Welcome back, Cyber Why readers! Buckle up because this week’s newsletter is a rollercoaster of digital drama and tech intrigue. We kick off with the fall of hacker kingpin ‘Tank,’ whose ego finally caught up with him. Then, we dive into the murky waters of a $25M auto dealer ransom—CDK Global, we're looking at you! Next, we take a nostalgic detour with a $200K Lego heist that would make any childhood collector weep. For our finance and startup geeks, we’ve got a deep dive into the evolving world of SaaS and AI pricing strategies, predicting seismic shifts in the industry. And for a sprinkle of absurdity, we present Story #5 - VR shoes that promise to take you everywhere and nowhere at the same time. Let’s dig in and dissect the chaos together!
Email security that protects from the outside in and inside out
There’s more than one way in to exploit email as an attack vector. Plus, even more to target once inside the mailbox. Material Security takes a holistic approach to email security that covers the full threat landscape – stopping new flavors of phishing and pretexting attacks in their tracks, while also protecting accounts and data from exploit or exposure.
Visit material.security to learn more about their multi-layered detection and response toolkit for email.
When Ego Takes Over - Criminals Fall
Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison (WIRED)
I’m a sucker for the “Hacker Kingping” going to jail story. We have reported on a number of them over the last year and a half, including early details on this particular arrest, and I still find them absolutely intriguing. What would make a person go down a path of crime that is so heinous and despicable? People think the answer lies in greed and money, but if you read between the lines, you often find that the real reason most of these disgusting people do what they do is ego.
Vyacheslav Penchukov, a Russian national, was the mastermind behind the Zeus malware operation. He orchestrated the creation and distribution of malware that infected millions of computers worldwide. Penchukov aimed to steal banking information and commit financial fraud, generating substantial illegal profits. He was involved from November 2018 to at least February 2021, officials say. Investigators found he kept a spreadsheet detailing his $19.9 million income in 2021 alone.
That’s pure ego - nothing more. I, for one, am glad to see this guy going away for such a long time. Enjoy your time in jail, Vyacheslav; I don’t think DJs are needed very often on the inside.
Auto Dealers Back Online - I’m Left With Questions
How did the auto dealer outage end? CDK almost certainly paid a $25 million ransom (CNN)
There’s a lot to unpack in this story. According to the article on CNN, auto dealership software company CDK Global appears to have paid a $25M ransom to get their systems and dealer networks back online. On June 21st, a roughly $25M crypto payment was tracked as delivered to what is believed to be the ransomware group “BlackSuit,” but neither the sender nor the target of the money can be confirmed at this time. As I read the article, I was left with three questions that maybe my readers can help me with:
How do companies actually go about PAYING a ransom like this? I can’t imagine that CDK Global had the technical chops in-house to figure out how to pay $25M in crypto to get their systems back online — they most likely had to have used a third-party service to deliver the payment. Who offers this type of service, and how much money do THEY make on the deal?! Wow, this is most definitely a morally grey area product offering.
$25M is a LOT of money. My initial concern was how does a global auto dealership software vertical SaaS offering like CDK Global have $25M lying around. Apparently, they are much larger than I thought! CDK Global was acquired in April 2022 for over $8B, and the parent holding company, Brookfield Business Partners, is MASSIVE. But what if they DIDN’T have it available - where do they go to get the money (gov? insurance?), and if they can’t get it liquid, do they just POOF out of business?
With over $1.1B in ransomware payments occurring last year, how concerned are we that this will grow in the future? I’ve seen tons of different incentive structures for hackers over the last 20+ years but this one shares the SHIT outta me. This is HUGE money, and I don’t see how attackers will ever move off of this approach if they can extort such massive financial windfalls. I only see this getting worse in the next year or two. What are your thoughts - can we limit ransomware? If so, how, when, and what will finally help us lower the risk?
Stolen Legos Worth Over $200K Recovered
Oregon police recover over $200,000 worth of Lego sets in massive bust (NBC News)
Legos are a big deal. I’ve always been a fan of Lego. Since I was a little kid and got my first set, I have collected, assembled, and destroyed more Lego objects than I care to admit. What I never really understood is the collectible nature of the damn things. I mean, all they are is bricks and a book that tells you how to put them all together. So simple.. yet so amazing. Apparently, Lego has turned into a big business, and these criminals figured it out. Throughout a three-month investigation, Oregon police built a case against a store owner who had been “knowingly purchasing stolen sets” of Lego. The total value of the recovered Lego sets was over $200K. I should have kept all those bins from back in the day… instead, they are in the local dump alongside my baseball cards and old Beanie Babies. C’est la vie!
