The Cyber Why: What We Read This Week...
... and why you should too! (1/4/24)
The first TCW newsletter in 2024 is off and running. In this week’s installation, I discover a new cybersecurity term (hard to stump me, but this one did), Rick calls out 23andMe for being just plain stupid, I briefly touch on my own mental health and how I can do better, AMAZING content for the cybersecurity marketers on the list, and an announcement of a new piece of content from The Cyber Why (Breach List 2024). We love you all, and here’s to kicking off a great new year! Thanks for reading TCW!
The Cyber Security Breach List 2024
Check out the new cyber security breach list 2024 - from The Cyber Why. We do our best to track all of the latest breach information and disclosures so that you have one place to reference them. You can check out the running list of breach data HERE!
Coordinated Inauthentic Behavior Networks
How Cybercriminals Will Sway 2024 US Elections, or Try To (Dark Reading)
Obfuscation and AI Content in the Russian Influence Network “Doppelgänger” Signals Evolving Tactics (Recorded Future)
I was “today” years old when I learned about the latest hacking term, “coordinated inauthentic behavior (CIB).” The concept of influence hacking has been around for a number of years, with campaigns running against many previous elections. However, I didn’t realize the extent of the attacks and the amount of time and resources the perpetrators put behind them. Some attackers are even building coordinated inauthentic behavior NETWORKS!
One CIB network Meta (Facebook) discovered involved 4,789 Facebook accounts, supposedly each belonging to individual United States citizens. The attackers use these fake social media accounts, coupled with thousands of fake news outlets, to create misinformation campaigns and send them to unsuspecting sheep (people who will believe them at face value and amplify them even further.) The report put out by the company Recorded Future in December 2023 dives into the details of one such group tracking them and reporting on activities as they build up in an attempt to influence public perception worldwide.
My biggest concern with these attacks is that they are likely impossible to stop. Automation and AI will make these even more effective over time, making it challenging to discern fiction from reality when it comes to consuming content on the Internet. I’m very worried about the future if these types of attacks continue to grow unthwarted. I can only hope that some smart cybersecurity entrepreneur builds something to solve this problem sooner rather than later.
Paging the SEC, 23andMe Needs An Investigation
23andMe tells victims it's their fault that their data was breached (TechCrunch)
23andMe says hackers accessed ‘significant number’ of files about users’ ancestry (TechCrunch)
(Rick Pick) One of my favorite journalists, Lorenzo Franceschi-Bicchierai, has been all over 23andMe’s breach dumpster fire. The story began in October when 23andMe filed a SEC FORM 8-K disclosing that a threat actor had used credential stuffing to gain “access to a very small percentage (0.1%) of user accounts.” (6.9 million accounts were ultimately compromised.) At this point, the plot thickens. After their breach disclosure, 23andMe changed their terms of service at the end of November, which “seem to have removed users' previously acknowledged right to seek public injunctive relief for any irreparable harm.” I don’t play a lawyer on TV, but these arbitration changes don’t seem coincidental, given the likelihood of class action lawsuits.
But wait, there's more! In a letter responding to a group of victims suing the company, 23andMe attorneys said: “the incident was a result of users' failure to safeguard their own account credentials, for which 23andMe bears no responsibility.” WAT? We will have to see how this plays out, but I don’t think that victim blaming should be a best practice for your breach response and crisis communication plan. Rolling out Multi-Factor Authentication and opting in customers would’ve been a better approach. Being able to detect the actors’ initial access and preventing them from parlaying the initial 14,000 victims into 6.9 million victims would have been a better strategy. I’d never use one of these DNA testing services anyway, but perhaps this will give others pause. I hope the SEC is watching.
News Years Resolutions 2024 - DO BETTER!
5 Lessons Men Learn Too Late In Life (New Trader U)
This article popped into my news feed late one-night last week. As these types of articles tend to do, it got me thinking quite deeply about myself and the lessons I’ve learned (or ignored) over the last couple of decades as an adult male. The end result of spending at least an hour ruminating on the piece's content is that I realized that I am horrible at most of what the article brings up! I need to focus on improving my relationships, caring for my mental and physical health, and spending time with my family. As we progress into 2024, I implore each of you to take a moment, read this article, and determine if you can do better this year. Remember, it’s never too late for personal growth - make 2024 the year that you see drastic improvement!
P.S. The same recommendations are appropriate for women as well!
Dream Data For The Cyber Marketer!
2024 Cybersecurity Buyers Report (Cybersecurity Marketing Society / ActualTech)
ActualTech Media and the Cybersecurity Marketing Society created an interesting report focused on the cybersecurity buyer. They surveyed 327 senior security professionals in companies with two security team members up to 2500+. The demographics definitely skewed towards the smaller-sized security teams, proving that, more often than not, security teams wear multiple hats and are heavily overloaded. Most security organizations lack maturity, leaving significant work to be done to secure the business. As perceived by the surveyed audience, the top five threats aren’t surprising: phishing attacks, ransomware, malware, zero-day exploits, and social engineering. The rest of the article covers specific markets and buyer tendencies - check out the report if you are a cyber marketer or want to know more about what technologies cyber professionals use today.
After reading the research, the big concern left open for me is that there really is no solution to the most significant threats that practitioners worry about. The threats that they outline require a mature security program that covers a defense-in-depth approach and touches on all aspects of cybersecurity from endpoint to cloud. As a group, we need to define better what can and can’t be solved with technology and improve our processes and people to handle what remains.
The Breach List 2024 - The Cyber Why
2024 Cybersecurity Breach List (The Cyber Why)
In this highly self-referential recursive announcement, I bring you the 2024 Cybersecurity Breach List hosted by yours truly at The Cyber Why! I often see information about new breaches and attacks in my Interweb meanderings. Anecdotally, it felt like 2023 saw a massive uptick in breach news articles (specifically around malware), so I added this new section to The Cyber Why. Anytime I see a breach mentioned, I will link it to the page with the article or source of the data. At the end of 2024, we will have a rough idea of the frequency of public mentions of compromises. Since I’m sure I will miss lots of them, I have also implemented a submission form that you can use to send me links to breach data to ensure I’m up to date as much as possible. Please submit any news you see around breaches in 2024, and let’s see if this data bears something interesting at the end of the year.
Quick Hits and Hidden Gems
LFTM: 'Looking Forward to Monday' is the Metric for 2024 (Unsupervised Learning) - I used to dread Mondays. It got so bad at one point that my Sunday would be ruined because I was worried about Monday. No Mas in 2024!
Clouded Judgement 12.29.23 - Year End Review (Clouded Judgement) - The best public cloud company metrics breakdown anywhere!
Microsoft disables one of its own software tools following multiple malware attacks (Tech Radar) - Microsoft’s own tools being used to distribute malware. Attackers leverage ms-appinstaller to deploy ransomware to victims. MS disables the tools to thwart the attacks.
Cybercriminals launched the “Leaksmas” event on the dark web (Security Affairs) - Mostly affecting European and Middle Eastern companies, massive volumes of data leaked, including significant PII.
Operation Triangulation Attacks Relied On An Undocumented Hardware Feature (Security Affairs) - This one gets highly technical, so be forewarned. There’s also a bit of nation-state he said, she said bullshit going on here too. Fun read! (Easier read about the topic on Yahoo - here)
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!