📡 Cybersecurity Innovation Pulse #21: RIP QakBot; Wiz & SentinelOne Break Up </3; Tor v0.4.8.4; Gartner Data Security Hype Cycle; and More!
Covering Aug. 24th - Aug. 31st of 2023
Welcome to Issue 21 of the Cybersecurity Innovation Pulse! I'm Darwin Salazar, your guide to the dynamic world of cybersecurity innovation. Each week, I comb through 1K+ headlines to cover the latest on product launches, groundbreaking innovations, strategic collaborations, and other developments at the intersection of innovation and cybersecurity. If you find value in this type of stuff, consider becoming a subscriber to ensure you receive my insights directly to your inbox, saving time and keeping you ahead of the curve.
This week, we've officially entered 'Black Mirror' territory with Intuition Robotics raising $25 million to continue building out its AI companion robot which is designed to combat loneliness. The U.S. Military is also building out its fleet of ‘autonomous war robots’. What could possibly go wrong?…
Anyways, we had a pretty juicy week in the security world with acquisition talks between SentinelOne and Wiz falling through, the QakBot takedown and the Google Cloud Next event so let’s get into it!
Top Stories 🗞️
FBI Takes Down QakBot Botnet
The FBI has successfully dismantled the QakBot botnet which had been active since 2008 and had been responsible for tens of thousands of attacks across the globe since then. To give you an idea of the magnitude of this botnet army, at the time the FBI began sink-holing its traffic, the botnets Command & Control (C2) infrastructure had amassed over 700K infected machines which could be used for a variety of attacks including Distributed Denial of Service (DDoS) and ransomware attacks. The investigation which included collaboration from U.S., France, Germany, the Netherlands, Romania, Latvia, and the U.K., found that the QakBot crime ring had collected ~$58 million in ransomware payments from Oct. ‘21 - Apr. ‘23. This is clearly a big win for defenders across the globe. Source
Gartner's 2023 Hype Cycle for Data Security
Gartner's latest Hype Cycle for Data Security in 2023 has revealed some key trends and technologies which you can see in the graph above. Two newcomers to the hype cycle are crypto-agility and post-quantum cryptography which we’ve covered at length here at TCP. As quantum computing capabilities continue to evolve, traditional cryptographic methods will become vulnerable and maybe even obsolete due to quantum-based attacks. Gartner emphasizes the need for organizations to start preparing for post-quantum cryptography to secure their data against future quantum-based attacks. The report also highlights other emerging challenges like multi-cloud data governance, regulatory compliance, and managing shadow IT data. Source: VentureBeat
SentinelOne Ends Acquisition Talks with Wiz
SentinelOne has reportedly ended acquisition talks and their 6-month long partnership with Wiz. The two companies had been in discussions for a potential multi-billion-dollar deal where Wiz would acquire SentinelOne. The dynamic of these talks had been weird from the beginning considering Wiz is still a relatively young start up and SentinelOne is a publicly traded company. SentinelOne CEO, Tomer Weingarten, has indicated that they’d rather be bought out by a PE firm or a major security player like Microsoft or IBM. The significance of this development is twofold: M&A/consolidation isn’t as easy as Cisco or Palo Alto Networks make it look and that given their non-compete agreements, both SentinelOne nor Wiz can partner up with either of their competitors (i.e., Wiz partnering w/ CrowdStrike or SentinelOne partnering w/ Orca Security). Source: CRN, Calcalistech
How AI is Changing the Game in Digital Forensics
AI has made waves in the Digital Forensics and Incident Response (DFIR) realm due to it’s ability to analyze data, automate tasks, and enable predictive analytics. From machine learning algorithms that can sift through massive datasets to neural networks that can identify anomalous patterns in environments and correlate them with threat intel feeds; the possibilities are endless. Of course, we’re still in the early innings of sussing out the efficacy of implementing these technologies in security solutions but nothing starts out perfect so the future is certainly promising. This DarkReading article goes more in-depth on the specific AI use cases for DFIR.
