CyberWire Daily - Espionage, both online and in-person. Sabotage, both kinetic and (maybe eventually) cyber. Waterin holes, deepfakes, and the pushing of naughty words.
Episode Date: September 30, 2022North Korean operators "weaponize" open-source software. The SolarMarker info-stealer returns. A quick review of Fast Company's WordPress hijacking incident. Deepfakes, and their evolution into an und...erworld and influence ops tool. Kinetic sabotage in the Baltic raises concerns about threats to infrastructure in cyberspace. Chris Novak from Verizon with a mid-year check in. Our guest is MK Palmore of Google Cloud on why collective cybersecurity ultimately depends on having a diverse, skilled workforce. And the US arrests three in two alleged spying cases. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/189 Selected reading. ZINC weaponizing open-source software (Microsoft Security Threat Intelligence | LinkedIn Threat Prevention and Defense) Lazarus Group Affiliate Uses Trojanized Open Source Apps in New Campaigns (Decipher) North Korea weaponizes open-source software. (CyberWire) Info-Stealing Malware, SolarMarker, is Using Watering Hole Attacks… (eSentire) Fast Company hack causes obscene Apple News notifications. (CyberWire) The Future of Deepfakes. (CyberWire) Fourth Nord Stream Leak Spotted, NATO Sees 'Sabotage' - The Moscow Times (The Moscow Times) Russian spy chief: West was behind sabotage of Nord Stream (Reuters) NATO Formally Blames Sabotage for Nord Stream Pipeline Damage (Wall Street Journal) NATO: Nord Stream pipeline leaks result of "sabotage" (Axios) Pentagon chief: Too soon to say who might be behind Nord Stream pipeline attack (www.euractiv.com) First on CNN: European security officials observed Russian Navy ships in vicinity of Nord Stream pipeline leaks (CNN) Mysterious Blasts and Gas Leaks: What We Know About the Pipeline Breaks in Europe (New York Times) NATO issues 'sabotage' warning after gas pipeline explosions (NBC News) Russia’s Purported Sabotage Of The Nord Stream Pipeline Marks A Point Of No Return (Forbes) Nach Angriff auf Nord Stream 1 und 2: Ist Deutschland vor russischen Hackern sicher? (WirtschaftsWoche) 'We all have to be worried': War in Ukraine boosts energy cyberattack risks, says Petrobras executive (Upstream Online) Finnish intelligence warns Russia ‘highly likely’ to turn to cyber in winter (The Record by Recorded Future) Ukraine War Goes Hybrid (Energy Intelligence) New Warnings from Ukraine About Looming Russian Cyberattacks (VOA)a Russian Cyber Efforts in Ukraine See Muted Results, Says Panel (USNI News) Ukraine-Russia Conflict: Ukraine Alerts Energy Enterprises to Possible Cyberattack Escalation (Security Boulevard) Ukraine is Winning the Cyber War (CEPA) Hitachi Energy MicroSCADA Pro X SYS600 (CISA) Hitachi Energy MicroSCADA Pro X SYS600 (CISA) Baxter Sigma Spectrum Infusion Pump (CISA) ARC Informatique PcVue (Update A) (CISA) Delta Electronics DOPSoft (CISA) Delta Electronics DOPSoft (Update B) (CISA) Former NSA Employee Arrested on Espionage-Related Charges (US Department of Justice) Major in the United States Army and a Maryland Doctor Facing Federal Indictment for Allegedly Providing Confidential Health Information to a Purported Russian Representative to Assist Russia Related to the Conflict In Ukraine (US Department of Justice) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
North Korean operators weaponize open source software.
The solar marker Inf stealer returns.
A quick review of Fast Company's WordPress hijacking incident.
Deepfakes and their evolution into an underworld and influence ops tool.
Kinetic sabotage in the Baltic raises concerns about threats to infrastructure in cyberspace.
Chris Novak from Verizon has a mid-year check-in.
in cyberspace. Chris Novak from Verizon has a mid-year check-in. Our guest is M.K. Palmore of Google Cloud on why collective cybersecurity ultimately depends on having a diverse,
skilled workforce. And the U.S. arrests three in two alleged spying cases.
From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Friday, September 22, 2022.
Microsoft warns that the North Korean threat actor the company tracks as Zinc is targeting engineers and technical support employees working at media,
defense and aerospace, and IT services in the U.S., U.K., India, and Russia.
The threat actor is using malicious versions of open-source applications,
including PuTTY, KITTY, TiteVNC, Sumatra PDF Reader, and MU-PDF Subliminal Recording.
