Is an updated Mac computer that is immune to hacking

Security

As "The Telegraph" reports, the Apple Watch was recently officially banned from the British Parliament. The reason: Fear of being spied on by Russian cyber spies. The British government had previously banned smartphones from all cabinet meetings.

Smartwatch eavesdropping: the best conditions

According to security experts, the fear of espionage attacks is well founded, which is why companies - or IT decision-makers - should also give thought to the topic: "Wearables such as the Apple Watch have a microphone, numerous sensors and wireless ones Communication options - a more than worthwhile attack base for cyber spies and hackers, "says Craig Young, an expert at the security service provider Tripwire.

Some time ago, security researchers had already demonstrated how easy it is to listen to and record conversations using the integrated microphone of a smartphone, and to steal data and passwords. Smartwatches could be abused in a similar way, according to the expert, and allow hackers and cybercriminals an even better "eavesdropping experience" through their position on the user's wrist.

  1. Admin rights
    No assignment of administrator rights to employees
  2. documentation
    Complete and regular documentation of the IT
  3. Secure passwords
    IT security begins with sensitization and training of employees as well as clear communication of the internal rules of conduct for information security:

    Complex passwords made up of upper and lower case letters, numbers and special characters, at least eight characters.
  4. Password theft
    Never pass on or / and write down confidential data.
  5. Email security
    Sign emails, encrypt sensitive data, be careful when opening email attachments and links.
  6. Social manipulation
    Handle confidential information consciously, only pass it on to authorized persons, do not manipulate or allow yourself to be eavesdropped.
  7. Be careful when surfing the internet
    Not every link leads to the desired result.
  8. Use only the latest software
    Software that is not updated leaves more security holes open.
  9. Use of your own software
    Follow company guidelines and never install software of questionable origin.
  10. Company guidelines
    Use only permitted data, software (apps) and applications.
  11. Backups
    Regularly save operational data on a network drive and back up data on external data carriers.
  12. Theft protection
    Protect mobile devices and data carriers from loss.
  13. Device access
    Do not pass devices on to third parties, do not leave mobile devices unattended and lock workstation PCs when leaving.
  14. Security guidelines
    The organizational structures in the background form the necessary framework for IT security. Here it is important to formulate clear rules and to adhere to them:

    Definition and communication of security guidelines
  15. Access rights
    Regulation of access rights to sensitive data
  16. Software updates
    Automatic and regular distribution of software updates
  17. Log files
    Control of the log files
  18. data backup
    Outsourcing of data backup
  19. Security analysis
    Regular review of the security measures through internal and external security analyzes
  20. Contingency plan
    Creation of a contingency plan for responding to system failures and attacks
  21. WLAN usage
    A minimum standard must be guaranteed at the technical level. For the most part, this can be implemented without great expense:

    Documentation of WLAN use, also by guests
  22. Firewalls
    Protection of the internet connection through firewalls
  23. Biometric factors
    Use of access protection / passwords / biometrics
  24. Access control
    Physical security / access control and documentation
  25. Protection against malware
    Protection against malware both on the end device and on the Internet gateway, ideally through two different anti-virus programs
  26. Web access
    Definition of a structured regulation of web access
  27. Encryption
    Encryption to protect files and messages with sensitive content
  28. Clear
    Secure deletion of data when decommissioning
  29. Update of the security systems
    Ensuring regular updates of the security systems
  30. Monitoring
    Permanent monitoring of the network traffic for abnormalities

Important meetings: Preferably without an Apple Watch

At the beginning of the year, some experts questioned the security of the Apple Watch and demonstrated in tests how easy it is to record the hand movements of a user via the smartwatch, for example. It was even possible to spy on pin numbers at ATMs in this way.

"Decision-makers in companies are therefore well advised to either do without their smartwatch at meetings and gatherings in which business-critical decisions are made, or at least to leave them out of earshot," recommends Young.

However, the Apple Watch is not a real target for malware: Windows PCs and Android smartphones "take over" the majority of attacks. Nevertheless: "Stuxnet" has proven the efforts governments and secret services undertake in terms of cyber sabotage and espionage.

