Cybercriminals are experimenting with a new method of delivering the dangerous payload and employing specially prepared phishing emails to infect users with malware.

According to a study by Proofpoint, digital OneNote notebooks (denoted by “.one” extensions) are increasingly being used by cyber-attackers to spread malware. OneNote is included in the Microsoft 365 office software bundle and a widely used piece of software.

OneNote documents are rarely misused in this manner, according to cybersecurity professionals, and there is only one clear reason attackers are experimenting with them: they can more readily avoid threat detection than other attachments. And it seems to be effective.

According to statistics from open-source malware repositories, initially observed attachments were not identified as dangerous by several anti-virus engines. As a result, it is likely that the original campaigns had a high success rate if the email was not stopped, according to Proofpoint.

Proofpoint expanded on the study findings by saying, ”Since Microsoft began blocking macros by default in 2022, threat actors have experimented with many new tactics, techniques, and procedures, including use of previously infrequently observed file types such as virtual hard disk (VHD), compiled HTML (CHM), and now OneNote (.one)."

The phishing emails are attempting to deliver one of several malware payloads, including AsyncRAT, Redline, AgentTesla, and DOUBLEBACK, all of which are designed to steal sensitive information from victims, including usernames and passwords. The phishing emails were first sent in December 2022, with the number significantly increasing in January 2023.

Researchers from Proofpoint also report that a cybercriminal organization they track by the name of TA577has used OneNote in campaigns to distribute Qbot. TA577 operates as an initial access broker, selling stolen usernames and passwords to other cybercriminals, including ransomware gangs, as opposed to stealing data for its own use.

There have been over 60 of these campaigns found so far, and they all have the same traits. Emails and file attachments are connected to topics like invoicing, remittances, shipping, and seasonal themes, such as details on a Christmas bonus, among others.

For instance, attachment names in a phishing letter addressed to targets in the manufacturing and industrial sectors included references to machine parts and specifications, showing that the lure had undergone extensive investigation.

Other OneNote efforts target thousands of potential victims all at once and are a little broader. One of these efforts used fake invoices to target the education industry, while another was more broadly disseminated and promised a Christmas bonus or present to thousands of unsuspecting victims.

The victim must open the email, open the OneNote attachment, and click on any harmful links for the phishing scam to succeed in each instance. OneNote does include a warning message regarding dangerous URLs, but users who have received an email that has been specially tailored to appeal to them or who believe they may be receiving a bonus may attempt to ignore this warning.

Researchers caution that additional cyber-threat groups will probably use this strategy successfully to distribute phishing and malware campaigns because it is expected that these efforts will succeed frequently if the emails are not stopped.
​
"Proofpoint has increasingly observed OneNote attachments being used to deliver malware. Based on our research, we believe multiple threat actors are using OneNote attachments to bypass threat detections," said researchers, who warn that this is "concerning" because, as demonstrated by TA577, this tactic can become an initial entry point for distributing ransomware, which could cripple a whole organization and its networks.
"This is a phishing technique that convinces a victim to open a document with an embedded malicious attachment and then bypass a security prompt to run the attachment. We encourage customers to practice good computing habits online, including exercising caution when clicking on links to webpages or opening unknown files," a Microsoft spokesperson said.

Last Tuesday, Microsoft held a press briefing to announce two new web-based software upgrades. The same AI technology that powers the chatbot ChatGPT has been updated and included in the latest edition of Microsoft's Bing search engine. A fresh experience for exploring the web and getting information online is promised by the firm as it introduces the product alongside new AI-enhanced features for its Edge browser.

“It’s a new day in search,” said Microsoft CEO Satya Nadella at an event announcing the products. The paradigm for web search, according to Nadella, hasn't changed in decades, but AI can offer information more swiftly and fluidly than conventional techniques.

“The race starts today, and we’re going to move and move fast,” Nadella said. “Most importantly, we want to have a lot of fun innovating again in search, because it’s high time.”

Today, the company showed how "the new Bing" operated in a variety of settings. One of settings allows users to interact directly with the Bing chatbot by asking it questions in a chat interface like ChatGPT, while another mode displays conventional search results alongside AI annotations.