SaaS Must Adapt To Survive
AI Pricing Strategies for SaaS Companies Offering Copilots (Tomasz Tunguz)
No SaaS! How AI Agents Will Change Software Pricing (Tomasz Tunguz)
Avenir x SaaS - What’s Gone Wrong in Software and Why We’re Optimistic (Avenir)
SaaS: Have reports of my death been greatly exaggerated? (Next Big Teng)
Warning - This is a LONG ONE.. I went full nerd on this post.
Lately, I’ve been pondering the idea that we may have seen the height of the software-as-a-service (SaaS) approach to business and are facing the next wave of foundational change. How will AI impact business, and in particular, will SaaS as an offering die over time?
The research conducted by Avenir in their slide deck entitled “What’s Gone Wrong in Software and Why We’re Optimistic” examines the impact of COVID on SaaS solutions, positing that the pandemic has catapulted SaaS business models straight through adolescence and directly into maturity. We’re seeing this in nearly all metrics around high-growth software-based companies in this cohort. Revenue growth has slowed, and by force, these companies must become more efficient in order to maintain any level of foundational financial success. The best quote in the article is, “What management teams have referred to as “tough macro” is likely a “new normal.”
Prediction: SaaS is already mature and has long passed its days as a growth investment.
Two new posts from Tomasz Tunguz expand on the concept, detailing how AI agents will change pricing models in the software business. According to Tomasz, AI agents are 2.5x-3x more efficient than human counterparts, yet we are only charging an uplift of, on average, 70% against non-AI, traditionally seat-based SaaS solutions today. There is room for price increases, and SaaS companies will likely hop on this trend over the next few years. It’s why we’re seeing so much vendor-side investment in AI and copilots - there is a ton of upside if they can increase margins and add AI-based feature sets for their customers to consume.
Prediction: AI will increase prices for tools and technology to run our businesses, matching an offset in human resource requirements.
If companies rationally attempt to solve their SaaS efficiency problems by removing human resources and replacing them with AI-based automation, the result will be a massive increase in AI-based demand and a new wave of business fundamentals away from SaaS and into SaaS-enabled AI agent-driven automation. This will change how we tactically operate day to day, how we are charged for our products and services, and how businesses manage themselves to meet the new market needs.
Prediction: Over time, SaaS decreases in value in favor of AI-based systems potentially delivered in a SaaS model, but more likely via some type of new interface will overtake the SaaS UI.
AI will drastically change how software is written, consumed, and charged for and, in time, completely rewrite how software businesses are run. Just as software was a massive paradigm shift that took a decade or more to understand, AI is on the same trajectory. I know this was a nerdy post, but thanks for bearing with me. I encourage you to read all three pieces and clap back at me with healthy debate and discussion. See you in the comments!
These Shoes Were Made For (VR) Walking!
Freeaim VR Shoes (Freeaim)
For our Story #5 this week, we bring you - Freeaim VR Shoes! If you don’t want to overpay for a VR-enabled treadmill designed to allow you to walk in virtual worlds, you can instead spring for brand-new virtual reality shoes! They may not look like the latest Jordans, but they are just as much of a waste of money. These shoes are designed to connect with your VR system to provide you with a fully immersive ability to walk around and not actually GO ANYWHERE! They aren’t cheap either - the current dev kit is $4999, and they hope to have the final retail version available for around $1000 USD. Just a word of caution: the “Swivel Caster Frame” is not included, and they have yet to figure out how to allow you to walk backward. Buyer beware!
Quick Hits and Hidden Gems
Barcelona anti-tourism protesters fire water pistols at visitors (CNN) - First, it won’t work. Second, it’s just stupid. Why are you bothering them?
AT&T says hacker stole some data from 'nearly all' wireless customers (ABC News) - They stole all the things.. ALL OF EM! Yet another massive breach.
Ticketmaster finally notifies customers, omits important details (Cybernews) - We knew about this one for a while. More massive breaches going down.
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!
Awesome Tyler