Welcome to Codebook, the only cold brewed cybersecurity newsletter.
Tips? Gripes? Lonely? Feel free to reply to this email.
Today's newsletter is 1,871 words, a 7-minute read.
Illustration: Aïda Amer/Axios
Vendors and cybersecurity pros anticipate businesses may finally pivot from using dozens of independently working products to using integrated platforms built with coordination in mind. It's a small-seeming tweak with the power to completely reshape the industry.
Why it matters: Business users currently layer sometimes dozens of unconnected security products on top of each other, creating overlaps and gaps in coverage. It's like building a pile of loose string when what you really want is a net.
But, but, but: A lot of the innovation in cybersecurity comes from its sprawling ecosystem of products designed to solve single problems. If clients begin to demand one-stop, one-provider solutions, the industry could contract, losing its research and design finesse along the way.
Large enterprises use 20 security products on average from nine different vendors, according to Forrester Research. Ask around, and it's easy to find companies using two or three times as many.
Vendors and their clients have long anticipated this change, but now they say it's here.
Vendor fatigue: Cutting down the number of security products an enterprise uses is most often seen as a way to boost efficiency and save money.
Cost: Typically, when businesses cut down the number of products they're using, they cut costs. And, at least according to Eagan, there are a number of solutions sold as products that would be more appropriate as features in larger packages.
Security: It isn't just an efficiency issue.
An integrated platform could be one built by a single vendor designing a unified system. Or it could be built out of products from separate vendors designed to piece together without overlaps or gaps.
For businesses, cybersecurity products tend to accumulate over time.
The catch: Todt worries that a move toward platforms might encourage smaller companies to overlook the occasions when they do need specialized products.
Hackers targeting nongovernmental humanitarian groups, including UN groups like UNICEF, sought to steal login credentials using sophisticated phishing sites, according to a new report by mobile security firm Lookout.
Why it matters: Lookout doesn't attribute attacks to specific actors, but the lures used to draw targets to the phishing sites were links only of interest to workers following issues involving North Korea. That suggests North Korea is a likely suspect here.
What they found: The phishing sites used a number of clever tricks.
The sites were hosted by the Malaysian firm Shinjiru, Lookout's Jeremy Richards told Axios.
Facebook announced the removal of four networks of troll accounts on Monday, one Russian and three Iranian. While you may have heard the Russian accounts attacked Democratic candidate Joe Biden and praised President Trump, that's an oversimplification of what the 93 Internet Research Agency-linked accounts were up to.
Why it matters: Less than half of the malicious accounts focused on the 2020 election, according to a Graphika report. The accounts, on the whole, were very similar to the 2016 campaigns largely focused on fracturing the nation over divisive issues — so similar that they appeared in many cases to be reposting lightly modified versions of posts from 2016.
Due to the "cut and paste" nature of the new campaign, Graphika has dubbed the new campaign from the Internet Research Agency "IRACopyPasta."
By the numbers: Graphika noted 40 accounts in the IRACopyPasta campaign. 25 of them did not focus on the 2020 election. Instead:
That leaves 15 accounts (11 backing Trump, 4 backing Sanders) focused on 2020.
Nearly half the accounts claimed to be from swing states.
The intrigue: When accounts that were primarily focused on dividing Americans commented on 2020 candidates, they had preferred candidates in mind.
Amplifiers, not originators: Even more than repurposing the IRA's own past work, the accounts largely cut and pasted authentic posts from American users.
One of the winning images. Image: Claudio Rousselon
The Hewlett Foundation and OpenIDEO announced winners in a competition to solve one of cybersecurity's stranger problems — how the field appears in the press.
The big picture: If you've ever read a news story about cybersecurity, you've probably seen a stock picture of a figure wearing a dark hoodie typing on a keyboard in gloves (how do you type in gloves?), maybe punctuated with neon green binary.
"Cyber issues are complex," Eli Sugarman, program officer for Hewlett's Cyber Initiative, told Codebook. "What does green binary actually tell anybody?"
Artists competed to create graphical representations of specific, hard to visualize cybersecurity issues, like encryption and geopolitics.
Dozens of Republican lawmakers interrupted a House committee's impeachment inquiry Wednesday, forcing their way into the secured area holding the proceedings, known as a SCIF (Sensitive Compartmented Information Facility), and throwing a pizza party.
Why it matters: Though the Republicans treated it as a prank as well as a protest — they sat in and ordered pizza — violating the security of a SCIF is a huge deal that came across to current and former national security personnel Codebook spoke to as a slap in the face.
Republicans claimed they wanted access to "secret" proceedings, although more than 40 Republican members, including 13 of the protesters, already had access to them, as members of relevant committees.
What is a SCIF, anyway? SCIFs are secure facilities used by intelligence personnel to keep a lid on classified or sensitive information.
Why hold these proceedings in a SCIF? Both parties understand this logic. In the final report of one of the Benghazi investigations, lawmakers, including Republicans Trey Gowdy (now a Trump lawyer), Mike Pompeo (now secretary of state) and Jim Jordan (still a representative) wrote:
Internal memo claims White House is setting itself up for a breach: Axios' Alexi McCammond broke news yesterday: An internal memo on cybersecurity, obtained by Axios, warns that "the White House is posturing itself to be electronically compromised once again."
Trend Micro buys Cloud Conformity: Acquiring the Australian cloud security provider means Trend Micro can help clients prevent problems stemming from misconfiguration — currently a major cause of cloud security flaws.
The Browns are a lost cause. We wasted $5.
Codebook will return next week.