Microsoft demonstrated several sample searches, including looking for travel advice, recipes, and Ikea furnishings. Bing was instructed to "prepare an itinerary for each day of a 5-day trip to Mexico City" in one demonstration. The chatbot provided a complete response, including a general itinerary and providing links to more resources.

The new Bing, unlike ChatGPT, which is limited to information up to the end of 2021, can also find news about recent occurrences. In the demonstrations, the search engine could even respond to inquiries regarding its own launch by identifying news articles that had been posted within the previous hour.

Microsoft says these features are all powered by an upgraded version of GPT 3.5, the AI OpenAI language model that powers ChatGPT. Microsoft calls this the “Prometheus Model,” and says it’s more powerful than GPT 3.5, and better able to answer search queries with up-to-date information and annotated answers.

The new Bing is live today “for desktop limited preview,” but it appears users can only “ask” one of several preset queries and receive the same results each time. There is also a waitlist to sign up for full access in the future.

Microsoft is also introducing "chat" and "compose," two new AI-enhanced services for its Edge browser. They'll be integrated into Edge's sidebar.

While "compose" serves as a writing helper, helping to generate text, from emails to social media postings, depending on a few initial cues, "chat" enables users to summarize the webpage or document they're viewing and ask questions about its contents.

The launch of the new Bing coincides with a flurry of AI activity from rival Google and Microsoft. The popularity of AI text production has skyrocketed since ChatGPT went live on the internet last November. Microsoft is looking to capitalize on this enthusiasm and has already disclosed how this technology would be incorporated across its suite of office applications. Microsoft has a strong partnership with OpenAI, the company that created ChatGPT.

Google, on the other hand, was unprepared for what some consider to be a fundamental shift in how users find information online. The introduction of ChatGPT is said to have set off a "code red" within the search engine behemoth, with founders Larry Page and Sergey Brin—who had been absent—being called in to help deal with what would pose a danger to the company's main source of income.

In an effort to beat Microsoft's launch, Google released on Monday, Bard, its own ChatGPT. The program was referred to as an "experimental conversational AI service" by CEO Sundar Pichai, who said that it was still being evaluated by a few users and will only be made available to a wider audience in the upcoming weeks. We’ll have more on where these technologies are headed in next week’s issue of the newsletter.

One pitfall to using this level of AI is that it will make mistakes and present the misinformation as though it were fact. Microsoft is well aware of this problem and had a warning placed in Bing’s user interface: “Let's study together. AI powers Bing, thus unexpected outcomes and errors are conceivable. Verify the information and provide feedback so we can grow and learn.”
​
Finally, there will be other difficulties that haven’t been addressed yet. The income stream that keeps many websites afloat is removed if AI tools like the new Bing collect material from the web without people clicking through to the source. The effectiveness of this new search paradigm will depend on maintaining some of the previous agreements.

Making data-driven decisions is becoming more and more understood by companies in every industry as a requirement for competing today, in the next five years, in the next twenty, and beyond. According to current market research, the worldwide artificial intelligence (AI) market will "increase at a compound annual growth rate (CAGR) of 39.4% to reach $422.37 billion by 2028," driven by the exponential expansion of unstructured data in particular. The era of data overload and AI has arrived, and there is no turning back.
This reality implies that AI can truly sift and handle the deluge of data–not just for big giants like Alphabet, Microsoft, and Meta with their massive R&D departments and tailored AI tools, but for the typical corporation and even some small and medium-sized businesses.

Well-designed AI-based systems quickly filter through enormously vast datasets to produce fresh insights, which fuel fresh sources of income, adding significant value to enterprises. But without the new kid on the block, vector databases, none of the data expansion really becomes operationalized and democratized. Vector DBs represent a paradigm shift in database management and a new category for using the exponential amounts of unstructured data that are currently untapped in object stores. In particular, vector databases provide a mind-numbing new degree of search capacity for unstructured data, but they can also handle semi-structured and even structured data.

