Kategorie

Military personnel from Middle East countries are the target of an ongoing surveillanceware operation that delivers an Android data-gathering tool called GuardZoo. The campaign, believed to have commenced as early as October 2019, has been attributed to a Houthi-aligned threat actor based on the application lures, command-and-control (C2) server logs, targeting footprint, and the attack Newsroomhttp://www.blogger.com/profile/[email protected]

The AI hype keeps on coming. 

The latest news is the arrival of an entirely new line of Windows computers, Copilot+ PCs, which are specifically designed with artificial intelligence (AI) in mind. Microsoft claims they’ll dramatically speed up AI, offer new features unavailable to other PCs, and deliver improved battery life. The new machines point the way to the future of Windows and of AI, if the company is to be believed.

Laptops from Acer, ASUS, Dell, HP, Lenovo, Samsung, and Microsoft were released several weeks ago, long enough to find out how they perform in real life. So how do they stack up? Are they everything Microsoft claimed they would be, or just one more overhyped new technology?

To find out, let’s start by looking at Microsoft’s promises about what the Copilot+ PCs will do. In a blog post announcing them, the company crows:

“Copilot+ PCs are the fastest, most intelligent Windows PCs ever built. With powerful new silicon capable of an incredible 40+ TOPS (trillion operations per second), all–day battery life and access to the most advanced AI models, Copilot+ PCs will enable you to do things you can’t on any other PC. Easily find and remember what you have seen in your PC with Recall, generate and refine AI images in near real-time directly on the device using Cocreator, and bridge language barriers with Live Captions, translating audio from 40+ languages into English. “

The laptops are based on Qualcomm Arm-based processors, which include a neural processing unit (NPU) to handle AI-related tasks. Normally, AI processing occurs in the cloud rather than on a local PC, potentially slowing things down AI. On Copilot+ PCs, Microsoft claims, much of that processing will stay local on the machine.

Recalling Recall

Microsoft went into hype overdrive when touting the new machines’ Recall feature. There’s good reason for that. Anyone who has spent too much time trying to remember and open a specific email, website or file they worked on months ago would want it — and that pretty much means all of us. It’s clearly the killer app that could sell countless Copilot+ PCs.

But Recall has an Achilles heel. As I wrote earlier, it could be the ultimate security and privacy nightmare. It works by constantly taking screenshots of everything you do, storing them on your PC, creating a searchable database of them, and then using AI tools on them so you can find what you want quickly.

Initially, Microsoft claimed that because all that work is done locally rather than in the cloud, it wouldn’t lead to privacy or security issues. But many security researchers and analysts disagree. 

Jeff Pollard, vice president and principal analyst at Forrester, told Computerworld “I think a built-in keylogger and screen-shotter that perfectly captures everything you do on the machine within a certain time frame is a tremendous privacy nightmare for users.”

If a hacker gains access to your PC, researchers found, he or she can read the database, which isn’t even encrypted. At first, Microsoft tried to convince everyone that the privacy issues were much ado about nothing. But then it backed off. The company announced in a blog post that the feature won’t be available on Copilot+ PCs when they launch. Microsoft says it will make Recall available some day — though it won’t say when.

That means the biggest reason for buying a Copilot+ at the moment remains elusive. 

Other Copilot+ PC woes

These machines have other issues, too. One of the most head-scratching ones is that the Copilot app on Copilot+ PCs appears to be less powerful than the app on traditional PCs. On Copilot+ PCs, Copilot runs as a traditional Windows app rather than as a sidebar pane, as it now normally does on traditional PCs. So, you can resize it, move it around the screen, and do anything with it that you can do with any window.

That’s not the problem. The problem is that Microsoft also took away some Copilot features. When run as a sidebar pane, Copilot can perform some basic Windows tasks for you, such as turning dark mode on or off. The app on Copilot+ PCs can’t do that. (By the way, Copilot as a Windows app is now also available for non-Copilot+ PCs, and it has the same problem as the Windows app on Copilot+ PCs.)

Another oddity: Although the new Copilot+ PCs have a dedicated Copilot key, the PCs won’t allow you to launch Copilot with the keyboard shortcut Windows key-C as you can on other PCs. Go figure.

And there’s more, according to Computerworld and PC World contributor Chris Hoffman. On the new machines, he says, “Copilot doesn’t run offline or use the new integrated neural processing unit (NPU) hardware to do anything at all.”

Running AI offline was one of the big promises of the new line. Perhaps someday that will happen, but as Hoffman notes, that day isn’t yet upon us.

Emulation: Thumbs up or thumbs down?

Because Copilot+ PCs run Windows on an Arm chip, they have to run Windows apps via emulation. Theoretically, that could be problematic or slow apps down. Microsoft contends that the chips are so fast that the apps run fine. 

Not everyone agrees. Many reviewers generally report no serious problems, but Android Authority warns: “emulation is hit-and-miss.”

PC World’s Mark Hachman found that most apps work fine, with one big caveat: “There’s a good chance your favorite games won’t even run” on a Copilot+ PC.

The upshot

So, should you buy one of these machines? I won’t hem and haw. The answer is no. Their two most important AI-related features — Recall and local AI processing — aren’t yet available. And running games on one, is that’s a priority, is iffy at best.

There are plenty of very good thin, powerful Windows laptops out there. If you need a new PC, buy one of those, not a Copilot+ PC. Even if you’re looking for true AI power, you’d do better to wait.

