September has brought some interesting new developments in the world of cyber security.
The first item shows the significant increase of credential stuffing attacks.
Also highlighted are the new security features that Apple has introduced with iOS 16.
Finally, adware has been found in numerous mobile applications with an alarming amount of user downloads.
CREDENTILA STUFFING ATTACKS ON THE RISE
Credential stuffing attacks have seen a big increase in the first quarter of 2022. This attack is performed by collecting credentials from one website and trying to use the same credentials on other websites to gain access to users’ accounts. This relies on users having the same credentials across multiple platforms, which is a very bad practice, but also very common. These attacks are seeing an increase because of the growing list of leaked credentials that are often found on the dark web. There are also more automated tools available, which makes it easier for an attacker to test credentials on numerous websites quickly. Okta, an identity and access management company, has reported that there were over 10 billion credential stuffing events on their platform in just the first 90 days of 2022. Users can help prevent these types of attacks by using a different password for every account they have. A great way to accomplish this is by using a password manager.
NEW SECURITY FEATURES IN APPLE'S IOS 16
Apple has released iOS 16 and it comes with some interesting new security and privacy features. The first new feature is called Lockdown Mode. This feature disables commonly abused components of the iPhone operating system to reduce its attack surface. Lockdown Mode is geared towards groups of people who are especially at-risk of being hacked like politicians, journalists, and activists. The next new feature is called rapid security response. Enabling this option will automatically install security hotfixes as soon as they are released by Apple. Another new feature is Apple Passkeys. This feature allows users to sign into websites and apps with Face ID or Touch ID instead of having to enter a password. This gets rid of the risk of the user’s password being leaked, lost, or stolen. The last new feature is a change to copy and paste permissions. iOS 16 will now block apps from accessing the contents of the user’s clipboard, so the app will not be able to read potentially sensitive information that the user has copied.
ADWARE DISGUISHED AS NORMAL MOBILE APPLICATIONS
75 applications on the Google Play Store and 10 applications on Apple’s App Store have been identified as adware. Combined, these applications have been downloaded by more than 13 million users. Adware is a type of malware that hides on a user’s device and delivers the user unwanted advertisements. Sometimes these advertisements are visible to the user and sometimes they are hidden. With these malicious applications, advertisements can even run when the user’s screen is turned off, which can quickly drain the user’s battery. While these applications are not a severe threat, the creators of the applications could utilize them for other malicious purposes.