August 2024 Newsletter

Posted By: Mark Monday 16th September 2024 Tags: , , , , , , , , , , , ,

This month: Phishing Attack Awareness and phishing awareness training, help for Citizens Advice Sunderland, the UK’s future cyber defence plans, the dangers posed by tech misconceptions, the current cyber security landscape in 2024, and, how Kestrels are helping shape future drone designs.

Newsletter Image: Phishing Email Awareness

Phishing Attack Awareness

Phishing attacks are a persistent threat in the digital world, and their ability to adapt rapidly to current events makes them particularly dangerous. Cybercriminals are always on the lookout for opportunities to exploit, and they have become adept at tailoring their attacks to align with the latest news, creating a sense of urgency or relevance that can trick even the most cautious users.

Phishing Attacks Adapt To Current Events

The agility of phishing campaigns is remarkable. They can quickly pivot to incorporate breaking news or trending topics into their deceptive emails and messages. For example, during a global event or crisis, phishing emails may claim to offer related information or assistance, but, in reality, they aim to steal personal information or deliver malware.

In the wake of the CrowdStrike Windows blue-screen-of-death incident, cybercriminals swiftly launched phishing attacks to exploit the situation. They created fake domains and sent out scam emails, masquerading as official support channels, offering fraudulent patches and fixes. These phishing schemes not only target vulnerable users but also seek financial gain by asking for payments, often in cryptocurrency.

AI Aids Phishing Attacks

The use of AI and Phishing as a Service (PhaaS) has also contributed to the sophistication of these attacks. AI can generate convincing fake content, while PhaaS allows malicious actors to outsource their campaigns to skilled attackers, making it easier to launch large-scale phishing operations.

To stay protected, individuals and organisations must remain vigilant and informed about the latest phishing techniques. It’s crucial to verify the sources of emails and messages, especially those that ask for personal information or prompt you to click on links. Regular training and updated security measures can help mitigate the risks posed by these ever-evolving threats.

Phishing Email Awareness

Phishing is one of the most common and dangerous cyber threats facing organisations today. Phishing emails are designed to trick you into clicking on malicious links, opening harmful attachments, or revealing sensitive information. Phishing attacks can result in data breaches, ransomware infections, financial losses, and reputational damage.

LaneSystems Phishing Email Testing

Phishing tests are becoming common practice among IT support teams to evaluate and improve the cybersecurity awareness of employees within a business. As part of our ongoing efforts to improve security awareness, we are offering a phishing simulation campaign.

We can design and administer an email phishing test that provides detailed campaign results. These results provide valuable data for feedback for training that can equip your employees with the knowledge and skills needed to defend against cyber threats.

We will:

  • Design the phishing simulation: The campaign will mimic real phishing attempts

  • Implement the test: The campaign is delivered to employees and actions are tracked

  • Generate and analyse the results: Identify who was phished and by what means

  • Provide feedback and training: Relevant actions to implement based upon test performance

Benefits of Email Phishing Testing

Phishing email awareness training provides a safe,controlled environment for employees to gain real-life experience without any of the risk. These tests will allow our IT team to measure vulnerabilities. We see how susceptible your company is to phishing attacks by providing a baseline metric of how many employees fall for the simulated attacks.

The goal of these tests is to improve security awareness in your teams and not to punish individual employees. The tests will help your employees understand the different forms a phishing attack can take, identifying the signs to avoid clicking malicious links or leaking sensitive data.

Real-time phishing simulations have proven to double employee awareness retention rates, and yield a near 40% ROI, versus more traditional cybersecurity training tactics [Forbes].

Contact us now to get started with testing your company’s resilience to phishing attacks.

Newsletter Image: Citizens Advice Sunderland

Citizens Advice Sunderland

The recent riots in Sunderland led to a devastating attack on the Citizens Advice office, a vital resource for the community. On the night of the riots, the office was completely destroyed by fire, which not only caused significant property damage but also deeply affected the staff and the community they serve.

