Ransomware is down, Mac malware is up, AI disappoints – ESW #396

This is a mix of stuff from this issue of Security, Funded, as well as some newer stories that will probably be in next week's issue.

Funding

• MDM/EMM: NinjaOne Secures $5 Billion Valuation and $500 Million Funding
• Whalebone, a Czech Republic-based secure DNS and networking platform, raised a $13.9M Series B from Unbound
• Gomboc.AI, a United States-based cloud infrastructure security and remediation platform, raised a $8.0M Seed from Ballistic Ventures.
• Singulr AI, a United States-based platform to discover and control the usage of GenAI platforms and sensitive data in training models, raised a $10.0M Seed from Nexus Venture Partners and Dell Technologies Capital.

Acquisitions

• Votiro, a United States-based anti-malware platform for files, emails, and collaboration platforms, was acquired by Menlo Security for $37.5M. Votiro had previously raised $25.5M in funding.
• Deepwatch Acquires Dassana to Advance Cyber Resilient Security Operations with Continuous Threat Exposure Management

"Researchers with security consultancy Chainalysis report that, thanks to stepped up efforts from law enforcement and victim response, the second half of 2024 saw a whopping 35% decrease in payouts to ransomware attackers."

"The report goes on to point out that the smaller payouts are likely the result of increased efforts by law enforcement to catch ransomware criminals as they are trying to cash out their hacks."

"Despite seeing a drop in payouts on the year, the researchers noted that ransomware leak incidents increased. This would suggest that organizations are more willing to call the bluff of threat actors and, as a result, pay the price in dealing with a data disclosure."

“Ransomware operations have also become faster, with negotiations often beginning within hours of data exfiltration.”

Unsurprising, sadly

1. Who uses Macs? Execs, devs, engineers, security folks
2. What's one of the most effective ways to hack an org? Don't hack in. Log in.

"Bybit has more than enough assets to cover the loss, with AUM exceeding $20 billion, and will use a bridge loan if necessary to ensure the availability of user funds."

Damn, that's a flex if I've ever seen one.

This is possibly tied for third on a list of the largest heists EVER, crypto or otherwise!

1. Bernie Madoff Ponzi Scheme (USA, 1960s-2008) - $64.8 billion
   • Largest Ponzi scheme ever, with fake returns leading to massive investor losses.
   • Around $14 billion was later recovered.
2. 1MDB Scandal (Malaysia, 2009-2015) - $4.5 billion
   • Corrupt officials embezzled billions from Malaysia’s 1MDB sovereign wealth fund.
   • The scandal implicated major banks and celebrities, including Goldman Sachs.
3. Tajikistan Gold Smuggling (2023) - $1.5 billion
   • Tajik officials were caught smuggling gold bars to Dubai.
   • This massive heist went largely unnoticed internationally.

Vulnerability Management: ancient relics edition.

There's seriously a ransomware group out there having success targeting ColdFusion vulns from 2009-2010, seven year old Fortinet vulns, even the Microsoft Exchange ProxyShell attack chain that compromised so many organizations.

What I don't understand is how these vulnerabilities still exist on the public Internet and haven't already been scooped up by attackers.

"The SaaS landscape in 2024 didn’t just evolve—it defied expectations. Unsurprisingly, AI was everywhere, but it didn’t drive up software prices. Q4, typically a period of spending surge, stayed flat. And while companies tightened budgets, security and compliance tools still commanded top dollar."

Makes sense - AI is just the latest new feature rolling out in products. It hasn't created a new, lucrative market - if anything it has created a funding hole that I doubt we'll ever see filled.

It's important to understand what "value" means in this context: significant growth, new revenue streams (Copilot is already being given away for free with some licenses), noticeable changes in global GDP growth. He's not saying that AI doesn't have value, it's just not moving the needle on the global scale.

As Jackie mentions close to the end of the news segment, here's the hiring form Jen Easterly was sharing on LinkedIn, here: https://www.linkedin.com/posts/jen-easterlyfor-employers-cisa-alumni-hiring-form-activity-7299893815023153152-FKnx/?rcm=ACoAAAk6e0QBmlBYMvMLc9WctqijCt40GE3xE8

First off, never heard of Right of Boom, feeling left out there

Second, CIS and Antisyphon (training arm of Black Hills InfoSec) is huge

Finally, creating a test that MSPs can take to prove they're actually capable of preventing/detecting attacks and implementing controls correctly is HUGE. Back in 2017, we created a product that inadvertently tested MSPs and the results were VERY troubling.

Whew, finally! Couldn't have been an easy choice to make.

Does this mean we need to accelerate our post-quantum rollouts?

Nah, you're probably fine.

An AWESOME repository of cloud security tools I came across.