Cybersecurity Innovation Pulse #39: Morris II Worm; UnitedHealth Pays $22M Ransom?; Crowdstrike Acquires Flow and Tons of Product News!
Covering Feb. 26th - Mar. 6th
Welcome to Issue 39 of the Cybersecurity Innovation Pulse! I'm Darwin Salazar, Product Manager at Monad and a former Detection Engineer. Each week, I distill the latest and most exciting developments in cybersecurity innovation into digestible, bite-sized updates. If you’re serious about staying at the forefront of the latest in security products, attacker techniques, and industry news make sure to hit the “Subscribe” button below to get my insights delivered straight to your inbox every week 📩 🚀
Howdy! I hope you’re having a wonderful weekend! I know that I haven’t been consistent to the T with publishing these on Thursday mornings, but between being a Product and GTM leader at a startup, working with 2 non-profits, running TCP, and being a human being, it does get tough at times. That said, I’m updating my systems and will focus more on consistency.
I also have a few cool things I’ve been working on including a dope blog series that you’ll learn more about soon. And I’ll also be joining Security Weekly as a host on the Enterprise Security Weekly show! 🎉
Full circle moment as I interned at G-Unit studios for Security Weekly while completing my undergrad studies. Feels good to be back!
Industry🛰
UnitedHealth Pays $22M Ransom?
Change Healthcare unit of UnitedHealth Group’s (UHG) Optum subsidiary suffered a ransomware attack in February which led to many downstream issues including delays in delivering prescription drugs across the U.S. For reference, Optum serves over 80% of all U.S. health plans.
On March 1st, researchers noticed a single transaction of 350 bitcoin (BTC) sent to a BTC address associated with the AlphV/Blackcat ransomware group. UHG hasn’t commented on the transaction, but threat intel shops like Recorded Future and TRM Labs have verified that 350 BTC had gone out to the wallet of the AlphV/Blackcat group.
Key to note that a disgruntled AlphV affiliate also posted to a forum about being involved in the attack and not receiving payment. The group also claims to have taken 4TB of sensitive data. No bueno..
Lots of drama and serious impact with this one including the continued trend of ransom’s being paid.
NSA’s Zero-Trust Guidance to Limiting Lateral Movement
The NSA recently released its guidance for the "Network and Environment” pillar of their Zero-Trust framework. It provides practical guidance on how to prevent lateral movement in networks by covering micro/macro segmentation, data flow mapping, and software-defined networking (SDN).
Source: NSA
Team8 Secures $500M;$1B AUM
Team8, a venture creation and capital firm, has raised $500 million to expand its portfolio in cybersecurity, data, AI, fintech, and digital health sectors. They’re now at $1B in Assets Under Management (AUM).
Team8 has a very strong track record with portco’s including Dig Security, Talon, Gem Security, Ox, and Claroty.
Source: SecurityWeek
Risks in AI/ML Models on Hugging Face
JFrog’s research team has discovered over 100 malicious AI/ML models on the Hugging Face platform. Some of these models including backdoors that could lead to remote code execution on compromised machines. Full report here.
Source: The Hacker News
Product🛸
Crowdstrike to Acquire Flow Security.. and Reports a Strong Q4FY24
Crowdstrike has entered agreement to acquire Flow Security, a cutting-edge player in the data security space, for an undisclosed amount. What makes Flow different from other DSPM and data security solutions is its runtime analysis using eBPF.
This provides unparalleled visibility, context, and speed for data discovery. It allows teams to have full data lineage starting directly at the source. You can read more about the significance of runtime analysis for data security here.
All in all, a great, synergistic acquisition for Crowdstrike who leads the endpoint security segment and recently reported revenue of $845.3M in Q4FY24 (+33% YoY).
Key to note that PANW also recently acquired a data security player, Dig Security, but it does not have runtime analysis capabilities.
Source: Crowdstrike
Sentra Introduces Their LLM Assistant
Sentra has launched their LLM assistant/copilot, Sentra Jagger. It has Natural Language Processing (NLP) capabilities, can help you create policies, and custom Sentra dashboards.
Source: Sentra
Cycode Acquires Bearer to Enhance DevOps Security
Cycode has acquired Bearer, a startup specializing in AI-powered static application security testing (SAST), API discovery and data leak protection. Great pickup by the Cycode team who already boasts one of the best AppSec platforms on the market today.
Source: SiliconANGLE
Cloudflare Launches ‘Magic Cloud Networking’
Cloudflare launches its Magic Cloud Networking (MCN) service aimed at simplifying network connections across cloud providers and workloads. The MCN capabilities come by way of Cloudflare’s Nefeli acquisition.
Source: Cloudflare
Wiz Adds MacOS Scanning + Akamai Linode Cloud Coverage
Wiz has recently added agentless vulnerability scanning coverage for MacOS. You can read the full post here.
Wiz becomes the first CNAPP to have coverage for Akamai’s Linode Cloud. It’s no secret the Akamai is aiming to become a major player in the cloud provider space. You can read more about Akamai’s push into the cloud space here.
Akamai Adds ML for DDoS Protection
Akamai has also introduced the use of machine learning to its App & API Protector product to defend against sophisticated DDoS attacks. This includes new features like URL Protection for prioritizing legitimate traffic and Browser Impersonation Detection for accurate bot detection, along with tools to simplify onboarding and compliance with global standards.
Source: SiliconANGLE
Recorded Future Refreshes is GenAI Assistant
Recorded Future was one of the early implementers of GenAI into security products. It’s cool to see that almost a year later, they’re continuing to refine and build the lead against other threat intel solutions.
Source: Recorded Future
Tradecraft🤺
Morris II Worm 🪱
If you’re not familiar with the original self-propagating Morris Worm which took out 1/10 of the internet in 1988, this video explains the who, what, when and why of it all.
In any case, Israeli researchers have developed "Morris II," a malware that exploits GenAI apps like ChatGPT to propagate itself through cleverly engineered prompts. This attack mechanism, demonstrated in a lab setting, enables the malware to trick AI models into self-replicating harmful inputs across networks, potentially leading to information theft, spam proliferation, and model poisoning.
The researchers also showcased how an adversarial prompt can be injected in an image. While these are not entirely new techniques, it highlights that many of the security mistakes made decades ago are still persistent, especially when building out technologies without security practitioners in the loop.
Source: DarkReading
Extras
What Cybersecurity Chiefs Need From Their CEOs - DarkReading
MTTR: The Most Important Security Metric - DarkReading
Is XDR Enough? The Hidden Gaps in Your Security Net - SecurityWeek
Bye For Now!
Nos vemos la próxima semana! 🚀