Contacts: Investors and media Lorne Gorber Senior Vice-President, Global Communications and Investor Relations, CGI +1 514-841-3355 firstname.lastname@example.org Local Media Esa Luoto Manager, Marketing and Communications, CGI +358 50 380 5601 email@example.com Market information Jan Mickos Director, Cyber Security, CGI +358 40 8478740 firstname.lastname@example.org Jukka Jaakkola Chief Commercial Officer, Aon +358 201 266 277 email@example.com
(CNN) — A large number of people, mostly located in Australia, are reporting they have come under an unexplained attack that holds their iPhones and iPads hostage and demands they pay a $100 ransom.
The attack appears to work by compromising iCloud accounts associated with the disabled devices, according to an Apple support forum discussion that started Sunday morning and quickly accumulated several hundred posts.
Commandeered devices typically emit a loud tone that’s associated with a feature that helps users locate lost or stolen devices. iPhones and iPads also display the message: “Device hacked by Oleg Pliss. For unlock device, you need send voucher code by 100 usd/eur (Moneypack/Ukash/PaySafeCard) to email:firstname.lastname@example.org for unlock.”
In some cases—specifically, when a user hasn’t assigned a strong passcode to a locked device—it can only be unlocked by performing a factory reset, which completely wipes all previously stored data and apps.
The mass compromise is a variation on so-called ransomware scams, which initially targeted Windows PC users and earlier this month were found targeting smartphone users running Google’s Android OS.
The forum accounts provide strong evidence that victims’ Apple IDs and passwords have been compromised so that attackers can remotely lock connected devices using Apple’s Find My iPhone service.
But so far it remains unclear exactly how the attackers are compromising the iCloud accounts.
While it’s possible the hijackers used phishing attacks or hacked password databases to obtain the credentials, those explanations are undermined by the observation that the vast majority of victims were located in Australia and reported using a variety of e-mail providers. Typically, phishing campaigns and database compromises involving multiple providers affect users from more geographic regions.
One participant in the online discussion theorized the mass compromise may have been the result of hacking domain name system (DNS) servers used by Australian service providers to translate human readable addresses such as Apple.com into the IP addresses Internet routers rely on.
Such an attack, which has yet to be confirmed in this case, works by “poisoning” the lookup tables of DNS servers so they secretly direct people to impostor sites. Assuming this technique was at play in the iPhone and iPad locking, affected users who entered a password on what appeared to be Apple’s site could have unknowingly provided it to the people behind the attack.
Apple officials have yet to comment on the report. There is no indication the hijackings are the result of any compromise on Apple servers, so that leaves end users to figure out for themselves how to secure their own devices.
Readers are once again advised to use long, randomly generated passwords that are unique to their iCloud account. They should also enable two-factor authentication and assign a separate, randomly generated passcode to each iPhone and iPad they own.
Readers are reminded they can be permanently locked out of their Apple ID accounts, and possibly their iPhone or iPad when running iOS 7 with Find My iPhone turned on, if they are compromised before two-factor authentication is enabled. Two-factor authentication won’t automatically prevent an attacker from compromising an iCloud account, but it will prevent the attacker from changing security questions and other crucial settings in the event of a breach.
The identities of the people behind the attack are unknown. There’s no indication they have any connection to anyone named Oleg Pliss.
People with a locked device should immediately try changing the credentials for their Apple ID and ensure two-factor authentication is set up. In the event their locked device didn’t have a passcode associated with it, they can perform a factory reset by using a cable to plug the device into their computer while iTunes is open.
More instructions are here.
Stay tuned to the latest in Insurance news by subscribing to ILStv’s daily or weekly newsletters.
Follow ILSTV on Twitter @ ilstv
It’s not often that the US or UK governments weigh in on the browser wars, but a new Internet Explorer vulnerability — one that affects all major versions of the browser from the past decade — has forced them to raise an alarm: Stop using IE.
The zero-day exploit — the term given to a previously unknown, unpatched flaw — allows attackers to install malware on your computer without your permission. That malware could be used to steal personal data, track online behavior, or gain control of the computer. Security firm FireEye, which discovered the bug, said that the flaw is being used with a known Flash-based exploit technique to attack financial and defense organizations in the US via Internet Explorer 9, 10, and 11. Those versions of the browser run on Microsoft’s Windows Vista, Windows 7, and Windows 8, although the exploit is present in Internet Explorer 6 and above.
While the Computer Emergency Readiness Team in England and the US regularly issue browser advisories, this is one of the few times that the CERT team has recommended that people avoid using a particular browser. Specifically, the advisory says administrators and users should “review Microsoft Security Advisory 2963983 for mitigation actions and workarounds” and that people who can’t implement those stopgap measures, Windows XP users among them, “may consider employing an alternate browser.”
FireEye recommends that if you can’t switch browsers, then disable Internet Explorer’s Flash plug-in. You also can use IE with Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) security app, but that will not be as secure as simply switching browsers.
In a statement, Microsoft told CNET, “On April 26, 2014, Microsoft released Security Advisory 2963983 to notify customers of a vulnerability in Internet Explorer. At this time we are aware of limited, targeted attacks. We encourage customers to follow the suggested mitigations outlined in the security advisory while an update is finalized.”
The company advises Internet Explorer users that the Enhanced Protected Mode, on by default in IE 10 and IE 11, used with EMET, “will help protect against this potential risk.”
