A leaked bulletin from the US Department of Homeland Security (DHS) has warned that, in light of the situation on Ukraine’s border, destructive cyber-attacks from Russia-backed advanced persistent threat (APT) actors look likely to be launched soon. The Russian state is thought to have been behind a massive cyber-attack that targeted 70 Ukrainian government websites, and the National Cyber Security Centre (NCSC) has urged British businesses and organisations to make sure they are prepared for any threats by reading the latest guidance published on its website entitled: “Actions to take when the cyber threat is heightened.” https://www.ncsc.gov.uk/guidance/actions-to-take-when-the-cyber-threat-is-heightened
All posts by Paul Stradling
Tech Tip – An Easy Way To Transcribe Your YouTube Videos
If you’d like an easy way to get a text transcript of your YouTube videos, try using YouTube’s built-in transcript tool, here’s how:
– Log in to YouTube and go to YouTube Studio.
– Select Subtitles from the sidebar (left).
– Select a video, choose the language, and click on ‘Confirm’.
– To edit the text transcript that appears on the screen, select ‘DUPLICATE AND EDIT’ (right-hand side).
– Edit the transcription in the dialog box and click on the ‘PUBLISH’ button.
– The transcript will be lowercase and lacking punctuation so this will need to edited and amended manually.
Sustainability : Removing CO2 Via Direct Air Capture Technology
With some climate commentators suggesting that current action and targets to reduce global warming may not be enough, we look at how Direct Air Capture Technology (DAC) could help.
The Challenges
The world’s governments have set targets to reduce the amount of CO2 produced by human activities in order to at least slow and, hopefully, make headway in trying reverse the effects of global warming. However, some of the challenges include:
– Simply ending emissions may not even be enough to stabilise the climate.
– The world’s energy consumption is growing at round 2 per cent per year anyway.
– Not all CO2 emissions are from large, controllable sources e.g., power plants where CO2 can be captured as it comes out.
(DAC) Technologies
Direct air capture (DAC) technologies can be used to extract CO2 directly from the atmosphere using liquid and solid DAC systems. Liquid systems pass the air through chemicals (e.g., a hydroxide solution) to remove the CO2, whereas solid DAC technology uses ‘solid sorbent’ filters that chemically bind with CO2. Heating the filters and placing them under a vacuum then releases the concentrated CO2 so it can be captured and stored.
Technology Used At Carbon Capture Facilities
There are already 20 direct air capture (DAC) plants operating worldwide, capturing more than 0.01 Mt CO2/year. New advanced versions may able to capture even more. For example, the DAC 1 facility at Permian Basin in the US is due to go live in 2024 when it will become the world’s largest direct air capture (DAC) facility being able to eventually capture to 1.0 MtCO2 (0ne million tonnes)/year.
The Advantages
Some of the advantages of setting up plants/facilities that use DAC to remove CO2 from the air include:
– They can help tackle the less controllable sources of CO2 emissions e.g., cars, planes, and household emissions.
– CO2 removal plants can be set up close to where the CO2 needs to be stored.
– CO2 mixes quickly in the air so it doesn’t matter where in the world the CO2 is removed – the removal has the same impact.
– DAC helps to close the ’carbon loop’ i.e., CO2 is repeatedly captured and reused to avoid producing more.
Issues
Although DAC looks like being a helpful addition in the fight to stabilise the earth’s climate, some of the current issues in scaling it up include:
– The high cost of building CO2 removal facilities.
– The potential high energy usage by the facilities themselves.
Hope, Breakthroughs, and Alternatives
Despite the issues, progress is being made to address them, and alternative ideas for carbon removal and storage are surfacing regularly. For example:
– Arizona State University Professor Klaus Lackner’s use of ‘mechanical trees’/vertical columns of discs coated with a special chemical resin and the use of moisture in the process could reduce the energy requirements of CO2 removal at scale.
– Mineral sequestration is a method that uses calcium-rich minerals, of which there are large areas around the world, to permanently store large quantities of CO2.
– Underground saline aquifers are being used to store CO2.
