In this tech insight, we look at what ‘zero-day’ attacks are, then look at some recent high-profile examples and ultimately at what businesses can do to protect themselves from zero-day attacks.

Sophisticated Attacks That Highlight Vulnerabilities 

In the ever-evolving landscape of digital threats and cyber warfare, one term often sends chills down the spines of cybersecurity professionals: Zero-Day Attacks. These sophisticated and stealthy cyber-attacks represent a significant challenge in today’s interconnected business world. They symbolise not just the advancement of cybercriminals’ tactics but also highlight the vulnerabilities that exist within our most trusted digital infrastructures.

Exploiting Zero-Day Vulnerabilities 

Zero-day attacks are attacks by threat actors that exploit zero-day vulnerabilities. These are undisclosed software vulnerabilities (unknown to vendor or victims) that hackers can exploit to adversely affect computer programs, data, additional computers, or a network.

Vulnerabilities targeted in zero-day attacks can be found in operating systems, web browsers, Office applications, open-source components, hardware and firmware, and the Internet of Things (IoT).

Why “Zero-Day”? 

The term “zero-day” comes from the fact that software developers and those in charge of digital security have zero days to fix the vulnerability because it is simply not known to them until the first attack. This means that attackers can exploit the vulnerabilities before developers become aware and are able to issue any patches or remediations.

How Big Is The Problem? 

Although zero-day vulnerabilities fell by almost a third in 2022, it was still the second highest year on record (Mandiant research) with 55 zero-day vulnerabilities exploited and products from the three largest vendors (Microsoft, Google, and Apple) were the most commonly exploited (for the third year in a row).

What Can Happen? 

Zero-day attacks commonly result in unauthorised data access, data theft, or service disruptions. These, in turn, can result in reputational damage, lost customers, fines (e.g. legal action by those affected an/or ICO fines), plus possibly the loss of the business itself if the attack is serious enough. Secondary attacks on the business and those affected by data theft could also come from the first attack,.e.g. malware, ransomware, phishing, social engineering attacks, and more.

Cybersecurity experts, therefore, continually work to discover these types of vulnerabilities before hackers do, to try and prevent potential attacks.

Vulnerabilities, Exploits, Then Attacks 

After threat actors have discovered a zero-day vulnerability, the next stage is ‘zero-day exploits’ – the blueprints that outline how these hidden flaws can be taken advantage of, often traded on the dark web. The zero-day attack itself is, therefore, the act of exploiting the flaw/vulnerability, using the guidance of the exploit, before a patch can be rolled out, leaving a digital system scrambling in the wake of the unforeseen breach.

Who? 

These under-the-radar strikes are often orchestrated by advanced cyber criminals, state-sponsored hacking groups, or unscrupulous entities with nefarious motives. The objectives are as varied as the threat actors themselves. For some, it’s about monetary gains whereas for others, it’s a tool for intellectual property theft, infiltrating state secrets, or merely sowing seeds of chaos. Corporate espionage and political machinations are just the tip of the iceberg when it comes to reasons behind these attacks.

Recent High-Profile Examples 

Some recent, high-profile examples of Zero-Day attacks include:

– In 2023, a critical vulnerability was uncovered in the secure managed file transfer (MFT) service provided by MOVEit, a transfer platform widely used by large companies in a variety of sectors including healthcare, government, finance, and aviation. The Russian-based Clop Ransomware group exploited the vulnerability and were able to steal data from eight UK organisations including BBC, British Airways, Aer Lingus, and Boots.

– In 2022 the CVE-2022-30190, a.k.a. Follina vulnerability in Microsoft Diagnostics Tool (MDST), was exploited and victims were persuaded to open Word documents which enabled attackers to execute arbitrary code. The government of the Philippines, business service providers in South Asia, and organisations in Belarus and Russia were all subject to the same zero-day attack.

– The notorious Microsoft Exchange Server hack in early 2021, widely believed to have been sponsored by a nation-state, exploited several previously unknown vulnerabilities in Microsoft’s email server software. The damage was widespread and profound, with tens of thousands of organisations worldwide left grappling with the aftermath before a security patch could be rolled out.

