Welcome back to another edition of the Infosec Monitor. A weekly newsletter covering what's happened, what's happening, and what's coming in cybersecurity.

In this week's edition of the Infosec Monitor — Ransomware payments at record lows, DDoS peak capacity at record highs, and take down those Ivanti VPN appliances ASAP!

News

Blackbaud ordered to overhaul cybersecurity practices in FTC settlement

The settlement requires Blackbaud to improve its security measures and ensure it deletes customer data it no longer needs. “Blackbaud’s shoddy security and data retention practices allowed a hacker to obtain sensitive personal data about millions of consumers,” said Samuel Levine, Director of the FTC’s Bureau of Consumer Protection. TechCrunch

Attempt to repeal SEC cyber incident reporting will be vetoed by Biden

President Biden has said he’ll veto any attempt to overturn the SEC’s reporting rule on cybersecurity incidents. A joint resolution, [S.J.Res 50](https://www.congress.gov/bill/118th-congress/senate-joint-resolution/50#:~:text=50 - A joint resolution providing,%2C Governance%2C and Incident Disclosure.), was introduced in November, which would overturn the ruling, which some Republicans say is an agency overreach. The Record

Chinese-run botnet taken down by U.S. Department of Justice

The US DoJ said they and the FBI have taken down a botnet run by the hacking group Volt Typhoon. The botnet targeted home and small office routers (commonly Cisco and Netgear) with malware called “KV Botnet.”  The Record

New legislation looks to bolder cybersecurity in the food and agriculture sector

New bipartisan legislation, the Farm and Food Cybersecurity Act, seeks to bolster cybersecurity within the food and agriculture sectors by mandating comprehensive assessments and recommendations every two years by the Secretary of Agriculture. SecurityWeek

CISA orders federal agencies to disconnect Ivanti VPN appliances by Saturday

After a string of zero-day vulnerabilities in the popular VPN appliance, CISA has said no more. According to Shodan, over 22,000 Ivantiy VPNs are still exposed online. CISA has also stated that agencies using the appliance should begin investigating for any potential network infiltration. Bleeping Computer

Citibank sued by NY AG over its failure to defend customers against hacks and scams. Bleeping Computer

Thank you for reading Infosec Monitor. This post is public so feel free to share it.

AI & Security

Biden AI executive order updates

A 90-day regulatory update on President Biden’s AI executive order (EO) is out. The EO includes compelling AI developers to report safety test results, mandating cloud providers to alert the government about potential foreign threats, and initiating comprehensive risk assessments by leading federal agencies. SC Magazine

Assessing and quantifying AI Risk

Do you understand how AI is impacting your organization? Here’s an interesting article covering the challenges of AI risk and how to think about the different impacts, from third-party to external AI risk. The article also covers multiple data points and provides an overview of how to start tackling AI risk in your org. CSO Online

Cyber Security Incidents

Fulton County's ongoing cyber attack impacts power, phones, courts, and more

The Georgia County has been experiencing an ongoing cyberattack, which has had a widespread impact. Reports have included power outages, government systems, and even the voting system is being shut down. Services are not expected to resume until next week. CNN Dark Reading

Canadian Foreign Affairs Department breached via a vulnerable VPN

The investigation is still underway, but sensitive data was breached. No word if the VPN was an Ivanti VPN appliance. CSO Online

$112 million in cryptocurrency stolen

Hackers made away with about $112 million in XRP from Ripple Labs co-founder Chris Larsen's crypto wallets, marking a significant cybersecurity breach. Larsen disclosed the theft on social media, noting that the stolen funds were quickly tracked, leading to a prompt notification to exchanges to freeze the implicated accounts. TechCrunch

Schneider Electric hit by Cactus ransomware Dark Reading

Keenan & Associated August 2023 data breach impacted 1.5 Million SecurityWeek

45,000 Jenkins servers are currently vulnerable to a critical RCE vulnerability Bleeping Computer

AboutCybersecurity is at a crossroads, changing more rapidly than we believed was possible just a few years ago. Stay informed on what's going on, what's happened, and what's coming next.I'm Bryan Smith, the author of the Infosec Monitor. I've spent over a decade pioneering changes in how cybersecurity is managed. From helping create the first cyber risk quantification (CRQ) software to advising how to approach cybersecurity pragmatically and proactively.

Data & Research

DDoS Peak Capacity

“The maximum attack power rose from 800 Gbps (1H 2023) to 1.6 Tbps. UDP floods continue to dominate, constituting 62% of DDoS attacks. TCP floods and ICMP attacks also remain popular at 16% and 12% of the total, respectively.” Help Net Security

Ransomware payments at a record low

Since 2019, when ransomware payment rates were 85%, payment rates have dropped to an all-time low of 29% as of Q4 2024. This is due to more organizations being prepared, a lack of trust in the hackers, and legal pressures by governments not to pay. Bleeping Computer

The cost of cleanup after an incident

$27 million and $49 million. Johnson Controls International said they’d had $27 million in expenses since their September 2023 ransomware attack. Meanwhile, Clorox, hit in August 2023, said in an SEC filing they’d had $49 million in costs. They also expect an additional $50-$60 million in 2024.  Bleeping Computer SecurityWeek

Cybersecurity Mergers, Acquisitions, and Funding

Raken raises $10 million seed fund for AI-defense cybersecurity. SecurityWeek

AIM Security raises $10M seed fund for Tackling Shadow AI. SecuritySeek

Runecast Solutions, AI-powered security compliance, was acquired by Dynatrace for an undisclosed sum. Silicon Angle

Slauth.io, IAM policy, was acquired by Ark Infotech for an undisclosed sum. Business Wire

Reblaze, web app and API protection, was acquired by Link11 Group for an undisclosed sum. FINSMES