The Cyber Why: What We Read This Week...
... and why you should too! (4/21/23)
Content disruption, the M&A train shuffles out of its station, SPACs and PIPEs and insider trading, meta supply chain attacks, and me declaring that Drake is not as good a musician as Fake Drake! Sprinkle in some throwback commentary on Netflix DVDs to wrap up an otherwise awesome week, and the result is gold! I think it’s time for a fine glass of bourbon this afternoon - Have one with me as you sit down to peruse this week’s TCW! Cheers, my friends!
Choo-choo. Fire up the M&A Train!
LookingGlas to be acquired by ZeroFox for $26M (SC Media)
Akamai Technologies To Acquired API Security Company Neosec (PR Newswire)
This week, the cyber security M&A train started its engine. LookingGlass Security was picked up by ZeroFox, and Akamai nabbed API Security company Neosec. This is the first domino to fall in what will be a growing amount of cyber M&A activity in H2 2023. Akamai’s pickup of Neosec should be the catalyst that triggers other API security companies to look for the exit door. I wrote a deep-thought piece on API security recently, and it makes a lot of sense for that sector to roll into either the CDN, WAF, and web protection market OR the application security space. The timing depends on the runway amount and how close each company is to profitability. Suppose the runway is short, and you can’t even sniff break even. You will get acquired by a rapidly dying publicly traded SPAC company for about 25% of what was invested in your firm to begin with (sorry LookingGlass, but your exit was a total BUST). Now that’s an exit you DO NOT want to have!
This Week in Ransomware
LockBit crew cooks up half-baked Mac ransomware (Rick pick - The Register) Halcyon lands large investment to defend against ransomware (Rick pick - TechCrunch)
We had a few notable ransomware stories this week. First, one of the predominate ransomware crews, LockBit, took a first pass at developing MacOS ransomware, which Patrick Wardle described as "far from ready for prime time." It doesn't matter anyway since MacOS is invincible. (/sarcasm). Second, building on
Supply Chain Attacks Are Going Meta
3CX Supply Chain Attack Tied to Financial Trading App Breach (Rick pick - Dark Reading) 3CX Breach Was a Double Supply Chain Compromise (Rick pick - KrebsonSecurity) This week, Mandiant shared details of their recent investigation into the 3CX supply chain attack. This incident is notable because the actor attacked a 3CX supplier to gain initial access to 3CX, which was then leveraged for another round of initial access. Supply chain attacks have gone meta! Mandiant also released its annual M-Trends report, which always has exciting data. Good news, everyone, adversary dwell time is down to 21 days now! We can call go home and let AI take over our jobs.
Mr. Anderson, Sentinels, and AI Agents
Hype grows over “autonomous” AI agents that loop GPT-4 outputs (Rick pick - Ars Technica)
You Can Try Auto-GPT, the Next Generation of ChatGPT, Right Now (Rick pick - Life Hacker)
The speed at which AI is advancing is dizzying. ChatGPT-3.5, ChatGPT-4, and now AI agents like Auto-GPT, BabyAGI, AgentGPT, and GodMode are the new hotness. Auto-GPT's documentation states these agents are designed to "autonomously achieve whatever goal you set." This isn't quite the reality today; Ars writes, "They need a lot of human input and hand-holding along the way, so they're not yet as autonomous as promised. But they represent early steps…." In the article, Auto-GPT is tasked to purchase a vintage pair of Air Jordans, hopefully not those that recently sold for $2.1 million. We are in the early experimental stages, but the future is exciting until the sentinels come to search and destroy.
The Hierarchy of Content - THOC
The Hierarchy of Content (Unsupervised Learning)
I reference Daniel Miessler’s work frequently because it’s excellent. This time around, the teardown focuses on AIs’ impact on content creation via his “Hierarchy of Content.” Specifically, the THOC identifies which content AI will disrupt first and why. The piece certainly got me thinking about the value that TCW provides to you, the reader, and if we could someday be overtaken by content-writing robots. I came to the conclusion that I can indeed be overtaken, but I think
Leaky SPACs and PIPEs - A Hall Full of Sewege
SPAC PIPEs Sometimes Leak (Bloomberg)
I’ve been intrigued about SPACs since I first heard about them. I even invested in a couple over the last few years (yep, I was gambling!). If you have ever wondered how they work and where the risk for insider trading could happen, look no further than this Bloomberg piece. It gives a high-level rundown of SPACs and PIPEs and gives one long example of how two people traded to make millions on the latest faux-IPO craze. I knew there was something wrong with SPACs all along… I just didn’t think it was THIS.
Fake Drake Raises Legal And Ethical Questions About AI
A 'Fake Drake' Song Using Generative AI Was Just Pulled From Streaming Services (Rick pick - Entrepreneur)
Sony World Photography Award 2023: Winner refuses award after revealing AI creation (Rick pick - BBC) Google CEO Sundar Pichai Says There Is a Need For Governmental Regulation of AI: 'There Has To Be Consequences' (Rick pick - Entrepreneur)
An AI-generated Drake song has been taken down from social media after garnering over 30 million views over The Weekend. The song, Heart on My Sleeve, was generated by Ghostwriter977, and Universal Music Group wasn't pleased. If only phishing domains were taken down this quickly. On top of deep fake Drake, we had a photographer refuse an award because his winning photo was AI-generated. Over the weekend, 60 Minutes aired an AI segment where they interviewed Google’s CEO Sundar Pichai who addressed the need for AI regulation. It even looks like Senator Chuck Schumer might grant him his wish. AI brings so many ethical, legal, and privacy questions into play; it is good that our legislators and regulators are up to the task. (/sarcasm)
Editors note: Hey Rick.. did the AI make Drake suck any less? My call here is that Fake Drake is better than REAL DRAKE! (SPICY TAKE - call out the hater-taters!)
Pour One Out For Netflix DVDs
Netflix to end mailing of DVDs of movies to subscribers after 25 years (Rick pick - The Guardian)
A quick one here to wrap us up, my first thought upon reading this was, “Netflix still sends DVDs?” I haven’t thought about DVDs since that Captain Marvel scene.
Editor’s note: This marks the death of an era! I may or may not have been that guy that ripped thousands of movies in the early Netflix days. That was CLEARLY an intelligent investment of my time. (/sarcasm)
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!