The company did not address what people who use IE 9 or older should do. It’s not expected that IE 6 will ever see an update, as Microsoft has stopped issuing security updates for the 12-year-old browser that still makes up 4.65 percent of the browser market.
The US Department of Homeland Security did not immediately respond to requests for comment.
Statistics vary as to how many people actually use Internet Explorer. NetMarketShare puts the total around 55 percent of the desktop browser market, while competitor StatCounter says that 22.58 percent of people use IE. While the disparity is large, in either case the flaw affects a huge number of browsers being actively used.
Microsoft Races To Fix Massive Internet Explorer Hack: No Fix For Windows XP Leaves 1 In 4 PCs Exposed
Microsoft is scrambling to fix a major bug which allows hackers to exploit flaws in Internet Explorer 6, 7, 8, 9, 10 and 11, responsible for 55% of the PC browser market. The company has also confirmed it will not issue a fix for web browsers running on Windows XP after it formally ended support for the 13 year old operating system on 8 April. XP still accounts for 25% of the world’s PCs.
The vulnerability was discovered by cyber security software maker FireEye Inc. which stated the flaw is a ‘zero-day’ threat. This means the first attacks were made on the vulnerability before Microsoft was aware of it. FireEye also revealed a sophisticated hacker group has already been exploiting the flaw in a campaign dubbed ‘Operation Clandestine Fox’, which targets US military and financial institutions.
FireEye spokesman Vitor De Souza declined to name the hackers or potential victims as the investigation is ongoing, only telling Reuters: “It’s unclear what the motives of this attack group are at this point. It appears to be broad-spectrum intel gathering.”
For its part Microsoft has confirmed the existence of the flaw in an official post. It gave limited information on the bug, but admitted “an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
A Temporary Fix
While Microsoft rushes to fix the bug, FireEye gave concerned users two workarounds .
1. Use another web browser other than Internet Explorer
2. Disable Adobe Flash. “The attack will not work without Adobe Flash,” it said. “Disabling the Flash plugin within IE will prevent the exploit from functioning.”
No Hope For Windows XP
While informed users should therefore be able to avoid attack until Microsoft issues a fix, Windows XP users have no light on the horizon.
Microsoft has confirmed that no fix will be rolled out for Windows XP because support has officially ended and there are no plans to make an exception. It states:
“An unsupported version of Windows will no longer receive software updates from Windows Update. These include security updates that can help protect your PC from harmful viruses, spyware, and other malicious software, which can steal your personal information.”
The company’s advice to Windows XP users has remained the same for some time: upgrade to Windows 7 or 8 or buy a new PC. It has also repeatedly sent a pop-up dialog box to reachable Windows XP machines with the following end of support notification.
For users unsure whether their existing PCs can support Windows 8, Microsoft offers a software tool called ‘Windows Upgrade Assistant’ which can be downloaded here.
Given the seriousness of the exploit and close proximity to Windows XP’s support cut-off date, critics will say Microsoft should issue one last fix. Defenders will point to the age of Windows XP and every OS has a lifespan while users have received sufficient warnings.
Stay tuned to the latest in Insurance news by subscribing to ILStv’s daily or weekly newsletters.
The U.S. Department of Homeland Security advised computer users to consider using alternatives to Microsoft Corp’s Internet Explorer browser until the company fixes a security flaw that hackers have used to launch attacks.
The bug is the first high-profile security flaw to emerge since Microsoft stopped providing security updates for Windows XP earlier this month. That means PCs running the 13-year old operating system could remain unprotected against hackers seeking to exploit the newly uncovered flaw, even after Microsoft figures out how to defend against it.
The United States Computer Emergency Readiness Team, a part of Homeland Security known as US-CERT, said in an advisory released on Monday morning that the vulnerability in versions 6 to 11 of Internet Explorer could lead to “the complete compromise” of an affected system.
“We are currently unaware of a practical solution to this problem,” Carnegie Mellon’s Software Engineering Institute warned in a separate advisory, that US-CERT linked to in its warning.
Versions 6 to 11 of Internet Explorer dominate desktop browsing, accounting for 55 per cent of the PC browser market, according to tech research firm NetMarketShare. Google Inc’s Chrome and Mozilla’s Firefox account for the majority of the rest of the traffic.
News of the vulnerability surfaced over the weekend as Microsoft said its programmers were rushing to fix the problem as quickly as possible. Cybersecurity software maker FireEye Inc warned that a sophisticated group of hackers have been exploiting the bug in a campaign dubbed “Operation Clandestine Fox.”
FireEye, whose Mandiant division helps companies respond to cyber attacks, declined to name specific victims or identify the group of hackers, saying that an investigation into the matter is still active.
“It’s a campaign of targeted attacks seemingly against U.S.-based firms, currently tied to defense and financial sectors,” said FireEye spokesman Vitor De Souza on Sunday. “It’s unclear what the motives of this attack group are, at this point. It appears to be broad-spectrum intel gathering.”
In addition to possibly switching to an alternative web browser, US-CERT advised businesses to consider using a free Microsoft security tool known as EMET, or the Enhanced Mitigation Experience Toolkit, to thwart potential attacks. Security experts say EMET is helpful in staving off attacks, but businesses are sometimes reluctant to use it because it can cause systems to crash due to incompatibility with some software programs.
Source: The Globe and Mail