CyberWire Daily - On the run, caught on arrival.
Episode Date: October 21, 2024An alleged Australian scammer wanted by the FBI gets nabbed in Italy. The Internet Archive has been breached again. Researchers discover vulnerabilities in encrypted cloud storage platforms. Cisco con...firms stolen files but insists it’s not a data breach. A Chinese disinformation group targets Senator Marco Rubio. Malicious chatbot prompts can hide inside harmless ones. The DoD wants to offer senior cyber executives part-time roles as military reservists. Six years out, the specter of Spectre remains. Russian prosecutors seek prison for REvil operators. Guest Pete Newell, Founder and CEO of BMNT, talks with N2K's Brandon Karpf about challenges associated with technology adoption and change in the DoD. Microsoft uses clever deception to reel in phishers. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Pete Newell, Founder and CEO of BMNT, talks with N2K's Brandon Karpf about challenges associated with technology adoption and change in the DoD. Selected Reading Australian wanted by FBI over alleged $46 million scam arrested in Italy (The Sydney Morning Herald) Internet Archive breached again through stolen access tokens (Bleeping Computer) Severe flaws in E2EE cloud storage platforms used by millions (Bleeping Computer) Cisco Confirms Security Incident After Hacker Offers to Sell Data (SecurityWeek) Report: China’s Spamouflage disinformation campaign testing techniques on Sen. Marco Rubio (The Record) This Prompt Can Make an AI Chatbot Identify and Extract Personal Details From Your Chats (WIRED) Wanted: Weekend Warriors in Tech (Wall Street Journal) Spectre flaws continue to haunt Intel and AMD (The Register) Russia's case against REvil hackers proceeds as government recommends 6.5-year sentences (The Record) Microsoft creates fake Azure tenants to pull phishers into honeypots (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
An alleged Australian scammer wanted by the FBI gets nabbed in Italy.
The Internet Archive has been breached again.
Researchers discover vulnerabilities in encrypted cloud storage platforms.
Cisco confirms stolen files but insists it's not a data breach.
A Chinese disinformation group targets Senator Marco Rubio.
Malicious chatbot prompts can hide inside harmless ones.
The DoD wants to offer senior cyber executives
part-time roles as military reservists.
Six years out, the specter of specter remains.
Russian prosecutors seek prison for our evil operators.
Our guest is Pete Newell, founder and CEO of BMNT,
speaking with N2K's Brandon Karp about challenges associated
with technology adoption and change in the DoD. And Microsoft uses clever deception to reel in
the fishers. It's Monday, October 21st, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing.
Thank you once again for joining us here today.
Great as always to have you with us.
An Australian man wanted by the FBI for a $46 million online scam
was arrested in Milan, Italy.
This 44-year-old, described by authorities as Italo-Australian,
had been dodging law enforcement for over three years.
Interpol tipped off Italian border police, who nabbed him at Malpensa airport as he got off a
flight from Singapore. The scam itself? Well, it was a classic tech support fraud, but with a nasty
twist. Victims, mostly elderly folks, were duped into thinking their computers were compromised.
A fake error message popped up telling them to call for help. Once on the line, they were
convinced to fork over money for technical assistance that, surprise, did not exist.
The FBI's investigation estimated the gang's ill-gotten gains around $31 million. Authorities are now working on extraditing the suspect to the U.S.,
where he'll face justice for his part in this global scheme.
The Internet Archive has been breached again,
this time through their Zendesk email support platform.
The hacker, who had warned the Archive weeks earlier
about exposed GitLab authentication tokens,
accessed over 800,000 support tickets, including requests for site removals from the Wayback Machine.
Victims may have shared personal identification in those tickets, which the hacker could now access.
This comes after a previous breach where 33 million users' data was stolen
through the same GitLab token, which had been exposed for nearly two years. Despite repeated
warnings from security researchers, the Internet Archive failed to rotate many of the compromised
API keys. The hacker claims they stole 7 terabytes of data, although no proof was provided.
The breach wasn't politically motivated or financially driven, but was carried out for cyber street cred, boosting the hacker's reputation among others in the data breach community.
ATH Zurich have discovered security vulnerabilities in several end-to-end encrypted cloud storage platforms,
including Sync, pCloud, IceDrive, Cfile, and Tresorit, which together serve over 22 million users. The researchers highlight flaws that could allow attackers, especially those controlling malicious servers,
to access, modify, or inject files into users' storage.