  1. 1986: Brain
    More than a decade before Napster was known to anyone, the first computer virus was created - to fight software piracy. The author who started the word "cyber" was William Gibson - called "Brain". Basit and Amjad Alvi developed and marketed medical software in Lahore, Pakistan. They were interested in two things. First they wanted to test the multitasking functionality of the new DOS operating systems (so-called "TSR" systems). Second, they wanted to see if there were any security flaws in DOS compared to other operating systems like Unix.

    When they noticed that DOS was quite vulnerable, they had the idea of ​​writing a piece of software that would monitor how the software and floppy disks move. Brain went viral on 3.25-inch floppy disks and within a few weeks the Alvis had to change their phone numbers. That was of little use to you, however, because 25 years after the development of the first PC virus, Mikko Hypponen from F-Secure set out on a trip to Lahore in the spring of 2011. His goal: the address that could be found in the code. In fact, he found the Alvi brothers there and had the opportunity to conduct the first video interview with them about Brain.
  2. 1987: Stoned
    Created by a high school student in New Zealand, stoned was initially considered harmless. At first he only made himself noticeable with the message "Your PC is now Stoned". But as the first virus to infect the boot sector of a PC, Stoned showed that viruses can control the functioning of a computer - from the moment it is switched on. Bob Dylan would have been proud.
  3. 1990: form
    Form became one of the most widespread viruses ever. On the 18th of each month, he made a clicking sound from the PC speakers - every time a key was pressed. That was quite annoying, but harmless.
  4. 1992: Michelangelo
    Michelangelo was used to overwrite all data on a hard drive on certain dates. As a variant of Stoned - only significantly more malicious - Michelangelo was arguably the first computer virus to make it into the news internationally.
  5. 1992: VCL
    The Virus Creation Laboratory (VCL) made it easy to create a malicious little program by automating virus creation through a simple graphical interface.
  6. 1993: Monkey
    Monkey - also a distant relative of Stoned - secretly integrated itself into files and then spread seamlessly. This made Monkey an early ancestor of the rootkit: a self-concealing program that could prevent the boot process from being carried out using a floppy disk. If not removed correctly, Monkey would prevent any kind of booting.
  7. 1995: Concept
    As the first virus to infect Microsoft Word files, Concept became one of the most common types of computer malware. Eventually it was able to infect any operating system Word could run. Oh yes and: if the file was shared, the virus was also shared.
  8. 1999: Happy99
    Happy99 was the first email virus. He greeted users with the words "Happy New Year 1999" and spread the good news by email to all contacts in the address book. Like the early PC viruses, Happy99 did no real harm, but still managed to spread to millions of PCs around the world.
  9. 1999: Melissa
    Allegedly named after an exotic dancer, Melissa was a combination of a classic virus and an email virus. He (or she) infected a Word file, then emailed himself to all contacts in the address book and thus became the first virus that spread worldwide within a few hours.
    Melissa combined the "fun motive" of the early virus authors with the destructive power of the new era: The virus integrated comments from "The Simpsons" into user documents, among other things, but could also send confidential information without those affected noticing. Not long after Melissa, macro viruses were virtually eliminated when Microsoft changed the way the Visual Basic macro language worked in Office applications.
  10. 2000: Loveletter
    This loveletter broke millions of hearts and is still considered one of the greatest breakouts of all time. Loveletter spread via email attachments and overwritten many important files on infected PCs. At the same time, it is one of the most successful social engineering attacks ever. Millions of Internet users fell victim to the promise of great love and opened the infected e-mail attachment. The estimated total worldwide damage was estimated at $ 5.5 billion.
  11. 2001: Code Red
    The first worm that spread within minutes without any user interaction was called Code Red. It carried out various actions in a monthly cycle: it spread on days one to 19 - on days 20 to 27 it started denial-of- Service attacks on various websites - for example those of the White House. From day 28 to the end of the month, Code Red siesta was also the order of the day.
  12. 2003: Slammer
    With just a few lines of code and a vulnerability, network worms can cause serious problems. Slammer crashed the Bank of America's ATM network and Seattle emergency services. Even the air traffic control system wasn't immune to the agile villain.
  13. 2003: Fizzer
