The FBI (and Friends) Go Snake Hunting: On Russia, Cyber, and the Future

5–15–2023 (Monday)

Hello and welcome to Cyber Risk at Deal Speed, your weekly video update on the one big thing in cybersecurity for private equity investors and the management teams of their portfolio companies.

I’m your host, Shay Colson, Managing Partner for Cyber Diligence at Coastal Cyber Risk Advisors, and you can find us online at coastalcyber.io

Today is Monday May 15th, and we’re on the road today, so we’re going to get straight into the story.

FBI (And Friends) Go Snake Hunting

By far the biggest news from last week was the FBI and Department of Justice takedown of a sophisticated hacking tool produced by Russia’s Federal Security Service (the FSB).

Known as Snake, this tool enabled Russia to “steal sensitive documents from hundreds of computer systems in at least 50 countries” according to the press release.

But, as usual, there’s more to this story - and that’s what we’re going to focus on today.

To start, this was clearly targeted to be not just a technical operation but a political one, as well. The operation to take down the Snake tool was carried out on the same day as Russia’s biggest military holiday - Victory Day - and the DOJ even went so far as to release a copy of the press release in Russian.

Furthermore, this work was conducted in partnership not just across the US government’s cybersecurity functions (including the FBI, NSA, CyberCom and CISA), but also featured all of our friends in the Five Eyes nations, including the UK’s NCSC, Canada’s CCS and CSE, and Australia’s CSC, and New Zealand’s NCSC.

The technical summary written up and published by CISA is very detailed, and shows just how much work went in to studying the piece of software and how much they actually knew about not only the capabilities, but also the use cases, the history, and even the authors of the code.

To top it all off, the FBI was able to essentially get the Snake tool to self-destruct from all of its US installations by reverse engineering its functionality.

This type of collaboration sends a strong message not only to Russia, but to other countries who are looking at Cyber as an asymmetric battle field - militarily or from a geopolitical sense. China, Iran, and North Korea are all going to take notice of this action and consider this in their future plans.

In fact, we’ve already seen an article out of the Russian press that State Duma deputy Anton Gorelkin is now considering making access to the Dark Web a criminal offense in Russia, which could have the added benefit of putting a real damper on their ransomware operations.

In short, this type of wide scale, public, and successful government action against cyber adversaries overseas may mark a sea change in the West’s approach to this. Up until this point, the calculus has largely been seen as not wanting to touch the systems of private companies, in case something might go wrong. Now, the calculus is shifting - because things are already wrong and about to get worse.

Let’s hope this is a sign that things are about to get better.

Fundraising

Big week of fundraising, coming in a nearly $40B in new capital commitments, led by Silver Lake’s $19B 7th flagship fund.

Interestingly, though, it’s not all roses - as we also saw SoftBank take the same amount of losses - $39B - on their funds, and start to explicitly look for some exits.

All of this means that we’ll continue to see some froth in the market, and opportunity for both value creation and threat actors to run their play books. Stay tuned!

You can find all the links to the stories we covered below, find back issues of these videos and the written transcripts at cyberriskatdealspeed.com, and we’ll see you next Monday for another edition of Cyber Risk at Deal Speed.

Links

https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-snake-malware-network-controlled

https://en.wikipedia.org/wiki/Victory_Day_(9_May)

https://www.justice.gov/ru/node/1635716

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-129a

https://riamo.ru/article/640158/deputat-gorelkin-obsudil-s-yuristami-vozmozhnost-priznat-ispolzovanie-darkneta-nezakonnym

Previous
Previous

Microsoft Reveals BEC Scope, Scale, Variety

Next
Next

Changing The Ransomware Narrative: When The Cover Up Is Worse Than The Crime