The first mass attack on Apple’s mobile platform came to light when researchers discovered 40 malicious apps that existed on the App Store. Apple was silent about the biggest attack on the iOS platform. Photo: Getty Images. When the scope of the investigation was expanded, this number was eventually determined to be 4,000. They contain malicious code that makes iPhone and iPad part of the botnet. Simply put, the iPhone infected with malicious code becomes the iPhone “zombie”, manipulated for many malicious purposes. Malware infiltrated 128 million iPhones This shocking information has just been revealed by Epic’s lawyers, a few days before the trial of the antitrust lawsuit between the game maker and Apple. Accordingly, on the afternoon of September 21, 2015, about a week after Apple launched iPhone 6s / 6s Plus, Apple leaders discovered 2,500 malicious applications on the App Store, which were downloaded by 128 million users, total plus 203 million visitors, of which 18 million users in the US. Thousands of malware appeared on 128 million iPhones. Photo: Bankinfosecurity. “Joz, Tom and Christine – the number of affected customers is very large, should we email all of them?”, Apple’s Senior Vice President of Global Marketing, Greg Joswiak team members by email. “If so, Dale Bagwell from the Customer Experience team will take care of it. It should be noted that it is difficult to translate emails into the local language, as the application is downloaded in many different countries around the world. About 10 hours later, Bagwell joined the discussion on this matter. Obviously localizing the content, especially the exact name of the application, is not easy. Finally, no emails are sent to the client. Apple quietly posted a simple Q&A document, which generally lists the series of malicious codes appearing on the App Store and the 25 most downloaded names of these. Currently the post has also been deleted. Malware impersonates Apple’s development tools The biggest attack in iOS history came from developers writing apps using fake Xcode – Apple’s iOS and OS X software development tools. The version called XcodeGhost stealthily inserted malicious code alongside the normal functions of the application. Since then, the infected applications cause the victim’s iPhone to be controlled and controlled by the server, and provide a lot of information about the device, including name, identification code, network information, details in ” IDfierForVendor ”… XcodeGhost has embedded the malicious code in popular applications. Photo: Hackread. In China, XcodeGhost promises to load faster than the Xcode toolkit provided by Apple. When developers use the fake version, they receive a warning from Gatekeeper, the macOS security feature requires the app to be verified by a reputable publisher. Eventually, however, thousands of apps developed from the fake toolkit still appeared on the App Store. Disappointing behavior of Apple According to the Wired The Cupertino giant has long made security and privacy a top priority on its devices. Therefore, they need to report directly to the users affected by this serious incident. Google has a bad reputation for being silent when users download malicious apps on Android or the Chrome browser, now it’s Apple’s turn. This is not the first malware scandal on the App Store that eventually falls silent. From 2013, page ArsTechnica found that the application “Jekyll” passed an Apple rating but ultimately contained malicious code. The leaders of Apple have forwarded back and forth, discussing a lot about the method of controlling and approving applications on the App Store. However, all are kept internally confidential without public notice to affected users. IOS 15 build with many new features The new iOS build integrates quite a few features that users have been waiting for.

CEO Tim Cook speaks at WWDC 2018 (Image: Getty Images) This is the first time Apple publish this data. It is a sign of “defective apple” becoming more transparent in the process of approving and rejecting iPhone applications under pressure from many countries. Thanks to the application review system, comparing with the App Store regulatory list, the company can keep iPhone users safe from fraud, malware or poor experience. Apple also published some notable figures for 2020. Accordingly, the manufacturer Iphone rejected nearly 1 million applications submitted for the first time; deny nearly 1 million application updates. 48,000 applications removed due to use of “hidden or unreported features”; 150,000 applications removed for spam or other application copying; 215,000 apps removed for collecting too much user data or violating privacy; 95,000 applications were removed due to phishing, usually they change to other types of applications such as gambling, porn. 470,000 accounts disabled from the developer program for phishing. Additionally, last month, Apple declined 3.2 million app downloads using an enterprise license. This is how large businesses often use to circumvent the App Store law to install internal apps on employees’ iPhones. Currently, the lawsuit between Apple and Epic Games is taking place. Game maker Fortnite denounces the App Store as a “closed garden”, hurting developers, and Apple discriminates against many. Epic Games also confirmed that Apple’s process is not perfect, sometimes approving malware. Apple employees themselves have admitted their process is not good enough to prevent scams. At the trial, Apple said, combining 500 automated reviewers and testers to review nearly 5 million applications per year, from 2017 to 2019 (updates included), the rate from declined from 33% to 36%. The flaws are too small for the size of the App Store. Apple sees the App Store as a fundamental, irreplaceable part of its business. This is the only way for users to install software on the iPhone. Apple’s attorney argued that if users let users download apps from outside the App Store the way Android is doing, they would be at risk of security. Apple doesn’t want to be Android. Du Lam (According to CNBC)