    Fizzer was the first virus specifically designed to make money. It found its way onto the victim's computer in the form of an infected email attachment. When the file was opened, Fizzer took over the computer and used it to send spam.
  14. 2003: Cabir
    Cabir was the first cell phone virus in IT history and targeted Nokia phones with Symbian OS. Cabir was distributed via Bluetooth and proved that technological advancement alone is not an effective means against hackers and cyber criminals.
  15. 2003: SDBot
    SDBot was a Trojan horse that bypassed standard PC security measures to stealthily take control. He created a backdoor that enabled the author, among other things, to spy out passwords and registration codes for games such as "Half-Life" and "Need for Speed ​​2".
  16. 2003: Sobig
    Sobig was an optimization by Fizzer. The peculiarity: some versions waited a few days after a computer was infected before the affected computers were used as e-mail proxy servers. The result? A massive spam attack. AOL alone had to intercept more than 20 million infected messages per day.
  17. 2004: Sasser
    Sasser gained access to the system via endangered network ports, slowed it down dramatically or crashed entire networks - from Australia to Hong Kong to Great Britain.
  18. 2005: Haxdoor
    Haxdoor was another trojan that sniffed for passwords and other private information. Later variants also had rootkit capabilities. Compared to previous viruses, Haxdoor used far more complex methods to disguise its existence on the system. A modern rootkit can turn a computer into a zombie computer that can be controlled without the user's knowledge - possibly for years.
  19. 2005: Sony DRM Rootkit
    In 2005 one of the largest record companies in the world had the same idea that the Alvi brothers had in 1986: a virus should prevent piracy. The affected audio CDs contained not only music player software, but also a rootkit. This controlled how the owner accesses the audio tracks on the disc. The result: a media shit storm and a class action lawsuit. Sony was only able to fight off the latter out of court through generous settlement payments and free downloads.
  20. 2007: Storm Worm
    According to Machiavelli, it is better to be feared than loved. Seven years after Loveletter, the pest Storm Worm took advantage of our collective fear of freak weather. To do this, he used an email with the subject line "230 dead from storms in Europe". As soon as the attachment was opened, a Trojan backdoor and a rootkit forced the affected computer to join a botnet. Botnets are armies of zombie computers that can be used to spread tons of spam, among other things. Storm Worm hijacked ten million computers.
  21. 2008: Mebroot
    Mebroot was a rootkit that was specifically designed to outsmart the emerging rootkit detectors. The malware was so advanced that it sent a diagnostic report to the virus writer as soon as it crashed a PC.
  22. 2008: Conficker
    Conficker quickly spread to millions of computers around the world. He made use of vulnerabilities in Windows as well as weak passwords. Combined with some advanced techniques, Conficker was able to install more malware. One - particularly nasty - consequence: the virus prevented users from visiting the websites of most security software providers. More than two years after Conficker was first spotted, more computers were still infected every day.
  23. 2010: 3D Anti Terrorist
    This "trojanized" game targeted Windows phones and was distributed through freeware websites. Once installed, the Trojan started calls to particularly expensive special numbers and gave users extremely hefty bills. This strategy for apps is still new - but it will probably develop into one of the most common methods that hackers and cybercriminals will use to attack mobile devices in the future.
  24. 2010: Stuxnet
    As we have already seen, computer viruses have had an impact on the real world for decades - but in 2010 a virus also changed the course of history: Stuxnet. An unusually large Windows worm (Stuxnet is more than 1000 percent larger than the typical computer worm), Stuxnet likely spread via USB devices. The worm infected a system, hid itself with a rootkit and then recognized whether the infected computer was connecting to the Siemens Simatic automation system. When Stuxnet found a connection, it changed the commands that the Windows computer sends to the PLC / PLC-programmable logic controller - i.e. the boxes for controlling the machines.

    It runs on PLC / PLC he is looking for a specific factory environment. If this is not found, Stuxnet remains inactive. According to F-Secure Labs' estimates, implementing Stuxnet took more than ten man-years of work. After all, this shows that a virus that can obviously manipulate a centrifuge to enrich uranium cannot be created by anyone in the blink of an eye. The complexity of Stuxnet and the fact that the use of this virus was not based on financial interests suggests that Stuxnet was developed on behalf of a government.

With material from IDG News Service.