Excel’s Ribbon is great for finding everything you might ever want to do in a spreadsheet, particularly things you don’t do frequently, like managing and querying data connections or automatically grabbing geographic statistics from the internet and inserting them into cells.

But if you’re looking to do things fast, you’ll find keyboard shortcuts far more useful. Why bother to lift your hands from the keyboard if you want to open or close a file, apply formatting to cells, navigate through workbooks, undo and redo actions, calculate all worksheets in all open workbooks, and more? With keyboard shortcuts you won’t have to.

There are keyboard shortcuts to accomplish a vast array of tasks in the Excel desktop client, in both the Windows and Mac versions. (Fewer shortcuts are available for the Mac, but you can create your own custom keyboard shortcuts if you like.)

We’ve listed the shortcuts we’ve found the most useful below. Most work whether you’re using a subscription (Microsoft 365/Office 365) or non-subscription version of Excel. For even more shortcuts, see Microsoft’s Office site.

Useful Excel keyboard shortcuts

Note: On Macs, the ⌘ key is the same as the Command or Cmd key. Also note that with many Mac keyboards, you must press the Fn key in addition to a function key.

General shortcuts ActionWindows key combinationMac key combinationCreate a new workbookCtrl-N⌘-NOpen a workbookCtrl-O⌘-OSave a workbookCtrl-S⌘-SClose a workbookCtrl-W⌘-WPrint a workbookCtrl-P⌘-PInsert a new worksheet (tab)Alt-Shift-F1Shift-Fn-F11Display the Find dialog boxCtrl-FControl-FDisplay the Go To dialog boxF5Fn-F5Undo the last actionCtrl-Z⌘-Z or Control-ZRedo the last actionCtrl-Y⌘-Y or Control-YInsert or edit a cell commentShift-F2⌘-Shift-Fn-F2Select all cells that contain commentsCtrl-Shift-O Spell-check the active worksheet or selected rangeF7Fn-F7 Worksheet navigation ActionWindows key combinationMac key combinationMove one screen up / downPgUp / PgDnPage Up / Page Down or
Fn-up arrow / Fn-down arrowMove one screen to the left / rightAlt-PgUp / Alt-PgDnOption-Page Up /
Option-Page Down or
Fn-Option-up arrow /
Fn-Option-down arrowMove one worksheet tab to the left / rightCtrl-PgUp / Ctrl-PgDnControl-Page Down /
Control-Page Up or
Option-right arrow
/ Option-Left arrowMove one cell up / downup arrow / down arrowup arrow / down arrowMove to the next cell to the rightTabright arrowMove to the cell to the leftShift-Tableft arrowMove to the beginning of a rowHomeHome or Fn-left arrowMove to the beginning of a worksheetCtrl-HomeControl-Home or
Control-Fn-Left arrowMove to the last cell that has content in itCtrl-EndControl-End or
Control-Fn-right arrowMove to the word to the left while in a cellCtrl-left arrow⌘-left arrowMove to the word to the right while in a cellCtrl-right arrow⌘-right arrowDisplay the Go To dialog boxCtrl-G or F5Ctrl-G or Fn-F5Switch between the worksheet, the Ribbon,
the task pane, and Zoom controlsF6Fn-F6If more than one worksheet is open,
switch to the next oneCtrl-F6⌘-~ Working with data ActionWindows key combinationMac key combinationSelect a rowShift-SpacebarShift-SpacebarSelect a columnCtrl-SpacebarControl-SpacebarSelect an entire worksheetCtrl-A or
Ctrl-Shift-Spacebar⌘-AExtend selection by a single cellShift-arrow keyShift-arrow keyExtend selection down / up one screenShift-PgDn / Shift-PgUpShift-PgDn /
Shift-PgUp or
Shift-Fn-down arrow /
Shift-Fn-up arrowExtend selection to the beginning of a rowShift-HomeShift-Home or
Shift-Fn-left arrowExtend selection to the beginning of the
worksheetCtrl-Shift-HomeControl-Shift-Home or
Control-Shift-Fn-left arrowHide selected rowsCtrl-9⌘-9 or Control-9Unhide hidden rows in a selectionCtrl-Shift-(⌘-Shift-( or Control-Shift-(Hide selected columnsCtrl-0⌘-0 or Control-0Unhide hidden columns in a selectionCtrl-Shift-)⌘-Shift-) or Control-Shift-)Copy cell’s contents to the clipboardCtrl-C⌘-C or Control-CCopy and delete cell’s contentsCtrl-X⌘-X or Control-XPaste from the clipboard into a cellCtrl-V⌘-V or Control-VDisplay the Paste Special dialog boxCtrl-Alt-V⌘-Option-V or
Control-Option-VFinish entering data in a cell and
move to the next cell down / upEnter / Shift-EnterEnter / Shift-EnterCancel your entry in a cellEscEscUse Flash Fill to fill the current column based on adjacent columnsCtrl-EControl-EInsert the current dateCtrl-;Control-;Insert the current timeCtrl-Shift-;⌘-;Display the Create Table dialog boxCtrl-T or Ctrl-LControl-TWhen in the formula bar, move
the cursor to the end of the textCtrl-End⌘-End or
⌘-Fn-right arrowWhen in the formula bar, select all
text from the cursor to the endCtrl-Shift-End⌘-Shift-End or
⌘-Shift-Fn-right arrowDisplay Quick Analysis options
for selected cells that contain dataCtrl-Q Create, run, edit, or delete a macroAlt-F8Option-Fn-F8 Formatting cells and data ActionWindows key combinationMac key combinationDisplay the Format Cells dialog boxCtrl-1⌘-1 or Control-1Display the Style dialog box (Windows) /
Modify Cell Style dialog box (Mac)Alt-‘Option-‘Apply a border to a cell or selectionCtrl-Shift-&⌘-Option-0Remove a border from a cell or selectionCtrl-Shift-_ (underscore)⌘-Option– (hyphen)Apply the Currency format with
two decimal placesCtrl-Shift-$Control-Shift-$Apply the Number formatCtrl-Shift-~Control-Shift-~Apply the Percentage format with
no decimal placesCtrl-Shift-%Control-Shift-%Apply the Date format using day,
month, and yearCtrl-Shift-#Control-Shift-#Apply the Time format using the
12-hour clockCtrl-Shift-@Control-Shift-@Insert a hyperlinkCtrl-K⌘-K or Control-K Working with formulas and functions ActionWindows key combinationMac key combinationBegin a formula==Insert a functionShift-F3Shift-Fn-F3Insert an AutoSum functionAlt-=⌘-Shift-TAccept / insert function with AutoCompleteTabTab-down arrowCancel an entry in the cell or formula barEscEscEdit active cell, put insertion point at endF2Control-UToggle between displaying formulas
and cell valuesCtrl-`Control-`Cycle formula references among
absolute, relative, and mixedF4⌘-T or Fn-F4Copy and paste the formula
from the cell above into the
current oneCtrl-‘Control-Shift-“Calculate the current worksheetShift-F9Shift-Fn-F9Calculate all worksheets in all
workbooks that are openF9Fn-F9Expand or collapse the formula barCtrl-Shift-UControl-Shift-U Ribbon navigation

