Industry roundup 25 January
by Graham Buck
Russia’s planned crypto ban criticised
Russia’s renewed crackdown on cryptocurrencies – which follows last September’s announcement by China’s central bank that all cryptocurrency transactions are illegal – could destroy several technology industries and drive the country’s IT professionals abroad, warns Pavel Durov, CEO and co-founder of the Telegram messaging app.
On 20 January, Russia’s central bank published areport ptoposing a blanket ban on domestic cryptocurrency creation, trading and mining; citing the dangers they pose to the country’s financial system. The report stated that the risks of crypto are “much higher for emerging markets, including Russia” and the speculative nature of digital assets has created a bubble.
The report also compared Bitcoin and its peers to pyramid schemes undermining the sovereignty of the nation’s monetary policy and suggested that crypto mining harms the country’s green agenda and puts Russia’s energy supply at risk
However, at the weekend the Russian-born Durov wrote in his messaging platform, the Telegram channel: “The Bank of Russia suggesting a total ban on cryptocurrencies is throwing the baby out with the bath water. None of the developed nations is banning cryptocurrencies.” Any crackdown would “destroy a number of sectors of the high-tech economy.
“Such a ban will inevitably slow down the development of blockchain technologies in general. These technologies improve the efficiency and safety of many human activities, from finance to the arts.”
Durov acknowledged that the “desire to regulate the circulation of cryptocurrencies is natural on the part of any financial authority,” but concluded “such a ban is unlikely to stop unscrupulous players, but it will put an end to legal Russian projects in this area.”
The proposed ban was also criticised by Leonid Volkov, chief of staff to Russia’s imprisoned opposition leader and founder of The Anti-Corruption Foundation (FBK) Alexei Navalny. Volkov suggested that banning cryptocurrencies would prove “impossible” and cited a 20 January report by Bloomberg that claimed Russia's Federal Security Service (FSB) was instrumental in advancing the ban as crypto can be used to finance “non-systemic opposition and extremist organisations.”
He added that he was “sure that the Bloomberg version, in this case, is 100% close to reality, but nothing will happen” because Russians would be more likely to use crypto to buy drugs rather than donate it to the Moscow-based non-profit FBK.
“Technically, banning cryptocurrency is the same as banning person-to-person transfers. Yes, they can make it very difficult to deposit funds on crypto exchanges, which means that intermediary services will simply appear that will do this through foreign jurisdictions and transaction costs will rise.”
The Bank of Russia is proposing three amendments to the nation's existing regulations: banning crypto as a means of payment for goods; banning the organisation and issuance of crypto; and preventing financial institutions from investing in crypto. However, according to Elizaveta Danilova, head of the central bank’s financial stability department, the tougher rules would not apply to assets held abroad, and people with offshore exchange accounts will still be able to trade crypto.
While China’s crackdown last September attracted most attention, Egypt, Iraq, Qatar, Oman, Morocco, Algeria, Tunisia and Bangladesh have also banned cryptocurrency. Forty-two other countries, including Algeria, Bahrain, Bangladesh, and Bolivia, have implicitly banned digital currencies by restricting the ability for banks to deal with crypto, or prohibiting cryptocurrency exchanges, according to a summary report published in November 2021 by the Law Library of Congress.
The number of countries and jurisdictions that have banned crypto either completely or implicitly has more than doubled since 2018, when the organisation first published a report on the topic
Russia’s neighbours are also taking a hard-line stance on crypto. On 19 January citizen of Georgia were required to swear an oath to cease mining crypto, while the governments of Kosovo and Kazakhstan recently joined other countries that have banned crypto mining, One notable exception is Ukraine, which passed several laws last September to facilitate the country’s adoption of cryptocurrencies.
Russia’s move appears so far to have had little or no impact on the price of Bitcoin, unlike China’s crackdown four months ago that prompted a major selloff across tokens. At the time, China ranked as the world’s biggest bitcoin mining nation according to the Cambridge Centre for Alternative Finance, while Russia ranked as third.
Report highlights rise in software supply chain attacks
Israeli software company Aqua Security has released results from a study conducted by experts at its recently acquired subsidiary Argon Security, which found that software supply chain attacks grew by more than 300% from 2020 to 2021 compared to 2020, while the level of security across software development environments remained low.
