February 2025 Newsletter

Posted By: Mark Wednesday 19th March 2025 Tags: , , , , , , , , , , , , ,

This month: The 2025 AI Action Summit lands in Paris, Apple ends encryption for UK users after data privacy row with UK government, data theft dominates global cyber attacks, Bybit becomes largest ever crypto heist, plus LaneSystems team news and a return to TeesExpo.

Newsletter Image: AI Action Summit

AI Action Summit Lands In Paris

The AI Action Summit in Paris, held on February 10th and 11th, 2025, brought together a diverse group of participants from over 100 countries, including government leaders, international organisations, representatives of civil society, the private sector, and the academic and research communities. The summit focused on several key themes – public interest AI, jobs, investment and culture, ethics, and governance – and aims to find consensus about the future of global AI initiatives.

Announcements from the AI Action Summit

Inclusive and Sustainable AI

The summit emphasised the importance of making AI inclusive, sustainable, and trustworthy. A joint statement was released, promoting AI accessibility to reduce digital divides and ensuring AI is open, ethical, safe, and secure.

Public Interest AI Platform

Founding members launched a major ‘Public Interest AI Platform and Incubator’ to support and amplify public interest AI projects. This initiative aims to address digital divides and support digital public goods.

Global AI Governance

The summit highlighted the need for international cooperation in AI governance. Discussions focused on creating a more effective and inclusive international governance system for AI.

AI Investments

Europe announced significant AI investments, including the €150 billion ‘AI Champions’ plan and the €200 billion InvestAI initiative. These investments aim to integrate AI into Europe’s industrial base and support AI gigafactories.

AI in the Public Interest

The summit underscored the potential of AI to drive medical breakthroughs, optimise energy use, and revolutionise access to education and knowledge. However, concerns were raised about the concentration of AI development in the private sector and the need for collaborative public-private partnerships.

Future of Work

AI’s impact on jobs was a significant topic of discussion. AI is projected to affect ~40% of jobs globally – some jobs being replaced by AI, others complemented by it. Even traditionally “safe” professions are potentially ‘vulnerable’ due to generative AI. The summit highlighted the need for reskilling and upskilling efforts to ensure workers can actively participate in AI’s evolution.

AI Safety and Security

The summit emphasised the importance of addressing AI’s evolving risks, such as bias, misinformation, and safety vulnerabilities. The International AI Safety Report, published ahead of the summit, reinforced the need for global coordination in developing safety measures and ethical frameworks.

UK and USA Refuse to Sign ‘Inclusive AI’ Declaration

At the Paris AI Action Summit, the United States and the United Kingdom declined to sign a joint declaration on “inclusive and sustainable” artificial intelligence (AI). This declaration, signed by more than 60 countries, including China and India, aimed to ensure that AI is open, inclusive, transparent, ethical, safe, secure, and trustworthy.

The UK government cited national security and global governance concerns as reasons for not signing the declaration, while US Vice-President J.D. Vance expressed concerns that excessive regulations could stifle innovation and harm the AI industry.

The Paris AI Action Summit marks a significant step forward in shaping global AI policy and governance, with a strong focus on inclusivity, sustainability, and international cooperation, but also highlighted growing divisions in global AI governance, with different countries adopting varying approaches to AI regulation and development. The refusal of the US and UK to sign the declaration underscores the complexities and competing interests in the global AI landscape.

Newsletter image: LaneSystems Team Anniversary & Charity News

LaneSystems News

February Team News

Matty Phelan  – Field Technician

Happy 2nd anniversary to our fantastic Field Technician, Matty Phelan. Matty’s technical prowess and personable approach brings value to every project. Thank you for your continued hard work.

Cormac Fitzgerald – Service Desk Technician

Congratulations to former apprentice turned Service Desk Technician, Cormac Fitzgerald, who has been with our team for a year! You have shown tremendous dedication, growth, and perseverance, and we look forward to your continued success as a valued member of our IT Support team.

Newsletter image: Teesside Expo Spring 2024

We’re Back At TeesExpo

The Teesside Expo – Spring 2025 is set to take place on Thursday, March 27th, 2025, at Wynyard Hall in Stockton-on-Tees. This event is free to attend and will run from 10:00 AM to 3:00 PM GMT. We’re back exhibiting, so come and say hello and have a chat about keeping your business cyber secure.

Newsletter Image: Apple Removes ADP for UK Users

Apple Removes ADP for UK Users

The UK Home Office recently requested that Apple provide access to encrypted data on their systems. This request was made under the Investigatory Powers Act 2016, also known as the “Snooper’s Charter”, which allows authorities to ask companies for help in collecting evidence.

Reasons for the Request

The UK government cited national security and crime prevention as the primary reasons for the request. They argued that end-to-end encryption is being used by criminals, such as terrorists, to hide their activities online, making it difficult for law enforcement to catch them. Online safety charities, such as the NSPCC, have also supported the government’s stance, arguing that end-to-end encryption hinders child protection efforts.

