CyberWire Daily - FBI and DOJ thwart North Korean cyber scheme.
Episode Date: July 26, 2024A North Korean hacker is indicted for major cyberattacks. CrowdStrike’s in recovery mode. Phishing thrives in the wake of BSOD chaos. Wiz spells out no to Alphabet's $23bn offer. France goes full cl...ean-up. Israel's secret shield in spyware saga. KOSA and COPPA 2.0 promise safer surfing for kids. N2K’s CSO Rick Howard speaks with Steve Schmidt, CSO of Amazon, about the culture of security and what it means to the CSO role. And last but not least, hacking can happen to anyone. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s guest slot, N2K’s CSO Rick Howard speaks with Steve Schmidt, CSO of Amazon, about the culture of security and what it means to the CSO role. They touch upon the SEC reporting requirements and how testing is never done. Rick and Steve caught up at AWS re:Inforce 2024. Selected Reading US indicts alleged North Korean state hacker for ransomware attacks on hospitals (The Record) North Korean Military Hacker Indicted for String of US Attacks (Metacurity) CrowdStrike says over 97% of Windows sensors back online (Reuters) Threat Actors leveraging the recent CrowdStrike update outage (FortiGuard Labs) Cyber-security firm rejects $23bn Google takeover (BBC) ECB's cyber security test shows 'room for improvement' for banks (Reuters)  France launches large-scale operation to fight cyber spying ahead of Olympics (The Record) Israel Maneuvered to Prevent Disclosure of State Secrets amid WhatsApp vs NSO Lawsuit (Forbidden Stories)  KOSA, COPPA 2.0 Likely to Pass U.S. Senate (Inside Privacy) A North Korean Hacker Tricked a US Security Vendor Into Hiring Him—and Immediately Tried to Hack Them (WIRED) North Korean Fake IT Worker FAQ (KnowBe4) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
A North Korean hacker is indicted for major cyber attacks.
Crowd strikes in recovery mode.
Phishing thrives in the wake of BSOD chaos.
Wiz spells out NO to Alphabet's $23 billion offer.
France goes full cleanup.
Israel's secret shield in spyware saga.
POSA and COPPA 2.0 promise safer surfing for kids.
N2K's CSO Rick Howard speaks with Steve Schmidt, CSO of Amazon,
about the culture of security and what it means to the CSO role.
And last but not least, hacking can happen to anyone.
Today is July 26, 2024.
I'm Maria Varmazes, sitting in for the celebrating or napping Dave Bittner.
This is your Cyber Wire Intel Briefing.
The U.S. has indicted Rim Jong-hyuk, a North Korean military intelligence operative, for a series of cyberattacks targeting American health care providers, NASA, military bases, and other entities.
The indictment alleges Rim and the Andariel unit within North Korea's intelligence agency
accessed sensitive information and installed ransomware,
causing significant disruption and financial loss. They allegedly laundered the ransom money
through a Chinese bank to fund further cyber operations. RIM is charged with conspiracy to
commit computer hacking and money laundering. The FBI and Justice Department managed to recover
over $600,000 in cryptocurrency from the attacks.
We've got some updates for you on several stories that we've been tracking lately.
CrowdStrike reported that over 97% of its Windows sensors have been restored following a global IT
outage caused by a software update on July 19th. This outage affected critical sectors,
including airlines and financial services. CEO George Kurtz praised the collaborative recovery efforts and committed to preventing future incidents.
In their Threat Signal report, FortiGuard Labs shares analysis and insights into the latest cybersecurity threats and vulnerabilities.
The latest report details campaigns used by threat actors to spread malware, using phishing and scams to take advantage
of the recent widespread global IT outage affecting Microsoft Windows hosts. This outage is due to an
issue with a recent CrowdStrike update that can cause a bug check or a blue screen of death on
the affected Windows machines, which may get stuck in a restarting state. The BBC reports that Israeli
cybersecurity firm Wiz has rejected a $23 billion takeover offer from Google parent company Alphabet in what would have been its largest ever acquisition.
Reportedly, in an internal memo seen by the BBC, Wiz founder and chief executive Asaf Rapaport said he was, quote, flattered by the offer.
A source close to the deal told the BBC that the offer was very tempting,
but Wiz believed it was big enough to go it alone.
In other international news,
the European Central Bank has announced a cyber resilience stress test
for 109 banks under its direct supervision in 2024.
The exercise assessed how these banks would respond to and recover from a cyber attack
rather than just their ability to prevent it.
The test scenarios simulated successful cyber attacks, say that three times fast,
disrupting daily operations, forcing banks to activate emergency procedures and restore normal functions.
