March 2023 Newsletter

Posted By: Mark Thursday 13th April 2023 Tags: , , , , , , , , ,

This month: Twitter phishing scam targets bank customers, we’ve been to Teesside Expo, cybercriminals misuse AI tech, National Crime Agency phishes the phishers, data centres used to heat swimming pools, and the man behind Moore’s Law dies.

Newsletter Image: Twitter Quote Tweet Phishing Scam

Twitter Quote Tweet Phishing Scam

Bleeping Computer reports on a simple yet sophisticated Twitter scam that is targeting banking customers by taking advantage of the quote-tweet feature.

What makes the scam so convincing is its ability to prey on customers tweeting to their banks. Tweeting a company with a query is generally a good way to get an official response, quickly.

So, when a user decides to head to social media for some assistance, whether it’s to make a general enquiry, submit a complaint, etc, they immediately receive a reply.

Common Phishing Scam Dressed Up In A New Outfit

However, this response comes from the scammer, via a quote-tweet. In this reply, the message will try to convince the user to call the provided ‘helpline’ number. Calling that fake bank number takes you straight through to the scammers, who will be looking to steal sensitive personal and banking information. It’s another play on a common phishing scam that often come through emails or text messages.

Fake Accounts Lure Victims To Phishing Scam

Tagging your bank’s Twitter account in a tweet, brings these responses from non-verified Twitter accounts, looking for the hashtag or keyword use, to begin their impersonation scam. These would often be unverified accounts, so likely noticeable for lack of the blue checkmark. However, recent changes with the ‘Twitter Blue’ policy is likely to make it far easier to display a checkmark on a scam account.

Ax Sharma, at Bleeping Computer, gave an account of a twitter phishing scam attempt made on him.

“Earlier this week, I had tagged Axis Bank, India’s third-largest private bank, in a tweet but interestingly received a reply as a ‘quote tweet’ from an account claiming to be Axis Bank.

“Although the lack of any following on the @AXIS_BANK_00 account (and, not to mention, the verification badge) did raise red flags, it wouldn’t be the first time a company replies from a separate Twitter account as opposed to their verified one, for example, to minimize amplifying complaints from their customers sent as Tweets.

“As opposed to using any obvious phishing links, this scam uses a templated text urging users to call a ‘helpline’ number.”

Fortunately, for Ax, an official from Axis Bank was able to step in from an official, verifiable, company Twitter account. They were able to confirm the other account was fake and not to share any information to it.

Phishing Scam Whack-A-Mole

Although these accounts get banned as soon as they’re ‘outed’, scammers can quickly set up new accounts and carry on with their phishing scam. They always copy official account detail, generally adding some numbers or other characters to the end of the handle, and copy all official images and text in an attempt to appear genuine. It’s very important to be aware of fake accounts and being able to look out for the signs to avoid being scammed.

Although there are now problems with Twitter Blue making the blue checkmark effectively worthless for verification of accounts, companies have the option of a gold checkmark, which may help to prove they’re genuine. Don’t rely on all real companies subscribing to it, though.

Anyone Can Be Fooled By A Phishing Scam

The scam’s simplicity and focused targeting makes it convincing to unsuspecting users, so the golden rule is always to be careful when engaging online. Verify as much as possible. If you are urged to call your bank, use the number provided on your bank card.

newsletter image: Teesside Expo 2023

Teesside Expo 2023

On March 23rd, LaneSystems attended the Spring Tees Expo held at Wynyard Hall.

Michel, Lisa and Adam had a busy and productive day meeting and greeting people, old and new, and we are happy to say we will return again to the Autumn Expo in September. We look forward to seeing you there.

And, if you missed the exhibition, and can’t wait until the autumn to sort out your IT support and Cyber Security needs, get in touch to have a chat. If you’re a business in the North East of England – Teesside, Tyne & Wear, County Durham, Northumberland, North Yorkshire, etc – and serious about managing & securing your precious data, we can help.

Newsletter Image: Cyber Criminals Exploit Chat-GPT

Cyber Criminals Exploit Chat-GPT

The Register reports that EU police force, Europol, is warning about the criminal misuse of artificial intelligence-powered chatbot, ChatGPT, in phishing attempts, disinformation, cybercrime, and terrorism.

The AI tech craze kicked off last year when Microsoft-backed OpenAI opened their ChatGPT system up for public use. And with a huge amount positive feedback on the back of a multitude of impressive results, the chatbot world is exploding through a number of releases from other ‘big tech’ companies. We’re already getting AI infused into everyday software, such as search engines and productivity suites.

However, law enforcement claims it is already seeing the use of these systems for illegal activity.

