Blog Post
Taking out the titans — how hackers are beating the world biggest companies
Does anyone still believe hackers are basement-dwelling nerds who stick their hard disks in microwaves the moment they hear a knock on their front door?
Today’s hackers are organized, as skilled as they come, and creative.
Apple’s App Store, long considered safer than Android’s Google Play Store, was confirmed to have been infected with malware in China.
Despite a much more stringent app screening process over the Google Play Store, hackers found a way to get a multitude of applications from trusted brands infected with malware. This is software that infects the devices of those who download them.
So, how did they do it?
The hackers copied and distributed a version of Apple’s iOS app-building software Xcode, which functioned exactly like the real thing but with an added feature: all apps compiled by the fake version come with malware injected into them.
Once introduced into a device, the malware dubbed “XcodeGhost” allows attackers to steal data about users, and even send fake alerts to trick owners into revealing more of their personal information.
And the affected apps weren’t just crappy bootleg versions of Flappy Bird, either. WeChat, the Chinese messaging app with millions of users, was one of the apps infected.
The key takeaway from this incident is that even the biggest companies in the world are struggling to keep attackers out, and they do fall short.
Take Apple (again) for example. Last year their iCloud storage service was breached, leading to a mass leak of private celebrity photos.
Their Apple Pay payment system, which was assured to have been safe, is rampant with fraud: the fraud rate is reportedly a staggering $6 for every $100 of transactions.
Apple is far from being the only company under siege. Major retailers like Target and Home Depot, and even banks like JPMorgan Chase are other companies who’ve been hacked, resulting in the loss of hundreds of millions of personal records.
Mitigate Your Risk
It’s actually admirable that Apple managed to keep their App Store clean for as long as they did. However, even given their best efforts, hackers still managed to find a chink in their armor.
The moral of the story is: no company is immune. There is no such thing as a foolproof way to keep hackers out.
In Apple’s case, they were quick to react to the malware issue and were able to start pulling malicious apps from the store.
Many other companies are not so lucky; on average, it takes a company 170 days to discover cybercrime activity. That’s almost six months of free reign that attackers have to steal your data.
While increasing your detection rate is important, it is a difficult and time-consuming process to get off the ground.
In the meantime, a quick way to mitigate a great amount of risk is by using data discovery tools like Ground Labs’ Enterprise Recon.
By finding and securing sensitive data in your network, you can greatly reduce the amount of data you will lose if you suffer a data breach.
Take Enterprise Recon for a free trial and begin finding sensitive data on your system in under an hour. Click here to get started.