Microsoft believes the campaign is motivated by traditional cyber espionage,
theft of personal and corporate data, financial gain, and corporate
network destruction. Duo Securities Decipher notes that Zink uses LinkedIn to contact potential
victims, then moves to WhatsApp to send the malware, stating, one key piece of the campaigns
is the use of LinkedIn personas as initial outreach vectors for victims. Zinc actors create
fake personas on LinkedIn posing as recruiters at defense, tech, or entertainment companies
and then luring the victims into moving the conversations onto WhatsApp. Zinc actors would
at some point deliver the zetanyl compromised application to the victims. The actor has used the compromised
putty infection method in the past, but only recently started using KITI, too. KITI is a
fork of putty, and in both cases, Zink uses DLL search order hijacking in order to load a malicious
DLL onto the victim's machine. Researchers at eSentire reported this morning that the solar marker
information stealer has resurfaced. eSentire writes, the solar marker threat actors are now
leveraging fake Chrome browser updates as part of watering hole attacks. This represents a change
in tactics. Solar markers operators had been known for their reliance on search engine optimization poisoning.
A breach of Fast Company's WordPress systems allowed for a hacker to send obscene notifications via Apple News on Tuesday.
The Verge reports that Fast Company was hacked and sent out a push notification via Apple News to many iPhones that was obscene in nature.
via Apple News to many iPhones that was obscene in nature.
Apple News addressed the hack on Twitter, saying,
An incredibly offensive alert was sent by Fast Company, which has been hacked.
Apple News has disabled the channel.
There's no obvious motive behind the attack, beyond whatever slacker lulls it may have produced.
Trend Micro has published a report looking at the current and future impacts of deepfakes.
The researchers note that deepfakes have already been used in social engineering attacks,
and these attacks will increase as the technology improves.
They can now be used to fake the identities of real people
or create fictitious persona for people who never existed.
The researchers see a particular
urgency to securing biometric data across the range of biometric modalities. Some of their
concerns include the amount of content readily exposed on social media, the low cost of executing
this sort of attack, the ability to steal the identities of both well-known and ordinary people, and the ability to create identities of people who never actually existed for use in fraud schemes.
NATO has formally declared the four explosions that severed the Nord Stream natural gas pipelines in the Baltic Sea this week
to have been acts of sabotage, the Wall Street Journal reports.
The Atlantic Alliance stopped short of
attributing them to any actor, although Russia is widely suspected, as investigation is still
in process. You're Active quotes U.S. Defense Secretary Austin, who said,
Until we get further information or are able to do further analysis, we won't speculate on who
may have been responsible. That said, Western
suspicion centers on Russia, and informed speculation points to a Russian naval operation.
CNN cites multiple European sources as saying they observed Russian naval vessels in the area
shortly before the explosions. For its part, Russia sees no ambiguity in the situation at all. Who done it?
The Anglo-Saxons done it, that is, the British and the Americans are behind it,
an allegation that's becoming a routine part of Russian disinformation. Mr. Putin said,
as Reuters quotes him, the sanctions were not enough for the Anglo-Saxons, they moved on to
sabotage. It is hard to believe, but it is a fact that they organized the blasts
on the Nord Stream international gas pipelines.
They began to destroy the pan-European energy infrastructure.
It is clear to everyone who benefits from this.
Of course, he who benefits did it.
He's got one thing right.
It is hard to believe.
There are understandably jitters in Europe about the possibility that cyber attacks might disrupt energy infrastructure as winter approaches.
Finland's Security Intelligence Service said in its national security overview,
published yesterday, that it's highly likely that Russia will turn to the cyber environment over the winter.
That is, the record explains, Russia is likely to use cyber attacks to increase pressure on Europe
to abandon its support for Ukraine. The Voice of America summarizes this week's warnings from
Ukraine as CERT-UA predicted a growing likelihood of Russian cyber attacks against energy targets.
The U.S. said it's seen no specific indicators that such attacks are imminent,
but U.S. defense officials do note that Russia has shown a growing disposition
to hit Ukrainian energy infrastructure with missile strikes.
