A new survey suggests that British citizens are embracing generative AI technologies like ChatGPT at a phenomenal rate

Sometimes the hype surrounding new technologies far outweighs the reality. But a new survey suggests that British citizens are embracing generative AI technologies like ChatGPT at a phenomenal rate.

When questioned by accounting group, 26% of UK adults have used a generative AI service, such as intelligent chatbots. This is equivalent to 13 million British citizens. And one in 10 Brits are now using AI tools at least once a day.

ALSO READ: Is the UK about to steal a lead in the AI race?

Not just for fun

A lot of people have been ‘playing’ with ChatGPT to see what the platform is capable of. However, one in 10 (4 million people) are using generative AI for work.

The ability to produce convincing text and images has helped workers become more productive by allowing them to perform common tasks like writing emails, creating artwork or conduct research more quickly.

Surprisingly rapid adoption

Often new technologies take a long time to experience widespread adoption. Analysts note that it took five years for smart speakers like Amazon Alexa, Apple HomePod and Google Nest, to attract similar levels of uptake.

ChatGPT has experienced no such difficulties as people have embraced the platform from almost the moment it was released to the public. Undoubtedly some of this success is due to the fact that no special hardware is required to interact with generative AI – you can access most services from a PC or smartphone app. Smart speakers require users to purchase specialist hardware – which can be quite expensive in the case of Apple devices. By lowering the barrier to entry, generative AI has overcome many of the problems inherent with other new technologies.

A word of warning

There was one finding in the Deloitte survey that should cause some concern. 40% of those questioned said that they believe generative AI systems always produce factually correct answers. Sadly, this is not true.

AI systems are only as accurate as the data used to train them. If the algorithm has received factually incorrect data during training, it is likely that the results of any queries will also be incorrect.

It is also important to note that some AI systems are only able to refer to historical training data. In the case of ChatGPT, no new data has been introduced into the system since September 2021 – meaning that any ‘factual’ information it produces could be two years (or more) out of date.

Exciting times ahead

The fact that British users are embracing generative AI is positive for the industry as a whole. User demand will drive new innovations and improvements, ensuring that the technology becomes even more useful – and valuable.

ALSO READ: Cybersecurity survey: 36% of Europeans don’t even have an IoT device

The post UK AI usage explodes appeared first on Panda Security Mediacenter.

As August draws to a close, British students have been receiving the results of their A-level exams. Naturally their attention is now shifting towards the new semester and what they will be studying at university.

This year universities have recorded a rise in applications to study IT-related courses. UCAS, the University and Colleges Admission Service which oversees university place allocations in the UK, reports that IT applications have increased by almost 10% since 2022.

AI is driving an increased interest in undergraduate IT studies

Applications to study IT courses have increased steadily since 2019. UCAS chief executive Clare Marchant said she believes the 2023 increases are driven by “the rise of digital and AI”.

Marchant went on to say, “We know that changes in the world around us translate into increased demand for certain courses, as we saw for economics post-2008, and for medicine and nursing during the Covid-19 pandemic.” She credits the growing public conversation around technology and artificial intelligence for increased interest in computing courses.

Vanessa Wilson, of the UK University Alliance agrees, “The rise in the popularity of computing may well be a response to increasing awareness of the role of technologies such as AI, as well as a strong desire from students to develop what they see as future-proof skills.”

Are digital skills the future?

Software engineering has been the most popular computing course, with applications increasing by 16% since last year. Pure computer science degrees are up 11%, computer games and animation up 2% and artificial intelligence (AI) up 4%.

The chief executive of the British Computing Society, Rashik Parmar commented, “Teenagers in the UK know that AI will change the world forever; it shouldn’t surprise us to see this soaring demand for computing degrees”.

Increased interest in computing and AI disciplines is good news for the UK. The British government has recently announced plans to help the country become a world-leader in artificial intelligence technologies and disciplines. But to make these plans work, there will need to be an increase in the number of skilled workers – which is why the rise in IT degree applications is so important.

There was some slightly disappointing news however. Only 18% of applications were made by women. This means that although this figure has grown by 1% since 2023, computing and IT remains a male-dominated industry.