Excel for Mac does not have keyboard shortcuts for the Ribbon.

ActionWindows key combinationDisplay Ribbon shortcutsAltGo to the File tabAlt-FGo to the Home tabAlt-HGo to the Insert tabAlt-NGo to the Page Layout tabAlt-PGo to the Formulas tabAlt-MGo to the Data tabAlt-AGo to the Review tabAlt-RGo to the View tabAlt-WPut cursor in the Tell Me or Search boxAlt-QGo to the Chart Design tab when cursor is on a chartAlt-JCGo to the Format tab when cursor is on a chartAlt-JAGo to the Table Design tab when cursor is on a tableAlt-JTGo to the Picture Format tab when cursor is on an imageAlt-JPGo to the Draw tab (if available)Alt-JIGo to the Power Pivot tab (if available)Alt-B Source: Microsoft

Looking for more help with Excel for Windows? If you have an Office subscription, see “Excel for Office 365/Microsoft 365 cheat sheet.” If you have a non-subscription version of Office, see “Excel 2016 and 2019 cheat sheet.” We’ve also got cheat sheets for an array of other Microsoft products, including older versions of Office.

Related:

• Handy Word keyboard shortcuts for Windows and Mac
• Handy PowerPoint keyboard shortcuts for Windows and Mac
• Handy Outlook keyboard shortcuts for Windows and Mac

Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have released a joint advisory about a China-linked cyber espionage group called APT40, warning about its ability to co-opt exploits for newly disclosed security flaws within hours or days of public release. "APT40 has previously targeted organizations in various countries, including

Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the U.K., and the U.S. have released a joint advisory about a China-linked cyber espionage group called APT40, warning about its ability to co-opt exploits for newly disclosed security flaws within hours or days of public release. "APT40 has previously targeted organizations in various countries, including Newsroomhttp://www.blogger.com/profile/[email protected]

Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be an instance of a "complex and persistent" supply chain attack. "This attack stands out due to the high variability across packages," Phylum said in an analysis published last week. "The attacker has cleverly hidden the malware in the seldom-used 'end' function of

Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be an instance of a "complex and persistent" supply chain attack. "This attack stands out due to the high variability across packages," Phylum said in an analysis published last week. "The attacker has cleverly hidden the malware in the seldom-used 'end' function of Newsroomhttp://www.blogger.com/profile/[email protected]

A previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and-control (C2) and data exfiltration. Cybersecurity firm Kaspersky, which discovered the activity in May 2024, said the tradecraft adopted by the threat actor bears similarities with that of CloudWizard, but

A previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and-control (C2) and data exfiltration. Cybersecurity firm Kaspersky, which discovered the activity in May 2024, said the tradecraft adopted by the threat actor bears similarities with that of CloudWizard, but Newsroomhttp://www.blogger.com/profile/[email protected]

In a step that perhaps symbolizes the steady erosion of bridges between nations, Microsoft is ordering its staff in China to abandon Android phones to exclusively use iPhones. 

The ban begins in September, when staff will be required to use iPhones for work — specifically for identity verification when logging into devices. Microsoft wants all its staff to use Microsoft Authenticator and Identity Pass. Microsoft is going to distribute iPhones to employees that currently use Android devices as part of the initiative, a report from investing.com claims.

