Story image

Malicious cyber attack method resurfaces, targets mobile devices

13 Jan 16

Palo Alto Networks has revealed details on an old cyber attack method that has resurfaced and is targeting mobile devices.

The renewed attack has been dubbed ‘BackStab’ and is used to steal private information from mobile device backup files stored on a victim’s computer.

“Cyber security teams must realise, just because an attack technique is well-known, that doesn’t mean it’s no longer a threat.

“While conducting our research into BackStab attacks, we gathered over 600 malware samples from 30 countries around the world that were used to conduct remote BackStab attacks,” says Ryan Olson, Palo Alto Networks director of threat intelligence at Unit 42.

A whitepaper from the company’s Unit 42 threat intelligence team explains how cyberattackers are using malware to remotely infiltrate computers and execute BackStab attacks in an unprecedented fashion.

Used to capture text messages, photos, geographic location data, and almost any other type of information stored on a mobile device in their possession, BackStab has been employed by law enforcement and cyberattackers alike, Palo Alto Networks says.

The company says BackStab attacks have evolved to leverage malware for remote access and Apple iOS devices have been a primary target for attacks, as the default settings in iTunes store unencrypted backup files in fixed locations and automatically sync devices when they are connected to a user’s computer.

Recommendations from Palo Alto Networks:

  • iOS users should encrypt their local backups or use the iCloud backup system and choose a secure password.
  • Users should upgrade iOS devices to the latest version, which creates encrypted backups by default.
  • When connecting an iOS device to an untrusted computer or charger via a USB cable, users should not click the “Trust” button when the dialogue box is displayed.
WatchGuard’s eight (terrifying) 2019 security predictions
The next evolution of ransomware, escalating nation-state attacks, biometric hacking, Wi-Fi protocol security, and Die Hard fiction becomes reality.
Why the adoption of SAP is growing among SMEs
Small and medium scale enterprises are emerging as lucrative end users for SAP.
Exclusive: How the separation of Amazon and AWS could affect the cloud market
"Amazon Web Services is one of the rare companies that can be a market leader but remain ruthlessly innovative and agile."
HPE extends cloud-based AI tool InfoSight to servers
HPE asserts it is a big deal as the system can drive down operating costs, plug disruptive performance gaps, and free up time to allow IT staff to innovate.
Digital Realty opens new AU data centre – and announces another one
On the day that Digital Realty cut the ribbon for its new Sydney data centre, it revealed that it will soon begin developing another one.
A roadmap to AI project success
Five keys preparation tasks, and eight implementation elements to keep in mind when developing and implementing an AI service.
The future of privacy: What comes after VPNs?
"75% of VPN users said they are seeking a better solution for cloud networks."
'Public cloud is not a panacea' - 91% of IT leaders want hybrid
Nutanix research suggests cloud interoperability and app mobility outrank cost and security for primary hybrid cloud benefits.