– Google’s Chrome suffered a series of zero-day threats in 2021, causing Chrome to issue updates. The vulnerability was a bug in the V8 JavaScript engine used in the web browser.

– A zero-day attack on video conferencing platform Zoom in 2020 where hackers accessed a user’s PC remotely if they were running an older version of Windows. The hackers targeted the administrator, allowing them to completely take over their machine and access all files.

– In 2020, the Apple iOS was attacked twice with zero-day vulnerabilities and one zero-day bug allowed attackers to compromise iPhones remotely.

How Businesses Can Protect Themselves 

So, how can businesses protect themselves against the threat of zero-day attacks? Given their nature, these attacks pose a formidable challenge, but protective measures that can be taken include:

– Regularly updating software updates and staying up to date with patching.

– Employing advanced threat detection tools that utilise behaviour-based detection techniques to pinpoint anomalies and unusual activity in network traffic (often the first sign of a zero-day attack).

– Conducting regular penetration tests and vulnerability assessments. These proactive practices can unearth previously unknown vulnerabilities within systems, allowing businesses to patch them before they are exploited. Following the principle of least privilege – limiting user access rights to the bare minimum needed for their work – can also help reduce the extent of potential damage should an attack occur.

– Beyond technological defences, investing in comprehensive cybersecurity awareness training for employees is crucial. An informed team acts as the human firewall against cyber threats, understanding the risks, recognising signs of possible attacks, and knowing how to respond swiftly and effectively.

What Does This Mean For Your Business? 

In the face of the ominous threat of zero-day attacks, businesses must adopt a proactive and comprehensive approach to digital security. A robust defence strategy isn’t a luxury but an absolute necessity in today’s digital age. It involves a constant balancing act of risk management, regular system updates, advanced threat detection, routine penetration testing, and vulnerability assessments, regular system audits, and maintaining a culture of security vigilance throughout the organisation.

A multi-layered security approach and a zero-trust model could, therefore, provide a solid foundation for defence although, because some vulnerabilities may still not be known until it’s too late, zero-day attacks remain an ever-present threat.

The potential devastation of zero-day attacks and their aftermath is unquestionable, but it is not an insurmountable challenge. By being as vigilant and proactive in defence measures as is realistically possible, businesses can steer through the murky waters of the cyber threat landscape, securing their digital assets, and upholding the trust of their customers and partners. The world of cybersecurity may be akin to a never-ending arms race, but with the right preparation and resilience, staying one step ahead must be an achievable goal.

London and San Francisco–based startup Stability AI has announced the launch of ‘Stable Doodle’, a sketch-to-image AI-based tool that converts a simple drawing into a dynamic image.

Creates An Image From A Simple Doodle and Text Description 

The new tool from Clipdrop by Stability AI, creates images from a simple doodle (sketched with a mouse) coupled with a text description and a choice of art style, all added through a user-friendly interface.

The 14 styles available in Stable Doodle range from realistic (photography) to cinematic to creative (fantasy art and origami).

How Does It Work?

Stable Doodle uses algorithms to analyse the outline of an image to help generate a coherent result.

The AI technology behind it is a combination of the advanced image-generating technology of Stability AI’s Stable Diffusion XL (an image generation model) with the T2I-Adapter, a condition control solution (by Tencent ARC) that gives more precise AI image generation. The addition of trainable parameters to existing large diffusion models, and the T2I-Adapter enabling inclusion of additional input conditions, such as sketches, segmentation maps, or key poses are what help to create the impressive and flexible image outputs of Stable Doodle.

Who? 

Stable Doodle is aimed at both professionals and novices, regardless of their familiarity with AI tools, and is available to try for free on the Clipdrop by Stability AI website here (https://clipdrop.co/stable-doodle) and as an app (iOS and Google Play). Users can begin experimenting with the tool without a login, subject to daily limits.

Benefits 

Stability AI says that Stable Doodle can enables designers, illustrators, and other professionals to free up valuable time and maximise efficiency. Also, ideas drawn as simple sketches (provided there’s a good accompanying description), can now be immediately implemented into works to create designs for clients, material for presentation decks and websites, or even create logos. This enables time and cost savings and gives those with few or no design skills and experience the ability to create professional visual results.

