Apple’s platforms may be the most secure, but this is driving cybercriminals to more devious ways to undermine iOS and Mac security — partly because h
Apple’s platforms may be the most secure, but this is driving cybercriminals to more devious ways to undermine iOS and Mac security — partly because hacked Apple user credentials are among the most valuable properties you’ll find on the so-called dark web.
A complex crime
There is no doubt at all that Apple is growing in the enterprise, which is why every iOS or macOS user needs to understand that the new cyber threats aren’t confined to annoying viruses, trojans, or malware attacks.
Enterprise security chiefs are becoming increasingly aware that network, device, location-based, and user security must also be seen as part of the mix. Platform security is only one element to an overall security picture.
Phishing, spoofing, and complex multi-vector attempts are becoming increasingly common, and the dark web is a great reflection of what activity is taking place. More conventional attacks are also increasing. A recent Malwarebytes survey claimed malware attacks on Macs climbed 270 percent last year.
In response to highly sophisticated new threats, there is a growing understanding of the need for pooled information and sophisticated situational awareness tools.
Hacks for hire
Top10VPN’s latest Dark Web Market Price Index suggests Apple users are becoming the most popular targets for online scammers. In March, the index reported that Apple ID data trades hands at $15 per account.
“It’s clear from our research that Apple users are the most appealing targets for online scammers,” Simon Migliano, head of research at Top10VPN, told me.
“Ready-made phishing pages for Apple IDs, along with config files for password crackers, go for more than double the near-uniform rate of $2.07 for the vast majority of other brands,” he explained.
Supply and demand suggests this means that where an exploit has been created and is sold, the market is interested enough to spend more on the tool — though this doesn’t mean the tools are any good.
Good or bad, you can purchase a wide variety of hacking tools on the dark web — from software such as remote access trojans and card cloning software to hardware kits to spoof cell towers and intercept texts and calls from connecting devices. Security researchers watch what is being sold to get a sense of what form future attacks may take.
The interest in Apple attacks reflects several key trends: Apple customers are also active users of the products they own, the relative wealth of the demographic, and the kind of information they have access to, particularly in the enterprise.
That doesn’t mean such attacks will succeed, or that users should panic, but the information should certainly help inform security preparedness across both consumer and enterprise markets.
One thing the report does suggest is that rather than platform-based attacks, cybercriminals are moving to trust-based attacks to target the valuable Apple demographic. They work to persuade users to click on innocuous-seeming pages, persuade them to enter banking details on spoof banking pages, and so on. Apple is wise to this, and to help protect customers, it recently introduced new phishing protection tools for Macs and iOS devices.
While I don’t accept the argument that by merely becoming a bigger target for attacks, Apple security will ultimately fail, I also reject arguments that state that merely because Apple has been really secure so far there is nothing to be concerned about. Complacency is no defense.
Apple users must ensure they remain security aware. A link in an email that seems to come from someone you know may take you to a spoofed website designed to collect your login data. That login data may itself unlock additional information a criminal may use in a follow-up attempt to undermine someone else’s security — or to break into your company’s valuable enterprise systems.
There is a trend in which attackers design extremely complex multi-vector attacks in which individual exploits are personalized for each person at a company or other target entity in order to establish enough overall data through a sequence of attacks with which to penetrate enterprise systems.
Despite Apple’s growing status as a target, there’s little need to panic.
Not only does the company regularly issue easy-to-install security patches for all its non-fragmented platforms, but instances of successful exploits are historically low compared with competing solutions.
However, these new-breed attacks aim to sidestep Apple’s security by aiming at the weakest link in the security ecosystem — the end user.
“I would urge any business using Apple products should urgently review their policies regarding use of Apple devices, particularly mobile, in the workplace, with particular focus on login security, proper separation of corporate and personal data and ensuring staff are trained to recognize phishing attempts,” said Migliano.
“In fact, every Apple user should be aware that they are being targeted over and above users of other platforms and protect themselves accordingly.”
Cybersecurity best practices for Apple users
There are numerous good practice habits every computer user should follow:
- Use two-factor security and complex passcodes.
- Never click on a link in an email unless you trust it.
- Never log in to a service (such as online banking) using an email link.
- Avoid use of confidential or financial services over public Wi-Fi.
- Always change your router passcode to a new one that’s personal to you — many routers/Wi-Fi base stations ship with a default passcode and these are routinely broken by cybercriminals.
- Become familiar with Apple’s security white papers, this iOS security guide, and this macOS security guide.
Google+? If you use social media and happen to be a Google+ user, why not join AppleHolic’s Kool Aid Corner community and get involved with the conversation as we pursue the spirit of the New Model Apple?
Got a story? Please drop me a line via Twitter and let me know. I’d like it if you chose to follow me there so I can let you know about new articles I publish and reports I find.