Ransomware Attacks a Decade In: What Changed? What Didn’t? – benny Vasquez, Mike Mitchell – ESW #397

This week's most interesting fundings!

• SpecterOps Raises $75M Series B to Strengthen Identity Security in Round Led by Insight Partners
• Dreadnode Secures $14M to Build AI Systems that Advance the State of Offensive Security
• Building the Future of Secure Computing: Edera's $15M Series A

The drama here is intense.

Let's back up a bit and go through the whole story:

• Cybereason was one of the original EDR vendors that emerged around the same time that next-gen AV started eating legacy AV's lunch. This resulted in Symantec, McAfee and several other security giants falling from grace and getting parted out by PE firms.
• Cybereason had some great marketing and raised a lot of money - $800M, resulting in a $2.7B valuation at their peak - they were one of over 50 cybersecurity unicorns as recently as 2022.
• Cybereason FILED FOR IPO in January 2022.
• Then, they killed the IPO and were one of the first cybersecurity companies to announce layoffs, in mid 2022.
• By April 2023, the news was that Cybereason cut their valuation by 90% (down to ~$250M)
• In November 2024, we read press releases that Cybereason was set to merge with Trustwave.

All right! Now we're all caught up to today's news. The main points here are that:

• Cybereason's CEO is stepping down after fighting with investors for months
• The merger with Trustwave has been terminated
• The plan was to put an additional $100M into Cybereason, a deal that could still close within the next week, with the CFO stepping in as interim CEO.

There were once four firewall orchestration vendors: Firemon, AlgoSec, Tufin, and Skybox Security.

Then the cloud happened.

Now there are three.

The End.

Agentic AI's amazing productivity hack? Cheat on the test.

These things are getting WAY too human.

As AI tools and models get more sophisticated, the problems get more complex and harder to solve.

Very few surprises in here, but interesting to see it called out as a larger trend. On a daily basis, I see folks laughing at even the IDEA of taking a CISO role.

TL;DR - there are stories about orgs pulling workloads out of the cloud, but it's more of a redistribution of resources into a hybrid model, not a widespread trend of folks "quitting the cloud."

Here are the latest updates on the largest heist in history (digital currency or otherwise):

1. Bybit wasn't compromised directly - a third party, Safe{Wallet} was the source of the attack
2. The attack has been attributed to North Korea - crypto theft makes up a large portion of the country's GDP
3. Bybit offered a $140M bounty to anyone that can trace the stolen funds (which it has already covered with private funds it had in reserve)
4. Bybit announced that 3% of the stolen funds were frozen, 20% had 'gone dark' and 77% was still traceable, despite going through several tumblers and getting converted into Bitcoin.

A great writeup here, from Elliptic, provides some insight on how it's even possible to steal $1.5B in cryptocurrency and potentially get away with it.

If you're defending Macs, this is worth a read to understand what the latest Mac malware is up to!

I'm not a huge fan of security orgs testing theories in production, but this is a good reminder that your employees will do 0.3 seconds of due diligence before clicking on something, probably not even registering the misspelling.

We just need to plan for that and be ready to protect them when they screw up.

Skype was E2EE before it was cool

Just heard about this today, so I know nothing about it. I'll be back next week with reviews!