Not The Only AI Image Generator 

Stable Doodle is by no means the only AI image generator available. Others include DALL-E 2, Jasper, NightCafe, AutoDraw (a similar doodle to image setup), Midjourney, Designs.ai, and more.

What Does This Mean For Your Business? 

The big benefits of Stable Doodle appear to be its simplicity for the users – just a doodle and a description – and the scope and quality of the outputs due to power what the tool has under the bonnet (i.e. the Stable Diffusion XL model and T2I-Adapter). Also, it can be tried-out for free, while the Pro version is only £5 per month.

AI image generators (also known as GANs) like Stable Doodle offer many advantages to businesses. The ability to instantly create quality, designer-style images of any kind using just simple inputs like doodles and text descriptions enhances efficiency and time savings and allows any business with no in-house design skills to create tailored, quality images aligned with brand identity and/or customer preferences.

AI image generators thereby contribute to cost reduction by eliminating the need for hiring professional designers or photographers for routine or repetitive tasks. They also enable scalability without increasing workforce and can foster creativity and inspiration by producing novel and unique images that can serve as a source of ideas and exploration for designers and artists.

Businesses of all sizes and types, thanks to AI image generators, can now also ensure visual consistency across various marketing materials and branding efforts, aligning with established style guides or brand guidelines. AI image generators can also facilitate rapid prototyping and design iteration so businesses can iterate and refine designs efficiently.

All that said, at their present level, AI image generators should be seen as tools that complement human creativity and expertise, rather than as substitutes for them, plus very real concerns have been raised by artists whose work may have been used without their consent to train the models behind the image generators and could appear as styles and in outputs.

There’s nothing like setting the bar high and Elon Musk recently announced in a Twitter Spaces audio chat that the purpose of his new AI company, xAI, will be to “understand the universe”.

What Is xAI? 

xAI is Elon Musk’s new startup that aims to build a kind of ‘good’ AI system that will lead to an “age of plenty” where there’s no shortage of goods and services, as opposed to the dark, terminator-style future where AI could wipe out humanity. Musk said he wants xAI to be a “good AI” alternative to Microsoft, Google and OpenAI (ChatGPT’s makers). Elon Musk was famously one of the high-profile signatories (there were 1800) of the open letter calling for a six-month moratorium on the development of AI systems “more powerful” than that of GPT-4 which stated systems with “human-competitive intelligence” poses profound risks to humanity.

Musk said: “If I could press pause on AI or really advanced AI digital superintelligence I would. It doesn’t seem like that is realistic so xAI is essentially going to build an AI … in a good way, sort of hopefully”.

Who’s Involved? 

With Musk as the sole director, others involved in the xAI project include Jared Birchall (secretary), Dan Hendrycks (director of the Center for AI Safety), Igor Babuschkin (a former DeepMind engineer), Tony Wu (formerly of Google), Christian Szegedy (formerly Google – research), and Greg Yang (formerly of Microsoft).

What’s Going On? 

In Musk’s 90-minute-long chat, he jokingly remarked that the mission of xAI will be to find out “what the hell is really going on” in terms of creating “a maximally curious AI” that is trying to “understand the true nature of the universe” in a “pro-humanity” way.

Realised Pause Is Not Realistic 

In Musk’s Twitter chat, he acknowledged (as many critics of the open letter’s demands had previously pointed out) that a pause/moratorium in the development of AI systems is not realistic and that the best course of action is to create a friendly alternative.

‘Terminator’ Style Fate May Be Closer Than You Think 

During his chat, Musk said of the predictions of human-level intelligence AI’s potential to turn against and wipe out humans: “It’s actually important for us to worry about a Terminator future in order to avoid a Terminator future.” He suggested that the superintelligent AI (more intelligent than humans) could be only five or six years away.

Working With Tesla & Twitter – Twitter Data To Train 

The xAI website states that: “We are a separate company from X Corp, but will work closely with X (Twitter), Tesla, and other companies to make progress towards our mission.”  Musk has been very vocal about (and threatened lawsuits for) those allegedly using Twitter’s data.

