Following news today that Apple was targeted in a ransomware attack carried out by REvil – with a key Apple supplier in Taiwan being sent threats around stolen blueprints of new iPads and iMacs – please find below commentary from security expert.
Experts Comments
What is REvil?
How real is the threat made by the actors?
The threat is real and this is not the first high-profile incident that has used this malware.
What should Apple do in this situation? And how can they protect themselves if contractors are so easily hacked?
Unfortunately, purely technical protection measures are not enough – the contractor's protection perimeter is under their jurisdiction. Manufacturers are left to impose strict information security requirements for their suppliers, as well as, for example, imposing legal sanctions for such violations.
How can information security services help in this case? Is the main task of information security teams to prevent such attacks?
The main task is to prevent the occurrence of such attacks in the future. In the aftermath of such attacks, it is important to conduct a comprehensive investigation of the incident, draw conclusions about the current vulnerabilities and fix them (remove excessive use of RDP, especially without a VPN, and reduce the attack surface). Also, in our opinion, it is important to put in place effective monitoring, and to have an action plan in case such attacks occur.
Is this attack unique? How do you think it may affect the info security world?
Targeted ransomware attacks on large companies have become quite common, especially over the past few years. One specific attack, even on an organisation known worldwide, will not change the way things are operated. But we hope that the reaction to this trend will include the introduction of information security events monitoring; complex cybersecurity systems, including for proactive detection of attacks; and enhanced training of employees around cybersecurity rules.Read Less
REvil initially targeted Quanta Computer, one of Apple's business partners, who refused to negotiate with the group after REvil claimed to have stolen vast amounts of sensitive date from Quanta. Quanta have a number of high profile customers including Alienware, Lenovo, Cisco, and Microsoft, and it appears that the Ransomware gang will work through the list depending on the levels of information stolen for each customer. So far, REvil already has a number of schematics and diagrams of MacBook components on its dark web leak site as part of their efforts to force Quanta to negotiate.
REvil has become one of the most common ransomware-as-a-service (RaaS) operators and has made a number of high profile demands recently.
Once a ransom payment is paid to REvil the core developers and the affiliates split the payment. However, as with all ransom demands even if the demands are met, there are no guarantees that this data hasn’t been copied and could appear for sale in the future. If REvil are unsuccessful in their negotiations with Apple it will be no surprise to see them try another client of Quanta.Read Less
