![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneThis is being thrown against high-value targets: AI startup owners, cryptocurrency fund managers, computer security consultants, etc. The odds of this being targeted against average shlubs is quite low as it requires some resources to be deployed, but that doesn't mean it can't happen. Regardless, it's always good to be aware.
In this case, MFA stands for multi-factor authentication. When you sign on to iCloud on a PC and it sends a six-digit number to your phone to authenticate in your PC browser, that's MFA.
What this attack is doing is flooding the target with dozens and dozens of Reset Password notification messages, exploiting a rate limit flaw. By rate limit, we mean limiting how many messages of a specific type that can be sent within a certain time frame. Normally if you (the account owner) request a password reset, a reasonable rate limit would be a message every 15-30 seconds, not more often than that. You wouldn't allow a flood of messages. These particular crooks have found a way to induce a flood.
The result is the classic Allow/Deny result. Clicking Deny gets you another message. Clicking Allow is not catastrophic, it pops up the MFA number entry screen. Eventually you get a call from "Apple Support" with the correct (spoofed) phone number, and they'll be able to verify pretty much all your information, because they've bought it from a data broker - one of the resources they have to deploy, which is why it's more of a targeted attack than a wide-spread one.
And this is the biggest giveaway - Apple Support will NEVER call you, unless YOU initiate a support call for them to call you back!
The only way to truly block this attack at the moment is to change the phone number, and we all know what a PITA that would be! I suppose you could temporarily buy a burner phone, change the outgoing message on your prime phone to say 'This number is temporarily out of service, if you need to contact me, drop me an email and I'll call you back' and notify your true emergency contacts and employment contacts.
It's believed Apple will be looking at fixing the rate limit that's allowing this bombing attack to take place, but Apple is typically pretty tight-lipped about these things.
The article is an interesting read to see what people are going through right now.
In a way, what this is is a moderately sophisticated social engineering attack with a good amount of resources behind it. And if the victim falls for it and enters the reset code, they've surrendered the keys to their iCloud account to the criminals and potentially can see ALL their devices wiped and reset: phone, watch, iPad, laptops. But not before the information is sucked out of them.
https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/
In this case, MFA stands for multi-factor authentication. When you sign on to iCloud on a PC and it sends a six-digit number to your phone to authenticate in your PC browser, that's MFA.
What this attack is doing is flooding the target with dozens and dozens of Reset Password notification messages, exploiting a rate limit flaw. By rate limit, we mean limiting how many messages of a specific type that can be sent within a certain time frame. Normally if you (the account owner) request a password reset, a reasonable rate limit would be a message every 15-30 seconds, not more often than that. You wouldn't allow a flood of messages. These particular crooks have found a way to induce a flood.
The result is the classic Allow/Deny result. Clicking Deny gets you another message. Clicking Allow is not catastrophic, it pops up the MFA number entry screen. Eventually you get a call from "Apple Support" with the correct (spoofed) phone number, and they'll be able to verify pretty much all your information, because they've bought it from a data broker - one of the resources they have to deploy, which is why it's more of a targeted attack than a wide-spread one.
And this is the biggest giveaway - Apple Support will NEVER call you, unless YOU initiate a support call for them to call you back!
The only way to truly block this attack at the moment is to change the phone number, and we all know what a PITA that would be! I suppose you could temporarily buy a burner phone, change the outgoing message on your prime phone to say 'This number is temporarily out of service, if you need to contact me, drop me an email and I'll call you back' and notify your true emergency contacts and employment contacts.
It's believed Apple will be looking at fixing the rate limit that's allowing this bombing attack to take place, but Apple is typically pretty tight-lipped about these things.
The article is an interesting read to see what people are going through right now.
In a way, what this is is a moderately sophisticated social engineering attack with a good amount of resources behind it. And if the victim falls for it and enters the reset code, they've surrendered the keys to their iCloud account to the criminals and potentially can see ALL their devices wiped and reset: phone, watch, iPad, laptops. But not before the information is sucked out of them.
https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/
no subject
Date: 2024-03-29 05:55 pm (UTC)Some people buy them and keep up with the latest and greatest as a status symbol, there's a variety of reasons why they might. People like these may also have been photographed on an iPhone or a message leaked that indicated what platform they're on. Android has plenty of security vulnerabilities as we all know, it doesn't really matter what you use - people will find a way to break it. My wife and I use Apple devices because the observatory's infrastructure is Linux and Apple is very nicely compatible with it, I've been using the iPhone since the 4 because the Apple systems integrate so nicely together and I just am sick and tired of Windows. To each their own: I tried Android devices and the OS drove me nuts.
no subject
Date: 2024-03-31 06:29 pm (UTC)