From the “this doesn’t happen every day” department comes this document that Apple posted yesterday. In short, this covers what Apple threat notifications are and why you’d get one:
Apple threat notifications are designed to inform and assist users who may have been individually targeted by mercenary spyware attacks, likely because of who they are or what they do. Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices. Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks.
So let me point out a couple of things. For the overwhelming majority of people who are reading this post, you will likely never get a threat notification because you’re likely not the target of a “mercenary spyware attack”. The targets for these sorts of attacks are typically politicians, journalists, and human rights activists for example. And the threat actors are typically governments who want to gather intelligence to ultimately silence those in the target group that I just named. But even given that fact, this article also goes into detail about what you need to do if you actually get a threat notification. And how to reduce the chance that you could be pwned by “mercenary spyware attacks” from people like the infamous NSO Group. Thus this is worth your time to at least read once or twice for reasons that I will get to in a moment.
Now if you’re still paranoid about this after everything that you’ve read so far, let me see if I can reassure you. Ted Miracco, CEO, Approov has some additional advice:
“While Apple devices are believed to feature strong security measures and privacy features, there are certainly gaps.
“Apple users can often develop a false sense of security, because the default settings on iOS are seemingly designed for user experience and convenience, and are not sufficient to guard against the most sophisticated attacks, such as mercenary spyware or state-sponsored cyber espionage. This reality is parallel to that of Android devices, where default settings also aim to balance security with user convenience, and so fall far short against highly targeted and well-funded attacks. Attackers have moved on from broad, clumsy attacks to highly targeted and sophisticated ones, and they’re deeply skilled, highly organized and well funded.
“The key point here is not to single out one platform over another but to highlight the broader industry challenge. The existence of features like Lockdown Mode and Advanced Data Protection for iCloud on Apple devices underscores the company’s awareness of these sophisticated threats, and a commitment to offering tools that users can employ to enhance their security. However, these tools often require manual activation and a deeper understanding of the potential threats, leading to a gap in security for users who do not adjust beyond the default settings.
“For Apple users, one of the most significant steps you can take to protect your data is enabling Advanced Data Protection for iCloud. This feature significantly enhances the security by using end-to-end encryption for a broader range of data types. We strongly urge users who might be at higher risk due to their profession or visibility, to also enable Lockdown Mode on their Apple devices. Lockdown Mode is a comprehensive shield designed to prevent the most advanced digital threats by limiting the attack surface that spyware exploits.
“Mobile users aren’t alone in this exposure. App developers are similarly at risk from Apple and Android mobile devices, where sideloading allows their apps to be subject to cloning and other IP theft – security and fiscal issues that current app store structures perpetuate.”
Again, I want to stress that for the overwhelming majority of people who are reading this post, you will likely never get a threat notification. Largely because you will never be targeted by threat actors in this way. But the advice that is given in this post is a great way to reduce your attack surface so that you are safe from this or any sort of threat.
Related
This entry was posted on April 11, 2024 at 1:16 pm and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Apple Posts A Document On Apple Threat Notifications…. Why You Should Read It And Why You LIKELY Shouldn’t Worry
From the “this doesn’t happen every day” department comes this document that Apple posted yesterday. In short, this covers what Apple threat notifications are and why you’d get one:
Apple threat notifications are designed to inform and assist users who may have been individually targeted by mercenary spyware attacks, likely because of who they are or what they do. Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices. Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks.
So let me point out a couple of things. For the overwhelming majority of people who are reading this post, you will likely never get a threat notification because you’re likely not the target of a “mercenary spyware attack”. The targets for these sorts of attacks are typically politicians, journalists, and human rights activists for example. And the threat actors are typically governments who want to gather intelligence to ultimately silence those in the target group that I just named. But even given that fact, this article also goes into detail about what you need to do if you actually get a threat notification. And how to reduce the chance that you could be pwned by “mercenary spyware attacks” from people like the infamous NSO Group. Thus this is worth your time to at least read once or twice for reasons that I will get to in a moment.
Now if you’re still paranoid about this after everything that you’ve read so far, let me see if I can reassure you. Ted Miracco, CEO, Approov has some additional advice:
“While Apple devices are believed to feature strong security measures and privacy features, there are certainly gaps.
“Apple users can often develop a false sense of security, because the default settings on iOS are seemingly designed for user experience and convenience, and are not sufficient to guard against the most sophisticated attacks, such as mercenary spyware or state-sponsored cyber espionage. This reality is parallel to that of Android devices, where default settings also aim to balance security with user convenience, and so fall far short against highly targeted and well-funded attacks. Attackers have moved on from broad, clumsy attacks to highly targeted and sophisticated ones, and they’re deeply skilled, highly organized and well funded.
“The key point here is not to single out one platform over another but to highlight the broader industry challenge. The existence of features like Lockdown Mode and Advanced Data Protection for iCloud on Apple devices underscores the company’s awareness of these sophisticated threats, and a commitment to offering tools that users can employ to enhance their security. However, these tools often require manual activation and a deeper understanding of the potential threats, leading to a gap in security for users who do not adjust beyond the default settings.
“For Apple users, one of the most significant steps you can take to protect your data is enabling Advanced Data Protection for iCloud. This feature significantly enhances the security by using end-to-end encryption for a broader range of data types. We strongly urge users who might be at higher risk due to their profession or visibility, to also enable Lockdown Mode on their Apple devices. Lockdown Mode is a comprehensive shield designed to prevent the most advanced digital threats by limiting the attack surface that spyware exploits.
“Mobile users aren’t alone in this exposure. App developers are similarly at risk from Apple and Android mobile devices, where sideloading allows their apps to be subject to cloning and other IP theft – security and fiscal issues that current app store structures perpetuate.”
Again, I want to stress that for the overwhelming majority of people who are reading this post, you will likely never get a threat notification. Largely because you will never be targeted by threat actors in this way. But the advice that is given in this post is a great way to reduce your attack surface so that you are safe from this or any sort of threat.
Share this:
Like this:
Related
This entry was posted on April 11, 2024 at 1:16 pm and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.