Other issues in this category (70)
No chance victims
Monday, February 17, 2020
In the “Random victims” issue, we mentioned the cyber attack on the Federal News Agency. In that publication we highlighted the attackers' ability to target infrastructures in another country. Today, we'd like to draw your attention to a different aspect, namely, the tools that were employed by the attackers.
The infection spread from an ordinary iPhone 7 Plus belonging to an agency employee. A USB data cable was used to connect the device to a PC that had no Internet access. The gadget uploaded malicious files to the computer automatically and gave the attackers remote access to the PC.
Are there malicious programs for iOS?
Classified by Dr.Web as IPhoneOS.PWS.Stealer.1, the malware stole Apple ID credentials on devices compromised by the trojan. IPhoneOS.PWS.Stealer.2... can download and install other applications on the infected smartphones and tablets. The installed apps included those that the trojan would purchase in the App Store automatically at the expense of unsuspecting users.
IPhoneOS.Xsser.1 could steal such confidential information as the contents of the phone book, photos, passwords, SMS messages, the call history, and the device location. IPhoneOS.Cloudatlas.1 could steal such confidential information as the contents of the phone book, photos, passwords, SMS messages, the call history, and the device location.
Programs of this kind are very few in number, which means an iPhone can:
- Serve as a medium for transferring malware to other devices (like a flash drive);
- Get compromised so that a spearhead attack can be mounted.
If the article we cited at the beginning of this issue described actual events (we have no confirmation of that), then a targeted attack did take place and a specific mobile device was infected to penetrate an office network.#iOS #mobile #Dr.Web_settings #Office_Control #removable_media
The Anti-virus Times recommends
Criminals who go about designing such software for iOS will most likely make sure that it won't be detected by a corporate anti-virus using malware signatures. But this doesn't imply that anti-viruses are powerless against these threats. For example, Dr.Web Enterprise Security Suite can protect networks from such attacks. To accomplish this:
- The Office Control must restrict employee access to specific files and folders.
- Employee desktops and laptops should only be able to run trusted applications—to this end, you can use the application whitelist.
And, of course, users should not have the permissions to run applications whose files reside on their mobile devices or appear in their mailboxes.