There’s no doubt that 2014 has been the year of the high-profile data breach. Large corporations including retail giant Target and bank JPMorgan Chase saw massive data losses this year, and high-profile individuals including reality star Kim Kardashian saw intimate photos and videos hacked from their Apple iCloud accounts.
As CYREN’s recently published Q3 Internet Threats Trend Report notes, the ‘Great Celebrity Photo Hack’ should be a warning to all iCloud account holders: Apple users are now the number one target for hackers.
Hackers now want a bite of the Apple
Apple – hitherto considered immune to attack, largely because of its relative unpopularity compared to Microsoft – is starting to become a significant target for hackers. There are now more than 800 million Apple IDs in use, and more than 300 million individuals hold iCloud accounts. While Apple’s iOS and OS X operating systems remain relatively safe, the increased uptake of Apple mobile products – especially now that the iPhone 6 is on the market – means an increased opportunity for cyber criminals.
Phishing three times as successful on smartphones
Within hours of the celebrity data leaks, Apple confirmed that its systems had not been hacked, but that there had been ‘a very targeted attack on user names, passwords and security questions’ – suggesting a phishing campaign.
As the CYREN report notes, ‘phishing attacks are at least three times more likely to be successful on a smart phone than on a desktop or laptop, mainly because tell-tale giveaways, such as fake links, logos, and email addresses, aren’t as easily visible on a small mobile phone screen.’
Analysing recent statistics, CYREN discovered that phishing attacks on Apple users in the third quarter of 2014 were in fact up 246% compared to the first quarter. Researchers found 7,000 new Apple phishing sites in the week of the celebrity iCloud breach.
I said Apple’s iOS and OS X remain relatively safe – I stress the word ‘relatively’. The third quarter of 2014 also saw the discovery of Shellshock, a Bash vulnerability that affects Unix systems – including Apple’s OS X. If you haven’t downloaded the ‘OS X bash Update 1.0’ for OS X then you could still have a problem.
Phishing at work
If you’re an Apple user you’re not as safe as you think. As ever, we advise caution when clicking links or opening attachments: if you don’t know their provenance, leave them alone.
And if you’re concerned about your employees’ susceptibility to a phishing attack, you might be interested in IT Governance’s Employee Phishing Vulnerability Assessment. It will identify potential vulnerabilities among your employees and provide recommendations to improve your security, enabling you to have a broad understanding of how you are at risk, and what you need to do to address these risks.