CyberWire Daily - Two sets of China-linked cyberespionage activities. Mirai’s new vectors. A Cozy Bear sighting. Anonymous Sudan gets less anonymous.
Episode Date: June 23, 2023An update on Barracuda ESG exploitation. Camaro Dragon’s current cyberespionage tools spread through infected USB drives. The Mirai botnet is spreading through new vectors. Midnight Blizzard is out ...and about . Ukraine is experiencing a "wave" of cyberattacks during its counteroffensive. Karen Worstell from VMware shares her experience with technical debt. Rick Howard speaks with CJ Moses, CISO of Amazon Web Services. And Anonymous Sudan turns out to be no more anonymous or Sudanese than your Uncle Louie. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/120 Selected reading. Barracuda ESG exploitation (Proofpoint) Beyond the Horizon: Traveling the World on Camaro Dragon’s USB Flash Drives (Check Point Research) Chinese malware accidentally infects networked storage (Register) Akamai SIRT Security Advisory: CVE-2023-26801 Exploited to Spread Mirai Botnet Malware (Akamai). Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices (BleepingComputer) Neuberger: Ukraine experiencing a ‘surge’ in cyberattacks as it executes counteroffensive (Record) Microsoft warns of rising NOBELIUM credential attacks on defense sector (HackRead). Anonymous Sudan: neither anonymous nor Sudanese (Cybernews) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
An update on Barracuda ESG exploitation.
Camaro Dragon's current cyber espionage tools spread through infected USB drives.
The Mirai botnet is spreading through new vectors.
Midnight Blizzard is out and about.
Ukraine is experiencing a wave of cyber attacks during its counteroffensive.
Karen Warstel from VMware shares her experience with technical debt. Rick Howard speaks with CJ Moses, CISO of Amazon Web Services.
And Anonymous Sudan turns out to be no more anonymous or Sudanese than your dear Uncle Louie.
I'm Dave Bittner with your CyberWire Intel briefing for Friday, June 23, 2023. Proofpoint has tweeted updates on what the firm's researchers are seeing in the wild
concerning exploitation of CVE-2023-2868,
the vulnerability recently found in Barracuda's email security gateway.
As you might expect, it's an espionage caper.
The threat group seen working against this particular vulnerability is UNC-4841.
Proofpoint calls them an aggressive and highly skilled actor conducting targeted activity.
The group is generally and credibly believed to be acting on behalf of the Chinese government.
Its targets geographically have been the United States,
Norway, Taiwan, and Poland.
By sector, UNC 4841 has been most interested
in academic institutions, defense establishments,
and the U.S. federal government.
Michael Ragge, staff threat research engineer at Proofpoint,
emailed a high-level summary of the activity the researchers found, stating,
Proofpoint has observed intermittent exploitation attempts by Chinese state-aligned threat actor UNC-4841 targeting CVE-2023-2668 from October 2022 through May 29, 2023.
This vulnerability was being actively used in the wild by an APT actor as recently as three weeks ago.
While the phishing campaigns involved conventional espionage operations,
the threat actor also exhibited a sustained focus on scientific research, energy entities, and public health data,
which demonstrates a more complex tasking than initially disclosed publicly.
This zero-day vulnerability continues an increasing trend of vulnerable email gateway appliances
being exploited via advanced exploits contained within phishing emails.
Barracuda has issued both mitigations and patches.
Another cluster of espionage activity attributable to China
is the subject of research by Checkpoint.
The firm's researchers have released a report
focusing on a USB-propagated malware campaign
that it attributes to the Chinese-based espionage group Camaro Dragon.
The Checkpoint research incident response team
discovered the malware while investigating
an incident in a European hospital earlier this year. They wrote, the investigation showed that
the malicious activity observed was likely not targeted but was simply collateral damage from
Camaro Dragon's self-propagating malware infections spreading via USB drives. Patient 0, as Checkpoint calls the first victim,
initially received the infection while attending a conference in China and connected a USB drive
to a colleague's already infected computer. The malware hides all of the victim's files on the
drive and shows a program that appears to merely display the files, but which launches a backdoor in the background.
The tools involved in the infection,
WispRider and HopperTick,
seem to align with other tools used by Camaro Dragon,
including TinyNote, a Go-based backdoor,
and HorseShell, a malicious router firmware.
Checkpoint explains,
The ability to propagate autonomously and uncontrollably across multiple devices
enhances this threat's reach and potential impact.