– Rewards are now being offered to incentivise innovation in CO2 capture technology. For example, in February 2021, billionaire Tesla founder and SpaceX boss, Elon Musk, pledged to give a $100 (£73 million) prize to whomever comes up with the best technology to remove carbon dioxide (which is produced from fossil fuels) from the air.
What Does This Mean For Your Organisation?
Global warming and the greenhouse gas emissions, such as large quantities of CO2, which are causing the warming are everyone’s problem. It is likely to be the case that not enough is being done to reduce levels quickly enough so, if DAC and similar technologies can be shown to make a real difference, it makes sense that efforts and investments are fed into setting up CO2 extraction and storage plants. Progress is already being made in increasing their effectiveness e.g., the US plant that may be able to capture 0ne million tonnes per year when it goes live in 2024. These technologies should be viewed as one of many tools to be used and measures to be taken to dramatically reduce the amount of CO2 we produce globally, and we may still have some way to go towards motivating some of the biggest CO2 producing countries to take serious steps to cut emissions which is a vital step in the overall strategy of which DAC can also play a role.
Tech News : UK Government ‘Help to Grow’ Scheme : Software And Free Business Advice
The UK government has just announced the launch of its ‘Help to Grow’ digital scheme which offers discounted software and free advice to small businesses.
Applications Open Now
The Help to Grow scheme is designed to support smaller businesses in adopting digital technologies to help them to grow. Applications for the scheme opened on 20 January.
Free Advice and Online Support
The scheme offers access to free, impartial online support and advice about how digital technology can boost a business’s performance. The support and advice can be accessed via Help to Grow’s online platform here: https://helptogrow.campaign.gov.uk/
Discounted Software
Eligible business in any business sector can also access a discount of up to 50 per cent towards the costs of buying approved software (from a group of approved suppliers), worth up to £5,000.
The 4 criteria for eligibility for the discount are:
- Businesses must be based in the UK and registered with Companies House or be a registered society on the Financial Conduct Authorities Mutuals Register.
- Employing between 5 and 249 people.
- Actively trading for more than 12 months and having an incorporation date of at least 365 days prior to application.
- Businesses must be purchasing the approved software for the first time.
Currently Just For CRM And Digital Accounting Software
Each eligible business can receive only one financial discount towards the purchase of one approved software product up to a maximum of £5,000 (not including VAT) in the Customer Relationship Management (CRM) and Digital Accounting software product categories. The government says that other software product categories will be available with the discount soon, including e-commerce software. The discount will cover 12 months’ worth of approved software product core costs, exclusive of VAT.
What Approved Software?
At this opening stage of the scheme, the approved CRM software suppliers whose products the discount applies to are Capsule CRM, Zymplify, Livepoint Software Solutions Ltd, Gold-Vision CRM, and Deskpro Ltd. The suppliers of the digital accounting software that the discount applies to are Sage, Intuit Ltd, and Crunch.
FSB and CBI
Mike Cherry, National Chair at the Federation of Small Businesses, said of the scheme: “For those small firms who are eligible, providing the means to make improvements through projects like this will make a real difference for those that are keen to expand their knowledge and skills.”
“We’re encouraging as many eligible small firms to apply and make the most of this new scheme.”
Also, Lord Karan Bilimoria, President of the CBI, said: “The launch of Help to Grow digital will help thousands of SME businesses invest in technologies. Supporting businesses on their digital transformation journey is fundamental to unlocking economic growth, boosting productivity, and creating a more resilient future for firms.”
Help to Grow: Management Scheme
The government already offers a ‘Help to Grow: Management’ scheme launched in 2021 as part of the wider government effort to back businesses and ‘level up’ the economy.
Under the ‘Help to Grow: Management’ scheme, small businesses can access 12-weeks of learning designed to fit alongside work commitments. The scheme can help businesses to develop a bespoke business growth plan, access 1:1 support from a business mentor, and learn from peers and network with other businesses. The scheme is 90 per cent funded by the government and participating businesses only need to pay £750. More information is available here: https://smallbusinesscharter.org/help-to-grow-management/
What Does This Mean For Your Business?
