For years, the statistics have told us that human error is the greatest contributor to cyberattacks. We’ve stressed the importance of training, training and more training to prevent the almost inevitable from happening. We’ve been convinced that the key to defending against cyberthreats is to keep the unsuspecting from clicking on phishing emails and infecting devices and systems with malware.
That’s still important, but with a cyberthreat that’s been in the news recently, all that effort would do no good. Zero-click attacks don’t require human error or even human interaction. These attacks depend on specially formed data — like that used for emails, SMS messages, MMS messages, voice messages and calls — with code that can compromise your system. Vulnerable systems are generally communication platforms for email and messaging that receive data before determining whether the delivery is trustworthy.
Cybercriminals prize these attacks, according to Wired: Requiring the target to click is always uncertain, plus less interaction makes identifying the perpetrators of malicious activity even more daunting.
How Zero-Click Attacks Work
A zero-click attack identified by ZecOps shows how the threat can work in the wild. The vulnerability affects the Mail app in Apple iPhones and iPads. ZecOps observed that cyberattackers could trigger the vulnerability by sending a carefully crafted message to a target’s mailbox. The vulnerability has existed since September 2012, when Apple released the iPhone 5 with iOS 6.
When the target opens the message in the iOS MobileMail application on iOS 12 or maild on iOS ..
Support the originator by clicking the read the rest link below.