The ECB's first-ever cyber risk stress test was launched in a response to a surge in attacks,
some with possible
geopolitical motives. The ECB will use the insights gained to improve the bank's cyber
resilience frameworks and overall risk management practices. French authorities have launched a
major operation to remove malware from the country's computer systems ahead of the Olympics.
This disinfection operation focuses on combating the
PlugX malware, which has infected thousands of devices, primarily for espionage. The campaign,
coordinated with other affected countries, aims to enhance cybersecurity in light of increased
threats. Israel has intervened in the ongoing lawsuit between WhatsApp and NSO Group to prevent the disclosure of state secrets.
WhatsApp alleges that NSO Group's Pegasus spyware targeted 1,400 users, including activists and journalists.
NSO claims it acted on behalf of foreign governments seeking immunity, but this defense has been rejected by U.S. courts.
The U.S. Supreme Court recently allowed WhatsApp's lawsuit to proceed, marking a significant step towards accountability.
Despite this, Israel's involvement aims to protect sensitive national security information from being exposed during the legal proceedings.
The Kids Online Safety Act, or COSA, and COPPA 2.0 are likely to pass the U.S. Senate, aiming to bolster children's online privacy and safety.
COSA requires platforms to implement features preventing harms, like bullying,
and mandates the most protective settings by default for minors.
COPPA 2.0 expands protections to those under 17,
bans targeted advertising to children, and establishes a digital marketing bill of rights.
The original COPPA rule became effective in 2000.
Coming up for today's guest conversation,
N2K's CSO Rick Howard speaks with Steve Schmidt, CSO of Amazon,
about the culture of security and what it means to the CSO role. We'll be right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to
evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize key
workflows like policies, access reviews, and reporting, and helps you get security questionnaires
done five times faster with AI. Now that's a new way to GRC. Get $1,000
off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact, over
one-third of new members discover they've already been breached. Protect your executives and their
families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
AWS is a media partner here at N2K CyberWire.
In June of 2024, Brandon Karpf, our VP of Programming,
Jen Iben, our Executive Producer, and I traveled to the great city of
Philadelphia to attend the 2024 AWS Reinforced Security Conference. And I got to sit down with
Steve Schmidt, the Amazon chief security officer. I started out by asking him about the security
culture within the company. Well, it's an interesting thing to talk about primarily
because a lot of people think of computer security as a technical problem.
I don't believe that to be the case, actually.
I think it's fundamentally a people problem.
You know, there are certainly lots of tools that we have to work with, lots of things that we have to build to help secure customers and encryption and access control, those sorts of things.
But fundamentally, this is about human beings who are our adversaries.
They're people who want to get access to information that we hold.
And that's true for whether it's Amazon or anybody else out there on the internet.
And so we have to focus on what are their motivations?
What do they want?
And it's the usual kind of stuff you've probably heard about before,
actually, usually in the espionage space, where it's money or ideology or ego.
And if you think about the computer security space,
a lot of it's ego-driven. If you look at the people who want to be the best hacker out there
kind of thing, money, of course, really factors into it when you look at the people who are
ransomware actors. So, but how do you incorporate a culture of security into your internal
organization, especially at a huge organization like Amazon.
Yeah.
So a culture of security is really the only way to ensure that we're doing everything we need to to adequately secure both the enterprise that we represent,
but also to help our customers secure themselves.
And I think we've had some unfortunate examples recently in the press
about when there's an inadequate culture of security in companies.
We ended up with some nation-state actors taking advantage of some people as a result.
And so, building that culture is really something that starts from the top.
It starts from where is the security organization in the company? If you look at Amazon, we chose,
for example, to have the computer security organization directly to the CEO.
And that sets the tone for everything else that goes in the company.
Furthermore, it's not just the responsibility of the security organization to secure our business or our customers.
It's every builder in the company's job. And that's something we convey to everybody and reinforce through the way that we do our performance appraisals, the way that we look at the kind of tools that we give them, the techniques that they use to build.
And distributing that security expertise across the company means that we've got people who every single day think about security and the customers that they're representing.
to think about security and the customers that they're representing, as opposed to,
I'm a builder, I'm going to go make a bunch of software, and then security is going to come in at the end and tell me all the things that I screwed up and I got to go redo. And it's an
interesting juxtaposition because when you think about security from the beginning, it actually is
more efficient from a development perspective because there's less stuff you have to go undo.
So it works out better. It's a little bit of a bump to get over in the beginning
to get people thinking that way.
But once they do, it's more efficient for the builders
and it's better security for the company.
So Amazon's in an interesting position
where you report directly to the CEO.