Vectors and Search. Unstructured data, which can't be simply sorted into row and column relationships, rarely matches the relational database paradigm. Examples include photos, video, audio, and user actions. Unstructured data management methods that are incredibly time-consuming and unreliable frequently include manually labelling the data (think labels and keywords on video platforms).

The real problem is that human methods make it very hard to perform a semantic search that comprehends the context and meaning of a picture or other unstructured piece of data, in addition to a search query.
Enter embedding vectors, often known as feature vectors, vector embeddings, or just embeddings. They are numerical values, or sort of coordinates, that represent unstructured data features or objects, such as a part of a picture, a section of a person's purchasing history, a few frames from a video, geospatial information, or anything else that doesn't neatly fit into a relational database table. These embeddings enable scalable, snappy “similarity search.”

Quality Data and Insights. An AI model, or more precisely, a machine learning (ML) or deep learning model, trained on very large amounts of high-quality input data, produces embeddings as a computational byproduct. A model is the computational result of an ML algorithm (method or procedure) conducted on data, to further draw crucial distinctions. Sophisticated, widely used algorithms include STEGO for computer vision, CNN for image processing and Google’s BERT for natural language processing. The resulting models turn each single piece of unstructured data into a list of floating-point values—our search-enabling embedding.

Therefore, a neural network model that has been properly trained will produce embeddings that are consistent with particular content and may apply to a semantic similarity search. A vector database, specifically designed to manage embeddings and their unique structure, is the instrument to store, index, and search through these embeddings.

The fact that developers from everywhere may now incorporate a vector database into AI systems, with its production-ready features and lightning-fast unstructured data search, is crucial in the industry.
​
Organizationally, a crucial component of standardizing the usage of vector databases is assisting business teams and their leadership in understanding why and how they can benefit. The concept of vector search has been around for quite a while, but only on a very small scale. Many businesses aren't really accustomed to having access to the kind of data mining and search capabilities that contemporary vector databases provide. Teams sometimes struggle with knowing where to begin. Therefore, their creators continue to place a high focus on spreading the word about how they operate and why they are valuable.

Employees and managers alike continue to debate the pros and cons of working remotely. Many workers desire to keep their flexible schedules, lower costs, and improved work-life balance. On the other side, some managers and executives believe that for employees to be fully engaged in their work, they must be present in the workplace.

A Harvard Business Review (HBR) article claims that reducing employees' sense of alienation from their coworkers and the corporate culture is a compelling justification for getting them back to the office. Studies have shown that remote workers are more inclined to leave their jobs when they feel alienated and separated.

These emotions of loneliness can be lessened by encouraging employees to socialize and assigning them a talking companion. For remote and hybrid workers who live in the same city, employers can arrange gatherings to lessen their sense of loneliness.

Many firms argue that returning to the workplace is necessary to boost worker productivity, since people are less productive at home than they are at work.

But the HBR analysis shows just the opposite. Following the COVID-19 lockdowns in April through mid-May 2020, researchers collected metadata from all Zoom, Microsoft Teams, and WebEx meetings (with webcams on or off) from ten sizable international organizations. They then compared this set of six weeks in 2021 and 2022 with the same set of six weeks in 2020.

The study concluded that, while remote work doesn't reduce productivity; it does alter how both employees and employers define productivity. The habits of remote employees changed in 2022 as compared to 2020, when it was novel.

The survey found virtual meetings are more common today. They’re more spontaneous, condensed, and with fewer people. We can assume that as remote working became more ubiquitous, people realized that sometimes it's unnecessary to have a 30-minute to an hour-long meeting.

The HBR study found that meetings were 10 minutes shorter in 2022 than they were in 2020, and 66% of one-on-one meetings were unscheduled. In contrast to the strict timetables organizations followed prior to the epidemic, these statistics can be attributed to managers and employees arranging meetings on an as-needed basis.

Another interesting fact from the research found that meeting attendance decreased by 50%, from an average of 20 participants to 10. According to HBR, this decline was brought on by a rise in one-on-one meetings in 2022, when 42% of meetings were one-on-ones, up from 17% in 2020.

