Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Friday, 31 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Hackers: we will remotely wipe iPhones unless Apple pays ransom

by The Gurus
March 24, 2017
in Editor's News
hack
Share on FacebookShare on Twitter

Hackers are threatening to wipe out a large cache of data from 300 Million Apple accounts unless a ransom is paid.
Labelling themselves as the ‘Turkish Crime Family’, the group or individual is demanding that £75,000 is to be paid in popular crypto-currency Bitcoin, or £100,000 worth of iTunes gift cards in exchange for deleting the data on the Apple accounts. The hackers have provided screenshots of email communication between themselves and Apple’s security team and have also uploaded a YouTube video of them allegedly logging into some of the stolen accounts.
IT security experts from AlienVault, DomainTools, Tripwire and ESET discuss the validity of the threat and provide advice for iPhone users.
Paul Calatayud, Chief Technology Officer at FireMon:
I believe these claims are accurate, but also most likely not caused by Apple. If you do not add two factor strong authentication to any account, there is a chance that the password has been exposed, harvested, or guessed. For example, if my e-mail account happens to be from yahoo, and that account is affected by the breach that just occurred, then there is a chance that the attackers are already able to compromise other accounts I hold such as my appleid. I suspect Apple is well aware of this and their position will be to quickly assist anyone that may be affected by providing them options to re protect their account, but since it’s not Apple that most likely was not a contributor to the compromises, they will not be paying any ransoms.
Chris Doman, security researcher at AlienVault:
“The attackers do seem desperate for publicity. Yesterday a Twitter account (turkcrimefamily) and Website (turkishcrimefamily[.]org) were created in their name, and today they claimed “The number of Apple credentials have increased from 519m to 627m, we are convinced it will keep growing until 7 April 2017”.
Apple has some of the best security people in the business, and it seems hard to believe they would have lost control of hundreds of millions of accounts. The attackers may have taken control of a small number of accounts, through everyday iCloud phishing attacks, and used that as ‘evidence’ to justify their more outlandish claims.
Apple users should be suspicious of any unexpected messages from Apple asking them to enter their credentials.”
Kyle Wilhoit, senior security researcher at DomainTools:
“Without verifiable proof, there is no way to say this is a valid threat. The conflicting information from the attackers themselves doesn’t lend credence to their ransom. Because of this lack of evidence, there’s not much you can do. But, there are basic preventative privacy and security setting changes on your iPhone that can help protect against many different types of attacks. First, ensure your iPhone is up to date. In addition, disable fingerprint security with Touch ID. This will prevent purchases by using your fingerprint as authentication. Also, prevent other applications from uploading your data. For instance, don’t let Twitter access your iPhone contacts. For those that are paranoid about this, I would also recommend changing your password.”
Lamar Bailey, Sr. Director, Security R&D at Tripwire:
“If this is legit the hackers would have had to obtain access to the individual user accounts via breaking the passwords of each of the user accounts or have acquired access to the Apple iCloud servers. The access to each user account is much more realistic since we have seen numerous reports of all the weak passwords people use for their computers and accounts. If the hackers have password access to individual user account they can erase phones remotely and change passwords for the Apple accounts. The hackers cannot remove backups for Apple devices from the cloud but changing the passwords will make it hard for the legitimate users to reset and recover their devices.  Once the end user has access to their account they will be able to restore their device.
For end users make sure you are using strong passwords and enable 2 factor authentication as an added protection. Having a local backup of your device is always a good idea too. It is faster to restore a device locally than over the internet and having a small NAS (network Attached Storage) device at home for pictures and backups is a good investment to supplement the cloud backups.
This whole ransom seems odd. What are the hackers going to turn over the breached accounts? Why ask for iTunes gift cards? They have unique numbers that can be tracked and deactivated in seconds.”
Ondrej Kubovič, Security Specialist at ESET:
“We advise all our users to regularly backup their (valuable) data and store it on external drives that are not constantly connected to the network. This kind of prevention is very effective not just for cases such as the one described in the article, but also against ransomware attacks, which are very frequent across various platforms – including mobile.”

FacebookTweetLinkedIn
Tags: attackCyberHackerssecurityTechnology
ShareTweetShare
Previous Post

IT security pros and network operators view DDoS attacks as an increased concern in 2017

Next Post

Kaspersky warns lights could go out

Recent News

cybersecurity training

Only 10% of workers remember all their cyber security training

March 30, 2023
Pie Chart, Purple

New API Report Shows 400% Increase in Attackers

March 29, 2023
Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato Networks Recognised as Leader in Single-Vendor SASE Quadrant Analysis

March 29, 2023
Outside of cinema with advertising

Back and Bigger Than Ever! The Inside Man Season 5 Takes a Stab at Power Hungry Adversaries

March 29, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information