Security Product Innovation 🛰️
OpenAI Introduces ChatGPT Enterprise w/ Enhanced Security
OpenAI recently released an enterprise grade version of ChatGPT which should help quell most of the security and data privacy concerns around its use. Since ChatGPT gained mass adoption earlier this year, the security industry has been rightfully skeptical and careful in leveraging it across the enterprise. I mean, do you remember the Samsung source code leak? What about the string of vulnerabilities that have been publicly disclosed? So yeah, it makes sense that our industry has been skeptical of allowing use of ChatGPT and the likes.
However with this new release, most security and data privacy concerns can be laid to rest. The newly introduced security and privacy features include end-to-end encryption (TLS 1.2+ in transit + AES-256 at rest), SOC 2 compliance, and ensures data integrity by not training GPT models on proprietary business data or conversations. These security measures make it a compelling choice for businesses looking for a secure, customizable AI chatbot solution. The new version also includes a few performance upgrades such as higher performance speeds and more comprehensive version of Code Interpreter. As Ryan Naraine, calls out in his SecurityWeek article, this is a great play by OpenAI to leverage enhanced security as a selling point for its enterprise ChatGPT version.
GitHub Enterprise Server 3.10: New Security Capabilities
GitHub has rolled out v3.10.0 of its Enterprise Server offering, packed with new security features. The update includes support for custom deployment rules which allows external systems or 3rd party services to approve or reject deployments across organizations and repositories. Administrators now have more control over GitHub Actions runners, with the ability to disable repository-level self-hosted runners and cross-user namespaces for centralized runner management.
The release also simplifies code scanning setup and extends it across multiple repositories. Teams can also track risks across all repositories through the Dependabot feature. Lastly and probably most importantly, GitHub has also introduced fine-grained Personal Access Token permissions which only have access and permissions to repositories or GitHub Organizations.
Source: GitHub Release Notes
Tor Enhances Security to Thwart Attacks
Tor has made significant updates to its onion routing software to improve network resilience and thwart DDoS attacks. The new version, Tor 0.4.8.4, introduces proof-of-work scheme which require suspicious (i.e., making multiple intro requests to .onion address) users to answer challenges which will help slow down any automated or widespread attack efforts. The proof-of-work algorithm is also used on both the Bitcoin and Monero blockchains. Source: The Register
Lacework Expands Google Cloud Coverage
Lacework has enhanced Google Cloud coverage for various features including new composite alerts, enhanced audit log support and the GA’ing of attack path analysis.
Source: Lacework Blog
Google Introduces GKE Enterprise for Complex Kubernetes Environments
Google has launched an enterprise version of Google Kubernetes Engine (GKE) during its recent Google Cloud Next conference. This enterprise-grade version comes with a number of improvements including security, governance, and service mesh management enhancements. This GKE tier also makes it easier to manage fleets of clusters by enabling the application of policies and guardrails at fine-grained hierarchical levels across GKE fleets.
It’ll be interesting to see if AWS or Azure counter with similar offerings and features. (Hint: Their customers will probably be asking for it.)
More Key Insights 🔎
Getting into AWS Security Research by Daniel Grzelak - A guide with invaluable tips from cloud security experts. I wish this guide existed when I was doing security.
MOVEit, the biggest hack of the year, by the numbers by Carly Page - A deep dive on the largest hack of the year which has impacted well over 60 million individuals across the globe.
The Significance of Blockchain in Enhancing Online Transaction Security by Hillary - A look at the security benefits of blockchain tech and real-world use cases from Amazon, Wal-Mart, and the likes.
Aaaand that's a wrap for this week, folks! Your feedback is the fuel that keeps this newsletter going, so don't hesitate to let me know what you loved, hated, or would like to see improved. If you found value in this issue, why not share it with a friend or consider becoming a paid subscriber? Each week, I sift through over a thousand headlines to bring you the most impactful stories that are driving innovation in cybersecurity. Your support lets me know that this work is making a difference.