.png){kind=logo}
Cyber Thoughts Newsletter
December 2024
Chinese attackers, Salt Typhoon, access critical telecom systems and we spend three days in quarantine.
The Chinese have breached telecommunications companies in dozens of countries, including at least eight in the United States. A snarkier commentator might just include “every company that uses Huawei hardware,” but we are, of course, above such petty generalizations. The hacking group is being referred to as Salt Typhoon, which is coincidentally our favorite new Asian fusion mocktail; it’s like a cross between a Mai Tai and a Margarita, but we digress.
At Lytical, we know a thing or two about secure communications and end-to-end encryption applications. After all, we invested in Wickr, which was acquired by Amazon, giving us ringside seats to the encryption wars. Signal is a great option if you’re looking for a secure channel for personal use, but Signal doesn’t work well for regulated businesses, where apps like Wickr and Armor Text shine. These tools have built-in functionality that allows corporations—or auditors—to access encrypted texts when necessary while offering a much higher level of security than regular texts.
That said, even encrypted traffic isn’t a cure-all. Lest we forget: quantum computers will eventually allow attackers to break most of today’s encryption. Governments like China are likely hoovering up encrypted data right now, storing it to decrypt later when the technology catches up. They may already have some quantum capability, though it’s likely still too expensive to deploy on a wide scale.
If you’re a high-value target—a political figure, a billionaire, or both—moving to encrypted communications seems like a no-brainer. We’ve heard that Elon Musk’s security team gives him a fresh machine to use Zoom, only to wipe it afterward rather than trust the platform. Paranoid? Maybe. Surprising? Not really—especially considering Zoom’s reliance on its mostly Chinese video compression team.
On a completely unrelated rant: can we retire the “Posture Management” naming convention? Gartner, we’re looking at you. Application Security Posture Management, Cloud Security Posture Management, DSPM, SSPM (Snarky Security Posture Management?)—the list is endless, and we are officially over it. Let’s get back to basics. How about calling it “Things You Should Have Done to Secure Your X”? TYSHDSYA, TYSHDSYC, TYSHDSYD, TYSHDSYS—it just rolls off the tongue, doesn’t it?
And now for something completely different: three days in quarantine. Did you know Singapore requires quarantine if you’ve visited certain Latin American countries in the past seven days, just in case you’ve picked up Yellow Fever? Neither did we. And that’s how you end up with an all-expenses-paid stay in a quarantine hotel, thoughtfully built inside a convention center where your “window” offers a scenic view of… a giant hangar. It reminded us of 2022 in all the worst ways. Lesson learned: always carry your yellow fever vaccination card.
What does that have to do with AI and cybersecurity? Nothing. But we thought you’d appreciate the heads-up anyway. ;)
Lastly, if you enjoy our snark and highlights, follow us on Twitter and LinkedIn. We regularly post things that are actually worth your time.
What We're Reading
Here's a curated list of things we found interesting.
White House: Salt Typhoon hacked telcos in dozens of countries
With most of our texts and calls traveling unencrypted, this represents a major breach of our infrastructure. The FBI is in the odd position of telling people to please use encryption programs, a 180 given they are normally asking Apple to not use end-to-end encryption.
Chinese state hackers, known as Salt Typhoon, have breached telecommunications companies in dozens of countries, President Biden's deputy national security adviser Anne Neuberger said today. During a Wednesday press briefing, the White House official told reporters that these breaches include a total of eight telecom firms in the United States, with only four previously known.
DeepMind AI weather forecaster beats world-class system
A 15 day forecast that actually works? Yes please! While traditional models were more deterministic this new model blends that with AI models that start with slightly different initial conditions; in the end they are more accurate on 97% of measures used to score the systems.
Google DeepMind has developed the first artificial intelligence (AI) model of its kind to predict the weather more accurately than the best system currently in use. The model generates forecasts up to 15 days in advance — and it does so in minutes, rather than the hours needed by today’s forecasting programs.
Why the Nobel Prize in Physics Went to AI Research
AI is eating the world. These works are foundational to neural nets and are clearly incredibly important, but it still took the scientific community by surprise.
The Nobel Prize Committee for Physics caught the academic community off-guard by handing the 2024 award to John J. Hopfield and Geoffrey E. Hinton for their foundational work in neural networks.
The pair won the prize for their seminal papers, both published in the 1980s, that described rudimentary neural networks. Though much simpler than the networks used for modern generative AI like ChatGPT or Stable Diffusion, their ideas laid the foundations on which later research built.
Transactions
Deals that caught our eye.
Wiz acquires Dazz for $450M
Wiz, one of the most talked-about names in the world of cybersecurity, is making a significant acquisition to expand its product reach in cloud security, particularly with developers. It is buying Dazz, a specialist in security remediation and risk management, and according to sources familiar with the matter, this is a cash-and-share deal valued at $450 million.
Podcasts
What we’re listening to.
The Cybersecurity Defenders Podcast - Predictions for the future of cybersecurity from 2024
Throughout the year, we’ve asked our guests one key question: Do you have any predictions for the future of cybersecurity?
Their answers were inspiring, thought-provoking, and sometimes even a little unsettling, but all of them shed light on where we’re headed as defenders in this ever-changing digital landscape.
In this episode, we’re pulling together all of those predictions and insights from 2024, from the potential impact of AI and quantum computing to the evolving tactics of threat actors and the innovation shaping security practices.
About Lytical
Lytical Ventures is a New York City-based venture firm investing in Corporate Intelligence, comprising cybersecurity, data analytics, and artificial intelligence. Lytical’s professionals have decades of experience in direct investing generally and in Corporate Intelligence specifically.