Friday Five 1/20
This week’s top headlines were mostly good news, including ransomware’s falling profits, the takedown of a darkweb crypto exchange, and the release of a new ransomware decryptor. Catch up on the latest in this week’s Friday Five!
1. RANSOMWARE PROFITS DROP 40% IN 2022 AS VICTIMS REFUSE TO PAY BY BILL TOULAS
According to new data, ransomware profits declined by 40% in 2022, only reaching $457 million as opposed to roughly $765 million from two years prior. The same data indicates that the average ransomware lifespan was cut in half and that victim payment rates have been dropping for years. Read more about the promising stats, the mental shift that is occurring in both attackers and victims, and the driving forces behind both sides in the full story from Bill Toulas at BleepingComputer.
2. AUTHORITIES DISMANTLE CRYPTO EXCHANGE BITZLATO, ALLEGE IT WAS CYBERCRIME “HAVEN” BY DAN GOODIN
This past Wednesday, federal authorities arrested the founder of Bitzlato, Anatoly Legkodymov, in Miami for allowing cybercriminals to engage in ransomware and illicit drug sales on the dark web. Bitzlato reportedly processed $4.58 billion worth of cryptocurrency transactions under Legkodymov, and according to authorities, a “substantial portion of those transactions constitute the proceeds of crime, as well as funds intended for use in criminal transactions.” Read more about the criminal groups affiliated with Bitzlato and the charges being filed against Legkodymov below.
3. HACKERS CAN ABUSE LEGITIMATE GITHUB CODESPACES FEATURE TO DELIVER MALWARE BY RAVIE LAKSHMANAN
New research has found that threat actors can deliver malware to victim systems via a legitimate feature in GitHub Codespaces, a cloud-based configurable development environment that allows users to debug, maintain, and commit changes to a given codebase from a web browser. The ability to share forwarded ports publicly is what can reportedly be abused by cybercriminals, but what makes this threat particularly dangerous is that "these abused environments will not be flagged as malicious or suspicious even as it serves malicious content (such as scripts, malware, and ransomware, among others), and organizations may consider these events as benign or false positives."
4. AVAST POSTS DECRYPTOR FOR THE BIANLIAN RANSOMWARE BY STEVE ZURIER
This past Monday, researchers at Avast made a decryptor for BianLian ransomware publicly available for download through their blog. BianLian ransomware emerged in August 2022 having attacked several different sectors and was particularly dangerous because it encrypted files at high speeds. According to Drew Schmitt, lead analyst at GuidePoint's research and intelligence team (GRIT), "beginning in late November through the end of 2022, the group has averaged one new public victim each day, which may be a result of maturing their processes and/or adding new members to their team.”
5. LAWMAKER ASKS CISA TO INVESTIGATE AIR TRAVEL CYBER RISKS FOLLOWING FAA SYSTEM OUTAGE BY CHRIS RIOTTA
Following the large swath of flight cancellations and delays caused by the outage to the FAA's Notice to Air Missions and Air Traffic Control (NOTAM) system, Rep. Ritchie Torres (D-N.Y.) called on CISA and the Department of Transportation to launch a joint review of the potential cyber vulnerabilities impacting systems supporting national air travel. According to Rep. Torres, "At a time when cyberattacks are rising in both scope and sophistication, modernizing the cybersecurity of air travel must be a priority for the federal government. 20th-century air systems will no longer suffice in a world of 21st-century cyber challenges." NOTAM's outage ultimately stemmed from contractors mistakenly deleting files on the system rather than a cybersecurity issue, but it's clear that politicians are still concerned about the stability of the systems, many of which are decades old.