Tech Risk Reading Picks

1. State of Cybersecurity 2024: Security breaches persist despite significant investments in security measures. While blaming budget constraints is common, most Chief Information Security Officers (CISOs) are confident in their budgets and resource allocations. However, vendor surveys reveal that the plethora of installed security tools often overwhelms already understaffed teams, leading to many vulnerabilities remaining unaddressed. Many vendors are turning to AI or ML-enhanced automation to alleviate labor shortages, but the prioritization problem still persists. More transparency regarding vulnerabilities is needed from vendors, and organizations should adopt integrated risk management practices to align priorities with business impact. Comparing to zero-day attacks, it is important to note that exposed vulnerabilities pose a significant threat, with known and unaddressed vulnerabilities being more concerning. [more][more-checkpoint_report]

   1. 24% of the security teams struggle to keep up with patch/update cycles, with third-party risk becoming increasingly prominent.

   2. Over 100,000 vulnerabilities lack tracking IDs, including those from major vendors like Apache, Google, Microsoft, and Zoho, leaving organizations vulnerable to exploitation.

2. Space cyber risk left out: The administration updated Presidential Policy Directive 21, keeping the 16 existing critical infrastructure sectors but assigning oversight of national critical infrastructure protections to the Cybersecurity and Infrastructure Security Agency (CISA). Despite calls from rocket and satellite manufacturers to designate space as the 17th critical infrastructure sector due to cybersecurity risks, former National Cyber Director Chris Inglis disagreed, and the stance hasn't changed. The new strategy emphasizes risk-based cybersecurity approaches, enhanced information sharing, and updates to critical infrastructure intelligence assessment and entity lists. This shift reflects a recognition of the need to address potential consequences of cyberattacks on both operational and information technology networks. [more]

3. Cyber startup Mitiga tops RSA Conference innovation: Israeli cybersecurity startup Mitiga is among the top 10 finalists in the RSA Conference's Sandbox innovation contest, marking a significant achievement for both the company and the Israeli cybersecurity sector. The RSA Conference, initially focused on encryption, has become a premier cybersecurity summit, drawing thousands annually. Mitiga specializes in enhancing Cyber Security Operation Centers (SOCs) for cloud environments, reducing threat response time from months to hours. Co-founded in 2019 by industry veterans Tal Mozes, Ofer Maor, and Ariel Frans, Mitiga has raised $45 million, including a $38 million Series A funding round. The company, with 60 employees across Israel, New York, and London, caters to 500 leading organizations globally, including Fortune 500 companies, with its cloud protection solutions. [more]

4. AWS and Crowdstrike: Amazon Web Services (AWS) and CrowdStrike have deepened their collaboration to enhance cybersecurity and cloud transformation. Amazon has consolidated its cybersecurity defenses using CrowdStrike's Falcon platform, replacing various point products. This includes deploying Falcon Cloud Security, Falcon Next-Gen SIEM for big data logging security, and Identity Threat Detection and Response. CrowdStrike, in turn, is leveraging AWS services like Amazon Bedrock and AWS SageMaker to innovate in cloud security and cybersecurity AI. Together, they aim to empower customers in building and securing their businesses in the cloud. [more]

5. Google AI threat intelligence: Google unveiled Google Threat Intelligence at the RSA Conference. This new offering aims to enhance organizations' visibility into global threats, drawing insights from various sources like Google's threat insights, Mandiant's expertise, VirusTotal's insights, and open-source intelligence. Google Threat Intelligence includes the Gemini 1.5 Pro AI model, which enables threat scanning and response with a context window of up to one million tokens. It's part of Google Cloud Security's portfolio and integrates with Security Operations for automated threat detections, including new types like cloud and emerging threats. The trend of AI-enhanced cybersecurity tools like Google Threat Intelligence reflects the industry's shift towards proactive and predictive defense mechanisms, leveraging AI to analyze data rapidly and stay ahead of emerging threats. [more]

6. Google Cloud and CrowdStrike: CrowdStrike and Google Cloud are teaming up to bolster Mandiant’s Incident Response and Managed Detection and Response services. With a focus on CrowdStrike’s top-tier Endpoint Detection and Response (EDR), Identity Threat Detection and Response (ITDR), and Exposure Management solutions, this partnership aims to tackle the surge in cloud intrusions, which have spiked by 75% over the past year. By combining CrowdStrike’s cutting-edge protection capabilities with Google Cloud’s AI-driven services and Security Operations platform, customers gain a powerful defense against modern cloud threats. This collaboration promises to deliver seamless, proactive threat hunting and response capabilities across multi-cloud environments, equipping organizations with the tools needed to thwart breaches effectively. [more]

   1. CrowdStrike’s Chief Business Officer, Daniel Bernard, emphasizes the simplicity and speed of deployment of their technology, marking this partnership as a significant milestone in cybersecurity.