And although 95,000 people applied to study IT courses, this is still far below other subjects. In fact, computing is just the seventh most popular field of study. Business and Management related degrees remain the most popular in the UK, along with design, creative and performing arts courses, medicine, social sciences, biological and sports sciences, and engineering and technology.

But the increase in IT interest is welcome – and seems likely to continue in the years to come.

The post Rise in UK IT degree applicants driven by AI advances appeared first on Panda Security Mediacenter.

FBI warning: Chinese hackers compromised Outlook accounts of U.S. government agency employees

In a joint statement by the CISA and FBI issued on July 12th, 2023, the federal agencies confirmed that advanced persistent threat (APT) actors managed to access and download Exchange Online Outlook data that includes info from email accounts of U.S. government employees. The news was also confirmed by tech giant Microsoft which continues to work on mitigating the attack. The tech giant identified the hacker organization, which originates in Asia and specializes in targeting government agencies in the Western world. Microsoft believes the attack came from the famous Chinese hacker group called Storm-0558.

The Federal Civilian Executive Branch (FCEB) agency first reported the cyber incident. They identified suspicious activity in the organization’s Microsoft 365 cloud environment and reported it to CISA, FBI, and Microsoft. The hackers were able to get unauthorized access to customer email accounts that use Outlook Web Access in Exchange Online (OWA) and even Outlook.com.

The criminals have had access to the email servers since mid-May. The cybercriminals pulled it off by forging authentication tokens to access user email. Microsoft believes that all the data stolen by the perpetrators is unclassified, even though the hackers specifically targeted the email accounts of high-profile individuals such as members of the House of Representatives. The identities and party affiliations of the targeted elected officials have not been publicly released.

READ ALSO: PGP Encryption: The Email Security Standard

Microsoft began investigating anomalous mail activity after customers, including FCEB, reported the problem. The investigation concluded that on May 15th, 2023, the Chinese managed their way into email accounts affecting dozens of organizations, including some government agencies and accounts of individuals associated with the targeted organizations. Microsoft began contacting affected parties, and the issue has been officially resolved – all affected Microsoft customers have been informed of the security incident. Even though Microsoft continues the investigation, the data leakage has been stopped.

The hacker attack was supported by heavy resources and was solely focused on espionage. There are no reports of ransom requests by the hacker organization, so the attack is likely state-driven. Such attacks are often considered part of the spy efforts between global superpowers such as the USA and China. Reuters reported that China’s embassy in London denied involvement in the cyber incident and called the news “disinformation.” The Chinese also stated that the USA is the world’s most enormous hacking empire and called the country a “global cyber thief.”

READ ALSO: How to make Microsoft Office (mostly) unhackable

The post Chinese hackers stole US government emails appeared first on Panda Security Mediacenter.

White House puts national cyber strategy into practice with implementation plan

Over the last few years, the U.S. has been under constant cyber-attacks from foreign-based hackers. The ongoing attacks on critical infrastructure, government agencies, private companies, and individuals have affected the lives of hundreds of millions of Americans. After Biden asked Putin to stop harboring cyber criminals, the attacks on U.S. companies increased even more, and no significant arrests were ever made in Moscow.

Russia is not the only foreign country that blatantly ignores the calls for a decrease in cybercrime aimed at the U.S. and its allies. Countries such as Iran, North Korea, China, and others also continue to target the increasingly digital U.S. economy. The damages caused by hacker attacks cost billions of dollars every year.

The attacks on U.S. entities made the current administration realize that more effort is needed to keep both government and private entities safe. The White House announced the National Cybersecurity Strategy Implementation Plan (NCSIP) early this week. The plan consists of more than sixty-five federal initiatives that aim to fight cybercrime, boost the economy, and protect Americans.

READ ALSO: US Federal agencies banned from using foreign spyware

5 main pillars

The NCSIP is a living document that will be updated by the White House every year and consists of the following five pillars.

The first pillar aims to prepare Federal agencies to prevent and handle attacks on critical infrastructure.

