Weekly Video: November 28, 2022
11–28–2022 (Monday)
Hello and welcome to another edition of Cyber Risk at Deal Speed your weekly video rundown of cybersecurity news and strategy for investors, deal teams, and the management teams of portfolio companies.
I’m your host, Shay Colson, Managing Partner for Cyber Diligence at Coastal Cyber Risk Advisors, and you can find us online at coastalcyber.io
Today is Monday, November 28th, and - at least in the United States - many of us are returning to the office after the Thanksgiving holiday.
We’ve got some news related to this holiday weekend - and some that explicitly isn’t related to the holiday weekend - so let’s jump right in.
What Didn’t Happen: No Major Holiday Attacks or Incidents
What Didn’t Happen: No Major Holiday Attacks or Incidents
Our main story this week isn’t about what happened, but rather what didn’t happen.
Leading up to the holiday weekend here in the US, there were more than a few hand-wringing articles worried that we might see another large-scale attack take place over the long weekend, a time when many security and operations teams are running lean, with just the bare minimum (if that) in place to keep the lights on through the holiday.
There’s some precedent for this - most visibly the SolarWinds attack that took place over the July 4th holiday in 2021. But there are other examples, stretching back to the 2009 Google Hack known as Operation Aurora. Last year, CISA released a special advisory ahead of the holiday warning that “that actors aren’t making the same holiday plans as you.”
But this year? Seems like it was pretty smooth sailing. Why?
Well - it’s worth taking a look around at what’s happening domestically in the countries that are most likely to be supporting these types of advanced persistent threat attacks.
Russia, as we all know, continues to deal with difficulties in their invasion of Ukraine, and the looming winter.
In China, street protests against the government’s “Zero Covid” policies continue to spread, and censors are working overtime to prevent crowds from seeing maskless faces at the World Cup or pictures of protestors holding blank sheets of paper in the streets. There’s also reporting that actors are spamming Twitter to distract from protest coverage.
Similarly, Iran’s street protests continue, now with a trucker’s strike further impacting logistics and supporting the protests at universities and industrial sites.
Finally, in North Korea, the recent weeks have seen a shift to missiles, tests, the revealing of a new and previously unknown daughter of Kim Jong-un, and accelerated saber rattling around the continued construction of nuclear forces.
This last bit, perhaps, should be the most concerning. North Korea is typically a highly aggressive cyber crime actor, in large part to procure funds for the development of these programs. If there really is a strategic emphasis from Kim Jong-un, we may see an uptick. For the other three countries, however, managing internal strife may force cyber efforts to take a temporary back seat. Volatility in the crypto markets, however, may force their hand a bit. It’s too early to tell if they will simply find another attack vector, or if it simply means that they’ll need to make up in volume what they’re now losing in margin.
Fundraising
From a fundraising perspective, we have a modest set of announcements in the short week - still almost $13B, which - given that the last two days of the week (and arguably most of Wednesday) were a holiday, that’s a solid effort.
We also saw a slew of fundraising announcements - where funds are not yet closed, but targets are set. In that sense, we are looking at more than $30B in target fund announcements last week - making it more and more likely that we see that quarter trillion number by quarter’s end.
Best of luck to all the firms with new capital to deploy!
You can find all the links to the stories we covered in the comments section below, find back issues of these videos and the written transcripts at cyberriskatdealspeed.com, and we’ll see you next week with another edition of Cyber Risk at Deal Speed.
Links
https://www.healthcareitnews.com/news/ransomware-attacks-trend-holidays-weekends
https://www.washingtonpost.com/technology/2022/11/27/twitter-china-spam-protests/