The U.S. Cybersecurity and Infrastructure Security Agency released six industrial control system advisories yesterday
covering Hitachi Energy, Baxter, Infomatique, and Delta Electronics products. Operators should
consult the alerts and consider applying the mitigations. And finally, September was Insider
Threat Awareness Month, which we trust you celebrated appropriately, getting all your
shopping for
bossware done, sending the appropriate thanks but no thanks cards to the various insider threats in
your life, shaking hands under the snapdragons and, you know, the whole nine yards of this
particular seasonal observance. You know who else is observing the insider threats? The FBI. That's
who. Indictments on charges related to alleged
spying for the Russians have been handed down in Baltimore and Denver, naming three people accused
in two separate incidents. The Colorado case involves a guy, Mr. Jarrah Sebastian Dahlke,
age 30, who apparently worked briefly this summer for the National Security Agency as an information
systems security designer. He offered to sell classified documents to someone he thought was
a Russian intelligence agent. In fact, it was the FBI, and what followed you can easily imagine.
From the Justice Department's statement about the case, his alleged motive seems to have been
monetary. He asked for payment in
cryptocurrency, which seems a lot more convenient than an envelope full of unmarked bills left in
a dead drop. The Maryland case involves an alleged conspiracy between a married couple,
Drs. Anna Gabrielian, aged 36, and her husband, Jamie Lee Henry, age 39. Dr. Henry is, or now was, a U.S. Army major
assigned as an internist to Womack Army Medical Center at Fort Bragg, North Carolina.
Dr. Gabrielian had reached out to the Russian embassy with an offer of information,
and the couple subsequently met someone they took for a Russian intelligence officer
at a hotel in Baltimore. They offered private medical information on military and government patients
and their families to the supposed Russian contact,
who in fact was an undercover FBI agent.
They explained that they were motivated by Russian patriotism
and resentment over the war in Ukraine,
where, Dr. Henry explained,
the United States is using Ukrainians as a proxy for their own hatred toward Russia.
So, while all of these accused are innocent until proven guilty,
if you're thinking about spying for the Russians, think twice.
After all, not every spy gets offered Russian citizenship.
Coming up after the break,
Chris Novak from Verizon has a mid-year check-in.
Our guest is M.K. Palmore of Google Cloud on why collective cybersecurity ultimately depends
on having a diverse, skilled workforce.
Stay with us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks. But get this,
more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls
with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30
frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting Vanta when you go to
vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk. Thank you. Learn more at blackcloak.io.
M.K. Palmore is a director in the office of the CISO for Google Cloud. We recently chatted about why collective cybersecurity ultimately depends on having a diverse, skilled workforce
and efforts M.K. Palmore and his Google Cloud colleagues are taking to improve the situation.
The statistics tell us a challenging story.
One, we know that, you know, typically speaking,
women represent somewhere close to 50, 51% of the population,
and there's nearly that much in terms of the workforce.
Their presence in technology is somewhere around the low 20 percent realm. And as you go up the ranks, those numbers
get to be smaller and smaller. People of color, Black, Latino, sometimes categorized as roughly
17, 18 percent of the workforce. And those, as it relates to technology, you'll find hovering
somewhere between 5% to 8% at any one point in time when you take snapshots of the industry.
So the struggle for organizations today, like Google and other organizations that are trying
to increase the numbers of women and underrepresented minorities in terms of
increasing the talent pool, is in moving the
needle on those numbers. Where do you go to source the talent that has the requisite skills that
you're looking for in order to bring them on board in your organization? How do you subsequently get
them on board into the organization? And then how do you, the big challenge for all organizations
is retention. How do you retain that kind of talent once you have them on board and create
a pathway for them to grow and be nurtured within the profession and ultimately succeed. So the numbers are daunting. They've
been daunting, quite frankly, for quite some time, for a number of years. And folks like myself and
others who do this professionally are engaged at any one point in time in a number of, for me,
internal issues here at Google Cloud in an effort to help move the needle on this issue
and also providing support to outside organizations
and nonprofits in this realm to also move the needle
and impact change where we can.
Well, so within Google Cloud itself, where are you finding success?
What sort of initiatives are making a difference there?
finding success? What sort of initiatives are making a difference there?
Yeah, so I think that, you know, broadly speaking, what we see in the industry is that if you can train people, if you can give them the requisite skills that they need, baseline skills, in order
to be able to compete for entry-level positions that you oftentimes are helping to set them up
for success. In fact, there are some numbers out there that will tell you that training, specific training around cybersecurity introductory skills,
is the number one way to translate someone from a zero start into the field. And we have a number
of programs, one of which that I am shepherding here under the Google Cybersecurity Action Team,
and others within Google that are much more mature and much further along
that help to enable the existing workforce. In other words, folks out there who show an interest
in cybersecurity or want to pique their interest. In other words, they want to take some exploratory
courses and try and get some exposure to the industry. We have a number of efforts underway
to actually take folks through the
training pipeline so that they get some baseline training for entry-level positions. And we also
have a number of things underway that will help to get exposure to folks who are, again, zero start,
but potentially interested in the industry. I always say there's two components that you need.