The second one consists of disrupting and dismantling threat actors who target government and private entities with ransomware.

The third pillar aims to shape market forces and drive security and resilience by increasing software transparency that allows entities to understand supply chain risk and hold their vendors accountable in case of a cyber incident.

The fourth part of the plan is to stimulate investments in future-proofing equipment implementation and enhance the U.S. involvement in International Cybersecurity Standardization.

The last pillar plans to get the U.S. to strengthen its communications with its allies and ensure more effective combined activities with partner nations.

The plan announced by the White House hopes to decrease the amount of cybercrime and the damages caused by cyber criminals on the USA and its allies around the globe. The plan will be supported by the Department of State and multiple other government agencies, including CISA and FBI, and physical science laboratories such as the National Institute of Standards and Technology (NIST). Each initiative has been assigned to a federal agency, and some have already been completed. However, the majority are ongoing or planned for the future.

The post White House Announced the National Cybersecurity Strategy Implementation Plan appeared first on Panda Security Mediacenter.

The UK government has recently announced a new joint initiative with several leading artificial intelligence vendors.

According to the agreement, Google, OpenAI and Anthropic will all provide British agencies with “early or priority access” to their models.

The move comes as part of a wider strategy intended to help grow the post-Brexit economy. By embracing the technology, the plan is to make Britain a leading hub for AI development and investment. The government has already invested £1bn to build a new exascale supercomputer for a dedicated AI Research Resource. This was followed by a further £100m fund for developing a British AI taskforce to build new foundation models.

An important competitive advantage?

Although the British government has not yet released details of the agreement, it is expected that they now have an opportunity to better understand each technology. Ultimately, this should then allow legislators to better evaluate opportunities and risks presented by artificial intelligence systems.

The promise of early/priority access for the UK comes at the same time as the European Union is drawing up new laws to regulate AI use across member states. Some commentators suggest that this pre-emptive move to legislate emerging AI technologies could stifle innovation, limit growth and leave EU member states at a disadvantage to other countries that have adopted a ‘wait and see’ approach (like Great Britain).

Too close for comfort?

Other industry analysts warn that the UK’s plans could backfire. Although they have early access to new AI technologies, there is a fear that vendors like Google and OpenAI may use the relationship to influence consultations to benefit themselves rather than the British public.

These concerns are not without foundation either – it would not be the first time that big tech companies have misused their privileges. Google famously misused data belonging to UK patients as part of a partnership with the National Health Service for instance.

Wait-and-see

Until the UK government reveals more details of what this agreement entails it is hard to accurately assess what the true benefits will be – or how British business and citizens will benefit. As such, industry experts are waiting to see if the UK’s ‘wait and see’ policy pays off – or whether the EU’s early legislation efforts prevent misuse and abuse of emerging AI technologies.

The post Is the UK about to steal a lead in the AI race? appeared first on Panda Security Mediacenter.

As part of the 2016 Investigatory Powers Act (IPA), the British government gave several new powers to law enforcement and security services. Intended to help these bodies better deal with online crime, the law called for the creation of ‘internet connection records’.

During initial testing, internet connection records (ICR) have been used to capture every website visited by ‘suspects’ based in an unspecified region. The UK government has announced the trial was a success and now plans to roll out ICS record collection to the entire country.

How does the ICR work?

Under the IPA, British internet service providers (ISP) must collect connection data on all of their customers. So if your home broadband is provided by Vodafone, Vodafone is legally obliged to collect data about the sites and services you use.

The ICR does not contain a full list of every webpage you visit, but it does record every website you visit. So an ICR would show that you visited the Panda Security website, but not that you were reading this article.

According to the law, ISPs and telecoms can be issued with a warrant requiring them to keep the ICRs of a specific individual for 12 months. The records can then be used for investigating suspected crimes.

Does the ICR system work?

According to British authorities, the ICR system offers a “significant operational benefit”. It has been described as a powerful surveillance tool for detecting and prosecuting crime. However, because of the secrecy of the system, it is hard to assess its true effectiveness.

