The Cyber Why: What We Read This Week...
... and why you should too! (3/10/2023)
Good morning and hello from The Cyber Why HQ! This week, I’ve been heads down cranking out work for my clients and content for my readers, both with reckless abandon. Building, growing, and surviving seems to be the themes of the day. This week’s cybersecurity and tech news didn’t disappoint, with a hilariously passive-aggressive tweet storm towards Elon Musk, a bank run on Silicon Valley Bank, some crazy smart cloud and AI content from Travis McPeak and Daniel Meissler, South Park’s “ChatGPWhoza what,” and finally spiders named after “The Dude” (he is a character in one of the best movies ever made!). Have fun reading this week’s issue and if you like what you see please remember to share it with a friend - It really helps a lot when you share!
Silicon Valley Bank Shoots Self In Foot (Techcrunch)
SVB is the most commonly used bank in cybersecurity. Everyone uses this bank from venture capitalists to high-flying startups. In a moment of stupidity, SVB CEO Greg Baker shot himself in the foot. When on a call discussing some rather serious issues with liquidity in the bank, he said:
“stay calm, because that’s what’s important, we’ve been longtime supporters of you, the venture capital community companies, and so the last thing we need you to do is panic.”
OH NO! That’s a surefire way to cause a panic! He followed it up with this other brilliant quip:
“We have ample liquidity to support our clients, with one exception. If everybody is telling each other that SVB is in trouble, that will be a challenge.”
I foresee an acquisition at firesale prices in your future Greg! (Techcrunch posted the video below with the article. Well played TC!)
For those that like to nerd out on the financial meat here is a great description of the issue in finance speak.
Taking The Fight To The Cloud (Contrary Research)
Kyle Harrison, GP at Contrary Research, and Travis McPeak, CEO at Resourcely wrote a fantastic article describing everything you need to know to win in cloud security. They talk about the cloud security stack, DevSecOps in the cloud, breach and real risk in percentage change values and they even call out their version of a “shift left” play where developers become responsible for their workloads. This is one of the better cloud brain dumps I’ve seen in a while. Great job gents!
Why we must finally draw more women into cybersecurity in 2023 (SC Media)
International Women’s Day is a perfect opportunity to call out the current lack of women in cybersecurity. Women have a much more difficult time breaking into cybersecurity at any level - from the business side to the technology side. It’s a harder world for them than it should be. This article by Lisa Tetrault gets into some of her personal stories and the overall metrics of the problem. Also, take a look at this great research from Richard Stiennon on women in cyber.
The FBI’s annual Internet Crime Complaint Center report is out. (Rick pick - FBI)
This week, the "Feds" released their annual Internet Crime Complaint Center (IC3) report, "Internet Crime Report 2022." In 2022, the FBI received 800,944 complaints with damages of $10.3B. Not everyone reports cybercrime, so these numbers are likely only a drop in the bucket. The report has the usual suspects, ransomware and Business Email Compromise, but every year, I get frustrated with the targeting of the elderly. Nearly a third of last year's losses came at the expense of 60+ year-olds. If you only take one thing away from the report, it should be to help educate your parents and grandparents about this type of fraud. I would lose no sleep if these fraudsters were extradited and introduced to prison culture. Wired wrote an article on the report here.
They thought loved ones were calling for help. It was an AI scam (Rick pick - Washington Post)
So take the IC3 report's targeting of the elderly, and let's make it more depressing. Criminals are using AI to swindle grandparents into thinking they are sending money to a desperate family member. The Washington Post writes: "Advancements in artificial intelligence have added a terrifying new layer, allowing bad actors to replicate a voice with just an audio sample of a few sentences. Powered by AI, a slew of cheap online tools can translate an audio file into a replica of a voice, allowing a swindler to make it "speak" whatever they type." In a previous newsletter, we covered how Joseph Cox broke into his bank, and both of these stories illustrate how the technology bar for this sort of fraud keeps getting lower. This technology is nascent; I fear where we will be in five years.
Ransomware operators leak cancer patient data (Rick pick - Cybernews)
Speaking of wanting criminals to experience prison culture, the ransomware group ALPHV pressured the Lehigh Valley Health Network to pay their ransom by leaking breast cancer patient data. There is no honor among thieves. Ransomware groups have been leveraging this "double extortion" technique for years. Some groups don't encrypt data; they just leak data to pressure victims to pay. Resilience against ransomware isn't enough; organizations must prevent the exfiltration of sensitive data. On a positive note, Europol announced an international law enforcement operation that targeted DoppelPaymer ransomware operators in Germany and Ukraine. There are always more criminals waiting in the wings, but any law enforcement disruption is good.
First of all, let’s open the general tech section with a killer photo. It’s the only gym where it’s IMPOSSIBLE to quit! If you know you know. (h/t Tom Brand Mastodon)
ChatGPT’s API Is Here. Let the AI Gold Rush Begin (Wired)
Another article that points out how big the generative AI gold rush is likely to be. According to Wired, LLMs and Chatbots will be appearing everywhere any day now. I can’t say that I disagree! I think AI is the most important innovation that will happen in the next two decades. It’s going to change how everything is built and operates. The machines are coming!
How AI is Eating the Software World (Daniel Miessler)
Read this essay… it’s a top 3 piece of content in 2023 so far!
I’ve had the luxury of knowing Daniel for a while now. He’s brilliant and remarkable in making complex content relatively easy to consume. This is one of the best-written essays on the impact of generative AI I’ve read to date. GPT-based AI is about to completely replace our existing software because it UNDERSTANDS the world around it. He’s made the call and it’s a bold one!
When it becomes easy to give great answers, the most important thing will be the ability to ask the right questions. — Daniel Miessler
Daniel believes that we are at a very unique moment in time. Specifically, he says that we are at the moment when AI becomes infinitely important to how all other software works around it. Frankly, I agree with him.
"ChatGPWhoza what" makes its debut (Rick pick - South Park)
In what we are watching this week news, if you are a South Park fan, you'll likely enjoy this week's episode, "Deep Learning." The fourth-grade children of South Park discover ChatGPT and use it to talk to their girlfriends, write poetry, and write essays for Mr. Garrison. In turn, Mr. Garrison uses AI to grade papers so he doesn't have to do the work. As always, if you are easily offended, don’t watch South Park.
On a much more passive-aggressive note (Twitter @iamharaldur)
This dude has the ultimate, most amazing, top-tier, passive-aggressive, yet totally on-point and funny as hell come back to some stupid stuff that Elon Musk said. Ignore your take on the topic of Elon being a wanker for a moment and give this a read simply for the laugh-out-loud commentary that Halli makes to his former CEO. Read the entire thread.. trust me it’s worth it.
In a late-breaking follow-on story, Elon backpedaled and had this to say. Way to save the day Elon! </eye_roll>
Yes, These Spider Species Are Named After The Big Lebowski (Wired)
Who knew?! If you discover a new species of spider you get to name it anything you want. There’s an unwritten rule that you don’t name it after yourself, but other than that anything is fair game. Evolutionist Ingi Agnarsson had the honor of naming two new spiders that he discovered in the Tanzanian rainforests. He chose the names “Anelosimus biglebowski” and “Anelosimus dude”. The only way you can tell them apart is to look at their genitalia and compare them closely with all of the other Anelosimus spiders out there. I hope I never come across Dude or Biglebowski spiders in real life.. although I wouldn’t know one from the other if I ever did!
If you’ve made it this far you either found my musings at least semi-entertaining OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that I appreciate you. Please do me a solid and share The Cyber Why with your friends. I would love to reach a bigger audience and referrals are how I’ll do it. Help me out and I’ll see you next week!