.png){kind=logo}
Cyber Thoughts Newsletter
August 2024
We are just back from the Black Hat and DEFCON conferences, affectionately known as Hacker Summer Camp. Tens of thousands of security professionals in Vegas in August, it really is nirvana. Before we dive into industry trends and overheard gossip we like to recommend the Museum of Punk Rock. Totally worth the trip off the strip, and you can get a rum and coke served in a Pringles can; yup, we are still rebels.
CrowdStrike. What can we say besides: that was awkward. They sent a software update that managed to brick over 8.5 million machines, then they offered a $10 gift card to apologize. Delta Airlines was one of the big losers in all this, with flight delays that cascaded for days. Apparently, SouthWest Airlines was saved since they still run on an archaic version of Windows that can’t handle modern CrowdStrike. A new cybersecurity mode called Safety Through Obsolescence. There really isn’t much more to say, they probably should do a bit more testing before shipping code, and mono-cultures are bad. But we don’t know that many companies are going to stop using the product because of this. Time will tell.
While there hasn’t been much more news about Cyber Starts and their bribing creatively compensating CISOs for buying the products of their portfolio companies it is still being discussed by both investors and CISOs alike. At least one friend of the firm has taken it upon themselves to do some digging, and it is frankly shocking what they unearthed. They have quotes from both people at the companies receiving the “help” from Cyber Starts as well as CISOs who turned down sketchy offers. They also compiled a list of people they believe may have been on the receiving end of Cyber Starts program, and it was considerably longer than we would have expected. Of course, no one knows if the list is accurate or not, but the sheer size made us believe the problem is bigger than anyone first thought.
While reporting on the incident has quieted down, we shouldn’t be surprised if there is more. The article may have been the starting gun for a deeper investigation, and frankly, the industry could use it. With that said, our friend pointed out that cybersecurity isn’t the only place where software gets procured, and it is likely that other organizational functions may have been influenced in a similar manner.
On a happier note, Black Hat held their 3rd Startup Spotlight Competition; think Shark Tank but without the live investing. With four finalists presenting on stage, there were essentially two winners, the official winner chosen by the judges, and the people's choice award. Knostic Security who provide a solution allowing LLMs to answer questions on a need-to-know basis: the CFO will get your salary amount while a manager might get your salary band. The people’s choice went to Rad Security, a threat detection and response platform focusing on Kubernetes. The competition has come a long way in just a few years, with the quality of both the entrants and the production of the event improving with each year.
DEFCON had its own drama this year, getting late notice that Caesars would no longer be providing a venue for the conference. The planning team pivoted the event to the Las Vegas Convention Center, no small feat given they only had 6 months to make the switch. They did an amazing job and the new venue is great; we liked it much better than the last couple of years. We also got to meet the children of three of our hacking friends, ranging in age from 15-18, which means we are officially old. Nothing like seeing the adult children of your peers to remind you that you probably need to stretch in the mornings or your knees will hurt. But honestly, seeing a new generation get into hacking is awesome.
Lastly, we got tired of the age-old dance of trying to trade contact information at a conference; you both open up LinkedIn and try to find the QR code, then you forget why you connected in the first place when you get back to the office. So we created a QR code that you set as your phone’s wallpaper that will open an email to you. That way the person can send you a 1 line email about why you all want to connect. Here is the ChatGPT prompt:
Please create an iPhone wallpaper with a QR code that will use a mail to link to create a draft email with the subject line “Met at BlackHat” and the recipient Your.Email.Here@gmail.com
Just replace the email address with yours and you’re good to go. You can also change the subject line to match your event. It’s left as an exercise for the reader to take the image and make it their home screen, but you’re smart enough to read this newsletter so you’ll have no problem figuring that out.
Below are a few of the articles that caught our attention this month. Moreover, we’ve inserted one or two sentences in italics, summarizing each article’s importance. We hope you enjoy and appreciate the material.
Lastly, if you appreciate our highlighted content, please follow us on Twitter and LinkedIn, where we regularly post about things worthy of attention.
What We're Reading
Here's a curated list of things we found interesting.
CrowdStrike global Windows crash latest updates — aftermath of the biggest IT outage in history
Apparently the outage cost Delta Airlines alone $380MM. This devastating breakdown was caused by poor testing and rollout procedures. Fun fact: a similar issue happened at Mcafee when George Kurtz, the founder and CEO of CrowdStrike, was the CTO. We hope you were not flying Delta last month; we were. :(
CrowdStrike is used by businesses worldwide, including banks and airports, and the fault occurred due to an update error involving its Falcon Sensor software. When deployed automatically to millions of PCs around the world, it inadvertently put them into a recovery boot loop. The resulting Blue Screen of Death (BSOD) began to appear worldwide and knocked countless systems offline.
CrowdStrike accepts award for ‘most epic fail’ after global IT outage
Well, at least they’ve kept their sense of humor. The Pwnie awards happen at DEFCON and are a bit like the Oscars, but for nerdy security people. We hope to win best venture investors, as soon as they create the category.
Just a few weeks after its software update triggered a global IT meltdown, CrowdStrike isn’t shying away from the spotlight. In fact, the company’s president Michael Michael Sentonas even took the stage at the Pwnie Awards to accept the award for Most Epic Fail.
North Korean hacker got hired by US security vendor, immediately loaded malware
At first, you want to make fun of the security company for hiring the hacker, but when you think about it, the fact they caught it is sort of impressive. A foreign government went to all the trouble of getting a mole inside, and they were caught before they could do real damage.
KnowBe4, a US-based security vendor, revealed that it unwittingly hired a North Korean hacker who attempted to load malware into the company's network. KnowBe4 CEO and founder Stu Sjouwerman described the incident in a blog post, calling it a cautionary tale that was fortunately detected before causing any major problems.
Transactions
Deals that caught our eye.
Fortinet Acquires Lacework
It was a slow month for security acquisitions and this is a bit of a sad end for Lacework. Once a unicorn, Lacework had a failed acquisition by Wiz and has now sold for an unreported sum, though we hear it was under $230MM.
Longtime cybersecurity vendor Fortinet (NASDAQ: FTNT) on Monday announced plans to acquire Lacework, a late-stage cloud security startup that was once listed as a “unicorn” company valued north of $1 billion.
Podcasts
What we’re listening to.
THE AI DAILY BRIEF - The ‘Picks and Shovels’ Businesses Quietly Driving the AI Build Out
Explore the unsung heroes behind the AI revolution: the businesses providing essential infrastructure for AI’s rapid growth. Learn about the increasing role of data centers, innovative cooling solutions, and the crucial components powering AI’s expansion. Discover why Wall Street’s view on AI may not capture the whole picture, as these “picks and shovels” companies play a vital role in shaping the future of AI technology.
About Lytical
Lytical Ventures is a New York City-based venture firm investing in Corporate Intelligence, comprising cybersecurity, data analytics, and artificial intelligence. Lytical’s professionals have decades of experience in direct investing generally and in Corporate Intelligence specifically.