This approach not only enables the infiltration of potentially isolated systems,
but also grants and maintains access to a vast array of entities,
even those that are not primarily targeted.
The researchers have since
noticed several newer variations of these backdoors, all seeming to originate in Southeast Asia.
Checkpoint reports that Camaro Dragon uses its own FTP servers and third-party services like
Google Drive to exfiltrate data. Propagation by touch, in this case touch by a USB drive, makes the virus metaphor
an unusually apt one. Cover your cough and watch where you stick those dongles. A version of the
Mirai botnet is exploiting vulnerabilities affecting D-Link, Ares, ZyZle, TP-Link, Tenda,
Netgear, and MediaTk devices, bleeping computer reports.
According to Palo Alto Networks Unit 42,
the threat actors have the ability to gain complete control
over the compromised devices,
integrating those devices into the botnet.
These devices are then used to execute additional attacks,
including DDoS attacks.
Akamai has observed Mirai botnet samples exploiting CVE-2023-26801,
a command injection vulnerability affecting certain versions of LB-Link wireless routers.
The researchers state this can lead to various security risks including unauthorized access,
device compromise, and further exploitation within the network.
authorized access, device compromise, and further exploitation within the network.
Microsoft has released a new intelligence profile on a Russian Foreign Intelligence Service threat actor it now calls Midnight Blizzard, formerly Nobelium.
This threat actor targets government agencies, non-governmental organizations,
and diplomatic personnel in an intelligence gathering operation.
Microsoft writes,
They utilize diverse initial access methods ranging from stolen credentials to supply chain attacks,
exploitation of on-premise environments to laterally move to the cloud,
exploitation of service providers' trust chain to gain downstream customers,
as well as ADFS malware known as Foggy Web and Magic Web. Midnight Blizzard
is tracked by partner security companies as APT29, UNC2452, and Cozy Bear. Midnight Blizzard uses a
cyber fire-and-maneuver technique, moving between low-reputation IP addresses that are used for only a short period of time.
This helps them obfuscate their operations.
In response to this threat actor, Microsoft announced that it has added protections to Defender Antivirus,
Defender for Endpoint, Defender for Cloud Apps, and Azure Active Directory.
In full disclosure, we note that Microsoft is a CyberWire partner.
In full disclosure, we note that Microsoft is a CyberWire partner.
The Russian intelligence agents and their privateers, auxiliaries, and front groups have, of course, been active in the war against Ukraine.
U.S. Deputy National Security Advisor Ann Neuberger told the FT Cyber Resilience Summit yesterday,
We know Ukraine is currently experiencing a significant surge in cyber attacks in parallel to the kinetic aspects. The record reports that she specified neither the
scope of the attacks nor the sectors that were receiving hostile attention. And finally, some of
the Russian hacktivist auxiliaries are more deniable than others. There's a growing consensus
that Anonymous Sudan,
which represents itself as a hacktivist organization
with Islamist sympathies operating in Sudan,
is neither an anonymous affiliate nor Sudanese.
Cyber News summarizes the evidence
that points to the group's status as a killnet affiliate,
which means in turn that it's working for the Russian intelligence services.
Much of the evidence leading to the conclusion that Anonymous Sudan is a Russian front group
comes from research by Australian security firm CyberCX, and Anonymous Sudan wasn't happy about
being outed. The group yesterday said it had conducted a DDoS attack against CyberCX's website,
explaining, the reason for the attack, CyberCX's website, explaining,
The reason for the attack, stop spreading rumors about us, and you must tell the truth and stop
the investigations that we call the investigations of a dog. The dog insult is a nice but too obvious
gesture toward the culture of the Sahel region of Africa, where dogs are proverbial dirty, low,
of the Sahel region of Africa,
where dogs are proverbial dirty, low, snappish, and thieving,
but really, few will be deceived.
There were no signs of disruption on CyberCX's website this morning, by the way.
Straight up, Anonymous Sudan is Russian,
and CyberCX, you can tell Anonymous Sudan
that you're happy to be top dog in their book.
Coming up after the break,
Karen Worstel from VMware shares her experience with technical debt.
Rick Howard speaks with CJ Moses,
CISO of Amazon Web Services.
Stick around.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews,
and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io. Karen Worstel is Senior Cybersecurity Strategist at VMware,
and she previously held CISO positions at both Microsoft and AT&T, where she led her teams
through the challenging and sometimes daunting task of digital transformation.
I spoke with Karen Worstel about the notion of technical debt.
She shares her insights.