The last two years have created an extremely tough business environment, particularly for small businesses and businesses from all sectors have been forced to undergo a rapid digital transformation and associated learning (and cost) curve. Tools like CRMs can be costly to small businesses, but their use can really improve efficiency and productivity. For example, Enterprise Research Centre (ERC) figures show that businesses who use CRMs see on average productivity boosts of 18 per cent, so a its possible to see how a big discount on (approved) CRM software could help with growth. Also, ERC figures show that businesses adopting digital accounting software can get an 11.8 per cent increase in employee sales over 3 years. Discounts on this type of software could also provide an extra means for small businesses to increase growth. Free help, such as that offered via the Help to Grow portal, as long as it has real value, is bound to be welcomed by small businesses at this time. The biggest help right now would, of course, be greater certainty and a real improvement globally in the COVID situation, but the government scheme is one of many small ways that eligible businesses could improve growth in the coming years. The relatively small choice of approved suppliers and software types in the current round of the scheme, however, may not suit many small businesses right now, meaning that they may need to wait longer for any value and benefit.
Tech News : Google Gives Upgrade Deadline For Legacy G Suite Accounts
Google has announced in an email that users with legacy (old) free G Suite accounts have until 1 July to upgrade to paid subscriptions or lose access to most services.
Ten Years Free
Google has said that legacy G Suite users i.e., those who have been able to use their custom domain accounts for free for ten years, must upgrade to a paid Google Workspace subscription to keep their services by July 1, 2022. The G Suite legacy free edition will no longer be available starting from that date.
Google also says on its support site that, even if users choose to wait, Google will begin upgrading subscriptions automatically on May 1, 2022. This will mean that an organisation’s account will be upgraded to a new Google Workspace subscription based on the features that the organisation currently uses.
Setting Up Billing Required
Google is, therefore, asking Legacy G Suite account holders to set up Google Workspace billing before July 1, 2022, or the Google Workspace subscription will be suspended until this is set up. If users still haven’t set up their billing account for Workspace after 60 days, Google says that those users will no longer have access to Google Workspace core services, such as Gmail, Calendar, and Meet.
What Is The Legacy Free G Suite Account?
Google’s free edition was first made available to businesses, organisations, and schools from 2006 to December 6, 2012, with Google Apps. The free edition of G Suite—also known as the legacy free edition of Google Apps— gave users a reduced set of business features.
What Is Google Workspace?
Google Workspace, introduced in 2020 as part of a new brand identity, is Google’s cloud-based, collaborative working platform. Workspace, Google’s answer to competing products like Microsoft 365 with its ‘Teams’ app (and competitors like Zoom), is where its productivity apps (Gmail, Calendar, Drive, Docs, Sheets, Slides, Meet, and more), and core communication and collaboration tools (chat, email, voice and video calling, content management) are grouped together. Workspace gained huge popularity during the pandemic lockdowns when demand surged for cloud-based platforms that enabled remote and hybrid working. Google Cloud claims that Workspace now has more than 3 billion active monthly users!
How Much Will It Cost To Upgrade To A Google Workspace Account?
The basic Business Starter subscription costs £4.60 per user per month (currently discounted to £4.14) and offers 30 GB of Drive storage, 99.9 per cent uptime guaranteed, and increased security. Users can also bolt-on extra subscriptions as required e.g., Google Voice to get a dedicated business phone number. Business Standard, and Business Plus packages are also available. The packages can be compared at https://workspace.google.com/intl/en_uk/pricing.html
What Does This Mean For Your Business?
Google’s argument for the need to upgrade appears to be that legacy suite account holders should be pleased that they had 10 years for free, and that the legacy version never offered benefits like the Workspace platform does anyway e.g., 24/7 support, 99.9 per cent uptime and more storage. For Google, the introduction of Workspace would be a way to seriously challenge Microsoft’s Office/365 dominance and, as Javier Soltero, the VP of Google Workspace claimed in late 2020, “This is the end of the ‘office’ as we know it.” Google reported “strong” revenue growth for Workspace in its third-quarter results (October) indicating that it is a popular subscription. For those users who have enjoyed the legacy, an upgrade is clearly an additional cost, but there may be additional valued benefits. Those who don’t want to upgrade “may” still be able to keep YouTube and Google Photos, but Google clearly wants to strongly encourage users to at least take up a basic subscription as soon as possible.
