It’s Like Déjà Vu All Over Again

Did you hear about the hack at Lawrence Berkeley National Laboratory?

One of the organization’s system admins working on a minor accounting discrepancy uncovered unauthorized access by someone exploiting a system vulnerability. The perpetrator, who was ultimately found in Germany, gained unauthorized superuser access to the LBL system by exploiting a vulnerability in the movemail function in GNU Emacs. This enabled the attacker to nefariously access other military and research networks for an international spy ring.

Sounds like something that occurred a few weeks ago, right??

It was 1986.

The account was detailed in the 1989 book The Cuckoo’s Egg by Clifford Stoll, the astronomer-turned-system admin who stumbled on and traced the hack around the globe.

Here we are nearly 40 years later, and the number of data breaches in 2023 was up 78% year-over-year, public anxiety over potential attacks to critical infrastructure is mounting, and we’ve got the Wall Street Journal writing, “If Companies Are So Focused on Cybersecurity, Why are Data Breaches Still Rising?”

The article attributes the continued rise to:

1. Evolving ransomware that does more damage to corporate systems thanks to ransomware gangs that make it easier for budding criminals to get in the game.
2. Cloud misconfigurations.
3. Exploitation of third-party vendor systems to gain access to larger corporate targets.

The headline on this newsletter is a quote attributed to baseball’s Yogi Berra, who coined the phrase after seeing New York Yankees Mickey Mantle and Roger Maris hit back-to-back home runs in the 1960s. It applies to today’s cybersecurity world.

So how do we break the cycle? It’s a tall task, which is why cyber resilience is critical to business success.

?To discuss the need for cyber resilience, we’ve put together an expert panel including Shira Rubinoff? , President Cybersphere, The Futurum Group; Danielle Sheer , Chief Trust Officer, Commvault; Melissa Hathaway, Global Cybersecurity Expert and Commvault Cyber Resilience Council Chair; Karl Rautenstrauch , Principal Product Manager, Azure Storage, Microsoft; Jeffrey Witmyer , Principal, Risk Advisory – Cybersecurity & Privacy, Grant Thornton; and James Robinson , CISO at Netskope. Join the discussion on April 9, 2024, at 9:30a BST, 11:00a SGT, or 1:00p ET.

The Resilience Rundown: AI in the Enterprise

Vidya Shankaran , Commvault’s field CTO for emerging technologies, joins host Thomas Bryant on Episode 3 of The Resilience Rundown podcast to discuss the impact (good and bad) of AI for large enterprises.

Subscribe: Apple Podcasts | Spotify | YouTube

Things of note that have caught our eye:

• Chief Risk Officers Say Cybersecurity Most Pressing Risk (Insurance Journal): In an inaugural EY/Institute of International Finance global insurance risk management survey, cybersecurity was ranked as the highest concern for chief risk officers.
• Unpatchable vulnerability in Apple chip leaks secret encryption keys (ArsTechnica): A hardware-related flaw isn’t ideal, and a fix might have a major impact on performance.
• Researchers highlight potential cybersecurity threats to trucking industry (Colorado State University): A team of researchers at CSU have published a paper that details vulnerabilities in commercial trucking systems that could be used to spread malware between vehicles.
• ‘Brain Weasels’: Impostor Syndrome in Cybersecurity (SecurityWeek): Jennifer Leggio , founder of Movable Feast, looks at how impostor syndrome impacts the cybersecurity community.
• FCC approves cybersecurity label for consumer devices (CyberScoop): The U.S. Cyber Trust Mark aims to provide consumers with a better understanding of the security of their Internet of Things (IoT) devices.