Posted on 20 Feb 2013 by Neilson
Apple Inc. said Tuesday that some of its employees' Mac computers were attacked by hackers, a rare admission for a company that has long touted its security over PCs running Windows software.
Apple said a "small number" of computers became infected after employees visited a website for software developers that transmitted the malicious computer code. The company didn't disclose further details.
Apple said Tuesday it would release a software update to protect Mac users, and is working with law enforcement to find the source of the so-called malware.
The disclosure is unusual for Apple, which generally doesn't detail particular attacks. In the past, the company has generally issued notices on its support page of possible vulnerabilities and issued software updates to fix them.
Apple had for years boasted that its computers were resistant to malicious software, a key selling point over computers running Microsoft Corp.'s software. Hackers have increasingly targeted Macs in recent years, reflecting the growing popularity of the Apple brand and the rising number of Macs being used in companies.
The attack worked when people visited a website for mobile developers that was compromised with code that infected their computers.
That code is believed to have been the same used to target Facebook Inc., which on Friday said affected an undisclosed number of other companies.
The companies played down the impact of the attacks on their operations, and Apple and Facebook said no data appeared to have been stolen. But the events underscore the vulnerability of some of the world's most sophisticated technology companies to an ever-changing array of attacks, with outside experts increasingly tracing the break-ins in the U.S. to foreign countries.
Twitter Inc., the popular microblogging site, earlier this month said it had been the victim of an attack that may have granted hackers access to information including usernames and email addresses for about 250,000 of its users.
Motivations of the attackers seem to proliferating. In the case of technology companies, people rummaging through their computer networks seem to be searching for product-development plans and other intellectual property.
At government institutions, reported targets include information about intelligence-gathering and weapons systems. In other cases, intruders have looked for information about critical pieces of U.S. infrastructure, such as electricity and energy distribution networks.
A report on Tuesday by security research firm Mandiant Corp. pointed to cyberespionage efforts by a group in China it linked to the military.
"From our visibility, it is massive and it is growing exponentially over the years," said Dan McWhorter, Mandiant's managing director of threat intelligence.
Chinese government officials rejected the allegations.
The attacks show how the range of targets for cyberattacks are broadening beyond organized criminals, many based in Eastern Europe, seeking customer data like credit card numbers.
A report to be published Wednesday by a U.S. research firm, Trustwave Holdings Inc., says of the 450 data breaches that Trustwave investigated in 2012 for its own clients around the world, more than 33% originated from Romania, and 29% from the U.S.
China was the fifth-most-common source, Trustwave said, accounting for nearly 4% of the attacks, while nearly 15% have unknown origins.
Many highly publicized attacks have been based on a tactic called "spear-phishing," where email users are tricked into opening a legitimate-sounding message that contains code called malware that lets attackers penetrate corporate networks.
Apple and Facebook appeared to be affected by another exploit, called a "watering hole" attack.
Employees of the companies visited a website for mobile developers that was compromised with code that infected their computers. Facebook, in a blog post, on Friday said it discovered the attack last month after finding a suspicious Internet domain in its computer logs that it traced to a single employee laptop.
The social network then launched what it called a "significant" investigation, working with other companies it believed to have been affected, as well as with law enforcement authorities.
Some security researchers said they believed the attack may have originated in China, but Facebook hasn't commented on where it may have originated.
Apple, for its part, said Tuesday, "The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers."
Last year, hundreds of thousands of Macs were hit by a massive attack from a malware program known as "Flashback." Apple released a security update for its software at the time.
Chester Wisniewski, senior security adviser at Sophos Canada, said he's recently noticed an increase in more sophisticated "data stealing" software designed for Apple's Mac computers.
Mr. Wisniewski suggested this might be due to the type of decision maker within a company liable to have an Apple computer rather than a PC: "Executives and VPs are more likely to have Macs," he said.
Twitter, meanwhile, responded to its attack by resetting passwords for infected accounts. "This attack was not the work of amateurs, and we do not believe it was an isolated incident," Twitter said, but didn't elaborate.
Mandiant said it found evidence linking the attacks to the Chinese military, including IP addresses of intruders registered in Shanghai.
It also said the size of the infrastructure of the attacker it researcher suggests a large organization with at least dozens and possibly hundreds of people at work.
Mr. McWhorter said that unlike hacking attacks that seek credit card numbers and other personal information that can be easily sold, the Chinese attacks it followed often ignored sensitive financial data to instead focus on stealing intellectual property.
"Anyone that has intellectual property that makes their business work and makes them run and makes them more profitable" is at risk, he said.
Trustwave's data meanwhile, show that hacking attacks by organized criminals seeking valuable customer data still dominate the cyberattacks on big and small businesses, at least in total numbers.
"The vast majority of what we see is financially motivated-going after financial data and trying to make money off it," said Nicholas Percoco, a senior vice president at Trustwave.
A report published last year by a unit of Verizon Communications Inc. that also investigates cybercrime found a similar geographic distribution of hackers. In the 855 intrusions from 2011 it studied from its own clients and in conjunction with the U.S. Secret Service and other international police groups, Verizon found that 67% of attacks originated from Eastern Europe, 20% from the U.S., and 2% from East Asia.
But the numbers don't paint a complete picture, said security experts. While companies are now more aware of attacks that lead to financial crimes-and hiring companies such as Trustwave and Verizon to investigate them-espionage-focused hacks have been typically harder to identify and track.
When intellectual property or trade secrets get stolen "there is no fraud algorithm to let you know," said Chris Porter, a managing principal at Verizon. It takes companies longer to realize they've been the victim of an espionage attacks, he said, and when American companies do they often deal directly with the Federal Bureau of Investigation, which doesn't release data on the topic.
"We are finally shining a light on this a little bit," said Mr. Porter.