These issues undermine the platform's claims of complete data protection.
The vulnerabilities varied by platform.
Sync had issues with key material and file tampering,
while pCloud and IceDrive also struggled with unauthorized key manipulation.
Cfile was vulnerable to password
brute forcing, and Tresorit, though faring better, still had weaknesses in key authentication.
Despite notifying the companies, not all have responded promptly. Sync claims to be addressing
the flaws, while IceDrive has opted not to fix them. This research serves as a reminder that even encrypted platforms aren't foolproof
and highlights the importance of staying vigilant with cloud storage security.
Cisco confirmed that some of its files were stolen after a hacker known as Intel Broker
offered company data for sale on a cybercrime forum.
On October 14th, Intel broker
claimed to have accessed various sensitive assets, including source code, credentials, API tokens,
and documents from companies like Microsoft, AT&T, and Verizon. The hacker also shared screenshots
to back up these claims. Cisco launched an investigation and stated that, as of now,
its systems were not breached. The stolen data came from a public-facing DevHub environment,
a resource center for customers. Cisco noted that some files not meant for public download
were exposed, but no sensitive personal or financial information was detected so far. In response,
Cisco has disabled access to the affected sites and continues to investigate. Intel Broker has
a history of targeting major companies, though the impact of this breach may be limited.
Chinese disinformation group Spamouflage has renewed its attacks on Republican Senator Marco Rubio of Florida, according to researchers at Clemson University's Media Forensics Lab.
The group first targeted Rubio during his 2022 re-election campaign, flooding social media with pro-Rubio posts to drown out legitimate content.
pro-Rubio posts to drown out legitimate content.
But in mid-September of this year,
spamouflage returned,
testing new tactics with more sophisticated anti-Rubio messaging.
Researchers believe Rubio could be the canary in the coal mine,
and China may be using these new techniques for future campaigns.
The posts, shared on platforms like ex-Twitter, Reddit, and Medium, appear more authentic, using hijacked accounts and possibly AI-generated content. Senator Rubio, a vocal
critic of China, did not directly address the campaign, but warned that China is becoming
more aggressive in its efforts to shape American opinion. Experts caution that we shouldn't
underestimate China's disinformation efforts as they become more refined and dangerous.
Security researchers have found a way to use AI chatbots for sneaky attacks that could expose
personal details. They developed an algorithm that hides malicious prompts inside seemingly harmless ones,
tricking users into sharing sensitive information like their CV data with attackers.
The researchers uploaded CVs into chatbot conversations,
and the bots sent back the personal information in the file.
Erlens Fernandez from UC San Diego, who worked on the research, compared the attack to malware.
What's fascinating here is that the malicious behavior can be triggered by a short, gibberish-like prompt without raising the user's suspicions.
In response, Mistral AI quickly patched the vulnerability, stopping the chatbot from loading external URLs via markdown syntax.
Fernandez believes this may be one of the first times an adversarial prompt led to an actual fix.
Experts advise users to be cautious about what personal data they share with AI bots
and to avoid using unverified prompts from the Internet.
The U.S. Defense Department is looking to tap
into Silicon Valley's tech talent by offering senior executives part-time roles as military
reservists. These tech pros, like chief technology officers, would serve in high-ranking positions
and be called in for short-term projects in areas like cybersecurity and data analytics.
Brent Parmitter, the Defense Department's chief talent management officer,
is spearheading the effort, aiming to bring dozens of tech professionals on board by next September,
with plans to grow the program significantly over the next few years.
This initiative marks a shift in Silicon Valley's relationship with the military,
as tech companies increasingly see national security opportunities as beneficial.
Parmider hopes to place these tech experts in roles equivalent to major or lieutenant colonel
in the Army and Air Force Reserves.
The goal is to strengthen the military's capabilities by leveraging private sector
expertise without pulling these tech pros away from their keyboards and into combat.
Six years after the Spectre processor design flaws were first revealed, researchers are still
finding vulnerabilities. Johannes Wigner and Kaveh Razavi from ETH Zurich uncovered a new cross-process
Spectre attack that bypasses security defenses, like address space layout randomization on recent
Intel processors. This attack allows hackers to leak sensitive data, such as root password hashes.
Spectre attacks exploit speculative execution,
a performance feature in modern CPUs,
to access out-of-bounds memory,
revealing secrets like passwords.
