EXECUTIVE SUMMARY
The month of January has seen some interesting developments in the world of cyber security. The first topic shows a downward trend in profits for ransomware groups. Also highlighted is an attack that has affected thousands of PayPal users. Finally, a new feature has been added to the GitHub platform that allows repositories to be automatically scanned for vulnerabilities.
RANSOMWARE PROFITS DOWN
Profits in 2022 for ransomware groups have dropped by about 40% compared to the last two years. Both 2020 and 2021 saw about $765 million in ransomware payouts, while 2022 only saw about $457 million. This large drop is mostly due to victims refusing to pay the ransomware groups. In 2020, 70% of ransomware victims paid the attackers the ransom. This statistic changed dramatically for 2022, with only 41% of victims paying the ransom. This change is due to a few different factors. Victims have come to realize that they might not get their data back even if they pay the ransom. Also, companies have improved their backup strategies and can more often retore their IT infrastructure after a ransomware attack. The other main factor is that the general public’s view on ransomware attacks has evolved, and having data leaked because of an attack has less of a negative impact on a brand’s reputation.
CREDENTIAL STUFFING ATTACK AGAINST PAYPAL
Almost 35,000 PayPal users have had their accounts breached after a large credential stuffing campaign. Credential stuffing is a type of attack where malicious actors try to access a user’s account on multiple websites by using the same username and password. Users who have the same credentials across numerous websites are vulnerable to credential stuffing attacks. After noticing this attack, PayPal quickly took action to reset the password on the affected accounts. PayPal investigated this incident and concluded that the attack was not due to a breach of their systems and the user credentials were obtained through third parties. PayPal notes that the hackers did not attempt to make any transactions from the breached accounts. Credential stuffing attacks like this one really emphasize the need to avoid using the same credentials on multiple different websites.
AUTOMATIC CODE SCANNING FOR GITHUB
GitHub has added a new feature that can automatically scan code in a repository to identify security vulnerabilities. This vulnerability scanning is powered by Semmle’s CodeQL code analysis engine, which was acquired by GitHub in September 2019. Code scanning with CodeQL was initially introduced on GitHub in May 2020 as a beta feature, and then made generally available in September 2020. During the beta period, CodeQL was used more than 1.4 million times to scan over 12,000 repositories, finding more than 20,000 vulnerabilities. Code scanning can now be configured to run automatically for Python, JavaScript, and Ruby repositories, with more languages planning to be supported within the next six months. This feature will make it easier for developers to keep their code secure and safer for users to download code from the platform.
.png)
.png)
.png)