Apple’s Response

Apple refused to comply with the request, stating that creating a backdoor for law enforcement would weaken the security of their systems and expose users to significant privacy risks. Instead of creating a backdoor, Apple decided to remove the Advanced Data Protection (ADP) feature for UK users.

ADP is an opt-in feature that provides end-to-end encryption for iCloud backups, photos, notes, and other content, ensuring that only the account holder can access the data.

Diplomatic Tensions

The UK’s request has raised concerns about the potential for other countries to make similar demands, which could undermine global data privacy and security. The request has also led to tensions between the UK and other countries, particularly the US, where Apple is based. US intelligence agencies have expressed concerns about the implications of the UK’s request on American citizens’ privacy and civil liberties. Privacy groups, such as Big Brother Watch, have calling the government requests “outrageous” and “draconian”.

Future Implications

The removal of ADP means that UK users will no longer have the highest level of data protection for their iCloud data. This could make them more vulnerable to cyber threats and malicious exploitation.The Register writes about alternative options open to UK users to keep their data protected in the UK.

Overall, the situation highlights the ongoing debate between national security and individual privacy, with significant implications for the future of data protection and encryption policies worldwide.

Newsletter Image: Data Theft Accounts For 94% of Global Cyber Attacks

Data Theft Accounts For 94% of Global Cyber Attacks

BlackFog’s 2024 Ransomware Trend Report revealed that data theft accounted for a staggering 94% of all worldwide cyber attacks in 2024. Here are the key findings from the report:

Data Theft Dominance

Ransomware groups increasingly combined data exfiltration with encryption, threatening to leak or sell stolen data on the dark web if victims refused to pay. This tactic has made data theft a central component of ransomware attacks.

High-Value Sectors Targeted

The manufacturing, services, and technology sectors saw the highest number of undisclosed attacks, while healthcare, government, and education were the most targeted for disclosed attacks. The retail sector experienced a significant surge in attacks, with high-profile victims including Starbucks, Sainsbury’s, and Krispy Kreme.

Ransomware Variants

LockBit remained the most active ransomware group, attacking 603 reported victims despite a major law enforcement takedown in February 2024. New groups and variants emerged, with 48 new groups accounting for nearly a third of all undisclosed attacks.

Financial Impact

The average cost of a ransomware attack involving data exfiltration in 2024 was $5.21 million. Organisations faced growing financial and reputational damage from these attacks.

Complex Defences

Defending against ransomware has become increasingly complex as cybercriminals refine their techniques to exploit vulnerabilities and launch large-scale attacks. Governments are stepping up efforts to counter this growing threat with new measures such as mandatory ransomware incident reporting.

The report underscores the escalating global ransomware crisis and the need for robust cybersecurity measures to protect against data theft and ransomware attacks.

Newsletter Image: Bybit Crypto Heist

Bybit Crypto Heist

The recent theft of cryptocurrency from Bybit Fintech Ltd, a Dubai-based crypto exchange, is being called the largest crypto heist in history. The heist occurred on February 21, 2025, when approximately $1.4 billion worth of Ethereum (ETH) and associated assets were stolen from Bybit’s cold wallet.

The hackers used a sophisticated technique involving a misleading transaction that concealed the actual interface, tricking the cold wallet signers. This allowed the attackers to seize control and transfer the funds to an unknown address.

A phishing campaign targeting Bybit’s cold wallet signers gave attackers access to Bybit’s user interface, allowing them to replace a multisignature wallet implementation contract with a malicious version. The hackers intercepted a routine transfer from Bybit’s Ethereum cold wallet to a hot wallet. They rerouted about 401,000 ETH to their addresses, splitting the funds across multiple intermediary wallets to obscure the transaction trail.

The stolen assets were laundered through a complex web of intermediary addresses and converted to other assets, including Bitcoin (BTC) and Dai (DAI), using decentralised exchanges and crosschain bridges.

Who’s responsible?

The FBI and other cybersecurity experts have pinpointed the North Korean state-sponsored hacking group, Lazarus Group, as the outfit responsible for the heist. The group is notorious for its carefully planned attacks and has been linked to other high-profile cyber heists.

Bybit Moves To Calm Fears

Bybit, the World’s second largest cryptocurrency exchange, launched a recovery campaign for the stolen funds, pledging 10% of recovered funds for ethical cyber and network security experts who play an active role in retrieving the stolen cryptocurrencies. They also announced a $140 million bounty for information leading to the capture of the perpetrators.

Bybit introduced increased security features to prevent similar future occurrences and is collaborating with blockchain forensic analysts to track the stolen money. Ben Zhou, Bybit’s CEO, reassured users that the platform remains fully functional and that user deposits are fully backed.

The Bybit heist has once again raised concerns about security vulnerabilities in the cryptocurrency industry and has prompted calls for stronger security measures across the sector.

Need Cyber Security?

If you’re a business in the North East of England and looking for professional and reliable cyber security services, IT consultation, and general IT services to keep your company cyber secure, get in touch. Cybersecurity is a continuous process, and staying proactive is key to safeguarding digital assets.