That is not the case most of the places that are out there.
But I also don't think it's anything
that the CSO can influence.
Unless you don't take a job,
unless that's who you work for.
Am I wrong about that? Yeah, a lot of companies have very traditionally had the CSO report in through the CTO or legal or the CIO sometimes and that kind of thing.
And those are often representative of circumstances where the company grew up with a sort of a regulatory mindset for security.
the company grew up with a sort of a regulatory mindset for security.
It's, you know, the government says we have to have some,
and so we do, and we'll put them into, I don't know,
wherever it fits in the company.
We recognized when we started AWS as a business that without getting security right,
we literally could not have a business.
Because fundamentally, what are customers doing?
They're trusting us with their data.
They're trusting us with their business information. And as a result, we absolutely had to get security right. So it was
Andy Jassy's priority from the beginning of building the company. Andy Jassy was, for people
who don't know, Andy Jassy was the CEO of AWS. He was actually an individual who started off
in a product management role in the company and was one of the people who said, you know what,
we can do this really cool thing with renting computers by the hour. And he's now the CEO of
Amazon. All right. So the CEO in this case decided that security was essential to the products that
Amazon was going to build. Like you said, that's not the case for many organizations out there.
Do you think that the new SEC rule that came out last, they announced last summer and became official in December, that says that public companies now have to report material cyber events within four or five days, whatever the rule is.
Do you think that starts to change how CEOs will look at that going forward?
I think that it's going to be a new situation for a lot of companies to have to go figure out.
Those of us in our industry, in particular, anybody who's had federal government contracts
forever, we've had to report within a certain number of days if there were security incidents.
So it's not a change for us. But for a lot of places, security was kind of out of sight,
out of mind. And now all of a sudden, it's something that, oh my gosh, I have to pay
attention to because it may become a reportable event, something very public. The other part of that, of course, is I'm not even sure that the industry
or the SEC knows yet what this really should mean because the guidance is so vague that it's report
a material event. What's materiality in this space? I think it's one of those unsettled legal areas,
frankly, where there's going to have to be a lot of people looking at it to say, all right, what is the real threshold?
Because nobody knows.
It's brand new.
Well, I mean, Justice Thurgood Marshall back in the 70s gave a definition of what business materiality is, and it is extremely loose.
But I will say that the finance people and the SEC people and those kinds of people in business, they've had generally accepted accounting principles, gap principles forever.
The current version is as of 2009, right?
So, these are 90 rules that they've all agreed to that they need to follow.
In the cybersecurity space, we don't have that.
We wrap our head around what is material and how do we do that. And that's a big gap, for lack of a better word. I know it's actually a really apropos description
because it's the very discussion I've had with several people. In the accounting world, there
are relatively binary rules. You can do this, you may not do that. The result is a series of things
that can be independently measured by somebody else. That's gap. In the cybersecurity space, there really isn't. It's this enormous gray
area where we have to make judgments and decisions. And I think until people figure out what those
acceptable judgment points are, like you're talking about with the 90 rules, we're not going to be in
that position. And the other part of materiality is, does it actually affect the financials of the company? And in most of these
cases, the answer is no, yet companies are still reporting it. You know, if you look at the biggest
one that had to be reported recently, did that affect the stock price of that company at all?
No. So, was it material from that sense? No. Was it important? Probably.
Maybe. Maybe.
Maybe.
Okay.
Right.
But I think the famous one is the SolarWinds case, right, where the SEC decided that it was material.
And that not only that, now we're going to charge individuals in the company with fraud because what they were saying in public about how good their program was was not what was going on behind the scenes, which I find ludicrous, by the way, right?
But that's kind of the situation we're in.
And should CISOs be afraid of that at this point?
Should we be doing something different because of that?
And I don't know what you think about that.
I think there are a lot of folks
who are relooking at their career choices
in light of that.
Seriously.
It's one of these unbounded liability questions
when you look at the,
all right, so how do I determine individually if somewhere in the company there's something
which is not going the way it should be going? I think it's one thing if you know as an individual
that what you're saying is wrong, well, that's pretty straightforward. But it's a lot of folks,
especially in big companies, are saying, I can't see every corner of it. How am I supposed to know? Well, there's a difference between
reporting the details, which we all know there's all kinds of things that could be better, right?
And then what you say in public to stockholders, which, you know, and it's not lying. It's just,
I'm not giving you the day-to-day stuff that you probably don't need to know anyway, right?
Yeah, there were often discussions, well, you know, how many attempted intrusions?
That's not useful.
I'm sorry.
It's not.
