Act, which even outside of California, you have other states
in the U.S. that are starting to look at some form of that, right? This type of data and the
minimization really impacts more of the risk management category versus, I mean, it has
impact on cost efficiency, but risk management is kind of the long pole in the tent.
What about when an individual leaves a company?
You know, I think about in the physical world,
it's someone's responsibility to clean out their office
or empty out their cubicle.
Are we doing that on the data side as well?
You know, no, not really, not really.
What usually ends up happening is historically
the mantra for the storage teams at all these organizations has been, you keep all data forever, right?
And that included people that left the company.
So as an individual left an organization, their login would be disabled, but they would have their own private home directory where they could keep files and content that they had created.
And that would never get cleaned up, right?
Not much would be done with that.
In some cases, it would be held because,
well, this person left our company.
We're going to keep it for six months.
If they come back,
then we'll just connect them right back up to it, right?
They'll just continue to use it.
With the thought being that after six months
or nine months or some period,
they would go ahead and remove that content.
But the removing the content part never really happens. And so over time, you have more and more content that's been created by effectively
no one as far as the organization goes, because there's no one there anymore that owns that data.
And you don't know what's in there. And how do you recommend organizations
get started here? I would imagine it's easy to feel overwhelmed.
Yeah. Well, the first thing an organization needs to do is just scan their entire environment. And
that gives us a big inventory of everything that they have in the environment. And then what we do
as part of that inventory process is we start to look for, or we do look for, those pockets of
orphan data. And we present that in the form of
analytics to, you know, whoever's using the software so they can see, well, you've got
X amount of data and you have Y amount of orphan data, as it turns out, right? And we can break
that down into either who the user was that's left the company or some of these unresolvable
ideas that there's no way to determine who actually owned that data left the company, or some of these unresolvable ideas that there's no way to
determine who actually owned that data in the first place. So we can present that all to them.
So it's a bit of a peel the onion exercise, but you first start off at the macro level with,
give me everything in the environment, and then you start to look at that orphan data
and drill down from there. That's Steve Leeper from DataDoby.
And joining me once again is Robert M. Lee. He is the CEO at Dragos. Rob, as a CEO of a successful company,
surely you have been tracking what we've been seeing across the industry here,
which is waves of layoffs.
And indeed, Dragos itself has not been immune to this.
I want to get your perspective as a leader.
How do you approach this?
What goes into the decision-making
to decide when it's time to consider something like layoffs?
A bunch of companies do it a bunch of different ways. And I would be remiss to try to speak for
any of them. But how I view it and kind of from my personal experience with it, number one,
there's got to be a requirement. So I remember stepping into the boardroom when COVID first started being obvious
and it was happening.
And I was getting outside advice
and some board members and similar,
oh, you got to do a 40% layoff.
And I was like, why?
Well, everybody else is doing it
and you got to prepare for the worst, blah, blah, blah.
I'm like, no, that's, no.
What's the requirement?
Well, we want the cash to be able to last until here
because this is when we think the window's going to come back open
for venture capital or investment.
I was like, okay, let me go validate that.
And we ran the numbers and everything.
I'm like, okay, we think it's a little different,
but yeah, we need to last to here.
So we all agree as a board that this is the target.
And we're like, yep, that's the target.
I was like, cool, then I'm going to go figure out the answer.
And I think too many CEOs are just like,
take the board and go, let's do that. And it's like, nope, you are the one running the company. The management team is.
The oversight is the board, but the management team is the one that's responsible in running it.
So I'm not just going to take a requirement of go cut 40% of your staff. That's an outcome.
I'm looking for the requirement. Well, the requirement was to make the money last till X.
And so when COVID hit, we found that we actually needed to cut five people, I think it was, not 40%.
And we could do cost-saving measures in other ways.
And this latest one, what we found was essentially
everything changed pretty quickly.
I think there's a lot of easy...
There's a lot of companies that do it poorly.
And so then you throw all these companies in it together.
And the social media commentary that I've seen,
even from people I very much respect,
it just shows how very little they understand
about running a business.
And I don't mean to be snippy with that,
but the commentary of,
well, why couldn't they just do this?
Or why couldn't they just do that?
Or I can't, it's because they were chasing growth
at all costs.
And it's like, dude, you listen to one all-in podcast
and now you think you want it in every company out there.
Well, they say it's easy to throw stones
from the cheap seats.
It's super easy.
So what happened this time that made it so complex?
There was warning signs of the economy, absolutely.
And everybody saw that.
And last year or the year before,
you saw Microsoft and Amazon,
these platinum-level companies,
doing layoffs because of what they were seeing.
What they were seeing, though,
was a lot of business to consumer,
like B2C,
and the buying profile and the consumers changed,
so their business changed.
And you can't predict that.
I wonder how much you want to claim,
oh, you see it coming.
You can't predict what it is.
You may know that something bad is coming,
but you want to be precise
when you're talking about people's careers and livelihoods.
You don't want to cut 40% of your staff
when you only need to cut 10% of your staff.
They're people.
You can't treat them that way.
So anyways, what changed here
was a lot of the pressures
that enterprise companies were facing
was getting hit at a different time
than what banks were facing.
