Introduction

The National Cyber Coordination and Command Centre (NC4) continuously monitors the cyber security threat level in Malaysia. In view of the advisory from Apple regarding sophisticated mercenary spyware targeting individuals using Apple devices associated with their Apple IDs, NC4 would like to remind Malaysian to implement sufficient cyber security measures to ensure that Apple devices are secure and practice good cyber hygiene to mitigate the risks posed by this cyber intrusion capabilities.

Impact

A successful exploit will lead to information theft and potential financial loss.

Brief Description

Apple recently issued global alerts regarding the proliferation of mercenary spyware attacks, including the use of tools like Pegasus from the NSO Group. These attacks require a level of sophistication that goes far beyond typical cybercriminal activity and commodity malware. Mercenary spyware attackers dedicate significant resources to meticulously target a select few individuals and their devices. The spyware alerts arrive at a time when many nations are preparing for elections, emphasising the need for heightened vigilance.

Mercenary spyware attacks continue to be a global issue, targeting a range of individuals including journalists, activists, politicians, and diplomats. Mercenary spyware attacks are considered to be among the most advanced digital threats in existence today due to their high cost, sophisticated nature, and global reach. These covert cyber attacks can result in significant financial losses and pose a formidable challenge in terms of detection and prevention. But despite the sophistication and complexity of the attacks, the vast majority of users will never be targeted by such attacks due to its specific objective (targeting High Value Targets, Geopolitical Context and Corporate Espionage) and need significant resource to execute it.

NC4 strongly recommends that all Malaysians implement necessary preventive steps to protect themselves from this cyber attack. If you have received Apple threat notifications, it is important to take them seriously as they are high-confidence warnings that indicate a user has been particularly targeted by a sophisticated spyware campaign. To verify that an Apple threat notification is genuine, sign in to appleid.apple.com. If Apple has sent you a threat notification, it will be clearly visible at the top of the page after you have signed in. (refer to the image below)

Affected Product

All Apple device.

Recommendation

Individuals and organisations are advised to be vigilant and to take the following actions:

1. Update devices to the latest software, as that includes the latest security fixes
2. Protect devices with a passcode
3. Use two-factor authentication and a strong password for Apple ID
4. Install apps from the App Store
5. Use strong and unique passwords online
6. Don’t click on links or attachments from unknown senders
7. You can enable Lockdown Mode on your Apple devices for additional protection if you have reason to believe you may be individually targeted by mercenary spyware attacks but have not yet received an Apple threat notification.
8. Recipients of Apple threat notifications can reach the Digital Security Helpline around-the-clock, 24 hours a day, 7 days a week at https://www.accessnow.org/help/

References

Apple Threat Notifications    https://support.apple.com/en-in/102174

About Lockdown Mode    https://support.apple.com/en-gb/105120

The Recorded Media    https://therecord.media/apple-spyware-notifications-92-countries

Reuters    https://www.reuters.com/technology/cybersecurity/apple-warns-users-mercenary-spyware-attack-91-countries-including-india-et-2024-04-11/