Criticism 

Musk is also facing criticism in the news at the moment over his apparently personal fight with Mark Zuckerberg over allegations that Twitter data may have been used to develop Meta’s ‘Threads’ (which already has 100 million+ users, many from Twitter, plus the fact that after $44 billion and eight months on from taking over Twitter, the social network appears to be teetering on the edge of going under.

What Does This Mean For Your Business? 

Many critics blame Musk’s behaviour in taking over Twitter – aggressive cost-cutting, the Blue Tick system, the sackings, advertisers leaving, and still a negative cashflow, 50 per cent drop in advertising revenue, and a heavy debt load (and more). While Musk may choose to blame Zuckerberg and Meta e.g., for scraping Twitter data, many see the apparent fast decline of Twitter that created the right circumstances for a serious competitor like Meta’s ‘Threads’ to gain massive and instant traction and mass as something Musk could blame on himself. Many may, therefore, see a move to launch yet another company as a rival to AI, which is advancing at a pace anyway, and accepting that getting xAI to the level of Google’s DeepMind and OpenAI could take a long time, as another high risk move by Musk. Using Twitter and Tesla to help get xAI off the ground may also make investors nervous, especially looking at the trajectory of Twitter. Many may see valid points in Musk’s arguments about needing to ensure that AI’s growth is at least made as safe as possible, but apparently swimming against a strong tide with a reputation that has taken a bit of a battering may make many doubt whether xAI will seriously be able, even with all the experts on board, to create another kind of safer AI. The battle of formats in many other tech markets springs to mind, but the events at Twitter may overshadow xAI’s development.

July 1940 : “We Saw Them Coming”….

In July 1940, a Bristol Blenheim like this one was the first aircraft to successfully use radar to detect enemy aircraft, proving that radar could help provide an effective electronic defence whilst being deployed in the air.

It’s often been said that Britain would have lost the Battle of Britain had it not been for RADAR. Yet (like many things in the business world) it’s useless without an integrated system to make the data actionable!

It’s worth visiting Bentley Priory in London where the “Dowding System” was developed and implemented. This incredible system was pioneered by Chief Air Chief Marshal Sir Hugh Dowding and involved a network of radar stations located along the coast of southern and eastern England. These radar stations were equipped with early warning radar systems that detected and tracked enemy aircraft approaching from across the English Channel.

The information gathered by the radar stations was then transmitted to a centralised operations centre, known as the “Filter Room”. The Filter Room served as the nerve centre of the Dowding system. It received the radar reports, processed the information, and coordinated the air defence response. You’ll doubtless have seen films with ladies using sticks to push wooden aircraft-symbols around a room-sized map – that’s what it looked like and you can still see it – incredible stuff!

From those early days, radar has found itself in countless applications from its early military applications but just looking at technology closer to home (possibly on the way to work today), radar is used in automotive radar systems (Automotive Radar for Advanced Driver Assistance Systems – ADAS) for collision avoidance, adaptive cruise control, and parking assistance.

Well over half of new cars are fitted with radar and the market for them for the next decade is growing with a Compound Annual Growth Rate (CAGR) at over 9%, which is not only an interesting trend but something potentially worth investing in, if you’re so inclined.

So, the next time you’re you hear your car beeping when it’s warning you that you’re a bit ‘too close’ just think about what it would have been like for those fantastic pilots having to deal with incoming enemy aircraft in the Battle of Britain!

The next time you’re you hear your car beeping when it’s warning you that you’re a bit ‘too close’ just think about what it would have been like for those fantastic pilots having to deal with incoming enemy aircraft in the Battle of Britain!

If you’d like a really fast way to find and use particular emojis on a Windows PC, here’s how:

– For example, in Microsoft Word, Press the Windows key + the full stop symbol on the keyboard.

– Keep typing the word that describes the emoji you’re looking for, (e.g. laughter) and the automatically loaded emoji window will show the emojis that match your description.

– Click in the emoji you require from that selection.