Before we get into the Apple incident, CryptoLocker infections still seem to be rising. Popular forums get new postings all the time about what to do when you are infected, and as a search term on Google it rose 65% over last week. Current estimates are that CryptoLocker infected more than 234,000 computers worldwide, including more than 100,000 in the United States, the Justice Department said yesterday.
And here’s the next thing. After ransomware hit Windows PCs and Android phones, some other miscreant has found a way to pull a similar scam for Apple devices.
A large number of people, for the moment still mostly located in Australia and the UK, are reporting they have come under an unexplained attack that holds their iPhones and iPads hostage and demands they pay a $100 ransom.
The attacker who used the name Oleg Pliss exploited the “Find My iPhone” feature to launch the attack. It is not clear yet how the attacker got hold of the iCloud accounts used to lock the devices. There are currently four theories being discussed on various support forums.
First is that in a classic phishing attack, people were lured to an Apple
phishing site (of which there are 2,261) and entered their credentials.
Second is the option of a data breach at Apple, (for which they are overdue)
but Apple denies that its iCloud service has been breached.
Third is the possibility of DNS poisoning where people entered the correct
Apple domain name but were subverted to a fake site, and entered their credentials there.
The most scary one is that the hackers are possibly in possession of user
names and passwords from another databreach like eBay or Target, and attacked
users that use the same credentials for their iCloud account.
Seeing the fact that the attack was somewhat geographically contained, this limits the options to possibly the DNS poisoning theory but the jury is still out on that.
One user from Melbourne, said: “I was using my iPad a short while ago when suddenly it locked itself. I went to check my phone and there was a message on the screen (it’s still there) saying that my device(s) had been hacked by Oleg Pliss and they demanded $100 USD/EUR (sent by paypal to lock404(at)hotmail-dot-com) to return them to me.”
David Emm, from security firm Kaspersky Lab, said: “It seems likely that cybercriminals gained access to Apple ID credentials. By using the credentials to access an Apple iCloud account, the attackers can enable the ‘Find My iPhone’ service – this is not only able to locate a lost or stolen device, but also to set a passcode preventing third parties from accessing the personal data stored on the smartphone.
“This is clearly a form of ransomware, previously only seen on PCs and, recently, on Android devices – although in those cases malware was used to trigger this behavior. This campaign is further proof that cybercriminals are adopting criminal business models developed for the PC, applying them to new areas and fine-tuning their methods.”
Source: “Cyberheist News”