Brief #99: IKEA's €20M Ransomware Loss, Google's Agent 2 Agent Protocol, Microsoft's AI Security Guide

Happy Sunday!

Hope you're enjoying a bit of downtime this weekend. While you were busy wrapping up your week, the security world kept moving with some developments worth noting:

• NVIDIA's Container Toolkit patch from September turns out to be incomplete, leaving systems vulnerable to container escape attacks – something to check if you're running AI infrastructure
• Google's security team shared a refreshing take on why many security "strategies" are just plans in disguise, emphasizing the need for a coherent theory of winning
• Microsoft released a guide addressing shadow AI risks, with 80% of leaders worried about sensitive data exposure when employees use unapproved AI tools

There's plenty more to unpack this week, including career advice for nervous interviewers, market impacts from proposed tariffs, and some interesting new tools for your security stack.

Let's dive in!

Your feedback shapes Mandos Brief and I'd love to hear your thoughts about the content I share.

INDUSTRY NEWS

NVIDIA Container Toolkit Vulnerability Remains Exploitable Despite September Patch

• The September 2024 patch for a critical vulnerability (CVE-2024-0132) in NVIDIA Container Toolkit was incomplete, leaving systems vulnerable to container escape attacks that could expose AI infrastructure and sensitive data.

• A time-of-check time-of-use (TOCTOU) vulnerability persists in the toolkit, allowing specially crafted containers to access the host file system, with version 1.17.4 vulnerable when specific features are enabled.

• Researchers also discovered a related DoS vulnerability affecting Docker on Linux that can cause system-wide performance degradation by exploiting mount table entries, potentially leading to resource exhaustion and operational disruption.

Fortinet Reveals Threat Actors Maintain Access to FortiGate Devices After Patches

• Attackers created a symlink between user and root file systems in SSL-VPN language folders, maintaining read-only access to device configurations even after initial vulnerabilities (CVE-2022-42475, CVE-2023-27997, CVE-2024-21762) were patched.

• The attack affects only devices with SSL-VPN enabled and isn't targeting specific regions or industries, with compromises dating back to early 2023 according to France's CERT-FR.

• Fortinet released updates across multiple FortiOS versions (7.6.2, 7.4.7, 7.2.11, 7.0.17, 6.4.16) to remove the symlink and prevent similar persistence techniques, while CISA recommends resetting credentials and disabling SSL-VPN until patching.

IKEA Parent Company Fourlis Group Suffers €20 Million Loss from Ransomware Attack

• The ransomware attack disrupted store replenishment and e-commerce operations for IKEA stores from December 2024 through February 2025, resulting in a €20 million financial impact.

• Fourlis Group CEO Dimitris Valachis confirmed they did not pay the attackers and successfully restored systems with help from external cybersecurity experts, while also thwarting several subsequent attack attempts.

• Forensic investigation found no evidence of data exfiltration, though the company notified data protection authorities in four countries as required by law.

LEADERSHIP INSIGHTS

Google Security Leader Explains Why a Plan is Not a Strategy

• A true security strategy specifies a competitive outcome with a coherent theory of winning, while many teams mistakenly focus on planning activities instead of developing this foundational direction.

• Effective security strategies include elements like risk transparency with fast feedback loops, baseline control cost reduction, architectural approaches that defeat whole classes of attacks, and making secure paths the easiest paths.

• Each strategic element requires specific capabilities and management systems to support it, such as risk registers, governance structures, measurement tools, and incident learning processes that align with the overall "theory of winning."

Cybersecurity Firm Red Canary Releases 2025 Threat Detection Report

• The report reveals a 34% increase in detected threats in 2024, with cloud-native techniques and identity-based attacks dominating the threat landscape.

• Ransomware continues to surge with record-high payouts, while new techniques like "paste and run" (fake CAPTCHA lures) have enabled threats like LummaC2 and NetSupport Manager to become prevalent.

• Three of the top five MITRE ATT&CK techniques detected were cloud-native and enabled by identity, highlighting the expanding attack surface beyond traditional endpoints.

AI Enhances Cybersecurity While Introducing New Risks for CISOs

• AI offers significant benefits for cybersecurity leaders through automated threat detection, predictive analytics, and enhanced incident response capabilities that can analyze vast amounts of data more quickly than traditional methods.

• The evolving CISO role has shifted from purely technical to strategic leadership, requiring executives to align security with business objectives while managing an expanding attack surface that includes cloud environments and IoT devices.

• Modern security challenges include the rise of deepfakes and adversarial attacks against AI systems, requiring CISOs to implement comprehensive solutions like External Attack Surface Management (EASM) and Digital Risk Protection (DRP) to monitor their digital footprint.

CAREER DEVELOPMENT

Cybersecurity Professional Seeks Interview Advice After SOC Analyst Role Rejection

• A security analyst with a stutter shared their experience of nervousness during an interview for a SOC Analyst II position at a major tech company, despite thorough preparation.

• Community responses emphasized that interviewing is a skill requiring practice, with suggestions including mock interviews in public settings, applying for jobs without intention to accept for practice, and controlling interview pace.

• Specific techniques recommended included slowing down speech, taking brief pauses before answering, maintaining a conversational tone rather than a question-answer format, and viewing rejection as an opportunity for improvement.

Fortinet Launches Comprehensive OT Security Training Program

• The Fortinet Training Institute now offers a specialized OT security course covering design, deployment, administration, and monitoring of FortiGate, FortiNAC, FortiAnalyzer, and FortiSIEM devices for securing operational technology infrastructures.