So McKinsey & Company has come out recently with some articles around this topic,
which I highly recommend.
And they basically say that it's the tax on any development project or digital transformation that a company wants to undertake, but must first address previously unaddressed issues in the infrastructure or whatever the development platform, whatever those might be.
So things that were left undone before that now will be a barrier to getting
something new completed. And that's how they kind of define it in a broad way. So it could be
anything relating to process and procedure, to be honest, to application debt for things that are like,
ship it now and we'll fix it later,
infrastructure, inventory.
So there's a ton of different places where this can show up.
But that's kind of how, in a very general high-level term,
that's how McKinsey defines it. And they say that it accounts for 40% of the balance sheet in IT.
Can we dig into that a little bit?
How does it have such a large hit there on the balance sheet?
Well, it depends on each organization.
Obviously, that's not going to be true for every company.
But in my experience, when I led major transformation projects, there was a saying that we had, which is, is it done or is it done done?
So there's a lot of things that get put in place.
One of my favorite examples that people don't think about a lot, but we all feel every month is patches.
every month is patches.
So whether it's a Patch Tuesday patch,
a security upgrade patch,
or some other sort of upgrade,
or whether it is our system is down and we are working with the vendor on tier three support
and they sent us a patch
and we have to put that in the system
in order to bring it back up again.
And the question we would ask, my boss would ask, is, what does the patch do?
Well, we don't know. The vendor gave it to us.
And so, like, what's it going to affect?
Well, we're not really sure. We just need to get the system back up again.
again. That's an example of the kind of thinking and the kind of very pervasive practices that lead to an accumulation of technical debt. Another thing that is a great example is I was at the
Sedona conference recently, and they were reviewing a draft of some guidelines on incident response.
And so as I was reading the draft, one of the things that
came out was the very first thing that every organization must do in order to have a solid
incident response plan is to have a data inventory. And I almost snorted my coffee, my morning coffee
out my nose because I'm like, yeah, I get that. That's a really good idea. Who does that? Nobody.
I'm like, yeah, I get that. That's a really good idea. Who does that? Nobody. Nobody has a data inventory. We're lucky if people know where all their IT technical assets are. And that is a
form of technical debt. And we've watched it grow over the years as we've chased the next new thing.
So I think of it in terms of security as we've chased the next new thing, right? In terms
of capability, functionality, business, things that keep our business competitive. We leave behind
those things that are sort of the done-done. And in many cases, that has to do with security.
And we figure that we'll come back to it later and we never do.
And that gap has grown over time.
I just, just this week,
I saw someone say that ransomware operators
are technical debt collectors.
Oh, excellent.
Yeah, I might use that.
It's true.
I mean, the reason that we,
the 80% of ransomware, I saw a thing on, you know, in the industry rags recently, 80% of ransomware is due to misconfigurations.
Misconfigurations are technical debt. So then your question was, what do we have to, what should we do about it?
And my answer has evolved into, you have to tie it to a business imperative that people care about.
So in McKinsey's article, their example is every new digital transformation project has to have a technical debt tax.
has to have a technical debt tax. That tax shows up as 20% has to be allocated to the retirement of the technical debt associated with this project. It's an outcome that is a required
outcome that's managed through the governance process with some teeth behind it. So that we
recognize the fact that it's not like it's problem to go
out there and try to scrape together money to go out and fix technical debt it's the business's
appetite for new capability that has to be it has to be recognized that we got here in an honest way
but now we have to do something about it it's sort of
like finally going and cleaning your room like you know it's like you finally you can't just kind of
like keep ignoring it or keep ignoring parts of it forever you have to eventually go in there and fix
it so putting that tax on the project is one way of doing it, but it also has to have that top level
oversight and governance that says, yes, we're going to track this. Yes, we're going to make
you do it. And there's no sliding past it and trying to like get it, get out of jail card.
You have to, you know, everybody has to understand that this out of jail card you have to you know everybody has
to understand that this is the reason why we have to do it now the companies that do and we saw this
in our own effort was um at another not a vmware another company the upside of it is that they're
the payback is in the millions and millions and millions of dollars. And so you can go put that tax and clean up the technical debt and thinking that it's like a non-value-added activity.
But the truth of it is that it pays itself back in faster time to market with new capability, Less time spent doing break-fix.
Deploying the defect-free code.
I've been saying this for years, but McKinsey's article finally validates this.
What about the pressure to ship?
Our competitors, they're not worrying about that silly technical debt.