That’s what I call fragmentation

What makes that decision problematic is that in China there is no Google Play store, which means Android app stores are fragmented, with local Chinese manufacturers offering their own app platforms. Chinese smartphone companies are also building their own operating systems, further fragmenting the mobile landscape there.

This may become a bigger problem in the future as regulators force Apple to support sideloading: “Forced sideloading could open the door to risks like fake apps, malware, and social engineering attacks that have long plagued the Android ecosystem,” Hexnode CEO Apu Pavithran recently warned.

Microsoft’s decision to coalesce around the iPhone echoes and reflects what’s allegedly taking place in China, where a growing number of government agencies and companies are asking staffers to avoid using foreign-owned devices. That’s yet another manifestation of the growing political tension between Washington and Beijing.

Microsoft didn’t get mobile

But beyond the story of political conflict lurks two additional realities. Not only does Microsoft’s decision illustrate the security hazards of a fragmented app store market, it also shows the extent to which the developer has failed to secure a strong foothold in the mobile device market.

Cast your mind back — and it really isn’t so long ago — when the notion that Microsoft would recommend its employees use Apple iPhones would have been unthinkable. Things have changed, perhaps for the better, as the additional security benefits unlocked through multi-platform enterprise deployments is now widely understood.

Political tensions remain

Apple may have cause for concern about Microsoft’s decision, as it sheds light on the delicate dance it is engaged in. Apple has been doing its diplomatic best to maintain cordial relationships in both China and the US. 

All parties benefit in the dance. Both the US and China enjoy the economic benefits the relationship delivers, particularly (at least at present) around employment across the iPhone factories in China and wider iOS ecosystems elsewhere. Apple in China creates lots of wealth that lands in the exchequers of both nations, even as the tech itself enhances productivity.

Apple is, of course, not blind to the growing tension between the two nations. It’s rapidly increasing investments in India and manufacturing hubs elsewhere across the APAC region, evidence of that awareness. But even now the vast majority of its products are made in China. Building a replacement manufacturing ecosystem was always going to take vast amounts of money and time, and it wasn’t merely the pandemic that forced Apple’s operations staff to accelerate investment in manufacturing outside of China.

It’s complicated

One thing Apple doesn’t need is for trading conditions to worsen in what remains its biggest market outside the US. The slow move by China’s government to reject iPhone use at work is potentially as significant a problem to the company as the US government’s poorly considered anti-trust litigation against it. Both sets of decisions are likely to hit Apple’s bottom line, even as the gulf between the two nations continues to grow. 

The race to AI is unlikely to improve things. The US has already taken steps in the form of sanctions to hamper China’s progress in AI development, though the impact seems limited. At the same time, Apple’s decision to introduce its own AI tools first only in the US, and to confirm that the EU will not gain access to them for some time yet, reflects a similar story of disunity as nations vie for tech prominence. 

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

More by Jonny Evans:

• Apple removes VPN apps in Russia; here’s what to do next
• Apple’s Phil Schiller may join OpenAI’s board
• With iOS 18, Apple deepens its connection to India

An analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers of child sexual abuse material (CSAM), indicating how such information could be used to combat serious crimes. "Approximately 3,300 unique users were found with accounts on known CSAM sources," Recorded Future said in a proof-of-concept (PoC) report published last week. "

An analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers of child sexual abuse material (CSAM), indicating how such information could be used to combat serious crimes. "Approximately 3,300 unique users were found with accounts on known CSAM sources," Recorded Future said in a proof-of-concept (PoC) report published last week. "Newsroomhttp://www.blogger.com/profile/[email protected]

An emerging ransomware-as-a-service (RaaS) operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems. Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered Group-IB said. The cybersecurity firm, which infiltrated the ransomware group, noted that its

An emerging ransomware-as-a-service (RaaS) operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems. Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered Group-IB said. The cybersecurity firm, which infiltrated the ransomware group, noted that its Newsroomhttp://www.blogger.com/profile/[email protected]

Events like the recent massive CDK ransomware attack – which shuttered car dealerships across the U.S. in late June 2024 – barely raise public eyebrows anymore.  Yet businesses, and the people that lead them, are justifiably jittery. Every CISO knows that cybersecurity is an increasingly hot topic for executives and board members alike. And when the inevitable CISO/Board briefing rolls

Events like the recent massive CDK ransomware attack – which shuttered car dealerships across the U.S. in late June 2024 – barely raise public eyebrows anymore.  Yet businesses, and the people that lead them, are justifiably jittery. Every CISO knows that cybersecurity is an increasingly hot topic for executives and board members alike. And when the inevitable CISO/Board briefing rolls The Hacker Newshttp://www.blogger.com/profile/[email protected]

As data centers grow to run larger artificial intelligence (AI) models to feed a breakneck adoption rate, the electricity needed to power vast numbers of GPU-filled servers is skyrocketing.

The compute capacity needed to power AI large language models (LLMs) has grown four to five times per year since 2010, and that includes the biggest models released by OpenAI, Meta, and Google DeepMind, according to a study by Epoch AI, a research institute investigating key AI trends.

Epoch AI

AI service providers such as Amazon Web Services, Microsoft, and Google have been on the hunt for power providers to meet the growing electricity demands of their data centers, and that has landed them squarely in front of nuclear power plants. The White House recently announced plans to support the development of new nuclear power plants as part of its initiative to increase carbon-free electricity or green power sources.