Despite Intel's MicroCode patch in March of 2024,
vulnerabilities remain in Intel's 12th to 14th generation core processors
and 5th and 6th generation Xeon chips.
AMD Zen 1 and Zen 2 processors are also affected, with Linux users at risk.
Russian prosecutors are seeking prison sentences of up to six and a half years
for four individuals linked to the notorious hacking group R-Evil.
The group,
responsible for major ransomware attacks, was shut down in 2021, with 14 members arrested by Russian authorities. While 14 were detained, only eight have faced charges related to illegal
financial transactions in a Moscow court. The defense argues that prosecutors have yet to provide concrete evidence.
Key suspects face additional charges for unauthorized access to computer information.
R-Evil became infamous for targeting high-profile individuals and companies,
such as Lady Gaga and the U.S. software provider Kaseya. Notably, Russia's crackdown on REvil followed U.S. pressure, with President
Biden urging action against cybercriminals affecting American businesses. During the
arrests, authorities seized millions in cash, cryptocurrency, and luxury items from the suspects.
Coming up after the break, our own Brandon Karp speaks with Pete Newell, founder and CEO of BM&T.
They're talking technology adoption and change in the DoD.
Stay with us. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting, and helps you get security questionnaires done five times faster
with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's
defenses is by targeting your executives and their families at home? Black Cloak's award-winning
digital executive protection platform secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact, over
one-third of new members discover
they've already been breached. Protect your executives and their families 24-7, 365,
with Black Cloak. Learn more at blackcloak.io.
Pete Newell is founder and CEO of BMNT, and he recently caught up with N2K's Brandon Karp to discuss some of the challenges associated with technology adoption and change in the DOD.
I am here today with Pete Newell, the CEO and founder of BMNT.
And Pete, today you and I are going to be talking about defense innovation and innovation adoption,
some of the core problems that we have around technology adoption.
But I'm glad, really pleased to have you join us today.
Thanks for coming on the podcast.
No, thanks so much for the invitation.
I'm looking forward to this.
So if we can just start off with your net assessment at the high level,
where do we stand today in terms of defense innovation, technology adoption for DoD problem
sets? I think, you know, largely I hate the word innovation. What defense needs to be able to do
is accelerate its accomplishment of certain missions. One of the things I learned on the battlefield, particularly in Iraq and Afghanistan,
was it was the speed of adaptation of technology
that was really a challenge. We were significantly challenged
in how long it took us to recognize that something had changed on the battlefield,
new technology, new operating concept or something.
And then being able to articulate that change in plain English
so that somebody could go out and recruit people to help solve that problem,
to build a prototype of something, to get back to the battlefield
so that people could touch it and say,
no, that's not really the problem, or yeah, you're moving in the right direction.
That cycle time or that OODA loop is turning faster and faster and faster and faster to
the point where we take so long to articulate the problem that by the time we go find people
and build a solution, the problem has already changed.
So I'm really big on talking to people about mission acceleration.
It's first understanding what the organization's mission is and what it is on the ground and what they need to do to increase that
cycle time. So what you just described to me sounds like a very human-centric process. You
described a person observing a change, a person dictating what the mission objective is, a person
taking that lesson learned and bringing it back to someone who can interpret it and turn it into a technology or a capability.
I mean, is that human cycle working today or is it not totally connected in that loop that you just described?
It varies dramatically from organization to organization to organization.
First and foremost, innovation isn't a technology problem.
We have plenty of tech.
We have old tech.
We have new tech.
We have tech we could buy.
We have plenty of technology.
It's a people problem.
And I incorrectly,
I call it a sociology problem.
It's really an anthropology problem
as I was corrected by one of my analysts.
Leave it to the analyst to be pedantic.
I got such stinking
smart people working at BM&T
that I'm almost afraid to walk into the
room and open my mouth some days.
And we encourage
them to challenge us.
Love that, yeah. You know, I had this conversation
and one said, excuse me,
and Bonta knows she's got a degree
in anthropology, but
since you're talking about culture and laws and rules and interactions, that's anthropology, not sociology.
I'll stick to my wrong definition.
It's a sociology problem because everything you just described requires a person to take action or not take action. So it's really people learning how to apply different rules
or learning how to recruit networks of people
to actually accelerate how balanced they come together.
That is the challenge of getting things done.
Now, in some organizations, they recognize that
and they're starting to train their people
and they've written what we would call a document
for how the innovation process works within the organization.
