Ransomware incidents appear to be down, but don’t start singing “We are the champions” quite yet. Cybercriminals just might be switching to a tactic that’s a bit easier and doesn’t involve all that complicated encrypting, decrypting, and negotiating.

Attackers are seemingly moving to abandon ransomware altogether, according to a new report from the cybersecurity software company CrowdStrike. In 2022, CrowdStrike Intelligence observed a 20% increase in data theft and extortion campaigns that didn’t involve the multi-step encryption attack.

“Ransomware is complex. You have to manage cryptography, and file unlockers, and lockers, and negotiations. If you just steal the data and threaten to dispose of it, it’s a lot less work,” said Adam Meyers, senior VP of intelligence at the cybersecurity software company CrowdStrike.

Not itsy, nor bitsy. In February, cybersecurity services firm Mandiant reported a 15% reduction in ransomware-intrusion responses from 2021 to 2022. IT services firm AAG noted that ransomware attacks dropped 23% in 2022 compared to the previous year.

CrowdStrike saw a decline as well, citing a dip in cryptocurrency values and a breakup of major ransomware gangs, like the FBI’s halting of the Hive.

Plenty of 2022 attacks, however, involved data demands, with no ransomware in sight.

In early 2022, a group known as SLIPPY SPIDER targeted tech companies, including Microsoft, Nvidia, and Samsung, in a data-theft and extortion spree. The adversaries used their public Telegram channels to leak data like victim source code, employee credentials, and personally identifiable data.

In a data-extortion (and ransomware-less) attack, the stakes effectively shift from system  downtime to the regulatory impact of sensitive-data loss, said Meyers. Exposed hospital data potentially could violate HIPAA requirements. Compromised customer data could lead to a class-action lawsuit.

And with no ransomware, negotiations can move quickly.

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

They might seem impenetrable, but every video game boss usually has a weak spot or two. Unfortunately, the same goes for open-source code and the codebases in which they’re integrated. According to a new report from security firm Synopsys, at least 84% of codebases have at least one open-source vulnerability, and 48% have high-risk vulnerabilities, which have known exploits or are classified as allowing remote code execution.

Synopsys’s 2023 Open Source Security and Risk Analysis report found continued evidence that as use of open-source code continues to grow, so too does the amount of that code that is vulnerable or outdated. The data is derived from merger and acquisition audits of 1,481 codebases for vulnerability and compliance (as well as an additional 222 that were audited for compliance only) across 17 industries in 2022. The overwhelming majority (96%) contained open-source code.

Approximately 91% of the codebases analyzed for vulnerabilities contained outdated open-source components, meaning developers had access to updates or patches but had not applied them. An identical percentage contained open-source code that had no development activity within the last two years, indicating that it was likely developers had discontinued maintenance.

Mike McGuire, senior software solutions manager at Synopsys, told IT Brew that open source has skyrocketed in popularity because it allows developers to focus on custom code and beat competitors to market—but it also places the onus for regular maintenance, upgrades, and patching on the user.

Keep reading here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.

Today’s top IT reads.

Stat: 870. That’s the number of ransomware-related complaints received by the FBI from organizations belonging to a critical-infrastructure sector in 2022. (FBI)

Quote: “Sure, the AI is just a mindless automaton spewing things it has assembled, but it can be pretty convincing at first glance.”—Sammy Migues,  principal scientist at Synopsys Software Integrity Group, on the chatbot’s ability to mimic human responses to tech questions (ZDNet)

Read: A public pool in the UK is heated from an unexpected source: wasted data-center heat. (Ars Technica)