Cybersecurity Archives - The NGH Group, Inc.

Posted on May 22, 2024 by The NGH Group, Inc.

Apple’s iPhone Spyware Problem Is Getting Worse: What You Need to Know

The digital age has brought with it many advancements, but with these advancements come new challenges, one of which is the issue of spyware on smartphones. Apple’s iPhone, renowned for its security features, has recently been facing an escalating problem with spyware attacks. Reports have surfaced indicating that users in over 150 countries have been targeted by sophisticated spyware campaigns since 2021, with the latest being linked to a Chinese spyware campaign known as LightSpy.

LightSpy is a sophisticated iOS implant primarily used in espionage campaigns. It targets Apple device users and exfiltrates victims’ private information, including hyper-specific location data and sound recordings. The spyware has been distributed through compromised news sites and can harvest sensitive data from popular apps like Telegram, QQ, and WeChat. Recently, it has also been observed targeting macOS devices, posing a risk to businesses running Apple’s desktop machines.

One of the most concerning aspects of these spyware attacks is the use of “zero-click attacks,” which do not require the victim to click on a link or download an image. Instead, the spyware can be delivered via an iMessage or WhatsApp image that automatically plants the spyware on the device. This method was detailed by researchers who highlighted the use of an iMessage-based, zero-click exploit used to target a Saudi activist.

Many users will never be targeted by such attacks, and Apple has been proactive in addressing these issues, sending out notifications to affected users and offering advice on how to protect oneself from these attacks. For iPhone users, it is crucial to stay informed about these developments and take proactive measures to protect your device and personal information. Here are some steps you can take:

Stay Updated. Keep your iPhone’s operating system up to date, automatically. Apple regularly releases security patches to address vulnerabilities. (Settings > General > Software Update)
Be Cautious. Avoid clicking on suspicious links or opening unexpected attachments, even from trusted sources, especially those sent via text.
Secure your Devices and Accounts. Use PIN codes, complex passwords, and multi-factor authentication on all your devices and accounts. This is paramount and will greatly reduce your risk of being compromised.
Lockdown. If you believe you have been targeted by a sophisticated cyberattack, utilize Apple’s Lockdown Mode, which provides an extra layer of security. Please note this is an extreme step that only allows minimal functionality of your iPhone once enabled. (Settings > Privacy & Security > Lockdown Mode)
Limit App Permissions. Review app permissions and restrict unnecessary access to sensitive data. For example, disable access to your microphone, camera, or photos for apps that don’t need it.
Seek Assistance. Consider seeking assistance from security experts if you suspect your device and/or accounts may be compromised.

The rise of spyware attacks on iPhones is a reminder of the ongoing battle between technological advancement and cybersecurity. It is a complex issue that requires vigilance and proactive measures from both users and tech companies. By staying informed and taking the necessary precautions, iPhone users can help safeguard their devices against these intrusive and dangerous attacks.

Posted on September 27, 2023January 30, 2024 by The NGH Group, Inc.

Nassau Lawyer Features Cybersecurity Guidance for Attorneys from Nick Himonidis

Attorneys generate, send, and receive a great deal of sensitive and legally privileged data. These professionals are also responsible for keeping that information safe and secure. Ultimately the firm, not the firm’s IT people, are liable if that data is accessed, stolen, or compromised in some way.

In an article for Nassau Lawyer magazine, NGH Group CEO Nick Himonidis outlines how attorneys can better secure their electronic data and the devices that access it—from the phones in their pockets to the computers on their desks. The feature story includes guidance on the following:

Protecting smartphones from SIM swapping attacks
Identifying and fortifying potential “attack surfaces” on computers
Securing data on cloud storage services, such as OneDrive, Dropbox, etc.
… and more

With a 2022 ABA survey showing that 27% of responding attorneys and law firms reported a data breach and court cases that have found law firms liable for the safety of client data, this article provides invaluable information from a recognized industry expert. Himonidis, a recognized expert in digital forensics and cyber security, is the co-chair of the Nassau County Bar Association Cyber Law Committee.