AI as energy devourer

The computational power required for sustaining AI’s rise is doubling roughly every 100 days, according to the World Economic Forum (WEF). At that rate, the organization said, it is urgent for the progression of AI to be balanced “with the imperatives of sustainability.”

“The environmental footprint of these advancements often remains overlooked,” the Geneva-based, nongovernmental organization think tank stated. For example, to achieve a tenfold improvement in AI model efficiency, the computational power demand could surge by up to 10,000 times. The energy required to run AI tasks is already accelerating with an annual growth rate between 26% and 36%.

“This means by 2028, AI could be using more power than the entire country of Iceland used in 2021,” the WEF said.

Put simply, “AI is not very green,” said Jack Gold, principal analyst with tech industry research firm J. Gold Associates.

Large language models (LLMs), the algorithmic foundation for AI, train themselves on vast amounts of data scoured from the internet and other sources. It is the process of training AI models (i.e., LLMs) and not the act of chatbots and other AI tools offering users answers based on that data — known as “inference” — that requires the overwhelming majority of compute and electrical power.

And, while LLMs won’t be training themselves 100% of the time, the data centers in which they’re located require that peak power always be available. “If you turn on every light in your house, you don’t want them to dim. That’s the real issue here,” Gold said.

“The bottom line is these things are taking a ton of power. Every time you plug in an Nvidia H100 module or anyone’s GPU for that matter, it’s a kilowatt of power being used. Think about 10,000 of those or 100,000 of those, like Elon Musk wants to deploy,” Gold said.

The hunt for power heats up

As opposed to adding new green energy to meet AI’s power demands, tech companies are seeking power from existing electricity resources. That could raise prices for other customers and hold back emission-cutting goals, according The Wall Street Journal and other sources. 

According to sources cited by the WSJ, the owners of about one-third of US nuclear power plants are in talks with tech companies to provide electricity to new data centers needed to meet the demands of an artificial-intelligence boom.

For example, Amazon Web Services is expected to close on a deal with Constellation Energy to directly supply the cloud giant with electricity from nuclear power plants. An Amazon subsidiary also spend $650 million to purchase a nuclear-powered data center from Talen Energy in Pennsylvania, and it plans build 15 new data centers on its campus that will feed off that power, according to Pennsylvania-based The Citizen’s Voice.

One glaring problem with bringing new power online is that nuclear power plants can take a decade or more to build, Gold said.

“The power companies are having a real problem meeting the demands now,” Gold said. “To build new plants, you’ve got to go through all kinds of hoops. That’s why there’s a power plant shortage now in the country. When we get a really hot day in this country, you see brownouts.”

The available energy could go to the highest bidder. Ironically, though, the bill for that power will be borne by AI users, not its creators and providers. “Yeah, [AWS] is paying a billion dollars a year in electrical bills, but their customers are paying them $2 billion a year. That’s how commerce works,” Gold said.

“Interestingly enough, Bill Gates has an investment in a smallish nuclear power company that wants to build next-generation power plants. They want to build new plants, so it’s like a mini-Westinghouse,” Gold said. “He may be onto something, because if we keep building all these AI data centers, we’re going to need that power.”

“What we really need to do is find green AI, and that’s going to be tough,” Gold added.

Amazon said it has firmly set its sights on renewable energy for its future and set a goal to reach net-zero carbon emissions by 2040, ten years ahead of the Paris Agreement. The company, which is the world’s largest purchaser of renewable energy, hopes to match all of the electricity consumed by its operations with 100% renewable energy by 2025. It’s already reached 90%, according to a spokesperson.

“We’re also exploring new innovations and technologies and investing in other sources of clean, carbon-free energy. Our agreement with Talen Energy for carbon-free energy is one project in that effort,” the Amazon spokesperson said in an email response to Computerworld. “We know that new technology like generative AI will require a lot of compute power and energy capacity both for us and our customers — so while we’ll continue to invest in renewable energy, we’ll also explore and invest in other carbon-free energy sources to balance, including nuclear.

“There isn’t a one-size-fits-all solution when it comes to transitioning to carbon-free energy, and we believe that all viable and scalable options should be considered,” the spokesperson said.

AI as infrastructure planner

The US Department of Energy (DOE) is researching potential problems that may result from growing data center energy demands and how they may pose risks to the security and resilience of the electric grid. The agency is also employing AI to analyze and help maintain power grid stability.

The DOE’s recently released AI for Energy Report recognized that “AI itself may lead to significant load growth that adds burden to the grid.” At the same time, a DOE spokesperson said, “AI has the potential to reduce the cost to design, license, deploy, operate, and maintain energy infrastructure by hundreds of billions of dollars.”

AI-powered tools can substantially reduce the time required to consolidate and organize the DOE’s disparate information sources and optimize their data structure for use with AI models.

The DOE’s Argonne Lab has initiated a three-year pilot project with multiple work streams to assess using foundation models and other AI to improve siting, permitting, and environmental review processes, and help improve the consistency of reviews across agencies.

“We’re using AI to help support efficient generation and grid planning, and we’re using AI to help understand permitting bottlenecks for energy infrastructure,” the spokesperson said.

The future of AI is smaller, not bigger

Even as LLMs run in massive and expanding data centers run by the likes of Amazon, IBM, Google, and others are requiring more power, there’s a shift taking place that will likely play a key role in reducing future power needs.

