{"id":7068,"date":"2017-03-22T06:00:56","date_gmt":"2017-03-22T14:00:56","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/03\/22\/news-859\/"},"modified":"2017-03-22T06:00:56","modified_gmt":"2017-03-22T14:00:56","slug":"news-859","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/03\/22\/news-859\/","title":{"rendered":"Hackers Attempt To Extort Apple"},"content":{"rendered":"

Credit to Author: Mark Nunnikhoven (Vice President, Cloud Research)| Date: Wed, 22 Mar 2017 13:42:55 +0000<\/strong><\/p>\n

\"Briefcase<\/p>\n

Cybercrime is a business. Professional criminals refine their processes, measure performance, and regularly evaluate the return on their investments. Every move is strategic. We see this time and time again with ransomware campaigns and throughout the underground.<\/a><\/p>\n

Which is why the latest report from Joseph Cox<\/a> at Motherboard is mind boggling. Joseph brings us the story of a hacker(s)\u2014it\u2019s unclear if there\u2019s more than one, I\u2019ll use the plural for simplicity\u2014who are attempting to extort Apple<\/a> into paying $100,000 for the \u201crecovery\u201d of millions of iCloud account.<\/p>\n

Media As A Weapon<\/h2>\n

Criminals are notoriously reluctant to speak to the press. Why would you commit a crime and then advertise it to the world? Either you don\u2019t think you\u2019re going to get caught or\u2014as in this case\u2014you are trying to apply pressure on your victim, forcing them to take action.<\/p>\n

The hackers in this case have set an April 7th deadline for Apple to pay up. If Apple doesn\u2019t, the criminal(s) are threatening to reset the accounts and wipe devices connected to them.<\/p>\n

The idea here is that public pressure generated through media coverage will force Apple\u2019s hand. That is extremely unlikely for a number of reasons.<\/p>\n

Primarily because Apple is too large and has too many resources to give in to external pressure. If they won\u2019t give us back our headphone jacks<\/a> or HDMI ports<\/a>, they\u2019re not going to pay criminals.<\/p>\n

Digital Not Physical<\/h2>\n

In the physical world, this crime would make more sense. Criminals would ransom an item (like a painting) and if the victim paid up, they would give the item back. Since these are digital accounts and the criminals claim to have access to them, this is closer to extortion<\/a>.<\/p>\n

Again in the physical world, this would be something akin to criminals requiring money monthly to \u201cprotect\u201d your business. In the digital world, the pressures that make victims pay (e.g., keeping your store in one piece) don\u2019t apply.<\/p>\n

With iCloud accounts, Apple has the ultimate safety valve\u2026they control the infrastructure behind the accounts. Which removes most of the pressure points the criminals could use.<\/p>\n

If this is in fact a legitimate threat and the hackers have the credentials for millions of iCloud accounts, Apple has any number of options available to them. From restricting new logins to creating unique resets for each account, each of these measures will frustrate users but Apple has a great track record on security and privacy and has probably earned a bit of goodwill.<\/p>\n

Especially when the flip side of that is submitting to criminals who are just as likely to double\/triple dip on these accounts and sell them on the underground.<\/p>\n

And that\u2019s where this starts to fall apart. The criminals are demanding $100,000. If we look at prices in the underground for other media accounts\u2014I don\u2019t have current data on iCloud account resale\u2014we see that prices range from $2 for Spotify up to $5 for a Netflix account (pg. 16 in our North American Underground paper<\/a> ).<\/p>\n

If the criminals do in fact have access to 300 million accounts (the lowest number they stated), that could be worth millions on the underground. Why ransom them for only<\/b> a $100,000?<\/p>\n

There\u2019s a lot here that simply doesn\u2019t add up.<\/p>\n

Protect Yourself<\/h2>\n

The decision to pay or not pay is entirely up to Apple. They need to evaluate the risk, decide if this is real or not, and then make a call.<\/p>\n

As a user, there isn\u2019t much you can do about that. But there is a critical step that you can take right now to protect yourself. Turn on two-factor authentication<\/a> for your iCloud account (and Facebook<\/a>, Twitter<\/a>, and Google<\/a> while you\u2019re at it).<\/p>\n

It only takes a minute and couldn\u2019t be simpler. Just visit this support article and follow the steps provided<\/a>.<\/p>\n

Now even if an attacker has you username (which is basically public) and password (which should be unique and private), they won\u2019t be able to login to your account. They need the unique, temporary code generated by the two-factor authentication.<\/p>\n

This is a smart step to help secure any account you have that supports multi or two-factor authentication.<\/p>\n

With that step taken, you\u2019ll also want to ensure that you\u2019re using a password manager<\/a>. This is a tool that lets you set a long passphrase (the easiest way to get a strong password) that unlocks the manager which will, um, manage all of your other passwords for you. This way you can have a unique password for every site out there with minimal hassle.<\/p>\n

And that\u2019s important because most of the time when issues like this one arise, the criminals have gotten the credentials (your username and password) from another site that was hacked. Almost without fail, the first thing hackers do when they get a new set of credentials is to test them out on other popular services.<\/p>\n

Having a unique password managed by a password manager lets you contain any issues to a single site and not unnecessarily expose your other accounts.<\/p>\n

Come April 7th, I don\u2019t expect to see any issues with iCloud but enabling two-factor authentication<\/a> now will make sure you account is safe and sound.<\/p>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Mark Nunnikhoven (Vice President, Cloud Research)| Date: Wed, 22 Mar 2017 13:42:55 +0000<\/strong><\/p>\n

\"BriefcaseCybercrime is a business. Professional criminals refine their processes, measure performance, and regularly evaluate the return on their investments. Every move is strategic. We see this time and time again with ransomware campaigns and throughout the underground. Which is why the latest report from Joseph Cox at Motherboard is mind boggling. Joseph brings us the…<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[2211,10422,4503],"class_list":["post-7068","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-apple","tag-current-news","tag-cybercrime"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7068","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7068"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7068\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7068"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7068"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7068"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}