WhatsApp has announced that it will soon be introducing some new features to improve its voice messaging.

Voice Messaging  

WhatsApp’s voice messaging, introduced back in 2013, saves typing and is a fast way and free way to send expressive, encrypted messages. WhatsApp says that its users send 7 billion voice messages on average every day. WhatsApp is owned by Facebook/Meta and has been introducing more new features over the last two years to help it to compete with other messaging services like Snapchat.

The new features, to be rolled out in the next few weeks are:

– The ‘Out of Chat Playback’ feature which enables users to listen to a voice message outside of the chat, thereby allowing users to “multitask” or read and respond to other messages. This feature is particularly handy for listening to longer messages.

– The new ‘Pause/Resume Recording’ feature helps users to improve the content of their messages by giving them the option to pause the recording and resume when ready. This makes it easier, e.g. if interrupted while recording or if a bit more time is needed to structure and get all relevant thoughts into the message before hitting send.

– ‘Waveform Visualization’ shows users a visual representation of the sound on the voice message, making it easier for users to follow the recording.

– With ‘Draft Preview’, users can listen to voice messages before sending them. This can be very helpful for more important messages.

– Sometimes users can be interrupted when listening to a voice message. The ‘Remember Playback’ can save time by allowing users to pause when listening to a voice message, so that a user can pick up where they left off when returning to the chat rather than having to listen to the whole thing again.

– Another time-saving feature is ‘Fast Playback on Forwarded Messages’. This feature allows users to play voice messages at 1.5x or 2x speeds and listen to messages faster on both regular and forwarded messages.

What Does This Mean For Your Business?  

These new features to update WhatsApp’s voice messing, which has been around since 2013, is one of many updates to help WhatsApp stay popular and competitive, add value, and fend-off rivals. For example, in January Snapchat announced a major update (for iOS) which included improved calling, ‘Chat Replies’, Bitmoji Reactions (to allow for more expression), and Poll Stickers to enable emoji-powered polls in Snaps and Stories to survey friends. WhatsApp has added several new features over the last year or so including ‘View Once’ for photos and Vanishing Messages, both of which were to protect users and their privacy and to compete with Snapchat’s ‘Stories’. Many of WhatsApp’s new features are also part of a plan to consolidate and leverage the power of its other popular apps by integrating and making Messenger, WhatsApp, and Instagram interoperable. Last year, Facebook also announced that WhatsApp was beta testing multi-device capability so that it could be used on a smartphone and up to four other non-phone devices simultaneously, even if the phone battery was dead. This was a move to make it even more appealing to multi-device owning (business) users, an important market for WhatsApp, following on from the launch of WhatsApp Business back in 2018 which was designed with small businesses in mind. These latest voice messaging features show that the fight to stay at the top of the free encrypted messaging app market is still very much on and it is likely that more features will be added soon by WhatsApp and its rivals as part of this fight. It can only really be good news for users while the app remains free and encrypted as it increases their capabilities on an already familiar platform.

The Edge Bar is a handy floating sidebar / mini (Bing) browser that comes with the latest version of Edge in Windows and makes searching and accessing email and other platforms faster and easier. Here’s how to enable and use it:

– Open Edge and click on the three dots (top right).

– Select ‘Settings’.

– Select ‘Edge bar’ in the left panel and click on ‘Open Edge bar’ on the right.

– Search for something with the Bing search engine at the top of the Edge Bar.

– Click on the bookmarks to platforms such as Outlook and LinkedIn shown on the right of the Bar (added by default) and add your own favourite website bookmarks there. To add them, click on the plus (+) button (right section of the Edge bar), enter the URL, and click on Add.

The UK’s national fraud reporting centre, Action Fraud, says that it has received 196 reports of scam emails claiming to be raising funds for victims of the war in Ukraine.

Facebook Post  

In a Meta / Facebook post on 18 March, Action Fraud reported:

“We’ve received 196 reports about FAKE emails purporting to raise money for those affected by the crisis in Ukraine. Some of the emails even claim to be from Wladimir Klitschko.” 

Fake Websites Too 

ESET researchers have also reported seeing a number of fake websites showing images of soldiers and explosions and the flag of Ukraine, asking for aid donations but with no specific details of how the money will be used. ESET commented in tweet: “Cybercriminals have no shame. With no humanitarian organization and only generic purpose mentioned, scammers try to lure out money from people trying to help #Ukraine during the #war.”   

Advice  

The advice from Action Fraud is that if any suspicious emails are received, they should be forwarded to: report@phishing.gov.uk.  Also, the Charity Commission and Fundraising Regulator have published information online here to help the public to ‘give safely’ to registered charities and causes helping to support and protect people affected by the invasion of Ukraine.

Simple Checks  

The Charity Commission and Fundraising Regulator suggest that those looking to donate to causes working in Ukraine and neighbouring countries should make some simple checks before donating, such as:

– Check the charity’s name and registration number at www.gov.uk/checkcharity.

