The latest trick used by hackers to make money is to infect and hold your iPhone hostage by using something called "zero-click attacks". Let’s have a look at how this works and what you can do to make sure you don’t become a victim of this.
The Better Business Bureau has released a report in which it reveals that cybercriminals have started using new software to infect iPhones. The scary thing with this type of attack is that the user doesn’t have to download anything, or even click on a link.
It is known as a "zero-click" attack and hackers use it to take control of your phone, and then demand that you pay them with cryptocurrency before giving you back control of your device.
Andy Jacob, CEO of DotCom Magazine, says “If this ever happens to you, you should immediately report it to the FBI. Also never pay the ransom money as this does not guarantee that the problem will be solved”.
To prevent hackers from gaining access to your phone, ensure that you update your software as soon as new operating system versions or patches become available. You should also never click on suspicious downloads or links.
Tips To Help You Prevent 'Zero-Click' and Other Cyber Attacks
The Better Business Bureau, the Cybersecurity and Infrastructure Security Agency (CISA) together with the FBI recommend that businesses and consumers take the following steps to protect their electronic devices against cyber-attacks:
– Keep your devices clean and make sure you are always up-to-date with the latest software. Infections can be prevented if you update critical software as soon as new operating system versions or patches become available. This includes mobiles and other devices connected to the Internet.
– Never click on links if you are not sure of the source. Even in cases where you think you know the sender, be careful about clicking on links in emails. When you are not sure, rather be safe and delete it. Be especially cautious of messages that threaten you in any way, ask you to provide personal information, or require you to act quickly.
– Back up your systems regularly. In cases where you have been hit by ransomware, systems can be restored and the recovery process will go much quicker if you have current backups of all your data.
– Implement strong authentication for your accounts, especially crucial networks. Needing more than just a username and password will help to prevent access via hacked or stolen credentials.
– You should enable popup blockers as scammers regularly use popups to spread malware. Prevent popups from running by configuring your browser settings.
– Implement strong passwords. Require strong, unique, and long passwords to decrease the likelihood of intrusions.
The FBI (Federal Bureau of Investigation) and CISA (Cybersecurity and Infrastructure Security Agency) recently published a cybersecurity advisory that details mitigation steps and precautions that organizations in the private and public sectors can implement to reduce their risk to cyber-attacks, including ransomware. The advisory is based on observing how high-impact ransomware attacks that have happened in the past are timed, rather than as a reaction to a specific threat being reported.
In the advisory, the FBI and CISA give details of network defense practices that can be implemented to manage the risks posed by all types of cyber threats, including ransomware. One recommendation action is for organizations that can do so to institute preemptive threat hunting on their networks to identify threat actors. The advisory describes the basic steps to threat hunting and explains why a proactive strategy can be beneficial. The advisory also lists recommended best practices that all organizations should adopt, including instituting multi-factor authentication for administrative accounts and remote access.
CISA’s Executive Assistant Director for Cybersecurity, Eric Goldstein, says although ransomware is a critical challenge as well as a national security threat, it can be surmounted. With the FBI’s help, CISA continues to collaborate regularly to ensure they provide actionable, useful, and timely advisories to help government and industry partners of all sizes to strengthen their resilience and implement defensible network strategies. All organizations should always be vigilant against this constant threat.
Apart from the overview of current threats of common ransomware variations used in attacks and recent holiday trends and targeting, the advisory urges organizations not to pay the ransom as doing so doesn’t guarantee the compromised data will be recovered.
Irrespective of whether a company decides to pay the ransom or not, it is crucially important that all incidents are reported to the local FBI field office or the CISA. One of the best ways that helps in preventing future ransomware attacks and holding those criminals responsible for the attacks accountable, is for victims of cyberattacks to report it.
The advisory also provides a list of specific forensic objects that could be very helpful to assist in identifying the perpetrators and protecting others.