Researchers report in Argon’s 2021 Software Supply Chain Security Review that attackers focused most heavily on open-source vulnerabilities and poisoning, code integrity issues, and exploiting the software supply chain process and supplier trust to distribute malware or backdoors Every company evaluated had vulnerabilities and misconfigurations that potentially exposed them to supply chain attacks.
Findings were based on a six-month analysis of customer security assessments conducted by Argon’s researchers to determine the state of enterprise security and readiness to defend against software supply chain attacks. They identified three primary areas of risk that companies should understand and address to improve software supply chain security:
Vulnerable packages usage: open-source code is part of almost all commercial software. Many of the open-source packages in use have existing vulnerabilities, and the process of upgrading to a more secure version requires effort from development and DevOps teams. Not surprisingly, this is one of the fastest-growing methods of carrying out supply chain attacks. There are two common attacks that leverage vulnerable packages:
Exploiting existing vulnerabilities — exploiting packages’ existing vulnerabilities to obtain access to the application and execute the attack. (Example: the Log4j cyberattacks reported in December 2021)
- Package poisoning — planting malicious code in popular open-source packages, and private packages to trick developers or automated pipeline tools into incorporating them as part of the application build process. (Example: poisoning of the popular Node Package Manager (NPM) UA-Parser-JS)
Compromised pipeline tools: attackers can take advantage of privileged access, misconfigurations, and vulnerabilities in the CI/CD pipeline infrastructure (such as source code management system, build agent, package registries and service dependencies), which provide access to critical IT infrastructure, development processes, source code and applications.
A compromised continuous integration/continuous delivery (CI/CD) pipeline can expose an application’s source code, which is the blueprint of the application, the development infrastructure and processes. It enables attackers to change code or inject malicious code during the build process and tamper with the application (e.g., SolarWinds). This type of breach is hard to identify and can cause significant damage before it is detected and resolved. Attackers also use compromised package registries to upload compromised artifacts instead of legitimate ones. In addition, there are dozens of external dependencies connected to the pipeline that can be used to access it and launch attacks (e.g., the 2021 supply chain breach at Codecov).
Code/artifact integrity: one of the main risk areas identified in Argon’s research is the upload of bad code to source code repositories, which directly impacts the artifact quality and security posture. Common issues found in most customer environments were sensitive data in code (secrets), code quality and security issues, infrastructure as code issues, container image vulnerabilities and misconfigurations. In many cases the number of issues discovered were overwhelming and required dedicated clean-up projects to reduce exposure, such as secret cleaning, standardising container image and others.
The study notes that addressing these challenges is hampered by the lack of resources on most security and software teams. Argon Security’s Chief Revenue Officer, Fran Orzel comments: “Most AppSec teams lack the resources, budget, and knowledge to sufficiently address the risk of supply chain attacks. This is further complicated by the need for cooperation from development and DevOps teams.”
Both Google and the Cloud Native Computing Foundation (CNCF) have released papers outlining approaches to improving the security of the software supply chain.
BNP Paribas and Apollo join forces on supply chain venture
French bank BNP Paribas and New York asset manager Apollo Global Management are partnering on a new business venture aimed at helping manufacturers address global supply chain gaps and other challenges.
A “special relationship” between the two financial services groups will see the creation of a new unit – Eliant Inventory Solutions – that will buy and hold inventory for clients and then sell the goods to those clients as needed, using a new software platform that tracks everything. Clients will include large, multinational companies in sectors such as retail, technology, industrials and manufacturing, healthcare and health tech.
BNP Paribas will provide debt and receivables financing and structuring advisory and referral services to Eliant. Athene, a subsidiary of Apollo since the two groups merged last year, owns the equity of Eliant and will provide the majority of the debt capital, with the balance coming from BNP Paribas. Apollo will provide structuring and origination support to Eliant and oversee Athene’s investment in the business. The companies will split the proceeds according to their relative level of investment.
