Ignore the Nation State Threat Actors
9–3–2024 (Monday)
Hello and welcome to The Intentional Brief - your weekly video update on the one big thing in cybersecurity for growth stage companies, investors, and management teams.
I’m your host, Shay Colson, Managing Partner at Intentional Cybersecurity, and you can find us online at intentionalcyber.com.
Today is Monday, September 3, 2024, and we’re both surprised that it’s September already. It really does feel like we’re about to start the sprint to the end of the year from here, which will include a major election here in the US, so being able to focus is going to be a big advantage coming up, which is exactly what we’re going to talk about this week.
Ignoring the Nation State Threat Actors
The past week in cybersecurity news has been dominated by comments about novel, advanced techniques being employed by a various range of nation states to carry out attacks against their victims.
This includes reports that Chinese hackers are using zero-day vulnerabilities to “to infect at least four US-based ISPs with malware that steals credentials used by downstream customers.” Another report covered a Chinese state-linked influence operation that “has become more aggressive in its efforts to influence U.S. political conversations ahead of the 2024 presidential election.”
Not to be outdone, Google’s Threat Analysis Group is calling out Russian government-backed actors of leveraging exploits first developed by the commercial surveillance industry.
Iran is being accused by the FBI and CISA that their hackers, known as Pioneer Kitten, "continues to exploit American schools, banks, hospitals, defense-sector orgs, and government agencies, along with targets in Israel, Azerbaijan, and the United Arab Emirates.” "The FBI assesses a significant percentage of these threat actors' operations against US organizations are intended to obtain and develop network access to then collaborate with ransomware affiliate actors to deploy ransomware," the joint alert says.
Finally, to round out the news on CRINK - China, Russia, Iran, and North Korea - Microsoft’s Threat Intelligence and Security Response Center - has flagged a “a North Korean threat actor exploiting a zero-day vulnerability in Chromium” targeting the cryptocurrency sector for financial gain. This follows the recent reports of North Korean threat actors getting legitimate tech jobs in the West to fund their country’s illicit nuclear program.
While these are the stories getting the headlines - and for good reason - I’m going to ask you to ignore these headlines and focus on the things within your control.
Building your defenses based on your attacker is a suboptimal strategy - to say the least - but the attacks they’re leveraging aren’t particularly novel. It’s mostly unpatched systems - whether they’re unpatched because of a zero day where no patch exists, or they simply haven’t been patched by their owner.
So, while it’s tempting to follow these attention-grabbing headlines, it’s only a distraction. Your job isn’t to defeat the nation states. It’s to build a defensible cyber program for your own firm. Just like the election headlines, your job is to vote in November. The rest is mostly just noise.
If your defenses aren’t robust, diverse, automated, and well-resourced with people, process, and technology - focus on those things instead of the headlines or chasing ghosts through your systems. We often fail to account for the fact that time is by far our scarcest resource, and we know that in cybersecurity there’s always more work than can be done.
It’s about prioritizing those things that manage down our highest impact risks - likelihood x impact - and doing so as rapidly as our resources allow us.
Fundraising
From a fundraising perspective, not a bad week heading into the Labor Day holiday, with about $7.5B in newly committed capital spread over 10 or so funds, including a few that were over the $1B mark.
We continue to be in a bit of “wait and see mode” - and I think it’ll be clear in the next week or two whether that mood is going to break and we see movement in September and October, of if it’s going to be “wait and see” until the November election here in the US.
With that, a reminder that you can find links to all the articles we covered below, find back issues of these videos and the written transcripts at intentionalcyber.com, and we’ll see you next week for another edition of the Intentional Brief.
Links
https://graphika.com/reports/the-americans
https://www.theregister.com/2024/08/28/iran_pioneer_kitten/
https://www.cinder.co/blog-posts/north-korean-engineers-in-our-application-pile