FlexXon introduces the X-PHY SSD with AI security. Photo: Flexxon Flexxon is a security company based in Singapore, specializing in the design, manufacture and retail of industrial NAND flash memory and storage devices. Flexxon also offers leading memory solutions ensuring the highest level of data security. A new product from Flexxon has been introduced as the world’s first AI solid state drive. New technology to protect data at the hardware level, SSD can protect from both remote and physical attacks. A wide range of features include temperature sensors to detect abnormal movements, detecting traditional threats like malware and viruses or tampering with drives or ransomware. However, Flexxon did not elaborate on the work of this intelligent protection mechanism but when something goes wrong, the X-PHY SSD will send an alert to the user by email and lock itself to prevent actions. vi is believed to affect the system. The user can then unlock the device through the dynamic authentication process. For customers with high security needs, data can be automatically deleted if the device falls into the wrong hands. It is very difficult to send emails about the status of the SSD when the PC is turned off and the operating system is not running, it is not clear how the X-PHY SSD will do this. The devices are manufactured in M.2 2280 and U.2 format and PCIe 3.0 x 4 (NVME 1.3) interface is used for connection. This series includes 512 GB and 1 TB capacities. This device is expected to be ordered and delivered to corporate customers in September this year, and by 2022 it can be mass produced for all customers.

The Colonia company had to shut down the fuel pipeline after a cyber attack. Photo: AP. Leading American fuel pipeline company Colonial shut down its entire network that supplies nearly half of the fuel to the US East Coast, following a May 8 ransomware ransomware attack. Every day, the Colonial company ships 2.5 million barrels of gasoline, diesel, jet fuel and other products through a 850-kilometer pipeline connecting the eastern and southern coasts of the United States. The company has shut down systems to stop the threat after learning about the attack. According to sources, hackers are most likely a highly professional cybercrime group. And the malware used in the attack is ransomware. Ransomware is a type of malware designed to lock systems by encrypting data and taps money to regain access. This malware has become popular in the past 5 years. The Colonial Company has invited a third-party cybersecurity company to conduct an investigation and contacted law enforcement and other federal agencies to initiate an investigation. Colonial provided no further details or said how long their fuel lines would be closed. “Cyber ​​vulnerabilities have become a systemic issue,” said Ms. Algirde Pipikaite, Head of Network Strategies at the World Economic Forum’s Cyber ​​Security Center. Without measures to protect cybersecurity, attacks are occurring more often on industrial systems such as oil and gas pipelines or water treatment plants. In 2017, Colonial shut down its gas distillation and production lines during Hurricane Harvey that hit the Gulf Coast. That contributes to tight supply and price increases in gasoline in the US.

Colonial Pipeline America’s largest fuel pipeline system was attacked by network, has not yet assessed the damage. (Source: Freightwaves) To deal with the incident, the company had to close the entire network. Colonial Pipeline said the attack “suspended all pipeline operations and affected some of our IT systems”. Sources in cybersecurity revealed that the malware used in the Colonial Pipeline attack was ransomware – a type of malware designed to block systems with how to encrypt data and request a ransom payment to restore access. The Colonial transports gasoline, diesel, jet fuel and other refined products from the Gulf of Texas to the populous US East Coast via a 8,850 km pipeline, serving 50 million customers. Oil analyst Andy Lipow said that the impact of the attack on supply and fuel prices will depend on how long the pipeline is down. If the line stops working for a day or two, the impact will be minor. However, if the pipeline is forced to shut down for 5 or 6, shortages or price increases will occur, especially in the area stretching from Alabama to Washington DC. (According to AFP, Reuters)

The modern world is being “digitized” at a rapid rate. Almost every service, every industry, from finance, industrial enterprises, … to the armed forces, is already networked at one level or another. In the “smart home” with TVs, refrigerators, vacuum cleaners, washing machines, microwave ovens …, and even smart light bulbs are becoming common; On the street, there were the first cars with autonomous driving systems.