Tech Insight : What Is A ‘Watering Hole’ Attack?
In this tech insight, we look at what a watering hole attack is, some examples of such attacks, and how businesses can defend against this threat.
Poisoning The Water
A watering hole attack is a targeted, ‘supply chain,’ cyber-attack strategy, similar to spear phishing. With this strategy, the attacker identifies a website that’s frequented by users of a targeted organisation, or entire sector. The attacker then infects the website(s) with malware and identifies weaknesses in the main target’s cyber-security. The attacker then manipulates the ‘watering hole’ site to deliver that malware, such as a Remote Access Trojan (RAT), so that it can exploit these weaknesses.
When a member of the target organisation’s device becomes infected (like drinking from a poisoned watering hole, hence the name) in a way that the target will not notice (also known as ‘drive by’), the attacker can then gain access to the infected device. This can, in turn, enable the attacker to access the target organisation’s network
Stealing and Spying
The goal(s) of this strategy, as with other strategies is/are to steal personal information, banking details, and intellectual property, and/or to conduct espionage. Also, it can enable the attacker to access corporate systems and assets, and potentially gain further details for even more cyber-attacks.
Examples
Examples of watering hole attacks include:
– The VOHO multi-phase Campaign. Back in 2012, attackers compromised a local government website in Maryland and a regional bank in Massachusetts, along with other sites related to the promotion of democracy in oppressed regions. The targets were organisations related to financial services, government agencies, and the defence industry, and the attack involved the use of re-directs and infection by Gh0st RAT malware. The attack saw 32,000 visitors from 731 unique global organisations being re-directed to an exploit site where around 4,000 hosts are believed to have downloaded exploit files, leading to a staggering 12 percent success rate for the attackers.
– From 2017 to 2018, a country-level watering-hole attack was launched in China by the “LuckyMouse”/ “Iron Tiger” group. This espionage campaign was reported to have targeted a national data centre of an unnamed central Asian country. The attackers injected malicious JavaScript code into the official government websites.
– The 2019 ‘Holy Water’ attack targeted Asian religious and charity groups. The attackers used an Adobe Flash update prompt to trigger the malware download. Although the motive was unclear, the attack may have been used for espionage.
How To Protect Your Business From Watering Hole Attacks
Ways that you can protect your business from watering hole attacks include:
– Keep anti-virus and software patches up to date.
– Use browser-based security tools to inform users of bad sites (bad reputation) and extra malware protection.
– Have a good email protection solution and consider using a secure web gateway (SWG) to filter out suspect traffic.
– Regularly inspect and monitor websites that are most visited by employees with a focus on malware detection. Also, have a procedure in place to quickly inform employees not to visit sites that have been identified as compromised.
– Check traffic from all third party and external sites before allowing employee access.
– Assess, know, and control the full extent of your supply chain (a watering hole attack is a supply chain attack).
– Educate/inform and train employees about the nature of the threat and how to avoid it.
– Never click on unknown/suspect links in emails or websites and exercise caution at all times when browsing.
– Consider adopting a ‘zero trust ‘security approach for the business/organisation.
What Does This Mean For Your Business?
This is broadly a supply-chain related attack (web resources) where instead of actively hacking or sending phishing emails, the criminals set traps for unsuspecting victims to walk into. In this respect, it is less obvious for businesses to spot. The first step is recognising and raising awareness of the threat. Following normal security good practice is always helpful plus some additional measures in this case such as identifying, regularly inspecting and monitoring websites that are most visited by employees and focusing on what additional malware protection can be added to employees’ browsers and devices. With an increasing number of more complex and inventive attack methods, many businesses are shifting to a complete ‘Zero Trust’ approach for their IT security. A more a data-centred rather than ‘moat and castle’ view of IT security gives companies greater holistic control and reduces the potential for the kind of gaps that cyber criminals can exploit with strategies like watering hole attacks.
Featured Article: How To Stop Your Emails From Ending Up In Spam Filters
In this article, we look at how spam filers work and what can be done to ensure that our legitimate emails reach their target and aren’t wrongly filtered out as ‘spam’ .