You need a level of interest and you need an aptitude. You don't necessarily need to come to the table with specific
skill sets like technology skill sets, but much of what it is that we do in cybersecurity day in
and day out can be taught and certainly it can be learned. When you're talking about training here,
I mean, is this something that Google offers internally or are folks going to outside
providers? How does that all work? Yeah, so it's happening in a number of different lanes. There
is an internal effort to increase the availability of cybersecurity training, certainly among our own
employees internally. But we also recognize that Google has a responsibility to the industry and
society overall to provide assistance in this area
because we all see the gap that exists in terms of getting qualified folks into the pipeline
and certainly expanding the aperture in terms of identifying the folks that we may bring into this profession
is a large part of what we're engaged in as it relates to Google.
In other words, identifying opportunities,
whether it be through nonprofit organizations that exist or our own efforts to deliver
cybersecurity-based training, targeting that training to women and underrepresented minorities
so that you can, again, gain some traction in an area where we know that folks have an interest
and aptitude and we can point them in the right direction and give them the skills that they're
going to need to be able to get some baseline opportunities within the field.
And as you all know, once you get in, I mean, it's sort of, you know, pick your poison in terms of how many different areas and domains and other areas of depth that you would like to go into.
But we all know that the real barrier is getting that initial job in the industry.
getting that initial job in the industry. And we are, again, putting together programs and have an effort afoot to increase that talent pool and to do it in such a way that we enable folks to
do well in that interviewing process, bring or show that they have some experience in terms of
gathering the skill sets necessary to get those entry-level jobs. And then, of course, to get in
and actually succeed. There are many of course, to get in and actually succeed,
there are many different lanes, many different efforts underway.
From your own point of view as a leader, why is this something to focus on? What does having diversity in your team provide the organization as a whole?
Yeah, so I think that from a, if we're just talking about cybersecurity
workforce, I think that this issue of creating diverse teams and cybersecurity may be the most
critical issue that organizations are dealing with now and for the foreseeable future. We have all
awakened now at this point in history and time, recognizing the importance of cybersecurity,
Now, at this point in history and time, recognizing the importance of cybersecurity, not just on business operations, but also on our lives.
So it impacts us widely as a society, but also impacts business operations.
And this issue of creating more diverse teams, I think, quite honestly, is going to help us get better at solving problems. At the heart of cybersecurity is this idea of problem solving.
And if we're not bringing different and varied mindsets and experiences to the table, we're going
to continue to use some of those old approaches to solving security problems. And quite frankly,
I think that history has shown us that we are, as an industry, probably not doing as well as we
would like to in terms of combating
adversarial techniques and tactics. And I think increasing the diversity set, in other words,
increasing the diverse teams that we point towards these problems will actually help us
solve them more quickly and potentially bring better solutions to the team.
That's MK Palmore from Google Cloud.
There's a lot more to this conversation.
If you want to hear more, head on over to the CyberWire Pro and sign up for Interview Selects, where you'll get access to this and many more extended interviews. And joining me once again is Chris Novak.
He is Managing Director for Security Professional Services at Verizon.
Chris, always great to welcome you back to the show.
As you and I record this, we are just about midway through this year of 2022.
I was going to say it's been an interesting year for cyber,
but I don't know that there's any other kind anymore.
And I wanted to just check in with you, get a little reality check on what you've been seeing in terms of how this year is comparing to your expectations.
Wow.
First off, thanks, Dave.
Always a pleasure to be here.
First off, thanks, Dave.
Always a pleasure to be here.
Honestly, I don't think if I could have gone back a year and said, let me write down a handful of predictions of what I thought 2022 would look like, I'm not sure that I would have gotten any of them right.
It's been a wild, wild year, I think, between what we've seen happening with Russia, Ukraine, and some of the follow-on effects of that into cyber, some of the crazy changes we've seen
in ransomware, you know, OT, ICS, cloud, you know, all of these, I think, are things that were
on the horizon and we knew could be a concern, but exactly how they've all manifested,
wow, it's been something else. Yeah. Is there anything that sort of rises to the top in terms
of, gosh, you know, I wasn't expecting that or,
you know, there's a surprise? Well, I mean, I think if we were to roll back into, you know,
2021, looking forward into the first half of 2022, I think there were always some concerns
about the Russia-Ukraine situation and how that was kind of bubbling up and boiling over. And
then obviously in February, we saw that go into kind of full swing. And I think that one has been an interesting one to observe and see what comes out of it, because we really haven't seen something like that from a truly substantial, you know, kinetic, you know, war activity that has had known that the cyber nexus and war exists and would exist in the future. But I don't think we had really seen an event like that play out historically with an organization or a country, for example, like Russia, that we know to have a really sophisticated and advanced adversarial component to it, the ability for them to pull off the types of attacks that we would worry about in a cyber war, for example.