A press release announcing the new unit stated: “Eliant provides domestic and multinational companies with strategic and responsive inventory capital solutions to better optimise their supply chains and balance sheets, and buffer inventories. For companies, this can mean greater resiliency, fewer supply chain disruptions and more efficient working capital management. Eliant is structured to own inventory at an efficient cost of capital, with a technology platform to seamlessly manage high-volume and complex customer needs. Eliant launches with strong customer demand, marked by US$1.3 billion in signed or awarded inventory programs with blue-chip customers”.
Spend management platform Moss plans further growth
German fintech start-up Moss, which launched its spend management platform in the Netherlands last year, is targeting the UK market next and planning further expansion after raising €75 million (US$86 million) in Series B financing.
Berlin-based Moss is on course to achieving unicorn status, with a company valuation now over €500 million and total capital raised at €130 million. Peter Thiel’s Valar Ventures and Tiger Global are among the firm's high-profile investors. The company says that since its launch in 2020 it has issued more than 20,000 physical and virtual credit cards and processed over 250,000 transactions.
The fintech initially offered corporate credit cards and spend management software for German start-ups and digital companies before expanding its product portfolio and extending its offering to small and medium-sized enterprises (SMEs).
The product currently offers four modules that companies can deploy either as a complete integrated solution or individually. Moss enables flexible issuing of virtual and physical credit cards, digital entry and approval of invoices, smooth processing and reimbursement of employee expenses, and reliable liquidity management. All four modules benefit from accounting automation and integrations with common accounting software and ERP systems.
Moss credit cards offer high credit lines and come with payment terms of up to 60 days or attractive cashback offers.
The firm says it has doubled the size of its team to more than 200 people and quadrupled its number of customers in the months since its previous funding round. Proceeds from the latest offering will be used to add more staff in the areas of product, technology, marketing and sales. It will also invest in further product development, with a focus on “spend controlling, liquidity planning and accounting automation”.
BoA chief foresees return to normality for US economy
Bank of America Chairman and CEO Brian Moynihan has forecast 4% economic growth for the US in 2022 and said that the Federal Reserve has the task of bringing the economy back to pre-pandemic levels.
Interviewed by Maria Bartiromo of Fox News he said: “Our experts have it [the economy] growing at 4% in 2022, but it starts to normalise in 2023.” This would be down to the Fed. “That's the job, to get the economy back to normal after its recovery from the pandemic, that the Fed has to do now.”
Moynihan added that improving US unemployment data showed that it was time for the Fed to begin raising interest rates. “Unemployment’s down below 4%. Those numbers mean that the economy’s fully recovered. That means the Fed has to normalise it.” He added that BoA’s analysts agree with the Fed’s proposed four rate hikes during 2022 in steering the economy back to a normal growth rate.
Separately, at a virtual event hosted by the business magazine Fortune and the World Economic Forum, Moynihan confirmed that BoA has felt the impact of the so-called “Great Resignation”, which has seen record numbers of US workers quitting their jobs. It was first noted last spring after the first year of the Covid-19 pandemic as increasing numbers of workers left their jobs either attracted by higher pay and better benefits elsewhere or simply left the workforce altogether. Reports suggest that 3% left their roles in the month of September 2021 alone, creating problems for businesses trying to keep the positions filled.
“A lot of people left the labour market and they’re not going to come back, even with a strong bid for their services,” said Moynihan. “And that’s just the reality we’re going to be facing. We’re going to be chasing that dynamic of not enough people working.” Nor does he expect any early resolution of the problem. “The population growth rate has fallen in half during the last decade and we just don’t have enough people now.” he said.
More positively, BoA reports that credit demand is firmly being driven “bottom up” by US small and medium sized enterprises (SMEs) who are displaying increased borrowing demand. BoA confirmed that in the middle market the group is witnessing significantly greater demand for loans as small businesses take on more debt as well. BoA has recorded up to 150% of quarterly production compared to pre-pandemic, recovering lost loan balances while also expanding and creating more loans per quarter in what is viewed as a positive for the economic recovery.
“Clients have an ability to borrow to keep the economy growing,” commented Moynihan. “The bank expects growth in loan balances in the low single digits this year. That depends, though, on the trajectory of the US economy.”
Like this item? Get our Weekly Update newsletter. Subscribe today