In urgent need of assistance from our Incident Response team? Click below to email directly and get support.
Get Support
Set up regular vulnerability scans for Web Apps & Infrastructure with our innovative SecurePortal
Learn More
Distribute, manage and monitor remediation tasks effortlessly with PTaaS, powered by SecurePortal
Upgrade.webp)
Pentest People Partners with JUST ONE Tree for a Greener Future
Read
Need Our Assistance?
We now offer Incident Response Retainers helping you reduce damage from a cyber attack
Read
Apple Cyber Attacks: Mobile Devices Still at Risk
Apple Cyber Attack
Apple iPhone users are one of the largest targets when it comes to cyber-attacks. Apple uncovered its biggest hack in history last November, which went undetected for five years. At the time they alerted users who had fallen victim to the colossal Apple cyber attack. The Phishing Hack targeted Apple’s iCloud service and was able to gain access to users’ photos, videos, and other personal information.
How Did it Happen?
The cyberattack was found when security researchers discovered malicious code on several websites, which had been designed to steal usernames and passwords from people who visited them. When an unsuspecting visitor would type their username or password into one of these sites, it would be sent to a server controlled by the hackers behind this scheme.
If you’ve ever used your Apple ID for anything other than logging into iTunes or iCloud accounts, there’s a good chance that someone has stolen your credentials using this method. This includes social media services like Facebook and Twitter as well as gaming platforms such as Xbox Live or PlayStation Network (PSN). To make matters worse, many people reuse login details across multiple websites without realising what the consequences are.
The Apple Cyber Attack Hit Multiple Devices
Apple Mac users were being urged to update their Mac OS software, as they were at “grave risk” of hackers exploiting what’s been described as one of the worst vulnerabilities to affect the tech giant computers in years. Malware that takes advantage of the bug has been hitting Macs since January last year 2021.
Spyware can easily eavesdrop or steal data from your device. All of Apples operating systems including those for iPads, Macs and Apple watches, are vulnerable.
How to Protect Yourself From iPhone Hacks
Although the attack was uncovered last year, it has unearthed a problem that occurs under the nose of the tech giant and its users. Mobile devices always contain a lot of personal data and therefore a prime target for hackers. Keeping yourself aware of these dangers/risks is more prevalent now than ever. At the time Apple gave its users advice on how to deal with the attack. We’ve also added some general tips for any mobile user which you can see below and in our short news bite!
During the cyberattack, Apple released a statement warning users not to click on any links sent via text or email. They also recommended that users changed their passwords immediately if they had been alerted.
You can also protect yourself by installing anti-virus software and being vigilant about any suspicious activity. Always make sure that your software is up to date, and be suspicious of any unsolicited communication from unfamiliar senders.
If you think you may have been a victim of this hack, contact Apple immediately for assistance. They are more than happy to help you secure your account and ensure that your information remains safe.
Some Final Tips :
- Do not click on any links sent via text or email from unknown senders.
- Install anti-virus software.
- Be vigilant about any suspicious activity.
- Make sure your software is up to date.
- Contact Apple immediately for assistance if you think you may have been a victim of this hack.
Video/Audio Transcript
Hackers are getting into your iPhones without you even knowing. And it's not through a link, you click on a spam email, it is happening without a click, which makes this unique and also so urgent, even more concerning who could be behind this threat? A new report is pointing its fingers at the hacker for hire fair, and Israeli spyware company known as the NSO group. I have Josh with me today, who was one of the consultants here to help us understand this level of threat. So how do we know we're being infected?
You don't really is a simple answer. It really does depend on I guess, what what I mean, what you are infected by? It could be as simple as you know, installing antivirus on? Which I mean, for Apple, that's not something that I'm aware of. I don't know whether that's a thing. If I'm totally honest with you, I think it's it's a difficult question to answer, because the way in which malware behaves, and it's not predictable, that is not something that we can say, you know, this specific signature on your phone means you are infected. I mean, the longer malware exists the viewer is to
the to actually, essentially, we won't know we're being hacked. Now.
And again, like I say, the differences in malware make it you know, difficult to identify, because obviously, there's different types of malware, you know, there's different signatures, there's different aims. So, you know, one might be going to be personal data on might be going to be a payment data. And it's really difficult to pinpoint why it's going to target and work. So without, you know, I guess the visibility of, of having, you know, a product like, you know, an antivirus product on your phone, you just, you're not going to know, it's not as smart, it's not as simple as that
concern that the data is out there and is available. So would you say this threat is new?
I wouldn't say the threats are new, per se, I think threats to mobile devices have always been that the thing is mobile devices, the technical knowledge required to exploit something like that is, you know, appear, it's less less available. Like, obviously, you can Google things, but you know, it does make it it does make it difficult, I guess for people to secure it, but it's also difficult for people to exploit that kind of thing, because that information is not, you know, not freely available online. I mean, if you find, if you search out and if anything is available online, you will be able to find it. But you know, you people who are targeting people's devices are not you know, and not your average script kitty for use of a use for you know, a better term, it's these sophisticated AP T's, you know, going after, you know, government bodies and that kind of thing, it's not something that you know, you can go online, download a script for an exploit is a widespread threat for anybody.
who do we think is the most vulnerable? Who are they targeting?
I guess, the less technically able, and I know, that sounds quite horrible. I think the last technically aware people, shall we say, because some people aren't aware of, you know, security patches that have been pushed out, and people don't keep up with with that kind of thing. And it's very well publicised to people like yourselves, where, you know, we're involved in that space. And if you're involved in that space, you know, you see, you know, things such as, you know, critical software patches being published, it's like, wow, okay, we probably need to instal that. Because it's, you know, it covers this, but then there's those people out there that don't Don't think like that.
Do you think Apple are doing you know? Like, for example, are there other steps we can be taken to avoid from being hacked?
mean, Apple devices, specifically automatic updates of automatic updates. So you know, instal switch on your phone automatically, there's this, you know, there's, there's no two ways about it easy, you don't have to think about it, you know, click of a button and it will instal when you caps power on 50% on an eye, I guess people probably should make, you know, sort of a bigger effort at making sure you know, updates are installed. So vulnerabilities, such as the ones that malware are taking advantage of are patched when the patches are released, because then the you know, the smaller the attacker know, the last time somebody has to actually get into your device. I guess that sort of increases you know, your own personal security and so I guess I'd say you know, keep your automatic update switched on your phone not updated keep the data backed up in case the unforeseen does occur and if it is backed up, and you know, you've got Yeah, you might you might not be you know, you might still be vulnerable to threats, but if it if is backed up, you're not going to do best case scenario for everybody.
So get your updates everyone get them now. It's the first line of defence against this threat. Thank you so much for your time, Josh, and we will be back next week with a new major cyber attack topic. Thank you.
Learn Something New
Have a read of our blogs written by industry experts, covering topics from all areas in cyber.
Cyber Essentials Overview
This blog provides you with an overview of cyber essentials: what it is, how it works and what Pentest People offer in terms of Cyber Essentials packages. This blog takes you through the benefits of Cyber Essentials and an overview of the packages that are right for your business.
.svg)
.webp)
