May 2024 Newsletter

Posted By: Mark Friday 14th June 2024 Tags: , , , , , , , , , , ,

This month: CryptoChameleon phishing threat, Mental Health Awareness, cyber attacks hit healthcare sector, social responsibility with SDAIS, is social media worth paying for, and AI aids rare plant survival.

Newsletter Image: CryptoChameleon Phishing Threat

The CryptoChameleon Phishing Threat

In the murky waters of cyberspace, a new threat has emerged – the CryptoChameleon phishing campaign. This cunning adversary combines the stealth of a chameleon with the venomous bite of a cybercriminal, using advanced social engineering tactics to dupe its victims, attempting to steal crypto assets (such as private keys, wallet credentials, and exchange logins). Although crypto is its primary aim, the threat is able to steal all types of sensitive data.

What Is CryptoChameleon?

CryptoChameleon is a sophisticated phishing campaign that adapts its tactics to mimic legitimate websites and deceive users. It uses dynamic URLs, changes content, and employs social engineering to steal sensitive information related to cryptocurrency accounts. Vigilance, education, and security tools are essential for protection.

CryptoChameleon is not your typical garden-variety phishing attack. It doesn’t rely on clumsy, old-school tactics like misspelled URLs or poorly crafted emails. It adapts and morphs, camouflaging itself with a variety of tricks:

  1. Adaptive URLs: The CryptoChameleon threat uses domain names that mimic legitimate websites. These URLs change dynamically, making it difficult for security filters to detect them. One moment it’s a benign-looking finance blog; the next, it’s a crypto exchange site.

  2. Content Shapeshifting: Like a chameleon changing colors, CryptoChameleon alters its content. It might start as a seemingly harmless newsletter, then transform into a fake login page for a popular crypto wallet. Users are lured in by the illusion of familiarity.

  3. Social Engineering: The threat preys on human psychology. It sends personalised messages, often referencing recent crypto news or events. Victims, thinking they’re interacting with a trusted source, willingly share sensitive information.

How Does CryptoChameleon Spread?

CryptoChameleon employs several tactics to ensnare unsuspecting victims:

  1. Phishing Emails: Users receive emails that appear legitimate. They might promise exclusive crypto investment tips, airdrops, or urgent security updates. The email content adapts based on the recipient’s interests.

  2. Malicious Links: Clicking on a CryptoChameleon link leads users to a convincing website. It could be a fake exchange, a wallet login page, or even a crypto-themed blog. The site collects login credentials, private keys, and other valuable data.

  3. Social Media Impersonation: CryptoChameleon infiltrates social media platforms. It mimics influential crypto figures, posting enticing content and sharing links. Users, trusting the familiar faces, fall into the trap.

Protecting Yourself from CryptoChameleon

There are various ways to keep safe from the CryptoChameleon threat – and phishing threats in general.

  1. Be Vigilant: Always scrutinise URLs. Hover over links to reveal their true destinations. If something feels off, don’t click.

  2. Use Multi-Factor Authentication (MFA): Enable MFA for all your crypto accounts. Even if CryptoChameleon steals your password, MFA adds an extra layer of defence.

  3. Stay Educated: Educate your friends and family about this threat. Warn them not to trust unsolicited crypto-related emails or messages.

  4. Implement Security Tools: Use reliable security software that detects phishing attempts. Regularly update your browser and antivirus.

The Ever-Changing Cyber Threat

CryptoChameleon’s adaptability makes it a formidable adversary. If you own crypto assets you should be aware of this threat. However, we must reiterate that its danger isn’t limited to those involved in the crypto world. Although its primary focus is on cryptocurrency-related information, it can compromise other sensitive data. Everyone should remain cautious and vigilant, as this adaptable reptile can strike in unexpected ways.

Newsletter Image: Mental Health Awareness Week

Mental Health Awareness Week

May 13th – 19th was Mental Health Awareness Week, and LaneSystems was proud to support and promote it. The team took part in this year’s Wear It Green day, where everyone made a donation and turned up for work wearing green items.

