Since February, a number of Apple users have reported locked devices displaying ransom demands written in Russian.
Earlier this week, a security professional posted a message to a private email group requesting information related a possible compromise of at least 40 million iCloud accounts.
Salted Hash started digging around on this story after the email came to our attention. In it, a list member questioned the others about a rumor concerning "rumblings of a massive (40 million) data breach at Apple."
The message goes on to state that the alleged breach was conducted by
a Russian actor, and vector "seems to be via iCloud to the 'locate
device' feature, and is then locking the device and asking for money."
Salted Hash reached out to Apple for comments, we'll update this article if they respond.
Update: Sources familiar with these types of attacks, speaking on background with Salted Hash, have said the victim count of 40 million is likely way overblown. Their reasoning is sound too, because even if only a small percentage of the list were being attacked, a few hundred thousand victims within a few months would standout like a beacon. In short, there would be no way to keep such attacks under the radar.
For now, let's assume there hasn't been a massive iCloud data breach. If that's the case, then how are these users being compromised?
The Russian Interior Ministry announced in June of 2014 that two people were arrested for blocking Apple devices to extort funds. With those arrests, it was assumed the scams were finished.
But since at least February of this year, the scams have returned and the most recent cases are targeting users in Europe and the United States, but the methods used by the attackers are the same ones that were popular two years ago.
It starts with a compromised Apple ID. From there, the attacker uses Find My iPhone and places the victim's device into lost mode. At this point, they can lock the device, post a message to the lock screen and trigger a sound to play, drawing attention to it.
In each of the cases reported publicly, the ransom demanded is usually $30 to $50. If a victim contacts the referenced email address, in addition to payment instructions, they're told they have 12 hours to comply or their data will be deleted.
Earlier this week, a security professional posted a message to a private email group requesting information related a possible compromise of at least 40 million iCloud accounts.
Salted Hash started digging around on this story after the email came to our attention. In it, a list member questioned the others about a rumor concerning "rumblings of a massive (40 million) data breach at Apple."
Salted Hash reached out to Apple for comments, we'll update this article if they respond.
Update: Sources familiar with these types of attacks, speaking on background with Salted Hash, have said the victim count of 40 million is likely way overblown. Their reasoning is sound too, because even if only a small percentage of the list were being attacked, a few hundred thousand victims within a few months would standout like a beacon. In short, there would be no way to keep such attacks under the radar.
For now, let's assume there hasn't been a massive iCloud data breach. If that's the case, then how are these users being compromised?
How the attack works:
In 2014, someone (or perhaps more than one person) using the name "Oleg Pliss" held an unknown number of Australian Apple devices for ransom, demanding a payment of $100.The Russian Interior Ministry announced in June of 2014 that two people were arrested for blocking Apple devices to extort funds. With those arrests, it was assumed the scams were finished.
But since at least February of this year, the scams have returned and the most recent cases are targeting users in Europe and the United States, but the methods used by the attackers are the same ones that were popular two years ago.
It starts with a compromised Apple ID. From there, the attacker uses Find My iPhone and places the victim's device into lost mode. At this point, they can lock the device, post a message to the lock screen and trigger a sound to play, drawing attention to it.
In each of the cases reported publicly, the ransom demanded is usually $30 to $50. If a victim contacts the referenced email address, in addition to payment instructions, they're told they have 12 hours to comply or their data will be deleted.
Комментариев нет:
Отправить комментарий