• The 17-hour program (6 hours lecture, 11 hours lab) targets networking and security professionals with FortiGate experience and follows the Purdue model for OT security, covering asset management, access control, segmentation, and risk assessment.

• Upon completion, participants can take the Fortinet NSE 7 - OT Security 7.2 exam to earn a certification, with the course offering both instructor-led and self-paced online formats compatible with FortiOS 7.2.0.

Brazil's Cybersecurity Talent Gap Widens as Academic Training Falls Short

• 50% of Brazilian cybersecurity leaders believe universities inadequately prepare professionals, while 56% report difficulties finding qualified security talent.

• The skills gap is most pronounced in niche areas like cyber threat analysis and cloud protection, with companies struggling to find expertise in cloud security, AI, machine learning, and zero trust architecture.

• Salary data shows high demand for specialists, with cloud security and information security architecture professionals commanding monthly salaries of R$14,000-R$20,000 and R$18,000-R$25,000 respectively.

AI & SECURITY

Microsoft Releases Guide for Securing AI Applications in the Enterprise

• Microsoft's new guide addresses shadow AI risks, with 80% of leaders fearing sensitive information exposure when employees use unapproved AI tools without proper oversight.

• The guide outlines a three-phase approach (Govern AI, Manage AI, Secure AI) based on Zero Trust principles to help organizations navigate emerging threats like prompt injection attacks and AI errors including hallucinations.

• Organizations must prepare for evolving compliance challenges, particularly with regulations like the EU AI Act which requires strong governance frameworks, detailed documentation, and transparent AI decision-making processes.

Developer Shares Effective LLM Code Writing Strategies After Two Years of Experience

• Using LLMs for coding requires setting reasonable expectations - they're best viewed as over-confident pair programming assistants who can make mistakes but excel at generating examples and handling tedious tasks.

• Context management is crucial - providing relevant code examples, maintaining conversation history, and understanding training cut-off dates (typically October 2023 for OpenAI models) significantly improves results.

• The author's process involves asking LLMs for implementation options first, then switching to an "authoritarian" approach where they provide detailed function specifications and test the generated code thoroughly, treating the interaction as a conversation with multiple refinements.

Google Launches Agent2Agent Protocol (A2A) for AI Agent Interoperability

• Google has introduced an open protocol called Agent2Agent (A2A) with support from over 50 technology partners including Atlassian, Salesforce, and SAP, enabling AI agents to communicate across different platforms and vendors.

• The protocol follows five key design principles: embracing agentic capabilities, building on existing standards, security by default, supporting long-running tasks, and being modality agnostic to handle text, audio, and video.

• A2A facilitates communication through capability discovery, task management, collaboration, and user experience negotiation, with Google planning to release a production-ready version later this year.

MARKET UPDATES

Trump's Tariffs Trigger Cybersecurity Stock Plunge and Spending Concerns

• US cybersecurity stocks lost tens of billions in market value following Trump's announcement of new tariffs on goods from 200 countries, with many experiencing double-digit percentage drops.

• Organizations may be forced to cut cybersecurity budgets to cope with tariff-induced financial pressures, with one company already anticipating a 15% budget reduction to match stock declines.

• The tariffs create an ironic situation where the administration targets Chinese threat actors while simultaneously implementing policies that could weaken US cybersecurity posture by increasing hardware costs and potentially creating regionalized security technologies.

Dropzone AI Launches Free "Coach" Tool to Support Security Analysts

• Dropzone AI released a browser extension called "Coach" that analyzes security alerts, providing real-time summaries and recommended actions to reduce analyst burnout in understaffed security teams.

• The tool aims to complement rather than replace human analysts, addressing concerns that AI could eliminate entry-level cybersecurity positions that traditionally serve as training grounds for future security leaders.

• Built on the same technology as Dropzone's autonomous triage agents, the Seattle-based startup has raised over $21 million and currently serves more than 100 customers with a team of 23 employees.

Incident.io raises $62M Series B to develop AI-powered incident management tools

• Insight Partners led the funding round with support from Index Ventures and Point Nine Capital, bringing the company's total funding to over $96M. The capital will be used to scale engineering teams in London and San Francisco.

• The platform helps teams manage software outages by automating tasks throughout the incident lifecycle, including note-taking, live updates, and post-incident write-ups using AI agents like Scribe that transcribe calls and generate real-time summaries.

• Founded in 2021, incident.io has managed more than 250,000 incidents and is used by companies like Netflix, Linear, Ramp, and Etsy. The company recently launched incident.io On-call as an alternative to traditional paging tools.

TOOLS

AIL Framework

AIL (Analysis of Information Leaks) Framework is an open-source tool designed to analyze potential information leaks from unstructured data sources. It processes data from various sources, including pastes and data streams, to identify sensitive information.

Formal

A reverse proxy solution that provides data access control, monitoring, and security policy enforcement for databases and APIs within organization's infrastructure.

escape

Escape is an API security platform that performs agentless scanning of exposed source code to identify security vulnerabilities and business logic flaws in APIs.

Before you go

If you found this newsletter useful, I'd really appreciate if you could forward it to your community and share your feedback below!

For more frequent cybersecurity, leadership and AI updates, follow me on LinkedIn, BlueSky and Mastodon.

Best, 
Nikoloz