Lisa also attended a 2-day course for Mental Health First Aid At Work, where she learnt about a variety of conditions, how they affect an individual and how mental health can also impact the workplace.

A mental health first aider listens to the person and signposts organisations, etc, where they might seek help (if that is what they want).

After taking the exams, Lisa passed and gained an FAQ L3 Adult Mental Health: Workplace First Aider qualification.

Congratulations, Lisa!

For more information about Mental Health Awareness Week, Wear It Green, and other mental health resources, why not visit the Mental Health Foundation website.

CyberAttacks Hit Healthcare Sector

CyberAttacks Hit Healthcare Sector

The healthcare industry is getting hit more and more frequently by ransomware attacks. Hackers are targeting the industry due to the vast amount of patient personal data stored, along with the importance of keeping operations running. Health records and other patient-related information are vital to the operation of a healthcare facility and hackers expect the sector will be willing to pay larger sums to keep such sensitive personal data private.

Hospitals and other healthcare organisations are highly susceptible to cyberattacks targeting this sensitive and valuable patient information because of relatively limited resources available for good cybersecurity, the common use of exploitable legacy software, a lot of interaction with third-party providers, and, the need to interface with specialised medical technologies. All of which offers weaknesses for hackers to try and exploit. What used to be a sector more targeted by rogue individuals has now become a prime target for organised cybercrime gangs.

This year has already seen some high profile attacks on healthcare organisations around the world. Some significant healthcare industry data breaches so far in 2024 are:

  1. Kaiser Foundation Health Plan, Inc.: Approximately 13.4 million patients were affected by this breach.

  2. Concentra Health Services, Inc.: This breach impacted around 4 million patients.

  3. INTEGRIS Health: Approximately 2.4 million patients were affected by this breach.

  4. Medical Management Resource Group, L.L.C.: This breach affected around 2.35 million patients.

  5. Eastern Radiologists, Inc.: About 887 thousand patients were affected by this breach.

It’s not a new phenomenon. Upguard lists some of the largest healthcare breaches in history, but there appears to have been a recent uptick in the number of attacks on the sector.

These breaches highlight the ongoing cybersecurity challenges faced by the healthcare industry. Researchers believe there’s a lot more to come. Organisations must continue to enhance their security measures to protect patient data and prevent such incidents in the future.

Whatever sector your business operates in, it’s susceptible to ransomware, data breaches, and other forms of cyber attack. Make sure your cyber defences are effective and up to date in the evolving world of cyber threats. If you’re based around the North East of England give us a call to talk about your cyber security.

Newsletter Image: Charity & Social Responsibility

LaneSystems & Social Responsibility

This month, as part of an ongoing commitment to meeting our social responsibility goals, we have been helping Stockton & District Advice & Information Service (Citizens Advice Stockton) with a building move. This involved relocating and reinstalling all of their machines to a new site.

Our team has invested time and planning to make sure the move wasn’t too disruptive, with Kevin overseeing the project. To aid with the transition we have also donated a 48-port switch valued at £750.

LaneSystems is committed to giving 2.5% of profit on hardware sales towards I.T. equipment for each month’s nominated charity.

Newsletter Image: Is Social Media Worth Paying For

Is Social Media Worth Paying For?

The BBC recently looked into the world of social media content, asking if it’s better to pay a fee for ‘ad-free’ social media content or carry on with consuming ‘free’ content at the expense of having your personal habits and user data mined by advertisers.

Advertising vs Subscription

Tech giants are experimenting with subscription-based services. Some social media sites have begun offering content ad-free and with other features if you take out a subscription.

For example, Youtube Premium allows users to watch videos without any random adverts breaking up the viewing experience, while X (Twitter) offers fewer adverts, longer posts, editing facilities, and other added features in return for subscribing to X Premium (formerly Twitter Blue).

As advertising revenue models evolve, paid options may become more common.