Smaller, more industry- or business-focused algorithmic models can often provide better results tailored to business needs.

Organizations plan to invest 10% to 15% more on AI initiatives over the next year and a half compared to calendar year 2022, according to an IDC survey of more than 2,000 IT and line-of-business decision makers. Sixty-six percent of enterprises worldwide said they would be investing in genAI over the next 18 months, according to IDC research. Among organizations indicating that genAI will see increased IT spending in 2024, internal infrastructure will account for 46% of the total spend. The problem: a key piece of hardware needed to build out that AI infrastructure — the processors — is in short supply.

LLMs with hundreds of billions or even a trillion parameters are devouring compute cycles faster than the chips they require can be manufactured or upscaled; that can strain server capacity and lead to an unrealistically long time to train models for a particular business use.

Nvidia, the leading GPU maker, has been supplying the lion’s share of the processors for the AI industry. Nvidia rivals such as Intel and AMD have announced plans produce new processors to meet AI demands.

“Sooner or later, scaling of GPU chips will fail to keep up with increases in model size,” said Avivah Litan, a vice president distinguished analyst with Gartner Research. “So, continuing to make models bigger and bigger is not a viable option.”

Additionally, the more amorphous data LLMs ingest, the greater the possibility of bad and inaccurate outputs. GenAI tools are basically next-word predictors, meaning flawed information fed into them can yield flawed results. (LLMs have already made some high-profile mistakes and can produce “hallucinations” where the next-word generation engines go off the rails and produce bizarre responses.)

The solution is likely that LLMs will shrink down and use proprietary information from organizations that want to take advantage of AI’s ability to automate tasks and analyze big data sets to produce valuable insights.

David Crane, undersecretary for infrastructure at the US Department of Energy’s Office of Clean Energy, said he’s “very bullish” on emerging designs for so-called small modular reactors, according to Bloomberg.

“In the future, a lot more AI is going to run on edge devices anyways, because they’re all going to be inference based, and so within two to three years that’ll be 80% to 85% of the workloads,” Gold said. “So, that becomes a more manageable problem.”

This article was updated with a response from Amazon.

Financial institutions in Latin America are being threatened by a banking trojan called Mekotio (aka Melcoz). That's according to findings from Trend Micro, which said it recently observed a surge in cyber attacks distributing the Windows malware. Mekotio, known to be actively put to use since 2015, is known to target Latin American countries like Brazil, Chile, Mexico, Spain, Peru, and Portugal

Financial institutions in Latin America are being threatened by a banking trojan called Mekotio (aka Melcoz). That's according to findings from Trend Micro, which said it recently observed a surge in cyber attacks distributing the Windows malware. Mekotio, known to be actively put to use since 2015, is known to target Latin American countries like Brazil, Chile, Mexico, Spain, Peru, and PortugalNewsroomhttp://www.blogger.com/profile/[email protected]

In May 2024, we discovered a new advanced persistent threat (APT) targeting Russian government entities that we dubbed CloudSorcerer. It’s a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud infrastructure. The malware leverages cloud resources as its command and control (C2) servers, accessing them through APIs using authentication tokens. Additionally, CloudSorcerer uses GitHub as its initial C2 server.

CloudSorcerer’s modus operandi is reminiscent of the CloudWizard APT that we reported on in 2023. However, the malware code is completely different. We presume that CloudSorcerer is a new actor that has adopted a similar method of interacting with public cloud services.

Our findings in a nutshell:

• CloudSorcerer APT uses public cloud services as its main C2s
• The malware interacts with the C2 using special commands and decodes them using a hardcoded charcode table.
• The actor uses Microsoft COM object interfaces to perform malicious operations.
• CloudSorcerer acts as separate modules (communication module, data collection module) depending on which process it’s running, but executes from a single executable.

Technical details Initial start up MD5 f701fc79578a12513c369d4e36c57224 SHA1 f1a93d185d7cd060e63d16c50e51f4921dd43723 SHA256 e4b2d8890f0e7259ee29c7ac98a3e9a5ae71327aaac658f84072770cf8ef02de Link time N/A Compiler N/A File type Windows x64 executable File size 172kb File name N/A

The malware is executed manually by the attacker on an already infected machine. It is initially a single Portable Executable (PE) binary written in C. Its functionality varies depending on the process in which it is executed. Upon execution, the malware calls the GetModuleFileNameA function to determine the name of the process it is running in. It then compares this process name with a set of hardcoded strings: browser, mspaint.exe, and msiexec.exe. Depending on the detected process name, the malware activates different functions:

• If the process name is mspaint.exe, CloudSorcerer functions as a backdoor module, and performs activities such as data collection and code execution.
• If the process name is msiexec.exe, the CloudSorcerer malware initiates its C2 communication module.
• Lastly, if the process name contains the string “browser” or does not match any of the specified names, the malware attempts to inject shellcode into either the msiexec.exe, mspaint.exe, or explorer.exe processes before terminating the initial process.

The shellcode used by CloudSorcerer for initial process migration shows fairly standard functionality:

• Parse Process Environment Block (PEB) to identify offsets to required Windows core DLLs;
• Identify required Windows APIs by hashes using ROR14 algorithm;
• Map CloudSorcerer code into the memory of one of the targeted processes and run it in a separate thread.

All data exchange between modules is organized through Windows pipes, a mechanism for inter-process communication (IPC) that allows data to be transferred between processes.