They're going to beat us to market, and then it won't matter that our technical debt is taken care of because we'll be out of business.
Yeah, that's the AI conversation right now.
Right.
We can't dare slow down.
What if we slow down, somebody else will do it?
Some of that's probably fear.
Some of it's probably reality.
Where I think this is going to start to shift is in the whole concept of duty of care.
First of all, the obligation to be clear about this is the state of being of us, right?
We need to know where we are.
Like Ray Dalio is really clear about, you know, you can't, there's all kinds of great sayings out there.
Ray Dalio has one, Jesse Hitzler,
he just basically says,
be where your feet are, right?
That's about being present,
but it's also about like,
I say, you know, make a stand,
but you better know where your feet are.
We need to be brutally honest with ourselves so that we can be transparent and have integrity.
And integrity is everything with others.
I can't, if I am making representations to my executive management that everything is fine when it's not, that's on me.
And the problem with that is that chain continues all the way to the board of directors.
So nobody really knows where we are.
And that means that we're not operating with our fiduciary obligations and accountability to the company or to our stakeholders.
There's always going to be that drive that comes from that place that says,
I have to win this. And the only way to win this is to cut corners. But I think more and more,
we're seeing that that's not really the path to winning. And I believe with all my heart that it's
not the path to winning. Ultimately, you might win in the short run, but you won't win in the long run.
That's Karen Worstel from VMware.
There's a lot more to this conversation.
If you want to hear more, head on over to the CyberWire Pro
and sign up for Interview Selects,
where you'll get access to this and many more extended interviews. Continuing with our series of interviews,
my CyberWire colleague Rick Howard gathered at the recent AWS Reinforce conference.
Today, Rick speaks with CJ Moses,
Chief Information Security Officer of Amazon Web Services, sharing his take on resilience.
The Cyber Wire is an Amazon Web Services media partner. Disneyland in Anaheim, California, to attend their AWS Reinforce Conference and talk with
senior leaders about the latest developments in securing the Amazon cloud. I got to sit down with
CJ Moses, the Chief Information Security Officer at AWS, and we were discussing resilience as a
cybersecurity first principle strategy. But he added a nuance to the definition of resilience
that I hadn't considered before.
He makes a distinction between availability and durability. You can look at resilience from
different dimensions. You know, obviously your traditional availability type of thing,
but then you also have a durability. And quite honestly, if you're prioritizing,
you want to prioritize durability because if I'm down for two minutes, but yet I still have your data and it's available when it comes back on, you're accepting that sometimes things happen.
And there's a whole process we go through to make sure it doesn't happen again.
But the inverse is not the case.
If we lose your data or somehow there's an issue from a durability perspective, then that's not a good day for either of us and you're really not happy with us.
So a lot of, you know, there's prioritization placed on durability over resilience or over availability.
But at the same time, both are exceptionally high bars.
And you have to do, from a resiliency and from that perspective,
we have planning that we have to do with each of the teams, the different services,
because the models for each are different.
S3 being a highly durable model and a highly available model needs to be available.
I'm not sure I get the dark screen durability and availability.
Tell me, walk me through that again. Very specifically, availability is if you have a piece of data stored in S3,
our simple storage service, and you request access to it,
and it's available, you then get it.
If there's an availability issue, you don't get it.
Durability is if you ask for that piece of data,
and I come back with a fault saying i don't have
it it's no longer durable i no longer have the data and therefore we have a problem and can't
get it yes and the durability model you know s3 was created on a durability model of uh you know
of nine nines it's like lots of nines so it essentially, we'll lose one piece of data every gazillion years
or something of that nature. I'm not good at math, so don't call me on that. Wait, wait, let me write
that down. Yeah, right. It's all in the documentation. Feel free to read the website. I used to actually
know all that stuff, but my brain's been filled with other things these days. So there is a huge
difference between availability and durability. At the same time, customers really demand and should be given both.
And that's when you tie those things together.
Resilience is a big part of that.
Another big part of resilience, we look at, you know, the benefit of the cloud is that we are highly resilient,
that we can stay up in face of all kinds of threats.
Can we always do so?
No, at large scale, things will fail
and we have to plan.
And we've seen those things happen,
you know, recent days included.
Yeah.
And although things happen,
one of the things you have to do is make sure,
I know we're far away from strategy,
so we'll someday get back to that.
No, no, resiliency is a strategy,
so I'm fine with that, okay. No, no, resiliency is a strategy, so I'm fine with that.
Okay.