Read the article here.

Posted on March 28, 2023January 30, 2024 by The NGH Group, Inc.

Satisfy Mandatory Cybersecurity CLE at MatLaw Seminar

Cybersecurity and Data Security Image fron Big Stock Photo

NGH Group CEO Nicholas G. Himonidis will be a featured speaker at the Spring 2023 MatLaw Seminar, “Courtroom Evidence 2023: Selected Issues and Recurrent Problems,” on May 19 in Albany (also streaming online). The program will include a new mandatory CLE required course, “Privacy and Data Protection,” presented by Mr. Himonidis, and offers seven CLE credits.

A certified expert in cryptocurrency and an attorney himself, Mr. Himonidis has more than 30 years of experience in fraud investigations, computer forensics, and law. He is a Certified Fraud Examiner (CFE), a Certified Computer Forensic Specialist (CCFS), one of the very few Certified Cryptocurrency Forensic Investigators (CCFI) in the United States, and he holds the Chainalysis Reactor Certification (CRC) credential.

He has been qualified in court as an expert witness in the field of Computer Forensics and the Authentication of Digital Evidence and has lectured extensively and published numerous articles on various technical, investigative, and legal topics, including accredited CLE programs on cybersecurity issues for attorneys and their clients in matrimonial litigation. He was recently appointed Co-Chair of the Nassau County Bar Association Cyber Law Committee.

The seminar will include the following:

The Hearsay Rule and Its Exceptions
Privacy and Data Protection
Expert Evidence: Reliability and Validity; Admissibility Standards & Issues
Credibility & Cross-Examination

For more information or to register, visit the event website.

Posted on September 10, 2022January 30, 2024 by The NGH Group, Inc.

Protect Your Apple Devices from Known Security Exploits

According to Apple Inc. and the Cybersecurity and Infrastructure Security Agency, vulnerabilities have recently been discovered on macOS Monterey, iOS, iPadOS and Safari browsers that could allow hackers to take control of a device’s operating system and execute arbitrary code as well as craft malicious web content.

A hacker with full administrative access to the affected operating systems and Safari browser versions pre-dating the patched versions shown below can impersonate the device owner and run any software in the device owner’s name.

Patched versions and the devices for which they are available are shown here:

Patched version	Available for
Safari 16	macOS Big Sur and macOS Monterey
tvOS 16 (details available soon)	Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD
watchOS 9 (details available soon)	Apple Watch Series 4 and later
iOS 16	iPhone 8 and later
macOS Monterey 12.6	macOS Monterey
macOS Big Sur 11.7	macOS Big Sur
iOS 15.7 and iPadOS 15.7	iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
iOS 12.5.6	iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation)
watchOS 8.7.1 This update has no published CVE entries.	Apple Watch Series 3

Source: Apple Support

How to install Apple security updates

Apple Support provides instructions for updating the software on your Apple device:

How to update the software on your iPhone, iPad, or iPod touch.
How to update the software on your Mac and how to allow important background updates.
Safari updates are available by following the steps to update or upgrade macOS, iOS, or iPadOS.

Posted on June 3, 2020January 31, 2024 by The NGH Group, Inc.

Nick Himonidis discusses security tips for those working remotely

During this Covid19 Pandemic, an unprecedented number of professional have been working from home / working remotely. For many of those without a deep IT bench, or any real IT support to speak of, this can (and should) raise concerns about the security of their data and communications, which attorneys have an ethical obligation to protect. Today, on Tech Talk Law, Nick Himonidis discussed these issues with Melissa A. Kucinski, Esquire, and gave detailed advice and security tips on a number of issues from device encryption to the use of VPN’s and dedicated private wifi versus ‘free’ public wifi use. You can watch the video of the Zoom discussion on YouTube here: TechTalkLawZoomVideo