What is useful for someone making a decision is, overall, what is the state of this company's behavior?
And is this, you know, an isolated incident that they're talking about here,
or is this something that's more representative of an ongoing and continual problem?
So, I'd be remiss.
We talk a lot about what CSOs do for their living, right?
So, I want to wrap this back around, okay?
You've been doing this for a long time.
What's a typical day for a chief security officer for a Fortune, what is it, Amazon, Fortune 10 or something like that?
I think that sounds about right.
And AWS, it's not even their own.
If you treated them like your own company,
it'd be a Fortune 35 company.
So that is a large, very successful company.
So what is a typical day for somebody like you?
Interestingly, the typical day for me
starts off with reading the overnight handoffs
from our on-call engineers. So, I
personally like to stay really attached to the details of things. And like many organizations,
we have a follow-the-sun model for our on-call security engineering staff.
And there's a tool that we use internally, which hands off state of things. You know,
we saw this thing occur. Here's what we're doing about it. Here are the next steps. Here's who's
on the hook, that kind of thing. I literally start my day reading those. And I guess the analogy would be
the old, you know, if you're a law enforcement executive, you read the blotter from the night
before. It's the same kind of thing here in the tech space, because it gives me an idea about what
current events look like and the kind of things that can either be, okay, it's a handle that's
not a big deal, or might turn into something interesting that we have to pay more attention to.
The rest of my day tends to be focused on a series of mechanisms.
Mechanisms are tools or processes which allow us to drive specific behaviors across the company.
It's mechanisms to review things like the state of patching across all of our fleets,
or the path to build future techniques that we're going to need
or tools that we're going to need. Because a lot of my job as a senior person is, what do we need
to have built three or four years from now that we don't have right now? And so it's that strategic
forward-looking kind of, all right, we need to be in this place or else we're going to have a
problem. A case in point there would be we have an internal authentication and authorization
stack called Midway.
Midway is a hardware MFA-based stack that we have to touch.
Actually, he's got one sticking out of his computer right there.
A button on the side of the computer in order to authenticate.
Well, a lot of people are realizing now that hardware multi-factor authentication is really,
really important.
If you look at a lot of the problems that have popped up in the last couple of years,
it's because people had single-factor authentication on accounts.
They could log in with a username and a password.
Rolling that kind of system out, the hardware MFA system out to accompany our size,
is something you don't do overnight.
We literally had to start building that about 12 years ago
in order to get it into the
state that we want now. So you're looking for things that you've got to build in the future
just by looking at what's happening today. That's right. And doing a little bit of Ouija
board prediction about where the bad guy's going to go and where do we need to be.
Do you attend sock briefings? Is that even a thing at Amazon or is it too big to have one SOC everywhere?
We actually don't have a physical SOC anywhere.
We have virtual facilities.
Basically, it's our on-call engineers.
And that handoff tool is the sort of virtual SOC briefing.
So the tool literally says, here are the things I'm working on.
Here's the state they're in.
The kind of thing you would get in a briefing.
What's at the end of the day? The end of the day tends to be the wrap-up of, okay, I'm going to go
read what's popped out of the literature or the interesting places that I like to watch today.
Make sure I'm up to speed on current events. And then look forward to the, all right,
who do we need to be talking to in customers in the next few weeks, as it were,
typically, and looking at what are they going to need to talk about? If you look at what's
happened in the last couple of weeks, what are the questions we should expect from those customers?
What's going to be worrying them? What's top of mind? We've been talking to a lot of Amazon people
at this conference, and I always tell them that there's a law in Virginia that you can't have a security conference unless you talk about artificial intelligence.
So especially at your level, how does the chief security officer at Amazon think about this new technology that's getting ready to engulf all of us?
Artificial intelligence is a thing?
Yeah.
So the fun thing about artificial intelligence is there are a lot of definitions
for it. And if you look at the model processes that are used in artificial intelligence,
it's something that people have been working on for a long time. The really interesting component
of artificial intelligence as a security problem is the difference between the way a generative AI
model behaves and normal software code behaves.
So if you think about normal software writing processes,
I have an idea, I want to instantiate it in code,
I want to build it in a way that's secure.
So I go ahead and go through these processes
with my security team on how do I build the model
and then how do I threat model it
and then how do I build the software
and how do I test it? You know, how do I red team the and then how do I build the software and how do I test it?
You know, how do I red team the software penetration test
and those sorts of things.
And that all is predicated on the fact
that the software is a static object.
It is written, I can test it,
I will always get the same results if I retest it.
Generative AI is not the same.
And in fact, my keynote at Reinforce here this year will talk a little
bit about that, about how it changes what the security professional has to think about.