Paid Content Creation

While the BBC article explores the implications of this shift for user engagement and the balance between free and paid content, many content creators have already found places to monetise their content to paying subscribers through platforms such as Patreon and Substack.

Substack primarily serves as a platform for writers to create and distribute newsletters and other literary content. With it’s user-friendly interface and useful array of tools, professional writers have found a viable platform to sell their skills to an audience willing to pay. Patreon works to a similar member/subscriber model, catering more to creatives in art,music and the AV world.

The trend toward paid social media has been gaining momentum, and it’s likely to continue evolving in the future. Users are increasingly wary of targeted ads and privacy breaches. With ‘Ad Fatigue’ and growing privacy concerns, paid models offer an alternative by allowing users to opt out of ad-driven experiences.

Platforms like Substack, Patreon, and OnlyFans have demonstrated that users are willing to pay for exclusive content. Content creators can directly monetise their work through subscriptions or paywalls and more seem willing to pay for it. Paid models should also encourage higher-quality content as creators have the incentive to produce valuable,engaging material for their paying audience.

Social media has become an integral part of our lives, and the question of whether it’s worth paying for depends on various factors.

Free Social Media

Pros:

  1. Cost: Free social media platforms (such as Facebook, Twitter, Instagram, and LinkedIn) allow you to connect with friends,family, and colleagues without any monetary investment.

  2. Networking: You can build and maintain relationships, share updates, and discover content without paying.

  3. Information: Access to news, trends, and entertainment is readily available.

Cons:

  1. Privacy Concerns: Free platforms often rely on advertising revenue, which means your data is used for targeted ads. Privacy breaches and data leaks are common.

  2. Algorithmic Control: Algorithms determine what content you see, potentially limiting exposure to diverse perspectives.

  3. Limited Features: Some features (like advanced analytics or ad-free experiences) may not be available without payment.

Paid Social Media

Pros:

  1. Enhanced Features: Paid versions can offer additional features like advanced search filters, analytics, and ad-free experiences.

  2. Professional Networking: Paid platforms cater to professionals, job seekers, and businesses, providing tools for networking, job hunting, and lead generation.

  3. Supporting Creators: Some paid models directly support content creators

Cons:

  1. Cost: Obviously, paying for social media requires a financial commitment.

  2. Value Proposition: Evaluate whether the extra features justify the cost.

  3. Competition: Free alternatives often exist, so consider if the paid version truly adds value.

While free social media will likely remain dominant, paid models will continue to grow, offering enhanced features and monetisation opportunities for both users and creators.

Whether social media is worth paying for depends on your needs, preferences, and budget. While paid options can provide tangible benefits, free platforms can still – currently – provide valuable connections and content.

Newsletter Image: AI Aids Rare Plant Survival

AI Aids Rare Plant Survival

The University of Southampton is leading an ‘Endangered Plant Search’ project using drones and AI to find a female partner for the world’s loneliest plant, the male Encephalartos woodii (E. woodii), in South Africa. It’s a unique Challenge as, currently, all known E. woodii are male clones from the only specimen found, making natural reproduction impossible. The species is ancient, predating dinosaurs, and is critically endangered.

In an innovative approach, Dr. Laura Cinti, research fellow at the University of Southampton, and who is leading the project, is utilising image recognition algorithms to analyse drone imagery of the Ngoye Forest, where the lone E. woodii was discovered in 1895. Although thousands of acres of forest has to be checked, less than 2% of the area has been covered so far.

Dr Cinti said: “I was very inspired by the story of the E. woodii, it mirrors a classic tale of unrequited love.

“I’m hopeful there is a female out there somewhere, after all there must have been at one time. It would be amazing to bring this plant so close to extinction back through natural reproduction.”

Conservation efforts at the Royal Botanical Gardens at Kew, London, continues to grow and propagate the species, hoping to find a match and enable natural reproduction, thus saving the plant from extinction.

This blending of artificial intelligence technology with conservation efforts, to save a species on the brink of extinction, showcases the lengths scientists are willing to go to preserve biodiversity.