Story image

Questions remain as Apple’s ANZ users come under attack

31 May 14

"It's not exactly clear what has happened here,” admits David Harley, Senior Research Fellow, ESET.

“Or why the only people affected so far are Australians and New Zealanders.”

Based upon what is known of Apple IDs being compromised across the region, Harley believes it is extremely unlikely that Apple itself has been hacked or suffered a vulnerability.

"A far more likely scenario would be that ANZ consumers have been targeted by exploiting password reuse - where malicious hackers obtain password and ID credentials in some type of data breach or phishing attack and then reuse them to gain access to other accounts,” he adds.

"Regardless of the root cause, the most important preventative measure is to enable Apple's 2-factor authentication for Apple ID credentials.

“As far as I can ascertain, no-one in Australia or New Zealand who's activated 2-factor authentication has received the ransom demand alert.”

Essentially, this allows users to authenticate using a password, a 4-digit PIN (verification code) texted to a trusted device at each login, and also generates a 14-digit recovery for emergency.

“This might also be a good time to change your AppleID password and ensure that you're not re-using a password that might have been compromised from another service,” Harley warns.

“Apple Australia has also suggested contacting AppleCare or visiting an Apple Store if necessary, and claims that an iCloud breach is not responsible.

"At ESET we are yet to come across an instance where someone has paid the ransom demand, but there's no reason to assume that the criminal would actually restore the victim's access to the affected device(s).

“So I guess it begs the question - even if you pay, will the hacker give you back your digital assets stored on the device?

"For people who have been affected, you could try to erase the device and its password using recovery mode.”

For more details on how to do this visit

Commerce Commission report shows fibre is hot on the heels of copper
The report shows that as of 30 September 2018 there were 668,850 households and businesses connected to fibre, an increase of 45% from 2017.
Mac malware on WatchGuard’s top ten list for first time
The report is based on data from active WatchGuard Firebox unified threat management appliances and covers the major malware campaigns.
Big Bash Boom gives us cricket with power-ups
From the moment you hit play, you know that Big Bash Boom isn’t your usual cricket game. 
Bin 'em: Those bomb threat emails are complete hoaxes
A worldwide spate of spam emails claiming there is a bomb in the recipient’s building is almost certainly a hoax.
The tech that helped the first woman to sail around Australia
Lisa Blair used devices from supplied by Pivotel to aid her in becoming the first woman to circumnavigate Australia non-stop.
Marriott sets up call centres to answer questions on data breach
Marriott has released an update on the breach of the Starwood guest reservation data breach which affected 500 million guests.
How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Hands-on review: The Logitech R500 laser presentation remote
With a clever ergonomic design, you’ll never have to glance at the device, unless you deliberately look to use the built-in laser pointer to emphasise your presentation.