CloudSorcerer backdoor module

The backdoor module begins by collecting various system information about the victim machine, running in a separate thread. The malware collects:

• Computer name;
• User name;
• Windows subversion information;
• System uptime.

All the collected data is stored in a specially created structure. Once the information gathering is complete, the data is written to the named pipe \\.\PIPE\[1428] connected to the C2 module process. It is important to note that all data exchange is organized using well-defined structures with different purposes, such as backdoor command structures and information gathering structures.

Next, the malware attempts to read data from the pipe \\.\PIPE\[1428]. If successful, it parses the incoming data into the COMMAND structure and reads a single byte from it, which represents a COMMAND_ID.

Main backdoor functionality

Depending on the COMMAND_ID, the malware executes one of the following actions:

• 0x1 – Collect information about hard drives in the system, including logical drive names, capacity, and free space.
• 0x2 – Collect information about files and folders, such as name, size, and type.
• 0x3 – Execute shell commands using the ShellExecuteExW API.
• 0x4 – Copy, move, rename, or delete files.
• 0x5 – Read data from any file.
• 0x6 – Create and write data to any file.
• 0x8 – Receive a shellcode from the pipe and inject it into any process by allocating memory and creating a new thread in a remote process.
• 0x9 – Receive a PE file, create a section and map it into the remote process.
• 0x7 – Run additional advanced functionality.

When the malware receives a 0x7 COMMAND_ID, it runs one of the additional tasks described below:

Command ID Operation Description 0x2307 Create process Creates any process using COM interfaces, used for running downloaded binaries. 0x2407 Create process as dedicated user Creates any process under dedicated username. 0x2507 Create process with pipe Creates any process with support of inter-process communication to exchange data with the created process. 0x3007 Clear DNS cache Clears the DNS cache. 0x2207 Delete task Deletes any Windows task using COM object interfaces. 0x1E07 Open service Opens a Windows service and reads its status. 0x1F07 Create new task Creates a new Windows task and sets up a trigger for execution using COM objects. 0x2007 Get tasks Gets the list of all the Windows tasks using COM object interface. 0x2107 Stop task Stops any task using COM object interface. 0x1D07 Get services Gets the list of all Windows services. 0x1907 Delete value from reg Deletes any value from any Windows registry key selected by the actor. 0x1A07 Create service Creates a new Windows service. 0x1B07 Change service Modifies any Windows service configuration. 0x1807 Delete reg key Deletes any Windows registry key. 0x1407 Get TCP/UDP update table Gets information from Windows TCP/UDP update table. 0x1507 Collect processes Collects all running processes. 0x1607 Set reg key value Modifies any Windows registry key. 0x1707 Enumerate reg key Enumerates Windows registry keys. 0x1307 Enumerate shares Enumerates Windows net shares. 0x1007 Set net user info Sets information about a user account on a Windows network using NetUserSetInfo. It allows administrators to modify user account properties on a local or remote machine. 0x1107 Get net members Gets a member of the local network group. 0x1207 Add member Adds a user to the local network group. 0xE07 Get net user info Collects information about a network user. 0xB07 Enumerate net users Enumerates network users. 0xC07 Add net user Adds a new network user. 0xD07 Delete user Deletes a network user. 0x907 Cancel connection Cancels an existing network connection. This function allows for the disconnection of network resources, such as shared directories. 0x507 File operations Copies, moves, or deletes any file. 0x607 Get net info Collects information about the network and interfaces. 0x707 Enumerate connections Enumerates all network connections. 0x807 Map network Maps remote network drive. 0x407 Read file Reads any file as text strings. 0x107 Enumerate RDP Enumerates all RDP sessions. 0x207 Run WMI Runs any WMI query using COM object interfaces. 0x307 Get files Creates list of files and folders.

All the collected information or results of performed tasks are added to a specially created structure and sent to the C2 module process via a named pipe.

C2 module

The C2 module starts by creating a new Windows pipe named \\.\PIPE\[1428]. Next, it configures the connection to the initial C2 server by providing the necessary arguments to a sequence of Windows API functions responsible for internet connections:

• InternetCrackUrlA;
• InternetSetOptionA;
• InternetOpenA;
• InternetConnectA;
• HttpOpenRequestA;
• HttpSendRequestA

The malware sets the request type (“GET”), configures proxy information, sets up hardcoded headers, and provides the C2 URL.

Setting up internet connection

The malware then connects to the initial C2 server, which is a GitHub page located at https://github[.]com/alinaegorovaMygit. The malware reads the entire web page into a memory buffer using the InternetReadFile call.

The GitHub repository contains forks of three public projects that have not been modified or updated. Their purpose is merely to make the GitHub page appear legitimate and active. However, the author section of the GitHub page displays an interesting string:

Hex string in the author section

We found data that looks like a hex string that starts and ends with the same byte pattern – “CDOY”. After the malware downloads the entire GitHub HTML page, it begins parsing it, searching specifically for the character sequence “CDOY”. When it finds it, it copies all the characters up to the second delimiter “CDOY” and then stores them in a memory buffer. Next, the malware parses these characters, converting them from string values to hex values. It then decodes the string using a hardcoded charcode substitution table – each byte from the parsed string acts as an index in the charcode table, pointing to a substitutable byte, thus forming a new hex byte array.

