The rise of artificial intelligence (AI) has led to increasingly sophisticated cyberattacks, turning ransomware into a service for cybercriminals. New threats have also emerged, targeting the iOS operating system through Operation Triangulation 2024.
As the cybersecurity threat landscape continues to evolve, with new attackers, technologies, and threats emerging, organizations and communities face an uncertain landscape. Even opening an email can pose unpredictable risks.
According to Kaspersky's Incident Response Analyst Report 2023, 75% of cyberattacks took advantage of vulnerabilities in Microsoft Office. In terms of attack methods, 42.3% targeted free applications available on the Internet, 20.3% took advantage of compromised accounts, while only 8.5% used brute force.
Most attacks start with a method like this: bad guys use stolen or illegally purchased credentials. They then launch attacks via RDP, send phishing emails containing malicious attachments or links, and infect systems with malicious files disguised as documents on public sources. On the positive side, the number of attacks in Q1 2023 decreased by 36% compared to the same period in 2022.
One of the most dangerous cyberattack campaigns ever discovered by Kaspersky is called Operation Triangulation. This campaign targets iOS devices by exploiting hardware vulnerabilities in Apple's CPUs to install malware.
Notably, the hackers used four extremely dangerous zero-day vulnerabilities to infect the targeted devices, which can cost more than $1 million on the black market.
When an iOS device is targeted, it receives an invisible iMessage containing a malicious attachment. The attachment exploits a vulnerability that allows the malware to be automatically executed without user interaction. Once installed, the malware connects to a command-and-control server and begins the multi-stage attack. Once complete, the attacker takes full control of the iOS device and wipes away all evidence of the attack to hide their actions.
Apple has patched these vulnerabilities, however, to protect devices against possible future attacks, iOS users should regularly update software, periodically restart their devices and turn off iMessage to minimize the risk of receiving malware via messages.
"Government organizations are the most targeted targets, followed by manufacturing businesses and financial institutions. Ransomware and destructive cyber attacks are the two most serious threats, causing huge damage to organizations," said Igor Kuznetsov, Director of the Global Research and Analysis Team (GReAT) at Kaspersky.
KIM THANH
Source: https://www.sggp.org.vn/tan-cong-mang-khai-thac-cac-lo-hong-phan-cung-trong-cpu-cua-apple-post754206.html
Comment (0)