February 21, 2024

As we prepare to metaphorically close our remote "office" for the end of year we wanted to briefly take a moment to reflect on the last 12 months at Cosive.

Zooming out to consider the cybersecurity field as a whole, two primary developments have stood out to us this year.

Two significant industry trends we observed in 2023

1. The growing importance of CTI teams in combatting ransomware gangs

First, a growing challenge: the increasing professionalisation of ransomware gangs, who have surprised us all with their capacity to operate more like venture-backed startups than cybercriminals.

The scale of their resources unfortunately aren't that different to VC backed startups, either, with top ransomware groups earning over $100 million from ransomware payments.

The good news? We believe the repeated tactics and similar targets of many ransomware groups mean that the skills, tools, and capabilities of threat intelligence teams are extremely well-suited to the detection and prevention of these threats.

We’ve also been encouraged to see an marked uptick in organisations looking to both ingest and share threat intelligence.

This is not without its challenges (as we’ve spoken about previously), but it’s fantastic to see more organisations seeing the benefits of using and sharing threat intel via automated mechanisms.

Though, as we always say, the wisdom of analysts is still the key ingredient for success.

2.The emerging potential of AI to eliminate gruntwork for SOC and CTI teams

Secondly, a development that we believe is deeply positive: the advancements in AI that show immense promise in reducing repetitive work for both SOC and CTI teams.

We've been experimenting with these capabilities ourselves, from test-driving ChatGPT's ability to assign ATT&CK IDs to threat intel reports, to exploring how AI could transform the CTI analyst role by allowing analysts to spend much less time on mundane enrichment tasks.

"Since we started experimenting on November 30 2022 in the early days of ChatGPT, we’ve run many experiments on the holy grail of auto-analysing unstructured threat intelligence and turning it into structured STIX and MISP packages.

The surge of interest in LLMs has seen a flood of tooling along these lines, including MITRE’s LLM-enabled TRAM v2.

A year after ChatGPT’s release, we still don’t see it as automating your threat intelligence processing in its entirety, but it’s a great way to assist analysts with streamlining intel package creation that otherwise may not have happened at all.

Of course, if you want something to create MISP or STIX packages from blog posts, Cosive became a partner of Feedly this year which does exactly that."

- Chris Horsley, Co-Founder & CTO

Reflections on a year of Cosive

This year saw the team make many knowledge-sharing contributions back to the Australian & New Zealand cybersecurity community.

Our CTO Chris spoke at AusCERT on what it takes to share CTI packages, and at AISA CyberCon on using AI for CTI enrichment. Chris also spoke on the use of canary credentions to fight phishing attackers at several local and industry meetups.

Cosive's Shanna Daly presented at CyberCon in Canberra on how to do threat intelligence without boiling the ocean, while also facilitating a popular workshop on digital forensics at the same conference. Both Chris and Shanna appeared on industry expert panels at CyberCon. And we found ourselves a little starstruck when Shanna recorded a live podcast episode on stage with Risky Biz! Alongside all this, Shanna also found time to serve as a review board member for Blackhat Asia.

Shanna appeared on the Risky Biz podcast.

Cosive's David Zielezna served as a CTI engineering expert panelist at this year's CyberCon in Melbourne, and presented on using MISP in the field at a sector-specific security meetup.

And Cosive COO Terry MacDonald continued to volunteer his time to serve as Chairperson of the New Zealand Internet Taskforce (NZITF), a non-profit organisation dedicated to improving New Zealand's security posture.

We're excited to continue sharing our knowledge and insights with the broader industry in 2024. It's an important part of our goal to help organisations achieve excellence in their security programs.

Exercising our breadth of capability

Our multi-disciplinary team stretched across the full breadth of their skills this year, executing successful delivery of bespoke security tooling, top-down reviews of SOC and incident response playbooks, cybersecurity tabletop exercises, MISP consulting, and pentesting for a diverse range of customers.

We launched CloudMISP

We launched and made major improvements to CloudMISP, our MISP SaaS offering, including custom integrations with Azure Sentinel, AssemblyLine, Okta, and Azure Active Directory (now known as Microsoft Entra ID). And we worked with major international organisations to replace the burden of a self-hosted MISP with the ease of CloudMISP, helping their CTI teams to get more real work done.

Reflections from the team

Finally, we want to take some time to reflect on our year at Cosive, in the words of our team:

"Massive thanks to all our customers and staff. We've had an incredible year.

I've been so impressed with the amazing work our team has achieved throughout 2023. Whether it's been helping an organisation protect 3 million customers from fraud, helping large global organisations organise their threat intelligence or even helping a holiday resort find vulnerabilities in their network, we've done a lot.

We're so lucky to have an incredible team of rockstars working with us and I'm so amazed and humbled that they chose to work here. After a long rewarding year with our incredible customers it's time for a bit of rest and relaxation."

- Terry MacDonald, Cosive co-founder & COO

"It's been a fascinating year at Cosive. I've been diving into some pretty cool CTI projects with our clients and industry colleagues, and I'll soon drop some neat TAXII tools. I've enjoyed watching our CloudMISP offering come into its own and attract global attention. Plus, getting out of the home office and exchanging ideas with peers at industry forums has been a breath of fresh air. I hope 2024 brings me as much novelty and enjoyment."

- David Zielezna, Principal Security Consultant

"As 2023 passes with a clatter, and I ruminate on what came before, I am finding myself thankful for the whole team and the broader InfoSec community I appear to have stumbled into.

In the Cosive crew we have today (as well those that have moved on to other things), every individual has brought with them their own form of creativity and unique problem solving skills, poured them into the melting pot, and I've been fortunate enough to witness some magic being made.

Reflecting a little further, I am finding myself keenly aware that it is common in this field of work for people to be neurodivergent - commonly blessed with ADHD and autism spectrum traits. The months and years behind us have been challenging ones, neurodivergence notwithstanding, but especially so for people who possess a sharpened awareness.

This Christmas I am wishing that the world becomes a little more mundane, that boredom becomes more frequent in our lives."

- Andrew Hosie, Senior Security Consultant

To our team, our customers, and the broader Australia & New Zealand InfoSec community, we wish you a restful, relaxing and restorative break.

Here's to having our best year yet in 2024.