Cybercriminals taking aim at Apple

by

20 June 2017
Cybercriminals target Apple

Apple devices are becoming attractive targets for cyber attackers due to their fast growing popularity and user demographics, says cybersecurity company Fortinet.

“In many organisations today, C-suite executives and marketing teams are more likely to use Macs. These individuals not only share valuable information, they are also very often less technically savvy and therefore, less likely to back up their devices, encrypt stored data, or abide by security best practices,” Fortinet noted.

New attack opportunities and threat vectors are also making the targeting of Mac devices easier and more attractive. For instance, Fortinet’s FortiGuard Labs threat research team is starting to see the development of hacking tools that target cross-compatible software.

In addition, it has become easier for cybercriminals to scale up their operations against Macs. Due to the rise of cybercrime-as-a-service, cybercriminals have started building malware “franchises”. Instead of targeting Macs one at a time like in the past, criminals can now leverage pre-built technology to attack vast numbers of potential victims in exchange for sharing profits on the back end.

While ransoming one device may not be of much financial value to professional cybercriminals, owning hundreds of franchisees targeting thousands of devices every day most certainly is. At the same time, such an opportunity appeals to many small-time players, such as lone-wolf hackers working out of their parents’ homes.

“When it comes to security, the only constant is change, whether it is the way networks are evolving or how these changes are creating new opportunities for criminals,” said Aamir Lakhani, Fortinet Senior Security Strategist. “It is imperative that companies approach security from a holistic perspective. This includes making sure that every device is protected across all threat vectors, including Mac devices that were thought to be secure.”

In response to the new wave of ransomware attacks, Fortinet has recommended that Mac users to take the following preventive measures:

1. Apply patches and updates. Apple regularly provides security updates. Users must make sure they take the time to apply them.

2. Backup your device. Apple’s Time Machine service will automatically create full system backups, which means that should a system get ransomed, one could simply wipe the device and perform a full system restore from backup. Regularly scan backups for vulnerabilities and store these backups offline. Offline storage is vital because Time Machine backup systems are often persistently connected to the device being backed up, and risk being compromised during an attack.

3. Encrypt data stored on device. While this may not be effective against many ransomware variants, it is still a good practice as it can protect an organisation should any device become infected with malware that is designed to steal files and data.

4. Install an endpoint security client. Look for endpoint solutions that will not only protect your device, but tie that security back into your network security strategy, allowing you to leverage and share threat intelligence to better protect your device and its assets.

5. Deploy security that covers other threat vectors.  As email is still the number one source for malware and infection, ensure that a robust email security solution is deployed. The same is true for web security tools, wired and wireless access controls, cloud-based security, and network segmentation strategies that help detect, isolate, and respond to threats found anywhere across a distributed environment.


CONVERGENCEASIA PIONEERS SERIES 

Prof Gordon Bell on "exascale nirvana" and other supercomputing trends

Gordon Bell of supercomputing's Gordon Bell Prize talks to ConvergenceAsia about the "scaling up" and "scaling out" of HPC and its new applications in analytics and data science. Bell was in Singapore recently for Supercomputing Frontiers 2017, where he delivered a keynote on "Three Decades: Motivating and Measuring HPC Progress". 

  • Video by Chan Wai Peng