– Check to see if the charity is genuine before parting with any financial information, e.g. check online for details of the charity and/or contact them to ask about what work they’re doing and how funds are spent.

– Exercise caution when responding to emails or clicking on links within the emails.

– Look for the Fundraising Badge (the Fundraising Regulator’s logo) on charity fundraising materials. This is a sign that they fundraise in line with the Code of Fundraising Practice.

Helen Stephenson CBE, Chief Executive of the Charity Commission, said about donating causes helping the people of Ukraine: “We encourage everyone to follow our simple steps to check that their money gets to its intended cause. Donating to a registered charity is a good way to feel confident of that.”  

What Does This Mean For Your Business?  

Just as we saw with the pandemic, scammers will exploit any situation to extract money and sensitive, personal information from people. Situations where there is a strong emotional response and an urge to help and move quickly are ideal for scammers who rely people acting on emotional impulse and not checking or using critical thought or discussing their intentions with others who may alert them to the danger. Taking time to make simple checks, such as some basic online research can help ensure that money goes to those who need it rather than to fraudsters funding more crime. The advice is to be on the alert for fake emails and social-media posts from scammers looking to cash-in on the crisis in Ukraine, report and to delete and suspicious emails and make some basic checks before donating to any charity or organisation.

In this article, we look at the cyber-crime gang Lapsus$, how they operate and the details of some of their recent high-profile attacks.

Lapsus$ ? 

Lapsus$ is reported to be a mostly teenage cyber-crime gang (hackers), mainly based in South America, yet with its alleged multi-millionaire teenage leader based in Oxford, UK. The gang, which typically uses ransomware and data extortion, has risen to prominence over the last year or so thanks to frequent attacks on major targets. Although some tech and security commentators have described them as inexperienced and amateurish, they have expanded their reach globally and created many costly problems for some large organisations. Much of the money reported to have been taken by them is likely to have come not just from extortion but also from taking over individual user accounts at cryptocurrency exchanges and draining cryptocurrency holdings.

Social Engineering 

Some online reports indicate that Lapsus$ Initially gains access to organisations prior to extortion through social engineering. This is reported to involve bribing and tricking employees at customer support call centres and help desks, for example. Microsoft, which was targeted by the group, wrote in a post that it had found instances where Lapsus$  “had successfully gained access to target organisations through recruited employees (or employees of their suppliers or business partners).” 

Telegram Group 

Lapsus$ is known to have a group of around 45,000 subscribers on Telegram (instant messenger channel) on which the hacking group members are known to be highly active. It is believed that the Telegram group and multiple other social media platforms have been used for recruitment since at least November 2021.

The Leader? 

It has been reported that the leader of  Lapsus$ is a 16-year-old boy based in Oxford who uses the hacking names “White” or “Breachbase”. It has also been reported (and alleged) that the autistic teenager has amassed a massive $14m (£10.6m) fortune (in cryptocurrency) from hacking!

Doxxed 

The teenage alleged leader’s identity as was revealed after he reportedly mismanaged the Doxbin website that he controlled and leaked the Doxbin data set to Telegram. This led angry customers of the site, which shares personal information about people, to retaliate by doxing him, i.e. publicly revealing personal information about him online. It has also been reported, however, that cyber-security researchers, e.g. Unit 221B, have been tracking the alleged leader of Lapsus$ and have been aware of his real identity for almost a year.

Father Unaware 

Following the doxing, it has been reported that White/Breachbase’s father was unaware of his son’s alleged involvement in hacking and that his father believed that extended periods spent on his computer was simply the result of his son playing video games.

Attacks So Far 

Some of those targeted and attacked by Lapsus$ are so far thought to include:

– Security company Okta. The attack in January, which allegedly involved a third-party contractor, is reported to have been a case where the data of (at worst) 366 of its clients may have been “viewed or acted upon”. News of the issue caused a 9 per cent fall in the company’s shares.

– Microsoft, which reported that the group had only gained limited access after compromising a single account. Microsoft, which calls the Lapsus$ group DEV-0537, has published an extensive post about their activities and methods here: https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/

– Samsung, which recently confirmed that the hacking group had breached its security and stolen code relating to the operation of Galaxy smartphone devices.

– Nvidia (US GPU giant). It was reported that Lapsus$ broke into NVIDIA’s internal network, stole sensitive data (from hashed login credentials to trade secrets) and then leaked NVIDIA’s official code signing certificates.

– Ubisoft (a French gaming publisher) has also been targeted.

Recent Arrests 

Following an investigation, it has been reported that City of London Police have now arrested seven teenagers over their suspected connections with the Lapsus$  hacking group. It is not clear, however, whether this included the suspected 16-year-old leader.

What Does This Mean For Your Business? 