Why We Need Spam Filters
Although we’re focusing on how to avoid spam filters, it’s worth noting how important they are to businesses. Figures vary between surveys but around half of email is known to be spam and more than 90 per cent of malware arrives in spam emails. For example, Gmail in 2020 recorded blocking more than 100 million phishing emails with its filtering system, and figures (Statista) from September 2020 show 88.88 billion spam emails were being sent worldwide every day.
It is therefore necessary to filter our emails to stop our email boxes from becoming filled with irrelevant and possibly dangerous emails such as phishing emails. Filtering out unwanted emails also makes it much easier to see our important emails. Bear in mind, mailbox providers have a commercial interest in wanting users to continue using their service and having an effective spam filter can help this happen.
How Spam Filters Work / Spam Filter Types
Spam filters vary in their design across mailbox providers, but there are broadly several types that use different signals and scores to judge an email as being spam (and direct them to your spam folder). For example:
– Bayesian filters (and other heuristic filters) spot suspicious word patterns and frequencies in messages.
– Blocklist filters block and remove emails from senders who are identified on a spammers list.
– Content filters, as the name suggests, study the contents of an email with regards to language, such as words often used by spammers (special offer, discount) and inappropriate language. There are also ‘language filters’ but these are used to filter out messages with a different geographic language than that’s indicted by the recipient.
– Header filters study an email’s legitimacy based on the characteristics of its header e.g., the IP address.
– Rule-based filters apply rules established by users to incoming emails to decide whether they are delivered to the spam filter rather than the inbox. For example, these rules could be based on words or phrases in the message or header.
Other spam filtering judgements may be made using:
– Engagement rates. For example, if a (sender) mailbox has a high number of emails that are sent, not looked-at at then deleted, this could indicate low engagement (a sign of spam) and lead to an email being filtered out.
– Low mailbox activity. If an email box is rarely used apart from sending out large numbers of emails at once, this can be judged to indicate that it is a spam email account.
– Identification and reputation (a reputation score signalling how trustworthy your emails are) are often the main reasons why emails land in the inbox or the spam folder, not just the email’s content.
Getting Your Emails Past Spam Filters
Most of us, however, are not spammers and have legitimate marketing, business, and personal messages, sent with good intentions that we need to ensure at least reach their target, hopefully to get read. Ways that emails can beat spam filters include:
– Whitelisting : Since most major email providers (Google, Yahoo and Microsoft) automatically exempt whitelisted addresses from more scanning, ask known contacts to whitelist your email address in their spam filter, or to add your address to their contact list.
– Use Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) and DMARC email authentication. For example, attaching DKIM signatures to an email (as an encrypted header), SPF records to link your emails back to the domain, and the DMARC protocol to protect your domain from unauthorised use e.g., spoofing are all (more technical) ways to indicate that your emails are not spam.
– Where possible, avoid using spam trigger words in the header and content of an email e.g., buy, ‘double your’, XXX, earn, cash bonus, etc. There are many large lists of spam trigger words online and the guiding principles are to avoid anything that is sensationalising or over-promising.
– Personalise emails e.g., with the recipient’s first name. This indicates that the email is less likely to be unsolicited.
– Avoid using odd formatting (to stand out), strange use of punctuation or strangely formatted fonts. All of these are common signs of spam.
– Keep your email deliverability rates high e.g., keep your email list clean (remove inactive users and invalid emails), make sure emails are compliant with current web laws, and add engaging text.
– Only provide links to reputable websites.
– Include an unsubscribe button/link in marketing emails.
– Pay attention to spelling and grammar – use spelling/grammar checkers, and proof-read emails.
– Make sure the ‘sent from’ name is easily recognisable e.g., your name and business name together.
What Does This Mean For Your Business?
The number of different factors that spam filters use to spot and isolate spam is, of course, good for us all, but can make it more challenging to design legitimate business emails that make it to their target. Paying attention to basic rules and checks (spelling, grammar, formatting, links, personalising, avoiding spam trigger words) and using a legitimate, well-maintained email account/platform with a clean list can provide a good basis for getting past spam filters. Looking into using SPF, DKIM and DMARC may also be worthwhile. It is important to get the best ROI in terms of time and money spent in creating and sending marketing and company communications emails and designing-in deliverability of emails is, therefore, vital.