The goal of the HBR study was to refute the claim that remote workers are not interacting with their coworkers. Unplanned one-on-one meetings, according to the report, may take the place of the face-to-face interactions that employees once had at work.
​
Although the ways that we work now are different and might change more over time, it's clear that people are still working. Bottom line: Does it really matter where employees are working as long as they finish their tasks on time and meet their targets?

We’ve covered the four-day workweek in several issues: In the pre-pandemic issue 6-10, we made the case that a four-day workweek could be the norm by 2050. In issue 9-05, the cover article also said the four-day workweek may be coming and potentially much sooner than 2050 because of the pandemic. Neither of these articles, however, looked at the positive impact a four-day workweek could have on the planet and our ecosystem.

When the pandemic hit, the world as we knew it changed dramatically with everyone at home, transportation infrastructure stopped and heavy industrial production drastically curtailed. Emissions from driving, flying and industrial output were dramatically reduced. Air quality in cities around the world showed marked improvement, while global emissions plummeted.

In May 2021, environmental and social justice collective Platform London released a report detailing the ecological impact of a shorter work week. From the earliest days of the pandemic, it was apparent that fewer people commuting translated quickly to reduced pollution, clearer skies, and less congestion on the roads. The impact was global, with Americans reporting less smog in Los Angeles and Europeans famously spotting dolphins in the canals of Venice. While some of this may be exaggerated, the benefits of fewer rush hour commuters are not. Fewer people heading to the office also means a reduction in electricity consumption from fewer lights, air conditioners and elevators running.

Many estimates put the reduction in carbon footprint at around 30% simply by offering one full day off per week. A more modest 10% reduction in hours (roughly three to four hours a week for most full-time workers) still translates to a 14.6% decrease in carbon emissions.

“The one thing we do know from lots of years of data and various papers and so forth is that the countries with short hours of work tend to be the ones with low emissions, and work time reductions tend to be associated with emission reduction,” said Juliet Schor, an economist and sociologist at Boston College who researches work, consumption and climate change.

It’s what you might call a “potential triple-dividend policy, so something that can benefit the economy, society and also the environment,” said Joe O’Connor, chief executive of the nonprofit group 4-Day Week Global. “There are not many policy interventions that are available to us that could potentially have the kind of transformative impact that reduced work time could have.”

Part of the problem is that we can’t forecast what workers will do with that additional day. Many believe, and international studies like those recently done in Iceland prove, that people will eventually gravitate into more eco-friendly activities like hiking, camping and other outdoor activities. But, if people choose to spend their extra time off traveling, particularly if they use planes or automobiles, we may not see any material eco-related benefits.
​
“When we talk about the four-day workweek and the environment, we focus on the tangible, but actually, in a way, the biggest potential benefit here is in the intangible,” O’Connor said. “It’s in the shift away from a focus on hard work to a focus on smart work. It’s the cultural change in how we work and the impact that could have on how we live, and I think that’s the piece that’s really revolutionary.”

Record heat all over the globe is now a potentially bigger threat to ongoing data center operations than cybercrime. In late July, Google Cloud’s data centers in London went offline for a day because of cooling failures. Oracle’s cloud-based data center, also in London, was hit and went offline, causing outages for US clients.

The World Meteorological Organization (WMO) says there’s a 93% change that one year between 2022 and 2026 will be the hottest on record. “For as long as we continue to emit greenhouse gases, temperatures will continue to rise,” says Petteri Taalas, WMO secretary general. “And alongside that, our oceans will continue to become warmer and more acidic, sea ice and glaciers will continue to melt, sea level will continue to rise, and our weather will become more extreme.”

A survey conducted by the Uptime Institute, a digital services standards agency, found that 45% of all US data centers have experienced an extreme weather event that threatened their ability to provide uninterrupted service.

The problem with both US-based and European centers is that their cooling systems were designed for a cooler planet than we have today. Newer data centers are now being constructed with a forecasted weather scenario to better plan for much higher temperatures.

Most data centers don’t operate at full capacity, but recent Cushman & Wakefield research shows that eight data center markets worldwide out of 55 they investigated operate at 95% or higher capacity. These centers are only strained by high temperatures a few days a year and they have been able to adjust loads to compensate for the heat. 