Such devices are expected to make people’s lives easier, but certainly these technologies will also be applied in other areas as well. While digital systems and services make the quality of human life much better, in theory all digital systems can be hacked – which is already in practice. positive.

Computer virus

Theoretical basis for the development of the “computer virus” was formed almost simultaneously with the emergence of the computer itself in the mid-20th century. In 1961, engineers Viktor Vysotsky, Doug McIlroy and Robert Morris of the Room Bell’s telephone experiment had developed programs that could make copies of themselves – the first viruses. They are created in the form of a game that engineers call “Darwin”, the purpose of which is to send bots to friends to see which will destroy more of the competitors’ programs and create more copies of itself to fill someone else’s computer.

Cyber ​​weapons are said to be equally complex and are weapons of mass destruction; Source: topwar.ru

In 1981, Virus 1,2,3 and Elk Cloner appeared on Apple II personal computers; a few years later, the first anti-virus programs appeared. The word “computer virus” in fact includes many types of malware: worms, hijackers (rootkits), spyware, zombies, adware, virus blocking (winlock), Trojan viruses (trojans) and their combination. If the first viruses are often written for entertainment, over time they begin to be “commercialized” – to steal personal and financial data, disrupt device operations, encrypt the data. for the purpose of blackmail …

With the advent of electronic money, computer viruses received a new function – bringing the user’s computer “as a slave” to mining cryptocurrency, forming a huge network of computers. botnet infection (before that, botnet also existed, such as to send spam mail or DDoS attack). Opportunities like this cannot help but make the military and intelligence agencies in general with missions – steal something, destroy something …, care.

Computer virus – a strategic weapon

On June 17, 2010, for the first time in history, the win32 / Stuxnet virus – a computer worm that infects not only computers running the Microsoft Windows operating system, but also industrial systems that control the processes. automatic production, detected. This worm can be used as a means of gathering unauthorized data (spying) and sabotaging automated process control systems (APCS) of industrial enterprises, power plants, boilers, etc.

According to cybersecurity experts, this virus is the most complex software product, developed by a professional team of dozens of experts. In terms of complexity, it can be compared to a Tomahawk cruise missile, and is designed for cyber operations. The Stuxnet virus has damaged some uranium enrichment centrifuges, slowing down Iran’s nuclear program. Intelligence agencies of Israel and the US are suspected of developing the Stuxnet virus.

Industrial facilities, infrastructure, services … all can be targets of cyber weapons; Source: topwar.ru

Later, other computer viruses were discovered, with a degree of complexity similar to that of win32 / Stuxnet (most suspected of being an Israeli / US product), such as: Duqu, designed to collect confidential data in a confidential manner; Wiper (late April 2012), destroyed all information on some of the servers of one of the largest oil companies in Iran and completely paralyzed its work for a few days; Flame, a spy virus, is believed to be developed specifically for attacks on Iran’s computer infrastructure (can identify mobile devices with Bluetooth module, track location, stealing confidential information and eavesdropping on conversations); Gauss, aimed at stealing financial information: e-mail, passwords, bank account data, cookies, as well as system configuration data; Maadi (suspected of Iran) – can collect information, remotely change computer parameters, record audio and transmit it to remote users …

Application

In the Middle East, for example, the largest producer of liquid natural gas (LNG), has an interest that seriously conflicts with the interests of another country. The Middle East country has a network of oil and gas pipelines, LNG production lines and a fleet of Q-Flex and Q-Max tankers designed to transport LNG and has a military base of the third country. three are on its territory. An armed attack directly on a Middle Eastern country could do more harm than good. Then, the solution might be the use of cyber weapons.

Modern oil and container ships are becoming more and more automated; No less automation is used in LNG plants. Therefore, specialized malware is loaded into the control systems of the Q-Flex and Q-Max tankers, or their LPG storage systems, theoretically permissible at a certain time ( or on an external command, if there is a network connection) creates an artificial accident that completely or partially destroys selected tanks / tanks. It is very likely that flaws in the LNG production process lead to neutralization, including potentially destroying the plant.

Cyber ​​weapons can easily have the same effects as the recent Suez Canal clogging; Source: topwar.ru

An explosion of an LNG carrier due to an accident at the entrance to a port or the failure of the LNG storage device can not only result in damage to the vessel itself, but also damage to coastal infrastructure. The goals could therefore be: undermine the energy supplier’s reputation, with the possibility of consumers reorienting the natural gas market of another country; increasing prices for world energy sources, helping to generate more revenue for the national budget; undermining political activity and interfering in the internal affairs of other countries in the region, due to a decrease in the financial capacity of the country in question.