The aftermath of the attack has seen the community come together, with an online appeal quickly surpassing its fundraising target to aid repairs. LaneSystems has helped with the recovery by providing £1140 worth of labour to get systems back up and running.

If you’re able to provide help with supporting the recovery of this vital community service, please get in touch.

Newsletter Image: Future National Cyber Defence Plans

Future National Cyber Defence Plans

The United Kingdom is embarking on ambitious plans to overhaul its national cyber defence tools, a move that signals the country’s commitment to maintaining a robust and resilient digital infrastructure. The National Cyber Security Centre (NCSC) is at the forefront of this initiative, spearheading the development of the next-generation Active Cyber Defence (ACD) program, aptly named ACD 2.0.

With the digital threat landscape evolving at an unprecedented pace, the UK’s proactive stance is a beacon of strategic foresight. The ACD 2.0 program is still in the conceptual phase, but the focus is on delivering unique services that fill genuine market gaps, ensuring that the UK’s cyber defences remain one step ahead of potential threats.

Cyber Security and Resilience Bill

The UK government has signalled its intention to introduce a new Cyber Security and Resilience Bill, as confirmed in the King’s Speech. This legislation is poised to strengthen the UK’s cyber defences further, ensuring that critical infrastructure and the digital services that companies rely on are secure and resilient against cyber threats.

The collaborative approach adopted by the NCSC – seeking input from government, industry, and academia – exemplifies the inclusive and innovative spirit that is essential for cybersecurity in the 21st century. By engaging with a broad range of stakeholders, the UK is setting a precedent for how nations can adapt to the challenges of cybersecurity in an interconnected world.

As the UK continues to refine its cyber defence strategy, it stands as a testament to the importance of adaptability, collaboration, and innovation in the face of global cyber threats. The world is watching, and many will likely follow the UK’s lead in fortifying their own digital defences. The future of cybersecurity is collaborative, and the UK is leading the charge.

Newsletter Image: Tech Misconceptions Harm Cyber Security

Tech Misconceptions Harm Cyber Security

In the ever-evolving landscape of technology, misconceptions can spread like wildfire, creating a plague of misinformation that can hinder progress and safety in the IT world. A recent survey conducted by Arlington Research, commissioned by Kaspersky, sheds light on some of these widespread tech myths and the reality behind them.

Cyber Security Misinformation

The survey, which included 10,000 consumers worldwide, revealed that a significant number of individuals still cling to outdated beliefs or have a skewed understanding of technology. For instance, 21% of Brits believe that a magnet can erase a smartphone’s data, a myth that harks back to the days of magnetic tape storage. This misconception could lead to a false sense of security and potential data loss.

Another startling revelation from the survey is the belief in the absolute security of ‘incognito mode’ in browsers. A whopping 40% of users think that this feature makes their activity completely invisible, ignoring the fact that ISPs, websites, and even some employers can still track their online behaviour.

Privacy Concerns

The survey also highlights a lack of understanding regarding encrypted messaging services. Nearly a quarter of the respondents assume that using services like WhatsApp guarantees safety for any links shared within the chats, disregarding the potential risks of malicious content.

Cyber Security Education

These findings underscore the importance of cybersecurity education. As technology becomes more integrated into our daily lives, it’s crucial that users are equipped with accurate information to make informed decisions and protect themselves online. It’s not just about snapping the webcam shutter closed; it’s about understanding the digital footprint we leave behind and how to navigate the digital space responsibly.

Kaspersky’s principal security researcher, David Emm, emphasises the need for a well-informed approach to cybersecurity and digital privacy. The survey serves as a wake-up call for the infosec community to intensify efforts in educating the public, debunking myths, and promoting a culture of digital literacy.

While technology continues to advance at a breakneck pace, our understanding of it must keep up. Let’s commit to dispelling tech misconceptions and fostering an environment where knowledge is power, and security is a shared responsibility.

