Welcome to our latest round-up of news from the technology and hosting world. Here’s what we’ve discovered this month.
Mishing Attacks
According to security experts, Zimperium, cybercriminals are targeting business mobile users with a mishing (mobile phishing) campaign involving compromised PDFs. Links to the PDFs are included in text messages, pretending to come from the US Postal Service. Once opened, malicious elements embedded in the PDF are activated, enabling personal and financial information to be stolen. To date, Zimperium has found 20 malicious PDF files and 630 phishing pages identified with this attack and these have been used to target organisations in over 50 countries.
Public trust in the US Postal Service means users are more likely to open the link, while the smaller screen of a mobile phone makes it more difficult to spot suspicious content. Cybercriminals have also found a way for the texts to evade detection by not using standard tagging techniques to embed the links.
Phone users are advised to confirm the identity of the sender before opening links in text messages and install a mobile antivirus app to reduce the risk of infection.
Website Accessibility Tool
Guernsey Airport has implemented new assistive technology to make its website accessible to all users. The upgrade features a tool called Recite Me which provides visitors with screen magnification, customisable text sizes and translation in over 100 languages. These improvements enable users to tailor the website to their own needs and preferences, including options for adjusting colours, fonts and text spacing.
According to Guernsey Airport, the site is now more user-friendly for people with disabilities, as well as those with situational challenges or requiring language assistance. It is hoped that users will benefit from improved access to vital travel information, including flight data, airport amenities and navigation resources.
Cybercrime Shutdown
Two of the world’s largest cybercrime forums, Cracked and Nulled, have been shut down following an international law enforcement operation. Together, the two platforms had over 10 million users and functioned as marketplaces for stolen data, hacking tools and various cybercrime services. According to Europol, these forums have provided the AI-driven tools hackers need to carry out sophisticated attacks and phishing strategies.
During the operation, searches were carried out at seven locations, resulting in the arrest of two criminals and the seizure of 17 servers, over 50 electronic devices and around £250,000 in cash and cryptocurrencies.
Cracked, which had been operational since 2018, had over four million users, generated more than £3 million in revenue and affected at least 17 million victims in the US. Nulled, active since 2016, attracted over five million users and featured 43 million posts promoting illegal services. One of its admins now faces multiple charges, including identity fraud, and is potentially facing a sentence of 15 years in prison.
Darlington Drone Deliveries
Amazon has chosen Darlington as the first UK location to get Prime Air drone deliveries. The company, which is already in the process of planning its initial flights from the local fulfilment centre, is currently waiting for regulatory approval from the Civil Aviation Authority (CAA) before it can begin operations.
While the CAA is still in the process of finalising regulations for commercial drone deliveries, Amazon has been selected to participate in trials aimed at testing flights that operate beyond the visual line of sight. The company has already implemented drone deliveries in parts of the US, enabling it to deliver small packages in less than an hour.
To facilitate the service in Darlington, Amazon is collaborating with Teesside International Airport and local authorities to create a specific area for take-offs and landings. The company aims to operate within a 7.5-mile radius, avoiding airspace designated for the airport. A public event, scheduled for next month, will enable local residents to ask questions and share their thoughts on the initiative.
Hacking AI
Recent findings by Abnormal Security show that cybercriminals are starting to make use of generative AI. The latest development is an AI chatbot called GhostGPT that can generate malware and phishing scams. Unlike mainstream tools, like ChatGPT, GhostGPT has no ethical safeguards, making it a powerful tool for illegal activities.
GhostGPT follows similar malicious AI services like WormGPT and WolfGPT, which have been marketed on Telegram and the dark web for writing phishing emails and hacking tools. Available for as little as £40 a week, they enable criminals with little or no IT experience to launch sophisticated attacks that can evade security tools.
Visit our website for more news, blog posts, knowledge base articles and information on our wide range of hosting services.