This is no longer, I checked it, it's good, I'm done kind of situation. It's, oh my gosh,
models actually change because of the interactions with the end users. The software applications that
sit on top of them give different answers over time
based on the forward operation of the model, which means my testing is never done. I have to keep
retesting and come up with new ways of testing in order to keep current. So that's one of the
themes here at the conference is we're not inventing new strategies here. We're doing the
same things, but it's going to be different because it's a new tech where there's going to be some slight tweaks to it. That's what I hear you saying.
Yeah, that's very true. And it's a situation where in many cases that the ultimate end game
of the adversary is the same. They want your data. It's just the way that they get access to it that's
different. So we have to build new ways to detect it. We have to build new ways to test it. We have
to build ways that test continually as opposed to point in time. But most importantly, what we have to build new ways to detect it. We have to build new ways to test it. We have to build ways that test continually as opposed to point in time. But most importantly, what we have to do is give
our developers good guardrails so they do things safely. Understanding that there's a big difference
between the knowledge and experience that people have in the traditional code space, which they've
achieved over many, many, many years, and the generative AI space, which is relatively new.
So a software developer is learning new things.
We have to help them learn safely.
That was Steve Schmidt, the Amazon Chief Security Officer.
You can find links to the on-demand content from AWS Reinforce 2024,
including Steve's talk, in our show notes. Thank you. run smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant. Ladies and gentlemen, gather around for a tale that's both cautionary and cunning.
KnowBe4, a U.S.-based security vendor known for its robust security awareness training,
recently found itself in the crosshairs of a North Korean hacker.
So picture this.
KnowBe4, on the lookout for a software engineer for its AI team,
hires someone who seems to check all of the boxes.
Background check?
Passed. References,
verified. Photo ID, flawless, albeit a little bit AI enhanced. Despite thorough background checks
and interviews, the hacker slipped through using sophisticated identity theft and AI enhancements.
This candidate, unfortunately, was not just a tech enthusiast, but a North Korean hacker
using a stolen U.S. identity.
The plot thickens as Nobifor's new hire receives their shiny new Mac workstation
and immediately tries to load malware onto the company's network.
Nobifor's Vigilant Security Operations Center, or SOC,
quickly caught on to this cyber shenanigan,
neutralizing the threat before any damage could be done.
No data was lost, no systems were
compromised, just a near miss in the grand game of cyber cat and mouse. CEO Stu Showerman, ever the
sage, shared this incident in a blog post, not as a breach notification because there was no breach,
but as a learning moment. His message was clear. If it can happen to us, it can happen to almost
anyone. Don't let it happen to
you. So what is the lesson here? Stay sharp, invest in continuous security training, and ensure your
SOC is always one step ahead. Because in the world of cybersecurity, it's not just about if you'll
face an attack, but when. Let's keep those digital defenses strong, folks.
digital defense is strong, folks.
And that's The Cyber Wire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
Be sure to tune in to Research Saturday tomorrow,
where Dave Bittner sits down with Dick O'Brien from the Semantic Threat Hunter team.
They're going to be discussing their work
on their new findings.
Ransomware attackers may have used
privilege escalation vulnerability as zero day.
Also, they're going to provide some background
and history on Black Basta.
That's Research Saturday.
Definitely check it out.
And that's it for the Cyber Wire.
Here's wishing Dave Bittner a very happy birthday
this weekend from all of us at the team here at NTUK.
Happy birthday!
We'd love to know
what you think of this podcast.
Your feedback ensures
we deliver the insights
that keep you a step ahead
in the rapidly changing
world of cybersecurity.
If you like this show,
please share a rating
and short review
in your favorite podcast app. Also, please fill out the survey in the show notes or send us an email to cyberwire at n2k.com.
We're privileged that N2K Cyber Wire is part of the daily routine of the most influential leaders
and operators in the public and private sector, from the Fortune 500 to many of the world's
preeminent intelligence and law enforcement agencies. N2K makes it easy for companies to
optimize your biggest investment, your people. We make you smarter about your teams while making
your team smarter. Learn how at ntk.com. This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music and sound design by Elliot Peltzman.
Our executive producer is Jennifer Iben. Our executive editor is Brandon Karp.
Simone Petrella is our president.
Peter Kilby is our publisher.
And I'm your host, Maria Varmozes,
sitting in for the one and only Dave Bittner.
Happy birthday, big guy.
And thanks for listening, everyone.
We'll see you on Monday. Thank you. Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease
through guided apps tailored to your role. Data is hard. Domo is easy. Learn more at
ai.domo.com. That's ai.domo.com.