By Pierluigi Paganini, Editor-in-Chief
There is no peace for enterprises, in few weak we have discovered how much vulnerable are giants of IT, one after another, fell the most renowned names from Facebook to Twitter, companies that we considered immune from thousands of attacks they receive each day.
Until now Microsoft and Apple weren’t affected … but its news of these hours that the Cupertino company has also been victim of an attack, hackers targeted some of its employees’ machines as part of the same attacks against a number of companies.
Apple today confirmed to Reuters press agency that it was targeted by cyber attacks as part of the series of hacking campaigns that hit US news agencies and other enterprises.
Unknown hackers have infected employee’s computers adopting same techniques implemented during the attacks to Facebook; Apple’s workers were infected when they visited a compromised website for software developers. The malware hosted on the infected website had been designed to attack Mac computers and exactly for the other attacks it exploited a flaw in a version of Oracle Corp’s Java software used as a plug-in on Web browsers.
The article proposed by Reuters states:
“Security firm F-Secure wrote that the attackers might have been trying to get access to the code for apps on smartphones, seeking a way to infect millions of end-users. It urged developers to check their source code for unintended changes. Apple disclosed the breach as tensions are heating up over U.S. allegations that the Chinese military engages in cyber espionage on U.S. companies.”
Of course also in this case the victim declare that “there was no evidence that any data left Apple.”, following the advisory published by Apple:
“Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.
Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days. To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found.”
It’s not first time that Apple machine were hit by cyber attacks, last month it blocked Java from some of its Macs using its XProtect antimalware tool, fortunately Apple has immediately started the incident response procedures planning to release a security update later today and in fact it has provided a Java update to fix the vulnerability exploited during the attacks:
“Java for OS X 2013-001 delivers improved security, reliability, and compatibility for Java SE 6. Java for OS X 2013-001 supersedes all previous versions of Java for OS X.”
Security experts are convinced that attacks are originate from China, just today Mandiant published an interesting report on APT1 & China’s cyber espionage units accused to be the fist information collector of foreign governments and enterprises.
Bloomberg has published an article that introduces the hypothesis that attackers are based in Russia or Eastern Europe.
“Investigators suspect that the hackers are a criminal group based in Russia or Eastern Europe, and have tracked at least one server being used by the group to a hosting company in the Ukraine. Other evidence, including the malware used in the attack, also suggest it is the work of cyber criminals rather than state-sponsored espionage from China, two people familiar with the investigation said.”
The security expert Charlie Miller declared that the attacks show that attackers are investing more time studying the Mac OS X operating system, he remarked that hackers recently figured out a fairly sophisticated way to attack Macs by exploiting a flaw in Adobe Systems Flash software.
“The only thing that was making it safe before is that nobody bothered to attack it. That goes away if somebody bothers to attack it,” Miller said.
Fortunately Apple confirmed that only “a small number of systems” were infected by the attack before being isolated, investigations into the breaches are ongoing.
Sources: CDM and Reuters