Search This Blog

Showing posts with label Positive Technologies. Show all posts

Positive Technologies reported on the impact of U.S. sanctions on its IPO plans

Positive Technologies head Yury Maksimov positively assessed the impact of sanctions against the company on its plans to go public. It may shorten the timing of the IPO, and the "realized threat" of sanctions has ceased to be a threat

Positive Technologies, a cybersecurity company, plans to shorten the time of a stock exchange listing due to the U.S. sanctions imposed on it. Its CEO Yuri Maksimov told about it. He did not name specific placement dates, but specified that in a month or two "the panic will pass" and "the professional community will understand how the company will develop further".

In the middle of March, E Hacking News reported about the plans of Positive Technologies to conduct an IPO at the Moscow Stock Exchange, placing up to 10 percent of the shares. The volume of the offering may be up to $200-300 million if the company's value reaches $2-4 billion by the end of 2021. According to the Telegram channel SecAtor, Positive Technologies values itself at $1 billion, while Forbes quoted a figure of $580 million.

Maksimov specified that the IPO is one of the possible tools to make the company public. He considers a direct listing, when the company's shareholders may start operations on the stock exchange, as a more likely option. "In a classical IPO a mass sale is assumed, with a greater focus on funds," but the goal of making Positive Technologies public is not to attract investments, but to find co-owners who can bring "advice, examples, awareness" to the business. In particular, the company expects that IT people will be buyers of the shares.

Another goal of a public offering is to turn the stock into a liquid instrument so that it is possible to take out large loans against it and motivate employees.

Yury Maksimov "positively" assessed the influence of sanctions on the IPO plans of Positive Technologies. According to him, when a company in the cyber security industry is listed on the stock exchange, the very risk of sanctions being imposed on it provokes fear in investors and leads to a discount in the price. If, however, sanctions are imposed on such a company before the offering, "the realized threat ceases to be a threat."

The first IPO of a cybersecurity company is being prepared in Russia

Russian cybersecurity company Positive Technologies is about to conduct an initial public offering (IPO) on the Moscow Stock Exchange. In Russia, firms from this segment have not yet been listed on the stock exchange.

Positive Technologies plans to go for an IPO. The company plans to float about 10 percent of its shares on the Moscow Stock Exchange, which may correspond to $200-300 million if the company is valued at $2-4 billion by the end of 2021. Positive Technologies declined to comment.

Apart from Russia, Positive Technologies is also present in Europe, the United States, the CIS and Africa. According to the Telegram channel SecAtor, the company values itself at $1 billion. Forbes has rated Positive Technologies as one of the most valuable Runet companies at $580 million.

The company relies on the active participation of individuals in the IPO. It should be noted that Positive Technologies primarily considers investors in the IT-sphere to be its target audience. 

Yandex, Group and Ozon are present on the Moscow Stock Exchange, but so far there is no cyber security company, said Andrey Konusov, general director of Avanpost. "This is a new move for the Russian market, and it is a very right and timely idea," he believes. 

According to Oleg Zhelezko, the founder and managing partner of Da Vinci Capital Management, any technology company will be in great demand from investors, because it is currently the most promising segment.

Positive Technologies' competitors are still skeptical about the company's decision. "The bureaucratization of public companies often prevents them from making quick decisions, which is a critical condition for the development of innovations in the cybersecurity market," said Eugene Kaspersky, CEO of Kaspersky Lab. According to him, Kaspersky Lab has enough internal resources for financing and does not need to raise additional investments, so it is not planning an IPO.

Positive technologies: fraudsters can steal money from every second mobile bank

According to the research of Positive technologies, every second mobile banking application has a vulnerability through which fraudsters can steal the money of its users.

The company selected 14 mobile apps for the Android and IOS operating systems, which were downloaded more than 500 thousand times from the Google Play and App Store.

It is noted that in 13 out of 14 applications, access to personal user data is possible. Hackers can exploit 76% of vulnerabilities in mobile banks without physical access to the device.

"None of the studied mobile banking applications has an acceptable level of security. In every second mobile Bank, fraudulent transactions and theft of funds are possible. In five out of seven applications, logins and passwords from user accounts are threatened, and bank card data may be stolen in every third application,” experts conclude.

The company's experts advise users to set a PIN code to unlock the device to limit the ability of attackers to gain physical access and never click on links from strangers in SMS and messengers.

Group-IB regularly finds vulnerabilities in banking applications, but in practice, these weaknesses are rarely used because it is easier and cheaper for hackers to use social engineering, says Andrey Bryzgin, head of the Audit and Consulting Department of the Group-IB.

Previously, Positive Technologies identified 23% more cyberattacks in the first quarter of 2020 compared to the fourth quarter of last year. The increase in cybercrime is associated with the coronavirus COVID-19.

Moreover, the number of virtual crimes began to grow. Fraudsters send emails about COVID-19 with links that lead to fake sites where users are asked to enter data from Bank cards.

Security Experts say number of network nodes in the Russian Federation accessible via RDP

Positive Technologies experts said that the number of network nodes in the Russian Federation accessible via the Remote Desktop Protocol (RDP) for three weeks (since the end of February 2020) increased by 9% and reached over 112,000.

It is enough for hackers to send a special RDP request to vulnerable Remote Desktop Services (RDS) to attack. Authentication is not required. If successful, an attacker can install and delete programs on a compromised system, create accounts with the highest level of access, and read and edit confidential information. The vulnerabilities affect Windows 7, Windows Server 2008, and Windows Server 2008 R2 operating systems.

According to Alexey Novikov, director of Positive Technologies security expert center, attacks on the network perimeter of domestic companies have begun to grow. Hackers are trying to get access over servers and get into the local network. This boom is caused by the transfer of employees to remote work.

For a secure remote connection, employees need to use a special gateway. For RDP connections needs a RDG, for VPN requires a VPN Gateway. Experts do not recommend connecting directly to the workplace.

Experts warn that opening access to individual subnets to all VPN users at once significantly reduces the security of the organization and not only gives broad opportunities to an external attacker but also increases the risk of an insider attack. Therefore, IT professionals need to maintain network segmentation and allocate the required number of VPN pools.

Positive Technologies experts emphasize the threat of remote access channels to business-critical networks and systems, for example, production and energy technology networks, ATM management networks or card processing in banks.

In addition, Positive Technologies recommends paying attention to a critical vulnerability (CVE-2019-19781) in Citrix software that is used in corporate networks. The vulnerability in PHP 7 (CVE-2019-11043), which, according to Positive Technologies, was included in the list of the most dangerous by the end of 2019, should be eliminated.