It is shocking that a group of teenagers apparently on their computers in their bedrooms at home may be behind some high-profile extortion crimes against major organisations, as well as taking over cryptocurrency accounts, amassing vast digital wealth in the process. In this case, although the attacks may have exposed some technical security holes in company defences, the group seems mostly to have relied upon (according to Microsoft) using social engineering, e.g. recruiting and bribing relatively low-level insiders. This is difficult for businesses to defend against, and it highlights the importance of monitoring and training about cyber threats in companies. Although some arrests have now been made, the continued existence of a huge subscriber base on Telegram, and details stolen in previous attacks means that the danger may not be over, and others may copy the gang’s methods or replace lost members.

The EU Parliament, Council negotiators and lawmakers have agreed new rules under the Digital Markets Act (DMA) that will limit the market power of the big technology companies and open up the market for competitors.

What Is The Digital Markets Act? 

The Digital Markets Act (DMA) from the European Commission has been designed to ensure a higher degree of competition within the European Digital Markets, by preventing large companies from abusing their market power and by allowing fresh players to enter the market. The idea is to create more of a level playing field for businesses which the EC believes could help to foster innovation, growth, and competitiveness.

Applies To Gatekeepers 

The DMA will apply to “gatekeeper” businesses, and the EC has another initiative called the Digital Services Act (DSA) which will be used help protect the rights of users of digital services.

Who / What Are The “Gatekeepers”? 

The “gatekeepers” that the DMA rules will apply to are the companies providing “core platform services” who are “most prone to unfair business practices.” Gatekeepers, such as social networks or search engines, are “digital platforms with a systemic role in the internal market that function as bottlenecks between businesses and consumers for important digital services.” These companies are defined by the EU as having a market capitalisation of at least 75 billion euro or an annual turnover of 7.5 billion, and providing certain services such as browsers, messengers, or social media, which have at least 45 million monthly end users in the EU, and 10,000 annual business users. Gatekeepers could also be described as having a strong economic position and significant impact on the internal market, being active in multiple EU countries, and having a strong intermediation position, i.e. they link a large user base to many businesses. Also, gatekeepers are those big tech companies with an entrenched, durable market.

The New Rules 

The new DMA rules will mean that:

– The largest messaging services – WhatsApp, Facebook Messenger or iMessage- will have to open up and interoperate with smaller messaging platforms, if they so request. This should mean that users of small or big platforms could exchange messages, send files, or make video calls across messaging apps, thus giving them more choice.

– The interoperability obligation for social networks / interoperability provisions will be assessed at a later date.

– Combining personal data for targeted advertising will only be allowed with explicit consent to the gatekeeper.

– Users must be allowed to freely choose their browser, virtual assistants, or search engines.

– Companies won’t be allowed to rank their own products or services higher than those of others in online search results or reuse data collected from different services.

Punishment For Non-Compliance 

The European Parliament says that if a gatekeeper does not comply with the rules, the Commission can impose fines of up to 10 per cent of its total worldwide turnover in the preceding financial year, and 20 per cent in case of repeated infringements. For systematic infringements, the Commission has threatened to ban gatekeepers from acquiring other companies for a certain period of time.

A New Era of Tech Regulation 

Rapporteur from the EU Parliament’s Internal Market and Consumer Protection Committee, Andreas Schwab (EPP, DE), said of the new rules, “The agreement ushers in a new era of tech regulation worldwide. The Digital Markets Act puts an end to the ever-increasing dominance of Big Tech companies. From now on, they must show that they also allow for fair competition on the internet. The new rules will help enforce that basic principle. Europe is thus ensuring more competition, more innovation, and more choice for users.” 

The Tech Companies Say… 

Apple has been reported as saying that parts of the DMA “will create unnecessary privacy and security vulnerabilities for our users while others will prohibit us from charging for intellectual property in which we invest a great deal.”  

Google has been reported as saying that, while it supports many of the DMA’s ambitions, it is “concerned that some of the rules could reduce innovation and the choice available to Europeans.” 

What Does This Mean For Your Business? 

The EU has launched a lot of antitrust investigations and introduced many new rules in recent years designed to stop the big tech companies being too powerful and to stop the use of some technologies (AI) surging ahead of regulation. The behaviour of the big tech companies has led many to call for tougher regulations and the formalised new rules of the DMA have been agreed upon quite quickly (less than 18 months), emphasising the EU’s determination to act. Clearly, it’s likely to be unwelcome news for the big tech “gatekeepers” who have been enjoying huge market dominance and profits. For smaller digital companies operating in the EU area, the DMA is likely to be a welcome step, allowing them more of a chance to compete and gain more share in a market dominated by giants for so long. For users, it could provide greater choice, and greater convenience, e.g. with the interoperability of messaging platforms. It is only likely to really work, however, if the penalties are severe enough and if action is taken quickly to send the message that the EU is really serious about the matter.