I think some of the kinetic actions that we've seen the world deal with over the recent years
have been largely relegated to kinetic.
And in this case, I think we're actually starting to see more of that boil over into the cyber.
And I think we're also concerned and watching what happens from a broader geopolitical standpoint,
because we expect other
countries are watching very closely what's happening between Russia and Ukraine, looking to
see, hey, when Russia does X, how does country A, B, and C respond? And if another country were to,
you know, make an incursion or threaten another, you know, democracy out there, what might that
look like in terms of a global response, whether it be
kinetic or in this case, cyber? Yeah. I mean, looking at the big picture,
do you feel as though the cyber defenders out there, are we gaining ground or more of the
basics, that low hanging fruit we all talk about? Is the word out there and are people
taking care of those things?
So I think they are. And it's an interesting question because I'm always a big proponent of
cyber hygiene and going after a lot of the foundational elements of cyber before we worry
about all the crazy advanced sophisticated stuff. And as I talk more and more with organizations,
I'm hearing more of them doing it correctly. I feel like the
challenge is it's the groundswell of activity is keeping up or exceeding our ability to go ahead
and tackle it all. So I think people now understand what the right things are they need to be doing,
and they want to and are executing. But the big thing we hear everywhere we go, I was talking about this at RSA, I asked the audience, how many people have too many cybersecurity people?
And everybody just laughed, right?
Nobody had them.
How many have enough?
Everyone just kind of stared around the room looking to see if anyone raised their hand, right?
And so the challenge I think that we see is that the talent pool is not able to grow as fast as the need.
And I see that as being part of the bigger challenge.
I think organizations understand what they should be doing, and they largely want to do the right things.
It's a, well, if I'm only going to be at 75% staffing capacity, it means I need to figure out what of my objectives or what of my security maturity desires am I planning to execute on with 75% capacity, for example?
I know this is an unfair question, but I'm going to ask it anyway.
As you look in your crystal ball, any thoughts on where we might be headed for the second half of this year?
I would say that if I were looking in my crystal ball,
I would say that I think we're going to continue to see ebbs and flows in ransomware just because people continue to pay.
And, you know, we're continuing to see that pan out for the threat actors.
I think we're going to see governments try to choke off the money supply as a way to try to choke off ransomware.
In other words, enact other regulations or reporting and disclosure requirements around the globe that might try to inhibit or prevent organizations from paying ransoms as a way to try to knock that down.
Effectiveness of that will be TBD.
The other thing I also expect to see is continued attacks in the areas of OT and industrial control systems.
We've often largely talked about cyber as it relates to data security,
talked about cyber as it relates to data security. And I think that's kind of a holdover from the past of, you know, a lot of the data security laws, notification and disclosure obligations
were largely related to unauthorized access to data. I think we're starting to see a shift now
where attacks are looking more at OT, industrial control systems. It could be energy and utilities.
It could be manufacturing. It could be healthcare. And so those are the areas where I would say I'd probably be most concerned about the second half of 2022 and beyond because I don't think we've seen what we see as being possible to happen there.
And obviously I don't want to see it happen, but I think that's an area that has been not as well tended to both by the defenders and also by the adversaries. And so as a result,
I think we could see more activity develop in those areas. And then obviously cloud. I think
we're going to continue to see an incredible migration of organizations moving to cloud.
We saw it really, it was like a shot in the arm of adrenaline to cloud migrations during COVID.
And I think that's going to continue to happen.
And there'll be some things that I think we're going to see fall out of that in terms of
poor hygiene, shadow IT, shadow cloud, other things like that, that people are going to
be trying to move fast.
And as a result, we're going to see some bad behavior that might make its way into, you
know, what ultimately results in some incidents and breaches.
Yeah.
All right.
Well, Chris Novak, thanks for joining us.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
And that's The Cyber Wire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
Be sure to check out this week's Research Saturday and my conversation with David Prefer
from the SANS Technology Institute
on covert channels using browser bookmark syncing.
That's Research Saturday. Check it out. Thank you. Thanks for listening. We'll see you back here next week.
Your business needs AI solutions that are not only ambitious,
but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided
apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.