Depending on the economic damage inflicted, a complete shift in ruling elites could occur, as well as a limited conflict between that state and its neighbors, who may want to take advantage of neighboring countries’ weaknesses to change the balance of power in the region. The crux of this activity is secrecy, so that there is no direct blame without clear evidence. The United States has repeatedly been accused of conducting hostile operations against even its most staunchest allies.

Another option for using cyber weapons has been suggested by a recent incident. A giant ship – an oil tanker or a container ship, passing through a narrow canal, suddenly the control system gives out a series of commands to dramatically change the direction and speed of movement, resulting in the ship spinning break and completely block the channel. It can even be flipped, making it extremely time-consuming and costly to rescue it. The Evergreen Group’s container ship blocking the Suez Canal shows how congestion of shipping arteries affects the global economy. It is especially effective if such incidents occur simultaneously on several channels.

Or most recently, Iran is accusing Israel of terrorizing its Natanz nuclear base network … In the absence of a clear trace of the culprit, it would be extremely difficult to establish – anyone can also be blamed for this. Therefore, the development of industrial-scale cyber weapons is considered to be a top priority. Information technology along with nanotechnology and biotechnology are the cornerstones of dominance in the 21st century, but the development of cyber weapons is much cheaper than the development of promising nano biotechnology. and conventional modern weapons ./.

A global customer survey conducted by Statista shows that Vietnam has the second highest cryptocurrency usage rate in the world, after Nigeria.

With millions of dollars traded every month, cryptocurrency exchanges are a good prey for cybercriminals. Fraudulent acts on electronic transactions include developer and investor information collection; attack with malware, phishing, malicious code, fake notification, navigate to fake website, DDoS … and steal electronic wallet security key.

A notorious cybercrime gang that targets cryptocurrencies is Lazarus and its members. Since 2019, Kaspersky researchers’ investigations show that Lazarus is behind the recent attacks in Singapore.

BlueNoroff, “family member” Lazarus specializing in the financial attack, is also said to be carrying out cryptocurrency-related attacks in Southeast Asia under the name SnatchCrypto.

The gang targeted banks, and was also accused of being involved in the theft of $ 81 million by Bangladeshi banks. Kaspersky researchers have been tracking SnatchCrypto since the end of 2019 and found that the guys behind the campaign have resumed operations with a similar strategy.

Chris Connell, Managing Director of Kaspersky Asia Pacific said: “In the near future there will be more new crypto investors across Southeast Asia as the bargains from different cryptocurrencies are undeniable, and Vietnam is one of the countries that are at the forefront of this transformation.

The development of cryptocurrencies is an integral part of digital transformation in the region and in Vietnam, so we encourage individuals who access these financial technologies to have a basic knowledge of security measures to keep our cryptocurrency safe ”.

Experts at Kaspersky share some basic ways to protect yourself against cybercriminals on cryptocurrency exchanges:

– Transaction research: Before investing, learn about cryptocurrency exchanges. These platforms provide the means for buying and selling virtual currency units, but there are over 500 transactions to choose from. Do research, read feedback and talk to experienced investors before going any further.

– Know how to keep your virtual currency: After purchasing cryptocurrency, you need to keep it. There are different types of wallets, each with different benefits, technical requirements and security. When trading, you should research your storage options before you invest.

– Diversification of investment: Diversification is the key to any smart investing strategy, and so is when you invest in cryptocurrencies. Don’t put all your capital into Bitcoin just because it’s the only name you know. There are thousands of options, and it’s best to divide your investments by a few different currencies.

– Prepare for instability: Cryptocurrency is a volatile market, be prepared for volatility. You will see amazing fluctuations in prices. If your investment ability or mental health cannot tolerate volatility, then cryptocurrencies may not be a wise investment.

Cryptocurrency is booming, but it’s still in its infancy. Investing in something new always presents challenges, so be prepared. If you are planning to invest, do your research carefully and invest carefully.

– Always give security: Transacting using your home network is safer than using a public network, but you need the right security. For starters, it’s a good idea to change the default router password because the root password is usually the same for all routers of the same model, making your WiFi vulnerable to attack.

In any case, it is best to do all electronic transactions over an encrypted VPN channel, which will add an extra layer of security.

When choosing a VPN service, pay attention to the connection speed (depending on the number and quality of the server group of the provider).