The National Crime Agency (NCA) cites one of their own trials that focused on a specific website hosting indecent images. According to reports, the NCA was able to identify 116 previously unknown child predators who visited the site. It is not clear exactly how ICRs helped in this case however.

Why are civil liberties experts worried about ICRs?

Not everyone agrees that ICRs are a good idea however. Some experts warn that too much data is being collected, while others are concerned about how well protected these records are.

However, all the experts agree that the secrecy surrounding the project is a significant concern. The British government and ISPs refuse to share information about exactly what ICRs entail, how the technology works or which agencies are using the data.

As a result, UK civil liberties group Privacy International is challenging the IPA in court. They are particularly concerned about the data being collected and handled, especially as the British government has been found to used personal data illegally in the past. The outcome of the case could have significant implications for the future of ICRs – and perhaps even the Investigatory Powers Act itself.

The post UK set to ramp up citizen surveillance program appeared first on Panda Security Mediacenter.

Ransomware attack exposes sensitive data for nearly 9 million dental patients

Last month a government-sponsored oral healthcare provider Managed Care of North America (MCNA), publicly disclosed that on March 6, 2023, they became aware of suspicious activity in their networks that happened without their permission. The Atlanta-based healthcare organization said that the IT staff managed to patch the problem, terminate the activity, and start an investigation. However, the actions were not quick enough, as hackers managed to cause damage, steal data, and infect company systems with ransomware.

After cyber security experts examined the incident, they determined that bad actors had been able to access and copy files from the company’s computer system for nearly ten days. As a result, the hackers have been able to steal approximately 700GB of data that contains the personal information of roughly nine million people. The hackers asked for a $10 million ransom, but the cyberheist did not go well for them as the healthcare company refused to cooperate. Angered by the refusal, the hackers leaked the stolen data on the dark web for everyone to access.

The stolen data consists of sensitive information such as social security numbers

The stolen data consists of sensitive information such as social security numbers and information on government-issued documents such as driver’s licenses and passport IDs. The hackers also accessed full names, DOB, addresses, phone numbers, and insurance policy information. The stolen data entries included the personal information of deceased people too.
The LockBit ransomware criminal organization claimed responsibility for the attack. It is located in Russia and is considered one of the world’s largest Ransomware-as-a-Service (RaaS) operations.

It often makes the headlines and recently managed to victimize the City of Oakland. The hacker organization and its ransomware product are somehow connected to one-third of all ransomware infections worldwide. MCNA is working with government authorities to catch the perpetrators. However, so far, the enforcement agencies have been unable to determine the identities of the individuals behind the attack.

MCNA offers a complimentary identity theft protection service for one year to all affected customers worried hackers might exploit the stolen information. They encourage victims to take advantage of the offer and to keep an eye on their credit reports.

Hackers penetrating the systems of one of the country’s largest providers of government-sponsored oral health service providers in the US is not uncommon. US organizations have been under constant cyber-attacks from Russia-based criminals over the last couple of years, and the trend does not appear to be slowing down.

The post Approximately 9 million dental patients in the USA affected by a data breach appeared first on Panda Security Mediacenter.

Tech giant Meta, the parent company of Facebook, has reached a settlement with plaintiffs in a class action lawsuit currently pending in the United States District Court for the Northern District of California. The lawsuit came after the Cambridge Analytica scandal that shook the social platform five years ago. The political consulting firm exploited a loophole and used a quiz app to access the personal information of over 80 million Facebook users residing in the US. As a result, approximately 85 million people are eligible to participate and potentially qualify for a piece of the $725 million settlement.

The social media company denied any wrongdoing but agreed to pay out the lump sum to users located in the USA who have been affected by the scandal and have used the social platform at some point over the last fifteen years. Any Facebook users in the United States between May 24th, 2007, and December 22nd, 2022, are eligible to participate in the class action suit. People who do not submit a claim will not get any money, so anyone interested in participating needs to file a claim at https://www.facebookuserprivacysettlement.com/. Individual Facebook users can receive only one payment per person even if the claimant has had multiple accounts over the years.