Newsletter Image: The 2024 Cyber Security Landscape

The 2024 Cyber Security Landscape

In the ever-evolving realm of cybersecurity, staying ahead of threats is a constant challenge. Palo Alto Networks’ Unit 42 has been at the forefront of this battle, providing insights that help shape our defences against cybercriminals. Their latest analysis reveals a startling concentration of power among ransomware gangs, with just six groups being responsible for over half of the ransomware attacks in 2024.

Most Prolific Ransomware Gangs

The six ransomware gangs that have been identified as being responsible for over 50% of the ransomware attacks in 2024 are:

  • LockBit 3.0

  • The Play

  • 8base

  • Akira

  • BlackBasta

  • Medusa

These groups have demonstrated a significant presence in the cyber threat landscape, showcasing the evolving challenges that cybersecurity experts and law enforcement face in combating such threats. Notable drop-offs from the 2023 list are ALPHV/Blackcat and Clop ransomware gangs.

Emerging Threats

In spite of this concentrated group of cyber threats, a number of newcomers were identified, such as RansomHub, DragonForce, LukaLocker and Quilong. All of these are emerging threats with growing numbers of reports.

A notable new ransomware strain called Brain Cipher has also emerged in the last couple of months, based upon Lockbit 3.0 signatures.

A recent Chainalysis report says that in the first half of 2024, ransomware attacks have led to unprecedented financial demands, with cybercriminals extorting a staggering $450 million from victims. This alarming figure not only sets a new record but also puts the year on track to surpass the previous annual high.

The largest single ransom payment confirmed was $75 million, indicating the increasing boldness of attackers. Despite this, there’s a silver lining as the number of ransom payments has declined by 27%, suggesting improved preparedness among potential targets.

Law enforcement’s takedown of major ransomware groups has caused a fragmentation in the cybercrime landscape, leading to the emergence of new, albeit less effective, ransomware strains.

The Unit 42 and Chainalysis reports provide a useful picture of the current threat landscape, highlighting the importance of robust cybersecurity measures and the need for rapid response capabilities.

Stay on top of the ongoing arms race between cybercriminals and cybersecurity professionals. If you’re a business based in the North-East of England and looking for reliable cyber security services, contact us today.

Newsletter Image: Kestrels Guide Drone Design

Kestrels Guide Drone Design

In the bustling cityscapes where the sight of drones is becoming increasingly common, researchers are turning to nature’s expertise to enhance the stability and efficiency of these aerial couriers. A fascinating study conducted by the University of Bristol and RMIT University in Australia has unveiled how the hovering prowess of kestrels could revolutionise drone technology, particularly for urban delivery systems.

Kestrels, known for their remarkable ability to hover in place while scanning for prey, exhibit a flight behaviour that is not just a marvel of nature but also a potential blueprint for advanced drone design. The study, which utilised high-resolution motion capture technology, revealed that kestrels can maintain their position with an astonishing precision, moving their heads less than 5mm despite gusty winds.

Wing Morphing

This steadiness is attributed to the birds’ ability to subtly alter the shape of their wings, allowing them to counteract turbulent air flows effectively. Such “wing-morphing” techniques are now being considered for integration into drone designs, offering a more efficient method of achieving stable flight in fixed-wing aircraft.

The implications of this research are vast. With drones increasingly used for delivering essentials like medicines or conducting critical search and inspection tasks, the ability to navigate the unpredictable winds in urban canyons is paramount. By mimicking the kestrels’ wing adjustments, drones could soon be capable of more reliable and safer operations in challenging conditions.

Dr Shane Windsor, associate professor of bio-inspired aerodynamics at Bristol University, told the BBC that he believes the research could even transfer to larger planes. He said:

“We’re seeing more and more large aircraft have more and more flexible wings, so controlling that flexibility which the birds are very, very good at doing, could potentially scale up for commercial aircraft, as well.”

“What excites me in general about looking at bird flight is that it just gives us different way of thinking about aircraft, and how to deal with natural environments.”