{"id":12972,"date":"2018-08-01T06:30:04","date_gmt":"2018-08-01T14:30:04","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2018\/08\/01\/news-6739\/"},"modified":"2018-08-01T06:30:04","modified_gmt":"2018-08-01T14:30:04","slug":"news-6739","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/08\/01\/news-6739\/","title":{"rendered":"Apple users \u2018most appealing\u2019 to cybercriminals' online scams"},"content":{"rendered":"

<\/p>\n

Credit to Author: Jonny Evans| Date: Wed, 01 Aug 2018 06:17:00 -0700<\/strong><\/p>\n

Apple\u2019s platforms may be the most secure, but this is driving cybercriminals to more devious ways to undermine iOS and Mac security \u2014 partly because hacked Apple user credentials are among the most valuable properties you\u2019ll find on the so-called dark web.<\/p>\n

There is no doubt at all that Apple is growing in the enterprise<\/a>, which is why every iOS or macOS user needs to understand that the new cyber threats aren\u2019t confined to annoying viruses, trojans, or malware attacks.<\/p>\n

Enterprise security chiefs are becoming increasingly aware that network, device, location-based, and user security must also be seen as part of the mix. Platform security<\/a> is only one element to an overall security picture.<\/p>\n

Phishing, spoofing, and complex multi-vector attempts are becoming increasingly common, and the dark web is a great reflection of what activity is taking place. More conventional attacks are also increasing. A recent Malwarebytes survey claimed malware attacks on Macs climbed 270 percent<\/a> last year.<\/p>\n

In response to highly sophisticated new threats, there is a growing understanding of the need for pooled information and sophisticated situational awareness tools.<\/p>\n

Top10VPN\u2019s latest Dark Web Market Price Index<\/a> suggests Apple users are becoming the most popular targets for online scammers. In March, the index reported that Apple ID data trades hands at $15 per account<\/a>.<\/p>\n

\u201cIt\u2019s clear from our research that Apple users are the most appealing targets for online scammers,\u201d Simon Migliano, head of research at Top10VPN, told me.<\/p>\n

\u201cReady-made phishing pages for Apple IDs, along with config files for password crackers, go for more than double the near-uniform rate of $2.07 for the vast majority of other brands,\u201d he explained.<\/p>\n

Supply and demand suggests this means that where an exploit has been created and is sold, the market is interested enough to spend more on the tool \u2014 though this doesn\u2019t mean the tools are any good.<\/p>\n

Good or bad, you can purchase a wide variety of hacking tools on the dark web \u2014 from software such as remote access trojans and card cloning software to hardware kits to spoof cell towers and intercept texts and calls from connecting devices. Security researchers watch what is being sold to get a sense of what form future attacks may take.<\/p>\n

The interest in Apple attacks reflects several key trends: Apple customers are also active users of the products they own, the\u00a0relative wealth<\/a> of the demographic, and the kind of information they have access to, particularly in the enterprise.<\/p>\n

That doesn\u2019t mean such attacks will succeed, or that users should panic, but the information should certainly help inform security preparedness across both consumer and enterprise markets.<\/p>\n

One thing the report does suggest is that rather than platform-based attacks, cybercriminals are moving to trust-based attacks to target the valuable Apple demographic. They work to persuade users to click on innocuous-seeming pages, persuade them to enter banking details on spoof banking pages, and so on. Apple is wise to this, and to help protect customers, it recently introduced new phishing protection tools<\/a> for Macs and iOS devices.<\/p>\n

While I don\u2019t accept the argument that by merely becoming a bigger target for attacks, Apple security will ultimately fail, I also reject arguments that state that merely because Apple has been really secure so far there is nothing to be concerned about. Complacency is no defense.<\/p>\n

Apple users must ensure they remain security aware. A link in an email that seems to come from someone you know may take you to a spoofed website designed to collect your login data. That login data may itself unlock additional information a criminal may use in a follow-up attempt to undermine someone else\u2019s security \u2014 or to break into your company\u2019s valuable enterprise systems.<\/p>\n

There is a trend in which attackers design extremely complex multi-vector attacks in which individual exploits are personalized for each person at a company or other target entity in order to establish enough overall data through a sequence of attacks with which to penetrate enterprise systems.<\/p>\n

Despite Apple\u2019s growing status as a target, there\u2019s little need to panic.<\/p>\n

Not only does the company regularly issue easy-to-install security patches for all its non-fragmented platforms, but instances of successful exploits are historically low compared with competing solutions.<\/p>\n

However, these new-breed attacks aim to sidestep Apple\u2019s security by aiming at the weakest link in the security ecosystem \u2014 the end user.<\/p>\n

\u201cI would urge any business using Apple products should urgently review their policies regarding use of Apple devices, particularly mobile, in the workplace, with particular focus on login security, proper separation of corporate and personal data and ensuring staff are trained to recognize phishing attempts,\u201d said Migliano.<\/p>\n

\u201cIn fact, every Apple user should be aware that they are being targeted over and above users of other platforms and protect themselves accordingly.\u201d<\/p>\n

There are numerous good practice habits every computer user should follow:<\/p>\n

Google+?<\/strong>\u00a0If you use social media and happen to be a Google+ user, why not\u00a0join\u00a0AppleHolic’s Kool Aid Corner community<\/a>\u00a0and get involved with the conversation as we pursue the spirit of the New Model Apple?<\/p>\n

Got a story? Please\u00a0<\/strong>drop me a line via Twitter<\/a>\u00a0and let me know. I’d like it if you chose to follow me there so I can let you know about new articles I publish and reports I find.<\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Jonny Evans| Date: Wed, 01 Aug 2018 06:17:00 -0700<\/strong><\/p>\n

\n
\n

Apple\u2019s platforms may be the most secure, but this is driving cybercriminals to more devious ways to undermine iOS and Mac security \u2014 partly because hacked Apple user credentials are among the most valuable properties you\u2019ll find on the so-called dark web.<\/p>\n

A complex crime<\/strong><\/h2>\n

There is no doubt at all that Apple is growing in the enterprise<\/a>, which is why every iOS or macOS user needs to understand that the new cyber threats aren\u2019t confined to annoying viruses, trojans, or malware attacks.<\/p>\n

Enterprise security chiefs are becoming increasingly aware that network, device, location-based, and user security must also be seen as part of the mix. Platform security<\/a> is only one element to an overall security picture.<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10480,10554,714],"class_list":["post-12972","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-ios","tag-mobile","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12972","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=12972"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/12972\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=12972"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=12972"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=12972"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}