And so it seems like there's just been
this consistent layoffs for two years,
but it's been different sectors and different companies
because that market're getting hit,
that market is getting hit at a different time.
And so we came in
to the year with our traditional
growth projections that were actually pretty
conservative based on every bit
of data that we had and insights, and we
have a certain cost basis, our profile,
our cost profile for employees and everybody
else to hit that number.
And then when the Fed,
and like, I'm not trying to put this off in the government, but like, if you look, if you look at
the charts of what's happened in the market, it's insane. And I really don't think most people
understand just how crazy it was. Like prior to, I mean, Guggenheim made a phenomenal slide on this.
I, if you find it, you can always reference it later. But basically, in the history of these federal interest rate hikes,
they would happen maybe a point, two points, three points,
one time like four points,
over the course of like 36, 48 months.
What we ended up going through,
and not the exact numbers, but directionally accurate,
what we ended up going through was like a five and a half point hike
in like a 12-month period.
It never happened that it was this high of interest rates
and it never happened that it was this fast.
And that's going to have completely untold
and unknown impacts on the economy.
And what that manifested into was just breaks
getting hit on companies.
And so when you walk in one day and you're projecting,
I'm just using right numbers here,
let's say you're projecting that you're going to get
$100 million in revenue and you're going to have a $ using right numbers here, let's say you're projecting that you're going to get $100 million in revenue
and you're going to have a $70 million cost basis to do so.
And then you find out everything changed.
None of the data you were working on for the last decade matters anymore.
Everything changed and it turns out you might get $60 million in revenue.
You can't keep the $70 million cost basis.
You've got to take cuts.
And headcount is almost always the most expensive portion. So as a leader, how I approached it was transparency. I showed every bit of the data to
our employees as I showed to the board. I went through all the decisions that went in through it,
talked about all the areas we cut besides headcount to just really make that the last effort
and said, look, here's where we're at. And you may not agree with
the decision that I make, but you as shareholders, you as employees deserve to understand why I'm
making that decision. So here's all that goes into it. And then you keep it to yourself.
And what I mean by that is I've seen these CEOs go on Twitter or LinkedIn or wherever and like,
here's my picture of me crying. It's like, it is always about the people you're letting go. Always. And like, I will be the first to admit that like, I cried like a
baby every night after that happened. I mean, these are your teammates. And it was a rough
period. But you know who has it rougher? The person that gets let go. So focus on them,
be transparent. And everything will be the best it can be in a bad situation.
The last thing I would say is, I think there are companies who are massively inappropriate that did
chase growth at all costs. And we're into over 300% growth this year, and their employees paid
the price. And I do think that was always inconsistent with the market data. When your
historical five-year average of multiples on a software-based company is like 15x,
five-year average of multiples on a software-based company is like 15x, and you're chasing 38x or 50x or 100x, the floor is going to fall out at some point. But then there was a bunch of other companies
that did the historical five-year average. Hey, we've got 15x and here's what we're rolling on,
and this is what we're trying to do. That it still then fell out below that. And I find it
really disingenuous when people are coming out and saying, oh, these companies will remember you and you did horrible things. I'm like, dude, we went through
a global pandemic that we hadn't had since the Spanish flu on the back end of one of the biggest
market crashes with the biggest Fed rate hike ever. Have a little empathy that this stuff is
hard, but that doesn't mean that the leaders executing it don't have to have as much, if not
more empathy and do everything they can to take care of their employees, even after they're let go.
What about this notion that layoffs are contagious?
I do think there's probably some aspect of that, but I would hope not in any good company.
But just go back to my COVID example where board members who sit on lots of boards,
they go, these other boards I'm doing are doing layoffs. Why aren't you doing layoffs?
Right.
And so it adds a contagion, if you will, of pressure on the management team to do that.
But if a management team is doing that based on a board recommendation,
that's a very weak management team, in my opinion. So I think there's pressures,
but there's no requirement to be like that.
But I do know of companies and peers that did layoffs.
Well, it was the prudent thing to do
was cut deep and cut early.
I'm like, you're talking about people's lives.
And so I take a lot of offense to that,
but it does exist.
Yeah.
All right.
Well, Robert M. Lee is CEO at Dragos.
Rob, thanks so much for joining us.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant.
And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
You can email us at cyberwire at n2k.com. Your feedback helps us ensure we're delivering the information and insights
that help keep you a step ahead in the rapidly changing world of cybersecurity.
We're privileged that N2K and podcasts like The Cyber Wire are part of the daily intelligence routine of many of the most influential leaders and operators in the public and private sector,
as well as the critical security teams supporting the Fortune 500 and many of the world's preeminent intelligence and law enforcement agencies.
N2K Strategic Workforce Intelligence
optimizes the value of your biggest investment,
your people.
We make you smarter about your team
while making your team smarter.
Learn more at n2k.com.
This episode was produced by Liz Ervin
and senior producer Jennifer Iben.
Our mixer is Trey Hester
with original music by Elliot Peltzman.
The show was written by our editorial staff.
Our executive editor is Peter Kilby
and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Thank you. but also practical and adaptable. That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.