The Cyber Why: What We Read This Week...
... and why you should too! (12/25/23)
Happy holidays and a hearty “ho ho ho” to all of our readers. We’ve been away from the computer for a much-needed rest for the last few days, pushing this week’s TCW newsletter into the “super late” realm. Think of it like we showed up halfway through your holiday party wearing a killer Wu-Tang Christmas sweater, and you are at least getting a good laugh out of us!
Sponsor The Cyber Why - FOR DIRT CHEAP - and get millions of clicks and more eyeballs than a Superbowl ad!
OK, well, maybe not that many eyeballs, but at least you will support a fun newsletter. Sponsorship of The Cyber Why gives you access to an audience excited about technology and cybersecurity concerns and about staying ahead of the trends in the market. Meet your ICP where they live - at The Cyber Why.
Too Many Cyber Companies (Or are there?!)
We need to stop saying that there are "too many security vendors (Ross Haleliuk)
This is a very interesting take on a statement that most of us in cybersecurity hear at an alarming rate: “There are too many security vendors.” In a LinkedIn post, Ross points out several contrarian points as to why this statement is not only false but is a net negative to innovation and entrepreneurship in cybersecurity. If the number of comments is any indication (75+ at the time of writing), Ross touched a nerve with this post. Personally, I agree with what he’s saying. This is how markets work and how innovation occurs. We build and iterate until we create the one thing that people want. I believe we have the RIGHT number of companies in cyber security (for now).
There are many challenges, but "too many vendors" isn't one of them. If anything, we should be encouraging more people to go out and try to solve hard problems. Not just build tiny features and sell them as SaaS solutions, but innovate, try different approaches to old problems, and help mature the industry.
Tango Down? The Feds And ALPHV/BlackCat Are Battling It Out
BlackCat Ransomware Raises Ante After FBI Disruption (KrebsonSecurity)
ALPHV Ransomware Site Outage: What’s Going On? (ReliaQuest - Rick’s day job)
Ransomware gang ‘unseizes’ its site and issues new threats after FBI takedown (The Verge)
(Rick Pick) ALPHV has targeted "more than 1,000 victims" and is undoubtedly raking in the cash from their extortion efforts. On Tuesday, the notorious ALPHV ransomware crew was the target of an international law enforcement disruption campaign. The FBI seized their derp web leak site, but shortly after, the onion site was "unseized" by ALPHV and then reseized by the FBI. The Department of Justice also recently announced they had a decryption tool that over 500 victims have leveraged.
The takeaway here is to establish a relationship with the FBI, and if you are extorted, reach out for help. They may have a decryptor for the ransomware targeting you. What does this disruption mean in the long term? Cybercrime finds a way! This was a disruption and not a dismantling. The group will need to retool, but this is a short-term disruption, and there were no arrests. In fact, at the time of writing, ALPHV has already set up a new leak site and has continued to name extortion victims.
The SEC's Breach Disclosure Requirement Is Now Upon Us
As the SEC’s new data breach disclosure rules take effect, here’s what you need to know (TechCrunch)
SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies (SEC)
(Rick Pick) As of Monday, December 18th, publicly owned U.S. companies must now adhere to new SEC cybersecurity reporting rules. Having lived through the early days of Europe's General Data Protection Regulation, much of this feels familiar. Given how many intrusions go unreported, I welcome the concept of a breach notification requirement, however the devil is in the details. Thankfully, the SEC has conceded a bit on the original four-day reporting requirement, but there is still so much gray, especially around the definition of “materiality.” In related news, in response to this week’s FBI disruption, ALPHV said they would now always notify the SEC when an extortion victim refuses to contact them, just as they did with MeridianLink. I don’t buy it, I suspect ALPHV was always going to notify the SEC to apply additional pressure on their victims. It’s all about the Benjamins.
From Cheat Codes to Technology Builders
Unlocking Digital Doors: On the Hacker Group That Told Congress They Could Take Down the Internet (lithub.com)
Textfiles.com (Jason Scott)
Excerpted from A History of Fake Things on the Internet by Walter J. Scheirer, this brief article describes my experiences as a young hacker. I distinctly remember calling into BBS systems to collect textfiles and learning how to hack and phreak on the back of little pieces of storytelling that others had discovered and built. I poured over these text files for hours and hours, trying to understand what it all meant and how it all worked. I was in middle school in 1988-1989, and I had stumbled upon the occasionally subversive underground of the hack and warez scenes. I went on to make friends and work with many of the people mentioned in the article as we discovered and built the cybersecurity world you know today.
From cheat codes to hacking: The increasing desire for subversive information that enabled the impossible through computer technology while simultaneously contributing to a broader culture.
I’m unsure if this piece will resonate with everyone, but it certainly did with me. It reminded me of where I came from and my passion for computing, hacking, cybersecurity, and continuous curiosity. May each of you find your passion and never give up chasing it down.
Basic Security Hygiene Protects 99% of Attacks
5 Essential Insights From the 'Microsoft Digital Defense Report 2023 (DarkReading)
In its 18th iteration of the “Microsoft Digital Defense Report”, Microsoft illuminated today’s biggest threats. The findings are not surprising, but seeing the results quantified beyond anecdotal evidence is enlightening. Here are the top points:
Human-operated ransomware attacks have increased by over 200% since September 2022. 70% against companies with fewer than 500 employees.
Password-based attacks grew 10x between April 2022 and April 2023.
Business Email Compromise attacks had over 156K attacks attempted per day.
AI and LLMs are quickly becoming enablers of cybersecurity. We can’t win without AI.
Quick Hits and Hidden Gems
We had to keep this week’s quick hits and hidden gems short due to the length of our other articles. I’m sorry we don’t have more links for you to consume!
Inside Mark Zuckerberg’s Top-Secret Hawaii Compound (Wired) - You could basically title this piece “Zuck buys / steals Kauai.” Amazing!
MongoDB investigating security incident that exposed data about customer accounts (TechCrunch) - More breaches than I care to write about lately!
Merry Christmas from my FAMILY! - I bring you one of my favorite Christmas music videos. It’s wildly inappropriate and NSW, so please only click it if you have a sense of humor!
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!