The Cyber Why: What We Read This Week...
... and why you should too! (8/4/24)
Happy day before Blackhat week! The annual trek to Las Vegas, lovingly known as “Hacker Summer Camp,” is back and ready to educate, innovate, dehydrate, and over-stimulate you. It’s a time to make new friendships and rekindle old ones. I fly in Monday morning and will be there through Friday if you want to grab a coffee. Hit me up in the DMs, and I’ll give you a free The Cyber Why sticker! Now onto the newsletter!
This week in The Cyber Why, we bring you a new record for a single ransomware amount, worry about Crowdstrike’s future potential legal woes, update you on the cyber M&A landscape, watch as Ferrari brakes hard on Deepfake scams, and last and certainly least, we bring you the CyberCasket - Tesla Tech Bros REJOICE!
Get the most from your security team’s email alert budget
Relying on built-in controls or traditional blockers will inevitably lead to more noise than your incident response team can handle.
Material Security takes a pragmatic approach to email security – stopping new flavors of phishing and pretexting attacks before reaching the user’s mailbox, while searching through everyone else’s mailbox for similar messages in a campaign. What gets surfaced to your team are the highest-value cases to investigate with all the context and reach consolidated into a single view.
Free up more of your alert budget so your team can spend it on what really matters. See how much time you can give back to your security team with Material.
Angels or Demons - A Ransomware Record
Record-Breaking $75 Million Ransom Paid To Dark Angels Gang (Forbes)
Well, well, well. The Dark Angels gang just hit the jackpot, raking in a whopping $75 million, a new record for a single ransomware amount. This eye-watering sum smashes the previous record of $40 million paid by CNA Financial in 2021. Apparently, these "angels" are more like demons, targeting a select few high-value organizations and making off with 10-100 terabytes of data. Talk about going big or going home!
Meanwhile, global ransomware attacks are up 18% year-on-year, with the US getting hammered 93% more than last year. Manufacturing is taking it on the chin, suffering more than twice as many attacks as healthcare and technology combined. But hey, at least we have "Ransomware Awareness Month" to save us! Because nothing says "effective cybersecurity" like a gimmicky PR campaign, right? Maybe instead of awareness months, companies should try being aware every day and patch their damn systems before the Dark Angels come knocking.
CrowdStrike’s Legal Woes Are Just Beginning
Delta CEO Says CrowdStrike Tech Outage Cost It $500 Million (WSJ)
Delta CEO: ‘When was the last time you heard of a big outage at Apple?’ (The Verge)
CrowdStrike Is Now Being Sued By Investors (Forbes)
(Rick Pick) It’s been a rough two weeks for CrowdStrike and its customers. This week, we saw legal responses to the incident emerge. First, Delta's CEO came out swinging. He claimed that the outage would cost Delta Airlines $500 million and that they would seek legal damages from both CrowdStrike and Microsoft. Delta took longer to recover than any other airline. Additionally, the Plymouth County Retirement Association pension fund filed a class action lawsuit (PDF) in Texas. The lawsuit claims that CrowdStrike:
"... repeatedly touted the efficacy of the Falcon platform while assuring investors that CrowdStrike’s technology was “validated, tested, and certified.” This complaint alleges that these statements were false and misleading..."
I’m not a lawyer and don’t play one on TV, so I won’t wade into waters over my head, but I can say that these cases, along with others that will follow, are a costly distraction for a company that must regain the trust of its customers. These cases won’t be resolved quickly, so this embarrassing outage will continue to periodically make its way into the headlines. I’m interested in reading upcoming SEC Form 8-K filings to see how the outage has impacted other public companies.
Cybersecurity Acquisitions Drop Dramatically…or Have They?
Security Week Analysis: 178 Cybersecurity M&A Deals Announced in First Half of 2024 (Security Week)
(Katie Pick) Eduard Kovacs is up to his always-excellent analysis of the cybersecurity market. In this piece, published on July 29, 2024, Kovacs shares data about cybersecurity M&A activity in the first half of 2024. He specifically shares that the number of deals has dropped dramatically — ~75% since H2 2021 and 17% since H1 2023.
