Skip to main content

Thursday Threat Report: Iranian hackers on Facebook, iPad users getting ransomed, and Spotify getting breached

Welcome to ITProPortal's Thursday Threat Report, where we round up the three greatest security threats facing Internet users, smooth-running enterprise, and occasionally even the survival of the world as we know it. Hold onto your hats - things are about to get scary.

The Iranian secret service has sent you a friend request

An Iranian hacker group targeted over 2,000 US military personnel, journalists and lawmakers over the last 3 years with an extremely sophisticated spear phishing campaign. The group operated by creating more than a dozen fake Facebook and LinkedIn profiles, and even created a fake online news organisation to lure its marks. The fake news site even had its own Facebook, LinkedIn and Twitter accounts.

Before sending the malicious link to their targets, the hackers made sure to befriend people close to the potential victim, so that when they eventually approached them with a friend request, they appeared to have mutual friends. This was often enough to assuage suspicions and get the target to accept the friend request.

This incident has underlined just how sophisticated modern social engineering attacks are, and how seriously companies need to take the threat.

Spotify breach

Music streaming service Spotify has become the latest high-profile victim of hacking after announcing a security breach this week.

Although troubling, the firm's 40 million users will be relieved to hear the company ensuring that there was no "increased risk" and that no financial data had been accessed.

This latest news has a familiar feel to it, coming just a week after all users of auction site eBay were urged to change their passwords following a massive data breach.

While it seems no sensitive data was lost, Spotify users should remain vigilant and ensure they maintain safe password habits.

Ignorance is Pliss

A number of iPhone and iPad users have fallen foul of a particularly nasty hack, in which they find themselves locked out of their devices unless they pay to have them unlocked.

The extortionist leaves a message claiming to be from the well-known software engineer Oleg Pliss. A message on the screen reads "Device hacked by Oleg Pliss", and encourages the user to pay US$100 (£59).

The exploit only appears to affect users connected to the iCloud service. A number of users, most of them from Australia, took to Apple's Support forums complaining of the same issue, saying they had been hit on multiple Apple devices at once and were forced to change iCloud passwords.

ITProPortal put together a step-by-step guide on how to retrieve your device if it's been locked, and how to prevent the hack from happening.