Crypto Mining and iOS, but not the way you would expect

While I can think of a hundred other things to do with my phone, crypto mining has never been one of them.  Which is why I was surprised to see  in June of this year, Apple banned crypto mining apps from the App Store.  Who knew crypto mining on iOS was even a thing?

There has been a lot said regarding the security of the iOS platform, especially when compared to Android. While iOS does an amazing job sandboxing applications and preventing your iPhone from becoming the next biggest botnet, I was surprised to see some crypto mining from inside my house…and not the cool kind of crypto mining that puts coin in my pocket. This was malware running on a system inside my house.

Continue reading Crypto Mining and iOS, but not the way you would expect

Caught on tape: Malware Distribution Techniques

If you haven’t already done so, you should read the Verizon Data Breach Investigations Report that they publish annually. In the 2018 Verizon DBIR, it is chock-full of good reading around the specifics of breaches in 2017 and provides an insight to the Who, How, Why, What, and When. In the report you can read about the internal threat actors down to how malware was distributed. In all, Verizon has dotted all the I’s and crossed all of the T’s and provided you visibility into 53,000 incidents and 2,216 confirmed breaches across all verticals in 2017. Historically I have used these reports to help educate myself and my customers on the threat landscape as well as leverage the information to help justify spend on security related products, tools, or services to help keep the enterprise safe.

While reading the report, the sections regarding malware (ransomware included) stood out to me. Why? Well come on, you would think by 2017 will all of the security tools deployed that malware, even 0-day, wouldn’t be an issue but it still is. On pages 17/18, the report discusses the frequency of malware vectors, or basically how malware is distributed.

Continue reading Caught on tape: Malware Distribution Techniques