According to the analysis, Europe's companies are the hardest hit, while M&A for companies in Australia, Canada, Germany, and Israel has stayed relatively steady.
What’s interesting about the analysis, however, is that while the total number of deals has shrunk, the valuations of acquired companies have expanded. Specifically, six deals were valued at over $1B USD. Kovacs writes, “It’s worth pointing out that the number of deals exceeding $1 billion is already the same as in the entire year of 2023.”
We’ll have to watch the trends over the next few quarters, but if deal sizes continue to increase, we're either seeing overvaluation (again) in the cybersecurity market or a reshaping of the market. A reshaping could mean more small companies get scooped up for big bucks or squashed by the larger players before they even have a chance to get there.
Ferrari Slams The Brakes On AI Deepfake Scam
‘I Need to Identify You': How One Question Saved Ferrari From a Deepfake Scam (Bloomberg)
Ferrari CEO Impersonated by AI in Deepfake Scam Attempt (Yahoo)
Ferrari Thwarted an AI Deepfake Scammer Posing as Its CEO With an Age-Old Trick (The Drive)
(Rick Pick) The deepfake problem is accelerating. Earlier this year, a Hong Kong finance worker got taken for a $25 million joyride after joining a multi-person video conference with fake participants. This week, Ferrari was in the crosshairs. A deepfake scammer reached out to a Ferrari executive via WhatsApp but was thwarted when the executive asked a question only Ferrari’s CEO could answer. The bar for creating deepfakes is getting lower. Security Awareness Training has become a compliance checkbox punchline, but performing targeted deepfake training for executives is something that defenders need to do. If you are at Summer Camp in Vegas next week, the DEF CON AI Village will have a Deepfake Demo lab. DARPA will even have a deep fake analysis system there. I’ll be there too, so say hi if you are around!
Tech Bros Rejoice - The CyberCasket Is Launched
The CyberCasket (Titan Casket)
Starting today, if you kick the bucket, you won’t have to give up that Tesla vibe; instead, get yourself a HyperCasket (aka CyberCasket). With a recessed latch similar to Tesla doors, vegan leather (what is vegan leather anyway?), and a 12-gauge stainless steel exterior to match your cybertruck, you can now rest in peace in an amazing CyberCasket. Don’t forget to purchase the optional seatbelt and self-burying technology (no lie, these are on the ordering form.) For only $9,999 (add-ons not included), you, too, can spend the rest of eternity in Elon Musk’s good graces! Here’s a copy of one of the user reviews from their site:
I passed away 2 months ago and decided to go with the CyberCasket. Let me tell you it's the BEST PURCHASE EVER! I decided to upgrade to the self-burying model as I didn't want to pay an opening and closing fee at the cemetery. I would recommend purchasing the seatbelt as well as the ride tends to be a bit bumpy, I did fall out of the casket once. The Wi-Fi cuts in and out at times and makes it a bit difficult to post my daily TikTok's but other than that this is a great product, if I were to die a second time, I would definitely purchase this product again with the seat belt added! → link to actual review
Quick Hits and Hidden Gems
How New-Age Hackers Are Ditching Old Ethics (Dark Reading) - Times have certainly changed. When I was a “hacker,” web defacements were about as bad as we got. For-profit never even hit our radar. Today the ethics are out the window as younger attackers gun straight for the profits.
Monoculture Hype (Marcus J. Ranum) - Marcus Ranum, cyber security luminary and inventor of many cyber concepts and technologies wrote a 2003 retort to the monoculture paper by Geer et al. that we discussed in last week’s The Cyber Why here. It’s short, but I’m glad I found it, as it’s an interesting counterpoint to the original piece. I wonder how Marcus perceives the issues after the Crowdstrike debacle.
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!
Patching over Awareness, now that is just silly talk. No leadership ever high-five themselves for a good patch deployment that was part of the OS and free. But an Awareness campaign with pretty 8x10 color glossy images with little circles and arrows. Now that is worth paying a Starbucks timeshare price and the boards get all the vendors provided attaboys they can swallow. Patching so 1980s and leaders wants the new bling.