Apple’s Warning on Sophisticated Mercenary Spyware Attacks & Protection Measures
Apple has recently issued a series of high-confidence alerts to inform and assist users who may have been targeted by exceptionally sophisticated mercenary spyware attacks. These attacks are notably more complex and expensive than typical cybercriminal activity due to the significant resources dedicated to targeting a very specific group of individuals.
These targeted attacks, often costing millions of dollars, are not new. They have historically been associated with state actors, including private companies like NSO Group, the developers behind Pegasus. While the attacks are concentrated on a small number of individuals such as journalists, activists, politicians, and diplomats, they are ongoing and have a global reach. Since 2021, Apple has issued these threat notifications multiple times a year, reaching users in over 150 countries.
How Apple Alerts Users
If Apple detects suspicious activity consistent with a mercenary spyware attack, users are notified in two ways:
- A Threat Notification is displayed at the top of the page after the user signs in to appleid.apple.com.
- Apple sends an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID.
These notifications contain additional steps that users can take to help safeguard their devices, including enabling Lockdown Mode.
Verifying the Authenticity of Apple’s Threat Notifications
Apple’s threat notifications will never ask users to click on any links, open files, install apps or profiles, or provide their Apple ID password or verification code by email or phone. To confirm the legitimacy of a threat notification, users should sign in to appleid.apple.com. A genuine notification will be clearly visible at the top of the page.
What to Do If You Receive an Apple Threat Notification
If you receive an Apple threat notification, it is strongly recommended to seek expert assistance immediately. Apple suggests contacting the Digital Security Helpline provided by the non-profit organization Access Now. This emergency security assistance is available 24/7 through their website. Although they may not have specific information about what caused Apple to issue the threat notification, they can offer tailored security advice to targeted users.
General Cybersecurity Best Practices for All Users
Regardless of whether you have received a threat notification, it is essential to follow these best practices to protect yourself from general cybercriminals and consumer malware:
- Update your devices to the latest software to ensure you have the latest security patches.
- Protect your devices with a passcode.
- Use two-factor authentication and a strong password for your Apple ID.
- Download apps only from the official App Store.
- Use strong, unique passwords for online accounts.
- Avoid clicking on links or attachments from unknown senders.
Additional Protection with Lockdown Mode
If you suspect you may be at risk of targeted mercenary spyware attacks, even if you have not received a threat notification, you can enable Lockdown Mode on your Apple devices for additional protection.
For emergency cybersecurity assistance for other reasons, the Consumer Reports Security Planner website offers a list of emergency resources that may be able to assist you.
How to Activate Lockdown Mode for Advance Protection
To ensure comprehensive security, it’s essential to update all your Apple devices to the latest software and enable Lockdown Mode on each of them individually.
Here’s how to activate Lockdown Mode for your iPhone, iPad, and Mac:
iPhone & Apple Watch:
- Open Settings on your iPhone.
- Scroll down and tap on Face ID & Passcode or Touch ID & Passcode.
- Enter your passcode.
- Scroll down to find Lockdown Mode and toggle it on.
Note: When you enable Lockdown Mode on your iPhone, it will automatically activate on your paired Apple Watch.
iPad:
- Open Settings on your iPad.
- Tap on Face ID & Passcode or Touch ID & Passcode.
- Enter your passcode.
- Look for Lockdown Mode and toggle it on.
Mac:
- Click on the Apple menu in the top left corner.
- Select System Preferences.
- Click on Security & Privacy.
- Go to the General tab.
- Check the box for Lockdown Mode to enable it.
Activating Lockdown Mode Across Multiple Devices: Once you activate Lockdown Mode on one of your devices, you’ll receive prompts to enable it on your other compatible Apple devices, ensuring synchronized protection.
What to Expect with Lockdown Mode: Once Lockdown Mode is enabled, you may receive notifications informing you when an app or feature is restricted. Additionally, a banner will appear in Safari, indicating that Lockdown Mode is active.
By following these steps, you can enhance the security of your Apple devices and protect against potential mercenary spyware attacks.
Leave a Reply