   2. Google Cloud Security's VP Global Sales, Dom Delfino, expresses excitement about the extended collaboration, highlighting enhanced threat intelligence sharing, tighter integration between CrowdStrike and Google Chronicle, and the ability to deploy CrowdStrike Falcon to support Mandiant Consulting.

7. Outage of UK e-gate: The British government dismissed the possibility of a cyberattack causing a nationwide e-gate outage at several airports, which led to significant delays for passengers. The electronic gates, used for passport scanning and facial recognition, malfunctioned on Tuesday evening but were restored by midnight. The Home Office assured that border security wasn't compromised, and there was no evidence of malicious cyber activity. Earlier, concerns were raised about a potential state-sponsored cyberattack affecting armed forces personnel data, with some pointing fingers at China, though Beijing denied involvement. Airports like Heathrow, Luton, Edinburgh, and Manchester experienced extensive delays as Border Force staff had to manually check passports, leading to queues of over an hour for passengers at London Luton airport. [more]

8. Quantum technology to secure data transmission: JPMorgan Chase has launched a cutting-edge network called Q-CAN, which uses quantum technology to secure data transmission between two data centers. This system, employing quantum key distribution (QKD), has successfully safeguarded multiple high-speed virtual private networks (VPNs) over a single 100 Gbps fiber connection. Additionally, they've established a third quantum node for research into future quantum banking applications.

9. Web3 Cryptospace Spotlight

   1. Address posioning exploit: A cryptocurrency user lost $68 million worth of wrapped bitcoin (WBTC) due to an address poisoning exploit. Address poisoning involves mimicking parts of a legitimate wallet address to deceive the sender into transferring funds to the wrong address. In this case, the scammer tricked the victim with a fake transaction before receiving WBTC. The incident adds to the growing losses from crypto-related hacks, scams, and exploits, with $2 billion lost in DeFi in 2023 and an additional $333 million in the first quarter of 2024. [more]

   2. DeFi bZx lost $55M: DeFi lender bZx experienced a hack resulting in the theft of around $55 million, as reported by SlowMist. The hack compromised a private key controlling bZx's deployment on Polygon and Binance Smart Chain, but not its smart contracts. Approximately 25% of the stolen amount was from the team wallet. This incident follows three hacks last year, with the largest occurring in September, from which $8 million was recovered. [more]

   3. BitFinex hacking scare: FSOCIETY, inspired by Mr. Robot, claimed to have hacked BitFinex, causing panic. They threatened to leak user data unless demands were met. BitFinex's CTO, Paolo Ardoino, denied a breach, citing only 5,000 out of 400,000 accounts linked to BitFinex in the leaked data. He suggested the data came from other breaches, not BitFinex. No ransom was demanded from BitFinex, hinting at FSOCIETY's promotion of a ransomware tool. This incident, reminiscent of BitFinex's 2016 hack, emphasizes the need for vigilance despite decreased cryptocurrency hacks in April 2024. [more]

   4. On-chain hacking: On-chain hacking refers to security breaches that exploit vulnerabilities in blockchain-based systems, particularly DeFi platforms. Factors contributing to its rise include increased capital allocation to on-chain applications, attracting both institutional and retail investors. Threat actors exploit the complexity and obscurity of on-chain transactions, employing tactics like phishing websites to trick users into granting access to their wallets, resulting in theft. As institutional investment grows, so does the sophistication of attacks, necessitating robust security standards to safeguard digital assets. Effective defense mechanisms include features like Fireblocks' dApp protection, which detects suspicious activity, and Transaction Simulation, which translates complex smart contracts into understandable formats, enabling users to validate transactions before execution. [more]