Learning From iCloud’s Security Breach – How To Keep Your Network More Secure

pw1It was just a matter of time before another leading corporation became the victim of another hacker incident by accessing information through an IT security breach. The last major reported breach in 2014 during the holiday season when major corporations Target and Goldman Sachs became victims. Now, headlines of Apple and Home Depot, computer and technology networks being comprised are all over the news.

The one irrefutable fact that stands out about these incidences is that these major corporations have massive budgets for IT and administrators, yet they are still being compromised. Which leaves me to ask, how safe are we and what can we do to protect ourselves? Surprisingly, the answers to these questions are pretty easy. The average person is as safe as they are responsible. Ultimately, we are responsible for our own protections when it comes to our online activities and personal devices.

Most people now days are becoming savvy to the phishing scams being used by cyber attackers. A new method of phishing called “Spear Phishing” is being used to target individuals such as high level government officials, people of influence and celebrities. Information gathered through social media and other public outlets are used to create targeted attacks. According to Apple, this technique might have been used by attackers to gain access to celebrity accounts.

After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone.


card1It was also discovered that Elcomsoft Phone Password Breaker, an app designed for law enforcement, was used to gain access to these accounts. The app works by downloading a backup copy of the victims’ phone, which has been saved in iCloud. The only way the attacker could gain access to the accounts is by using a Brute Force Attack, a technique where a software key generator is used to basically guess usernames and passwords over and over again, hence the name “Brute Force”.

Here are a few tips that can help you minimized the risk of a security breach:

  1. Anti-Virus – Make sure you have a paid, trust worthy Anti-virus installed on your devices and it is up-to-date. Be wary of free AV.
  2. Firewall – Make sure you have an up to date firewall device and/or software and it is configured correctly by a certified networking security specialist. Examples:
    • Firewalls can block numerous unauthorized login attempts (Brute Force)
    • Protect certain vulnerable standard applications like MS Remote Desktop Connection or Apple Desktop Connection
    • Allow multiple step authentication
    • Provide encryption of data being transferred and connections to a network
    • Block unusual traffic patterns i.e data dumping
  3. Specialized Email Accounts – Setup email accounts designed for specific task, such as banking, voicemails, and online purchasing. Having specific email accounts will allow you to have avoid accidentally opening up a malice’ phishing email.  Examples:
    • bk_karenadler@gmail.com (banking)
    • vm_karenadler@gmail.com (Voicemail to email)
    • pur_karenadler@gmail.com (purchases or online transactions
  4. Strong Passwords – In today’s cyber world, criminals are utilizing sophisticated password crackers that can have a substantially higher success rate then ones we have seen before. Updating you password to a more secure alpha-numeric, cryptic password will increase the password formula possibilities and reduce the chance of getting hacked.
    • Secret123! can be changed to <$3cR3ti23!>
    • Adding one more element to the password such as a zip code can still substantially increase the difficulty in a password making it nearly impossible to crack. <$3cR3t!!90601>
  5. Change Your Passwords – Have you noticed that most banks require you to change your password regularly to access your account online? This is because changing your password periodically, decrease the chances of your account getting hacked into. Scheduling an office wide maintenance at least every 6 months to change all passwords will dramatically minimize your chances of a security breach.
  6. Two-step authentication – Enabling a two-step authentication upon login will decrease the chances of being hacked. A two-step authentication will allow another device to approve access to the account. Example:
    • Receiving a text authorization code to a cell phone
    • Receiving an email authorization link or code to a verified email address

Most small businesses store critical information within their networks and the cloud. Determining the correct internet security policy may take some time to implement, however the added layers of protection can save you the stress, embarrassment and the financial burden of having to recover from a security breach.