FutureFive New Zealand logo
Story image

Hackers hit Apple with ransomware, MacBook design files exposed

Hackers are attempting to extort Apple and are openly trying to extort the tech giant in exchange for not leaking stolen files, according to reports.

A hacker group has compromised Apple supplier Quanta's network, and exfiltrated design files that appear to be tied to the Apple MacBook.

The group has demanded a $50 million ransom from Quanta, and also asked Apple to pay. It appears that the REvil ransomware group is behind the attack.

Having compromised Quanta, the group are now demanding Apple pay a ransom by 1 May to prevent the information being leaked.
Apple declined to comment on whether it intended to pay. 

The Taiwanese company that was hacked, Quanta, makes a range of computer products, including the Mac Pro. The hackers, who posted the extortion letter and three sample technical files to their blog on the dark web, are among more than a dozen prolific cybercrime organisations that in recent years have steadily hacked targets around the world, encrypting victims' files or threatening to publish them and demanding ransom, usually in bitcoins.

Jake Moore, cybersecurity specialist at ESET, says this isn’t the first time  malicious actors have targeted Apple in an attempt to extort it out of some serious money.

"But the past has told us that not all of these attempts come to fruition. Apple takes great pride in securing its data alongside its supply chain, which attracts bad actors to test their securities for the possible kudos at stake," he says.

"However, recent attempts suggest they will not pay, however frightened they might be. There is only a very limited amount of “proof”, which could still turn out to be stolen from a variety of other sources, so it is never advised to pay ransom demands," says Moore.

"Furthermore, if Apple were to pay, it would open the floodgates for more attempts to extort them – leading to problems on a whole new level.”

Oz Alashe, CEO and founder at behavioural security platform CybSafe, adds, "The rapid transition to remote working has opened new holes in businesses defences, and ransomware gangs such as REvil have been all too happy to exploit them.

"Apple is famously secretive about its products and product roadmap," he says.

"As a result, leaks from suppliers have the potential to be highly embarrassing. This breach showcases the importance of securing the supply chain and ensuring suppliers adhere to the same security principles."

CybSafe's own research found that demonstrating an adherence to recognised cyber security standards is increasingly required by enterprises before successfully signing off on contracts. 

"Breaches like this one will only further increase the requirement for businesses to demonstrate they are cyber secure, if they wish to work with blue chip organisations," Alashe says.

Jeff Sizemore, chief governance officer at Egnyte, says the breach that gave attackers access to Apple's confidential IP via a hack of one of its suppliers was concerning given the secrecy of Apple when it comes to product designs and roll outs. 

"It's a disaster for the IT team responsible for file security and protecting data within the organisation," he says.

"Unfortunately, we see far too often that there are methods and tools being employed that don't meet the security and control needs of an organisation. "

Sizemore says security is more than a checklist. 

"The best solutions fit in a broader sense of governance but still make it easy to share files with anyone without compromising security and control," he explains.

"The reality is that all content is vulnerable without proper data governance, and it is imperative that organisations protect the data itself, not just the infrastructure that transports it," Sizemore says. 

"This type of security incident happens regularly, particularly now that we are all working in such decentralised teams. If secure file collaboration tools are implemented correctly, they can render cybercriminals attacks useless. 

"Used in a case like this where the adversaries were able to infiltrate the network and exfiltrate files, the files themselves would be inaccessible to outsiders, and the valuable IP would remain locked away."