As climate change alters our temperatures permanently, data centers will have to improve their cooling systems so that continuous service can be assured.

“There are a deceptively large number of legacy data center sites built by banks and financial services companies needing to be refreshed and refitted,” says Simon Harris, head of critical infrastructure at data center consultancy Business Critical Solutions. As part of that rethink, Harris advises companies to look at design criteria that can cope with climate change, rather than solely minimizing its effects. “It’ll be bigger chiller machines, machines with bigger condensers, and looking more at machines that use evaporative cooling to achieve the performance criteria needed to ensure that for those days things are still in a good place,” he says.

Companies are trying novel approaches to dealing with the climate issues. Microsoft ran a three-year trial of a data center set 117 feet below the sea offshore of Scotland to insulate it from temperature fluctuations. Other companies are building centers in even more northern climates, but that probably won’t be a viable solution for those organizations who use edge computing and need their centers close to where data is consumed, often in hotter, urban areas.
​
We all have to do everything we can to reduce the impact of climate change, but now is the time for all data center management personnel to better plan for the increased temperatures we will experience for the foreseeable future.

Large data centers need power backup to operate without interruption. They rely on large banks of lithium-ion batteries to provide the instantaneous power when the normal power supplied by the local grid fails. Those lithium-ion batteries could soon be used to help local power grids manage energy demand.

Any city or region that gets its power from renewables is subject to the whim of the weather. Unlike fossil-based energy, renewable energy sources ebb and flow. The battery systems these grids use provide power when the renewable sources ebb and recharge when they flow.

Microsoft realized it could partner with local power grids where its data centers are located around the world and offer to store that renewable power in their battery backup systems. Today, sophisticated data centers operate with what are known as “uninterruptible power supply systems.” These systems include a bank of batteries which kick in the instant the power goes out and may operate for only a few minutes until the backup generators are up and running.

Microsoft’s newest data center in Dublin, Ireland, is due to come online in 2023 and it is planned as the first center to partner with a local power grid. The plan would be to have the data center’s large battery installation provide backup for when the grid sees more energy demand than it can supply. But, instead of only responding to outages, it might actually prevent them.

The company isn’t publicly sharing how much energy its Dublin battery installation will prove to the grid. But, from information provided by Microsoft’s Datacenter Advanced Development Group, we know that a typical center uses “tens of megawatts of power.”

To put the battery’s size into perspective, a single megawatt generated by a power plant can provide electricity for several hundred homes.

Microsoft has tested the concept on a small scale in Chicago, IL and Quincy, Washington in the past. But because almost 35% of all of Ireland’s electricity come from wind farms, this was one of the best places to set up a full commercial partnership.
​
The company currently operates over 200 data centers worldwide and has plans to build between 50 and 100 new centers a year through the rest of this decade. Given Microsoft’s commitment to reduce its greenhouse gas emissions, it needs more renewable energy for its data centers. The partnerships they plan with local power grids should be real win-win scenarios.

At the end of May, Walmart announced an expansion of its drone-delivery service. By the end of the year, the retail giant plans to offer the service from 34 locations in six states. When the service started, it was only offered from a single store in Arkansas and with this expansion; they hope to reach up to 4 million households.

The service will operate between 8AM and 8PM and deliver packages weighing less than 10 pounds. The service will be operated by a company Walmart has invested in--DroneUp. There will be a charge of $3.99 for the delivery. The order is packed into a box and a DroneUp pilot flies the drone to the customer’s location, easing the box gently down on the front lawn with a claw-like device at the end of a sturdy cable.
This program expansion is forecasted to take hundreds of deliveries within a few months to more than a million drone deliveries a year. Walmart is clearly targeting the one or two items that are purchased with quick last-minute trips. The press release stated that the top-selling item at one of the early hubs is Hamburger Helper.