No, but so one of the things that you have to make sure is that you'll learn a lot more in failure than you ever will in success.
And every time we have any kind of issue, we are very diligent in reviewing that to ensure that we've done the right things and are continuing to do the right things.
ensure that we've done the right things and are continuing to do the right things. You've likely heard of this before, a correction of error, a COE, and a, you know, essentially a root cause analysis
with, on top of that root cause analysis, what are the action items that you are definitively taking
with named actors and due dates for doing those things, and we track them to make sure that they are done, such that, again, don't want to, you know, ball-peen-hammer your toe a second,
or your thumb, whatever, a second time.
So putting my customer hat on, right, watching how Amazon handles a major outage,
I would like to have the same capability on my little startup, right?
When I do something stupid and it breaks, I would like to have a push button. It just starts over there now, right? When I do something stupid and it breaks, I would like to have a push button.
It just starts over there now, all right? And I can continue delivering my service, right?
Well, the capability exists for you to be able to do so.
Yeah. It's just a little bit hard right now.
So I totally get where you're going. And that's the thing is, is that
we're not there yet for all the things.
Yeah, I get it.
But 15 and a half years ago when I started, you have to take into account, you know, I'll give you some history, some back in the day type of stuff.
Oh, yeah.
Feeling older by the second.
When I started, AWS was five services, one region.
The security model was the user ID and password that you used to buy books with.
Same one. Is that right? There were no multi-accounts. password that you used to buy books with. Same one.
There were no multi-accounts. There was no nothing. Your whole account, you were running
your business, although it might've been out of Starbucks off your laptop. That's what it was.
So we've come a long way. We still have a ways to go. And some of the things that essentially in
the military, we used to call it the football. Press the button. We had a whole new disaster recovery environment.
This is something that has been created.
We do have lots of companies use very similar things.
Infrastructure as a code is a wonderful thing.
The days of back in the day when I was at the FBI or actually when I was at OSI,
we didn't call them advanced persistent threats because that didn't even exist yet.
But that's what we were dealing with.
And if you had one of those get into a network that you're somehow responsible for, you had a hard time getting them out.
In some cases, you had to shut everything down and start from scratch elsewhere.
In the physical world, that's a nightmare.
That's expensive.
You're down for a long time.
In the cloud, just like you just said, your startup.
Just flip the switch.
Press a button, boom, you got another one
and it's maybe in another region elsewhere
or maybe that's the reason you're doing this
because of survivability
or as we were talking about earlier,
you know, resilience.
But that model is very doable
and understanding that we don't have the service
that says, okay, you've established your whole environment.
We just got to, well, we do have the tools to do it,
but a service to do it on your behalf to cookie cut or copy.
Yeah, we looked at the tools.
Yes, I would.
Yeah, just make it a little bit easier.
That's all I'm asking.
So we're at the end of this, CJ.
What's the Twitter line for the conference, right?
What's the takeaway that we should have for here?
Any chance we get, we need to make security the path,
the most secure methods, the path of least resistance.
Humans by nature are lazy.
I'm lazy.
I'm lazy.
It's just the nature of humans.
And if you make the more secure path,
the path of least resistance, we'll all be better off for it.
That's a fantastic way to end this conversation.
I appreciate it, C.J.
That's some really good stuff.
Thank you very much.
Absolutely.
I appreciate it.
I look forward to trying to come back and we can talk some more.
Excellent, man.
Thank you, sir.
Thank you.
That's the CyberWire's own Rick Howard speaking with C.J. Moses, CISO of Amazon Web Services.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Thank you. Thank you. Thank you. Thank you. Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you.
Thank you. Thank you. Thank you. Thank you. Thank you. And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
Be sure to check out this weekend's Research Saturday and my conversation with Ian Aul from Permisso's PZERO Labs.
We're discussing Unmasking Gooeyville, a financially motivated cloud threat actor. That's Research Saturday. Check it out. Thank you. enforcement agencies. N2K Strategic Workforce Intelligence optimizes the value of your biggest
investment. We make you smarter about your team while making your team smarter. Learn more at
n2k.com. This episode was produced by Liz Ervin and senior producer Jennifer Iben. Our mixer is
Trey Hester with original music by Elliot Peltzman. The show was written by John Petrick.
Our executive editor is Peter
Kilby, and I'm Dave Bittner. Thanks for listening. We'll see you back here next week.
Thank you. into innovative uses that deliver measurable impact. Secure AI agents connect, prepare,
and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard.
Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.