Senior leadership shows up to encourage people.
They're engaged, and the organization is starting to actually coalesce
around certain things faster and faster and faster.
That's different than organizations where there's
an entity at the
side doing something
still butted against
the rest of the bureaucracy of the organization.
Really different
application.
I can
give a shout out to the Transnation Security
Administration, which you would not imagine
would be at the
forefront of actually doing this.
But they are the first government organization to actually write a doctrine document for
innovation that explains how the process works within the organization.
They train it.
They execute it.
The TSA administrator shows up at different events around the country to actually talk and listen and do,
and then he goes back and tells the staff what they need to change.
That's an amazing change from 10 years ago.
It sounds like they've made that a cultural identity.
They've turned it into a core competency of the organization.
So as opposed to what you described as a lot of organizations having the unit that's off to the side that is doing innovation, kind of innovation
theater, actually incorporating it into the core process and the core functions of an organization.
That's actually, it's a great observation about TSA. That's not one that I would have made,
but now thinking about it, I've seen them just in the last few years adopt new technologies and new capabilities and the speed at which I even get through the
security line at almost every airport has increased. So it does seem like they are
actively making changes that we're not even aware of. Yeah, they are such an amazing test tube
for the innovation problem because their footprint in the airports is severely constrained.
That space that you see them in, that's what they get.
And everything they do to extend their mission has to happen within that space.
I think what you see coming from what I would say the view of both organizations is
they're playing the long game.
They realize that they now have to breed people internally
who play by a different set of rules,
but understand what the rules of the rest of the organization are.
So they're training a core, and they're growing them,
giving them experience,
and moving them into positions where they can actually do the work.
And at the same time, they're training on the periphery.
They're training finance people and contracting people and other people
who aren't core innovators but actually touch the system
so that when the innovation cells or whatever have to start building something
that's fragile to get something new,
they have people across the organization you can reach out to
who understand the mission, understand the rules, and will help them do that. That is different
from, say, the Defense Innovation Unit,
Naval X, AFWERX, Spaceworks, and all those others.
They don't have a large body of people to draw on, and their services
are not raising people who will eventually take those jobs.
So when somebody leaves DIU, they go shopping for somebody new.
And then they spend a year, two years,
getting out on the ground and trying to learn the job.
And then they spend a year on the job and then they leave.
So, you know, I come back to the sociology problem.
If you don't build a new school to teach new rules and then give people the opportunity to get experience applying those rules in different circumstances, you're not going to build a bunch of people to replace these.
And you're constantly going to be fishing for people to take the job. You can't scale that way.
And you're constantly going to be fishing for people to take the job.
You can't scale that way.
I'm interested then to pull the thread into the specifics here.
And you're starting to hit on why really I and this podcast have been reaching out to folks in the defense innovation world and you and your teammates and to understand these lessons learned. We work in the cybersecurity world where we've seen,
if you listen to the first episode of this podcast in 2016,
you'd be hard-pressed to realize that that wasn't today.
So what that shows is eight years,
eight years of technology development and new tools and new capabilities and the shift from on-prem to cloud
and now cloud to hybrid cloud, and multi-cloud.
And yet, we're still facing the same issues.
All of that new tech hasn't really fundamentally changed anything
because it's just been bubble gum and duct tape on top of the same old problems.
And so I'm really curious how to implement what you're talking about,
the sociological solutions to the human problems of security,
whether it's national security, defense technology,
what have you, cybersecurity.
And you started talking about education.
And so, you know, how can organizations,
whether it's DIU or Palo Alto Networks
or the DOD itself or the Department of the Navy,
how should they think about education
and implement education?
What should they be looking to accomplish there?
I think at the end of the day, you're looking for people to gain experience.
That's the hard one.
And we can talk about hacking for defense, the course, and what that does for student
teams in terms of giving them experience.
And I'll quote a Stanford student from the course
cohort that we taught. And this is a student who got to the end of it and said,
and this is, you know, I mean, Stanford student who'd been at Stanford for six years. He went to
basketball, then he went to his master's degree. And he said, in my time
at Stanford, this is the hardest class I've ever taken. He also
said, this is the only class that allowed me to use everything I ever learned at Stanford,
every network I ever built, to work on a real problem with real people that gave me real experience
that will lead to the job that I want to have.
And they harped on real, real problem, real people, real experience.
real, real problem, real people, real experience.