Security Stop Press : Backdoors Discovered In Dozens Of WordPress Themes And Plugins
It has been reported that 40 themes and 53 plugins belonging to AccessPress Themes, a Nepal-based company were backdoored with malicious code in the first half of September 2021. It is believed that the infected extensions gave attackers full access to sites, and that access also appears to have been sold to operators of spam campaigns. Site owners who have installed plugins directly from the AccessPress Themes’ website are advised to upgrade immediately.
Tech Tip – 3 Helpful Chrome Tricks
Here are 3 tips/tricks for Google Chrome to help with queries and searches that can be typed directly into the address bar (also known as the Onnibox):
Find websites that are similar
– For example, type related:bbc.co.uk
– This will deliver results showing similar (media) websites.
– The same type of search can be carried out for any website.
Use Google Chrome as a calculator
– Type in the required calculation For example, 2*3+8.
– The returned result will show the answer (14) loaded into calculator which you can use for more calculations.
Use a search term and site: to search a specific website for specific term
– To look for specific reference for a term in a whole website try, for example, Sandwiches site:bbc.co.uk
– This should return all the pages in the site where that term is used.
Sustainability : New Electric Vehicle Registrations Almost Doubled In 2021
The latest Society of Motor Manufacturers and Traders (SMMT) report shows that new EV registrations almost doubled in 2021.
Bad Year Generally For New Car Registrations
The effects of the pandemic and the semiconductor shortage continued to have an affect on car purchases in 2021 as new car registrations only rose by 1 per cent to 1,647,181. In fact, the market was down -28.7 per cent on even pre-pandemic 2019 levels, which makes 2021 the second worst year since 1992 for new car registrations.
Battery Electric Vehicles (BEVs)
One really good bit of news from the report, however, is that in 2021 more new ‘battery electric vehicles’ (BEVs) were registered than over the previous five years combined. EV market share almost doubled from 6.6 per cent in 2020 to 11.6 per cent in 2021, and two of every five new car models are now able to be plugged in. In comparison to the UK’s European neighbours, the UK ranked as the third largest European market in 2021 for new car registrations but the second largest by volume for plug-in vehicles, and the second largest for BEVs.
More Than One In Four Electric
The SMMT figures show that adding together the 8.5 per cent of all new cars registered in 2021 that can be plugged in with the 147,246 hybrid electric vehicles (HEVs) registered (another 8.9 per cent market share), 27.5 per cent of the total vehicle market is now electrified in some form. In 2021 BEV’s proved especially popular, breaking a record for market share in a non-locked down trading month at 25.5 per cent.
Challenges
The UK government’s net zero ambitions, the investment of £billions in into new EV technology by manufacturers, and an appetite for cleaner and greener transport from consumers have helped to drive EV sales forward in recent years. There are, however, some challenges to the part that EVs could play in the government reaching its net zero target. These include:
– Cuts to purchase incentives and grants for home chargers.
– The slow pace of growth in on-street public charging e.g., on average, 16 cars share one standard on-street charger.
– The uneven distribution of public charging stations around the UK.
– The Department for Transport backtracking on/delaying the installation of chargers in commercial car parks in England. Installation will now be limited to only new or refurbished buildings.
– The government cutting the EV grant twice in 2021
What Does This Mean For Your Organisation?
With the ban of new petrol vehicle sales due to come into force in 2030 and with these promising new figures for EV sales last year, the UK appears to be moving in the right direction to cut the damaging emissions caused by vehicles on its roads and help meet its net-zero ambitions. There are, however, still some clear challenges to be overcome as regards charging points (availability/number and distribution), and this has not been helped by some confused messages and decisions e.g., backtracking on decisions about the installation of chargers in England’s commercial car parks. Consumers may also have felt a little discouraged by cuts to EV grants over the past year. It’s still relatively early days though, and with EV sales increasing so much on last year, the post-pandemic/endemic sales environment where the economy is back to strength and restrictions are mostly lifted, EV sales this year could be boosted significantly, and this may prompt stronger action to really tackle the charger challenges.