Decoding algorithm

Charcode table

Alternatively, instead of connecting to GitHub, CloudSorcerer also tries to get the same data from hxxps://my.mail[.]ru/, which is a Russian cloud-based photo hosting server. The name of the photo album contains the same hex string.

The first decoded byte of the hex string is a magic number that tells the malware which cloud service to use. For example, if the byte is “1”, the malware uses Microsoft Graph cloud; if it is “0”, the malware uses Yandex cloud. The subsequent bytes form a string of a bearer token that is used for authentication with the cloud’s API.

Depending on the magic number, the malware creates a structure and sets an offset to a virtual function table that contains a subset of functions to interact with the selected cloud service.

Different virtual tables for Yandex and Microsoft

Next, the malware connects to the cloud API by:

• Setting up the initial connection using InternetOpenA and InternetConnectA;
• Setting up all the required headers and the authorization token received from the GitHub page;
• Configuring the API paths in the request;
• Sending the request using HttpSendRequestExA and checking for response errors;
• Reading data from the cloud using InternetReadFile.

The malware then creates two separate threads – one responsible for receiving data from the Windows pipe and another responsible for sending data to it. These threads facilitate asynchronous data exchange between the C2 and backdoor modules.

Finally, the C2 module interacts with the cloud services by reading data, receiving encoded commands, decoding them using the character code table, and sending them via the named pipe to the backdoor module. Conversely, it receives the command execution results or exfiltrated data from the backdoor module and writes them to the cloud.

Infrastructure GitHub page

The GitHub page was created on May 7, 2024, and two repositories were forked into it on the same day. On May 13, 2024, another repository was forked, and no further interactions with GitHub occurred. The forked repositories were left untouched. The name of the C2 repository, “Alina Egorova,” is a common Russian female name; however, the photo on the GitHub page is of a male and was copied from a public photo bank.

Mail.ru photo hosting

This page contains the same encoded string as the GitHub page. There is no information about when the album was created and published. The photo of the owner is the same as the picture from the photo bank.

Cloud infrastructure Service Main URL Initial path Yandex Cloud cloud-api.yandex.net /v1/disk/resources?path=
/v1/disk/resources/download?path=
/v1/disk/resources/upload?path= Microsoft Graph graph.microsoft.com /v1.0/me/drive/root:/Mg/%s/%s:/content Dropbox content.dropboxapi.com /2/files/download
/2/files/upload Attribution

The use of cloud services is not new, and we reported an example of this in our overview of the CloudWizard APT (a campaign in the Ukrainian conflict with ties to Operation Groundbait and CommonMagic). However, the likelihood of attributing CloudSorcerer to the same actor is low, as the code and overall functionality of the malware are different. We therefore assume at this point that CloudSorcerer is a new actor that has adopted the technique of interacting with public cloud services.

Victims

Government organizations in the Russian Federation.

Conclusions

The CloudSorcerer malware represents a sophisticated toolset targeting Russian government entities. Its use of cloud services such as Microsoft Graph, Yandex Cloud, and Dropbox for C2 infrastructure, along with GitHub for initial C2 communications, demonstrates a well-planned approach to cyberespionage. The malware’s ability to dynamically adapt its behavior based on the process it is running in, coupled with its use of complex inter-process communication through Windows pipes, further highlights its sophistication.

While there are similarities in modus operandi to the previously reported CloudWizard APT, the significant differences in code and functionality suggest that CloudSorcerer is likely a new actor, possibly inspired by previous techniques but developing its own unique tools.

Indicators of Compromise

File Hashes (malicious documents, Trojans, emails, decoys)

F701fc79578a12513c369d4e36c57224 CloudSorcerer

Domains and IPs

hxxps://github[.]com/alinaegorovaMygit CloudSorcerer C2 hxxps://my.mail[.]ru/yandex.ru/alinaegorova2154/photo/1 CloudSorcerer C2

Yara Rules
rule apt_cloudsorcerer { meta: description = "Detects CloudSorcerer" author = "Kaspersky" copyright = "Kaspersky" distribution = "DISTRIBUTION IS FORBIDDEN. DO NOT UPLOAD TO ANY MULTISCANNER OR SHARE ON ANY THREAT INTEL PLATFORM" version = "1.0" last_modified = "2024-06-06" hash = "F701fc79578a12513c369d4e36c57224" strings: $str1 = "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" $str2 = "c:\\windows\\system32\\mspaint.exe" $str3 = "C:\\Windows\\system32\\msiexec.exe" $str4 = "\\\\.\\PIPE\\" condition: uint16(0) == 0x5A4D and all of ($str*) } MITRE ATT&CK Mapping Tactic Technique Technique Name Execution T1059.009 Command and Scripting Interpreter: Cloud API T1559 Inter-Process Communication T1053 Scheduled Task/Job T1047 Windows Management Instrumentation Persistence T1543 Create or Modify System Process T1053 Scheduled Task/Job Defense Evasion T1140 Deobfuscate/Decode Files or Information T1112 Modify Registry Discovery T1083 File and Directory Discovery T1046 Network Service Discovery T1057 Process Discovery T1012 Query Registry T1082 System Information Discovery Collection T1005 Data from Local System Command and Control T1102 Web Service T1568 Dynamic Resolution Exfiltration T1567 Exfiltration Over Web Service T1537 Transfer Data to Cloud Account