Those students leave the course with such a sense of confidence that they understand how to do discovery
around a problem and then do discovery around tons of
solutions and then discover pathways by which they can deliver things
that they have a pattern that will stick with them for the rest of their lives.
And that was the genesis for the development for hacking for defense
and the development of BM&T as a government-facing organization.
Well, our job is to help the government organization internally
while the Common Mission Project is focused on the education platform.
From a problem-solving standpoint,
the government has yet to internalize
a professional military or civilian education system
that does that,
except in the places where those organizations
are involved in hacking for defense
through supporting problems as problem sponsors
or by actually getting people in the classroom.
That's different than, I'll give you, I guess, the counter to that.
In the UK, hacking for defense is taught at Sandhurst, their military academy.
If you are a senior military officer, you go to, I guess, the Defense War College at King's College.
At King's College, you can get a degree in national security innovation.
The capstone course for that degree program is hacking for defense.
Those officers are now being taken from that course and being placed in higher level staffs.
So in the UK, higher level,
all the way down to the lower level,
they are starting to invest in people.
We've not figured out how to do that in the US yet.
We're still pushing things to the side
and doing a lot of one-off things,
but there's no doctrine for it.
Pete, a perfect place to end this first interview.
Thank you so much for coming on the podcast.
It's been great to have you.
I enjoyed it. We're looking great to have you. I enjoyed it.
I enjoyed it.
We're looking forward
to having you back
to talk more
and to speak more
with BM&T
and the Common Mission Project.
Awesome.
Thank you, Brian.
Thanks, Pete.
That's Pete Newell,
founder and CEO
of BM&T,
speaking with our own
Brandon Carr. with our own Brandon Karp.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted's a necessity. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing
sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com
today to see how a default-deny approach can keep your company safe and securely. Visit ThreatLocker.com today to see how a default deny approach
can keep your company safe and compliant.
And finally, Microsoft is getting clever
with phishing attackers,
using a bit of spy versus spy deception to throw them off their game.
At the B-Sides Exeter conference, Ross Bevington, who dubs himself Microsoft's head of deception,
revealed how the tech giant lures cybercriminals into fake environments designed to look like real Azure tenants.
These honeypots,
filled with fake user accounts, emails, and activity, trick attackers into thinking they've
struck gold, when in reality they're just playing in Microsoft's sandbox. Once the bad guys log in
using phishing kits or stolen credentials, Microsoft tracks their every move. It's like
handing them the keys to a mansion,
only to let them wander aimlessly while watching from the security cameras.
In 5% of cases, the attackers fall for it,
wasting time hunting for sensitive data that doesn't exist.
Meanwhile, Microsoft collects valuable intel,
IP addresses, phishing methods, and behavior patterns.
Bevington's team is fighting phishing at scale,
with Microsoft monitoring about 25,000 phishing sites daily.
For about 20% of these sites, they feed in honeypot credentials,
and for the unlucky hackers who take the bait,
Microsoft starts logging everything.
And they don't stop there.
They slow the entire experience down,
dragging out the attacker's time in the fake environment for up to 30 days.
The result?
Attackers waste time, Microsoft gains crucial intelligence,
and security teams around the world get better defense.
It's a win-win, unless you're the hacker. And that's the Cyber Wire. For links to all of
today's stories, check out our daily briefing at thecyberwire.com. Don't forget to check out
the Grumpy Old Geeks podcast, where I contribute to a regular segment on Jason and Brian's show
every week. You can find Grumpy Old Geeks where where I contribute to a regular segment on Jason and Brian's show every week.
You can find Grumpy Old Geeks
where all the fine podcasts
are listed.
We'd love to know
what you think of this podcast.
Your feedback ensures
we deliver the insights
that keep you a step ahead
in the rapidly changing world
of cybersecurity.
If you like our show,
please share a rating and review
in your favorite podcast app.
Please also fill out
the survey in the show notes
or send an email to cyberwire at n2k.com.
We're privileged that N2K Cyber Wire is part of the daily routine
of the most influential leaders and operators in the public and private sector,
from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people.
We make you smarter about your teams while making your team smarter.
Learn how at n2k.com.
This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music and sound design by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karp.
Simone Petrella is our president.
Peter Kilpie is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Thank you. platform comes in. With Domo, you can channel AI and data into innovative uses that deliver
measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to
your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.