The Wall Street Journal reported that both UPS and FedEx are experimenting with drones but aren’t offering an actual service yet. Alphabet (Google’s parent) has its own drone service called Wing with limited offerings in Virginia and Texas. Wing is also operating in Australia and through the first quarter of 2022, they claim deliveries of over 200,000 parcels.
​
And we can’t forget Amazon. As we wrote in Technology This Week Issue 8-49, the company is still experiencing problems with its drone efforts. The big difference for Amazon’s program is that they want the drones to be autonomous rather than piloted. Because of their commitment to “certified pilots,” Walmart will have a tougher time scaling up their efforts. Drone flights, by regulation, must be ‘line-of-sight’ flights. Stores will have to have control towers in their parking lots and are limited to a 1.5-mile radius for deliveries.
We will all keep our eyes on Walmart during the rest of 2022 to see if they will be successful in their new drone efforts. It could be a chance for Walmart to surpass Amazon in a critical technology area in the new retail arena!

Walmart was late in actively addressing competition with Amazon in ecommerce. In its new efforts to meet Amazon’s challenge, the company announced that it has plans to open four new fulfillment centers.

These fulfillment centers are where online orders will be packed and shipped. They are the first of a new breed of logistics for Walmart. The technology-heavy investments they are making involve robotics, machine learning and artificial intelligence.

Walmart said they were working with Knapp, an international logistics provider, to replace their current 12-step manual process with a new 5 steps and doubling the number of orders a location can fulfill in a day. Instead of moving product with people, the new approach will have robots shuttle skiffs to stagers directly, eliminating the need for floor personnel to walk up to nine miles or more a day.

"These four next-generation [fulfillment centers] alone could provide 75% of the U.S. population with next- or two-day shipping on millions of items," David Guggina, Senior Vice President of Innovation and Automation at Walmart U.S., wrote in a blog post.

When the four new centers join the company’s existing 31 dedicated e-commerce fulfillment centers, Walmart believes it will be able to reach 95% of the U.S. population with next- or two-day shipping. And with its 4,700 physical stores, the company could offer same-day delivery to about 80% of the U.S.

Both Walmart and Amazon are focusing on their weaknesses as compared to each other. Walmart is spending billions on logistics and automation and Amazon is spending billions on new physical stores, particularly for groceries (where Walmart dominates.)

Walmart’s new fulfillment centers will be located in Joliet, Illinois; McCordsville, Indiana; Lancaster, Texas; and Greencastle, Pennsylvania—with each planning to hire over 1,000 new workers. 
​
Amazon currently has 253 fulfillment centers, 110 sortation centers, and 467 delivery stations in North America, not to mention hundreds of thousands of drivers and over 100 Amazon Air cargo aircraft at the end of 2021.

Edge technologies are projected to experience the highest investment increase in 2022, growing 76% to $462,000 according to a new Gartner, Inc. survey.

Looking back to 2021, 5G drew the highest average investment in 2021, with survey respondents reporting an average of $465,000 invested in the technology. This was followed by IoT at $417,000 and edge technologies (i.e., edge AI and edge computing) at $262,000. 

The edge architecture is allowing AI to become more actionable. Moving AI inferencing closer to the point of data generation is making the edge more intelligent, which is improving decision-making within organizations and data-driven outcomes. In conducting AI inferencing on the edge, the data is processed in real time to generate actionable insights for decision-makers.

It makes sense that among the reasons organizations are using edge technologies and 5G are to improve employee productivity, augment existing products and services by making them more connected and intelligent, and automate business processes. Asset intensive industries such as manufacturing, natural resources and energy are among the early adopters of ET to solve core business problems. 

It’s interesting to note that the decisions to invest in these emerging technologies (ET) no longer solely rest with IT. The survey showed that Boards of Directors are among the main decision makers for ET investments in over half of surveyed organizations, just behind CIOs and CTOs, signaling that the business has more confidence in the ROI these technologies bring.

In fact, counter to conventional thinking, most survey respondents reported that ET investments are meeting or exceeding user expectations. When enterprises are choosing between two vendors’ ET offerings, the vendors’ ability to provide demonstrable use cases and a track record of success ultimately clinches the win. Product managers should look to focus on these success stories and ensure short deployment/ implementation timelines when targeting business users to adopt ET.
​
Gartner surveyed 500 global respondents from mid-sized and larger organizations in September and October 2021 to understand buying behavior when investing in emerging technologies.