Apple’s Global Spyware Attack Warning

Apple issued warnings to iPhone users in 92 countries about a potential mercenary spyware attack. The notifications were sent to users who were potentially a target for the sophisticated attacks. Apple described mercenary spyware attacks as a highly advanced and targeted cyberattack that often costs millions of dollars to develop. 

The spyware attacks mainly targeted high-profile users in India, including diplomats, journalists, and politicians. Apple advised the affected users to take their warning seriously and to update their devices to the latest software as well as use strong, unique passwords to protect their devices. Although Apple did not disclose an exact timeline for how long it took them to realize the mercenary spyware attacks were happening, they have been monitoring and detecting these types of advanced, targeted spyware attacks for some time.

What Are Mercenary Spyware Attacks?

Mercenary spyware attacks are highly sophisticated and targeted cyberattacks that are exceptionally rare compared to regular cybercriminal activities or consumer malware. They are strategically aimed at specific high-profile individuals rather than the average user. The main aim of this particular spyware attack is to gain unauthorized remote access to the iPhone device and the sensitive data, communications, camera, and microphone. 

These attacks are often short-lived and can quickly change, making them difficult for security teams to detect and stop. These cyber threats are often linked to government or state entities and have been connected to spyware software like Pegasus, which was developed by the NSO Group.

How Do Mercenary Attacks Differ From Regular Spyware?

Traditional spyware attacks are typically malicious software that can secretly be installed on a device without the user’s knowledge or consent. This specific spyware attack is used to steal data for identity theft, financial, or fraud purposes. 

A spyware app, on the other hand, is a software program that allows an individual to monitor and track online activities on a device. Krishi Chowdhary from Techopedia states that some of the best spy apps for iPhone devices are typically used by parents to monitor their children’s online activity or employers to track work-related activities on company-issued devices. This type of spyware is not malicious and far different from mercenary spyware attacks. Spyware apps are usually used to keep individuals safe and protect loved ones. 

Mercenary spyware attacks are significantly different and rare compared to common spyware attacks in several ways. These attacks are designed to gain unauthorized access to specific iPhones, mostly from high-profile individuals. Historically, mercenary spyware attacks have been linked to states with advanced and covert capabilities. Apple has urged users who believe they could potentially be targeted by mercenary attacks to take the necessary precautions.

How Apple Responded to the Attacks

Apple has taken a proactive approach to assist affected users, issuing threat notifications and warning users of the targeted attacks. Notifications were issued via email, and iMessage, and displayed on Apple ID account pages. Additionally, Apple updated its support pages with guidance on identifying and steps to follow to reduce the risks associated with the mercenary spy attacks. The support pages provide users with detailed information on the attacks and the recommended steps users should take to protect themselves.

Apple has taken steps to actively identify and notify users of the attacks, sending notifications multiple times a year since 2021. They have also collaborated with experts and organizations like Access Now to offer emergency security assistance and recommendations to individuals affected by targeted spyware attacks.

How to Tell If Your iPhone Has Been Compromised

If you are concerned about whether your device has been targeted by the mercenary spyware attack, you can follow the steps below:

Receiving a Threat Notification from Apple

Apple will directly notify users who have been targeted by the spyware attack. You will receive this notification in three ways mentioned earlier, either by iMessage, email, or a message that will be displayed at the top of your Apple ID account page. This notification will warn you that your device has been targeted and that the attack is likely due to “who you are and what you do.” 

Checking for Lockdown Mode Prompts

If Apple believes you have been targeted, you will receive a prompt to enable “Lockdown Mode.” This is an extreme security feature designed by them to protect users and their devices from very rare but highly sophisticated cyber attacks. When enabling Lockdown Mode, it will impose certain limitations on websites, apps, and device features to reduce the vulnerabilities that could potentially be targeted by the mercenary spyware attack.

When enabling Lockdown Modem some of the restrictions include:

• Preventing and blocking the use of message attachments

• Turning off link previews

• Restricting web browsing in Safari

• Blocking incoming FaceTime calls from unknown numbers

• Blocking the installation of configuration profiles and device enrollment in MDM

It is crucial to understand that the Lockdown mode is an optional feature only found on iOS 16+, iPad 16+, watchOS 10+, and macOS Ventura +. Although your device will be heavily restricted using this security feature, you can continue making calls, sending messages, and using most core features.

Monitoring for Suspicious Device Behavior

The signs of a mercenary spyware attack may include unusual device behavior, like certain apps constantly crashing, your device battery draining quite rapidly, or unusual and unexpected data usage. Apple has stated that these indicators are not definitive, as the spyware has been designed to go unnoticed. 

Contact Their Professional Assistance Hotline

If you are ever to receive a threat notification from Apple, they have strongly advised users to look for professional help or “rapid-response emergency security assistance” by contacting the Digital Security Helpline, which is on call 24 hours a day, 7 days a week, or the non-profit Access Now. Apple has acknowledged that outside emergency organizations do not know the reason for users receiving threat notifications, however, they are more than equipped to assist anyone targeted by the mercenary spyware attack with tailored security guidance.

Apple’s Guidance for All Users

Apple has issued guidance for all users, whether you are a target of the mercenary spyware attacks or not:

• Update devices to the latest software: Always ensure all devices are running on the latest software versions, which include the latest security patches. This will safeguard against known security vulnerabilities.

• Safeguard devices with Passcodes: Create strong, unique passwords for all your online accounts and avoid reusing the same password across multiple platforms.
• Use two-factor authentication: Set up two-factor authentication (2FA) for your Apple ID with the strong password created. Should your password be compromised, 2FA adds an extra layer of security to prevent unauthorized access.
• Install all apps from the App Store: Only download apps from the Apple App Store to ensure their legitimacy and that the apps are free from malware.
• Avoid clicking on links from unknown senders: Be cautious of links and attachments from unknown sources or suspicious senders, Apple warns of the potential for phishing email attacks or malware.

Conclusion

Apple is warning a large number of users globally about a highly targeted and advanced spyware threat that can compromise users’ iPhone devices. They have warned users to take the necessary security precautions as outlined in their support pages. Although mercenary spyware attacks are very rare and only target high-profile individuals, Apple has warned all users to follow general security best practices and contact the Digital Security Helpline and Access Now if users suspect they are being targeted.