The Europol study said:

“As the capabilities of LLMs (large language models) such as ChatGPT are actively being improved, the potential exploitation of these types of AI systems by criminals provide a grim outlook”

“For a potential criminal with little technical knowledge, this is an invaluable resource. At the same time, a more advanced user can exploit these improved capabilities to further refine or even automate sophisticated cybercriminal modi operandi”

The power of these AI systems is lowering the bar for the technical knowledge required to carry out many types of cyberattack, the development of sophisticated malware, the creation of convincing phishing tools, etc.

“Multimodal AI systems, which combine conversational chatbots with systems that can produce synthetic media, such as highly convincing deepfakes, or include sensory abilities, such as seeing and hearing”

Although ChatGPT is set up to filter out and refuse to engage with potentially harmful requests, there are examples of people who’ve found workarounds. Some users have managed to get it to give step-by-step guides on how to commit various crimes.

It’s highly likely that versions of the technology will be developed by criminals for specifically illegal intentions. Language models containing no content filters, and trained using harmful data, that would end up being hosted on the dark web.

At time of writing, Elon Musk has joined a chorus of tech-related people calling for a halt to AI training until further research has been undertaken. A number of concerns have been raised about the legal and ethical issues relating to the capabilities of LLMs (Large Language Models), and that’s without even delving into privacy concerns over the collection of user data.

There’s a lot more to come in the debate over AI usage.

Newsletter Image: UK NCA Creates Fake DDos-For-Hire Sites

UK NCA Creates Fake DDos-For-Hire Sites

The U.K. National Crime Agency (NCA) revealed that it has been running network of fake DDoS-for-hire websites — also known as Booter or Stresser services — in a bid to disrupt the online criminal enterprises and collect cybercriminal information. Operation PowerOFF is a joint effort with the USA, Netherlands, Germany, Poland, and Europol.

The agency says thousands of suspected cyber criminals have exposed their identities after falling for the honeypot sting. All was revealed when one of the fake NCA sites was replaced with a splash page warning users that their personal data had been collected.

In a statement, the NCA said:

“All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks.

“However, after users register, rather than being given access to cyber crime tools, their data is collated by investigators.”

UK-based users will be “warned about engaging in cyber crime”.

Newsletter Image: Data Centre Heats Public Swimming Pool

Data Centre Heats Public Swimming Pool

The BBC reports that the heat generated by a washing-machine-sized data centre is being used to heat a Devon public swimming pool.

Tech startup Deep Green, is trialling the idea at a public pool in Exmouth, and hopes to see it used at twenty pools by the end of the year. Soaring energy prices have been a major problem for public swimming pools, with many facing closure because of it.

This way of heating the water could be a technological lifeline. Pools require heat, while data centres require cooling. The mini data centre is provided free of charge and the computers inside the white box are surrounded by oil to capture the heat. This is claimed to be enough to heat the pool to about 30C 60% of the time, which will save the Leisure Centre thousands of pounds.

Startup founder, Mark Bjornsgaard told BBC Radio 4:

“We built a small data centre in Exmouth leisure centre. Most normal data centres waste the heat that the computers generate. We capture ours and we give it for free to the swimming pool to heat the pool.

“It’s great for them – they get to reduce the cost of heating the pool and reduce the amount of carbon they use, and good for us because we can offer cheaper computer services because we don’t have the cooling costs.”

Sean Day, who runs the leisure centre, said he had been expecting its energy bills to rise by £100,000 this year.

“The partnership has really helped us reduce the costs of what has been astronomical over the last 12 months – our energy prices and gas prices have gone through the roof”

This could be the perfect marriage of heat transfer to where it’s most needed from where it needs removing.

Newsletter Image: Gordon Moore (1929-2023)

Gordon Moore (1929-2023)

Gordon Moore, co-founder of Intel and the man who famously predicted that computer processing powers would double every year (later adjusted to every two years), has died ages 94.

Moore’s Law

Many years before the computer revolution, Moore authored a paper about integrated circuits where he noted the doubling of the numbers of transistors on microchips and predicted it would continue into the future. This would come to be known as Moore’s Law. This prediction became a challenge for chip makers that helped to produce exponentially more efficient, and cheaper-to-produce, chips.

Moore started out at Shockley Semicondutor Laboratory, later left to start up the Fairchild Semiconductor laboratory, a business seen as key in the founding of the ‘Silicon Valley’ area, and left there to start up Intel (Then called NM Electronics). He would later go on to be involved in many philanthropic ventures through a foundation established with his wife.

His insight and vision set up the tech industry we have today, leading Intel CEO, Pat Gelsinger, to say:

“He leaves behind a legacy that changed the lives of every person on the planet. His memory will live on.”