Submitting a claim is easy and consists of filling in general questions such as name, address, and contact details. Claimants must also answer a few basic questions and include emails, usernames, and phone numbers associated with the account. Class-action suit participants are also asked to pick how they wish to receive their share of the settlement – options include PayPal, Venmo, Zelle, MasterCard, and a direct deposit via ACH. Affected Facebook users have a few more months to file a claim as the deadline for final submissions is August 25th, 2023.

Participating in the settlement will likely not feel like a windfall for many as each claimant’s funds would probably not be enough for a drink after work. The more people submit eligible claims, the less money everyone will get. As seen quite often, the giant corporation would just get a slap on the wrist that won’t affect them much – based on 2020 data, Facebook makes approximately $235 million in profit a day. The only proper winner will likely be the team of lawyers of the plaintiff, who will take a massive chunk of the court ruling, estimated to be around 25% of the settlement.

The final hearing is expected to happen in September, and payouts would start rolling at least ninety days after that. So don’t be too excited about the free drink from Mark Zuckerberg, as money will likely reach your account around Christmas or early next year.

The post Are you eligible for a piece of the $725 million Facebook settlement? appeared first on Panda Security Mediacenter.

Reuters reported that a Russian hacker group known as Cold River attempted to gain unauthorized access to three major nuclear laboratories in the USA. The hackers, believed to be located in Russia, launched multiple phishing attacks targeting the following national laboratories – Argonne, Lawrence Livermore, and Brookhaven. The nuclear labs are known for numerous scientific breakthroughs in atomic technologies and national security.

According to the investigation conducted by Reuters, the attackers created email addresses with domain names that resemble popular websites. The Russians were hoping that if the emails looked similar to legitimate sources such as Google or Microsoft, they would be able to trick the scientists into revealing login information. Untrained staff often fall for such phishing scams as similar phishing attacks, and such hacking techniques are the initial cause for a whole list of high-level cyber breaches over the years. Fake login pages are sometimes so well done that even a trained employee can fall victim.

It is unknown whether the attacks were successful, but there is no official confirmation if any data was stolen. Reuters contacted the research centers for comments, but all three labs declined the opportunity to provide more clarity about the attacks. In addition, multiple security agencies, such as NSA and its British equivalent, declined to comment. The cyber incidents were not immediately reported even though the scientific research centers were under attack in August and September last year.

Cold River Attacks have intensified since the war in Ukraine started last year. The hacker organization is behind many other attacks, including attacks on non-government organizations investigating war crimes and other businesses and agencies across Europe and the USA. Russia has done little to none to stop the attacks even though, over the last two years, the US government has made it clear that they want Putin to stop harboring cyber criminals and to keep critical structures “off limits.”

Ukraine is considering classifying cyber-attacks on critical infrastructure as war crimes. Victor Zhora, Ukraine’s chief digital transformation officer, noticed some coordination between kinetic strikes and cyberattacks. He added that since most kinetic attacks are organized against civilians — a direct act of war crime — supportive cyber actions could potentially be considered war crimes too.

Russia is continuing with the cyber-attacks, and the state even legalized piracy of games, movies, and other software in 2022. Belarus followed the same decision earlier this month as Alexander Lukashenko made it legal for people in Belarus to pirate content from nations that are considered unfriendly such as the USA.

The post Russian hacker group took a shot at three American top nuclear labs appeared first on Panda Security Mediacenter.

Starting today, January 10th, Windows 7 Enterprise and Professional operating systems will no longer receive security updates. Thus, computers that still run these OS will no longer be protected against critical vulnerabilities.

Apart from the operating system itself, browsers (both Edge and third-party browsers), as well as services from other non-Microsoft vendors, such as NVIDIA, have confirmed that they have also stopped offering new security patches in Windows 7.

What is the alternative for Windows 7 users?

Microsoft suggests upgrading their computers to Windows 10. Most of these computers are not compatible with Windows 11, but they are with the immediately previous version. In any case, the Californian giant recommends considering, before investing in this change, that Windows 10 will no longer be supported in October 2025.

The post Microsoft ends Windows 7 security updates – effective today appeared first on Panda Security Mediacenter.