the state of cyber security in 2020

let’s get an overview about actual threads in 2020 – especially regarding spaming, phishing, whaling, vishing, etc.

30,000% increase in #COVID19 threats

The Evil Internet Minute 2020

as Jack Johnson already sang “Well I was sitting, waiting, pishing” … *just kidding*

phishing

is the primary way malicious actors trick people into downloading malware, which ultimately can allow attackers to access their organization’s network and steal sensitive corporate data

alongside with COVID19 phishing raised in importance and is further growing

since then google added proactive monitoring in place for COVID-19 related malware and phishing – 63% of the malicious docs blocked and block more than 100 million phishing emails per day with Machine Learning

Safari/iOS

it’s Safe Browsing feature also use Google, but be aware that “These safe browsing providers may also log your IP address”

Screenshot from Safari Setting at iOS

chrome

since a hyperlink doesn’t always target the name of the link, often pointing to another website URL

<a href='https://attack.com'>https://safe.com</a>

chrome is experimenting to easy spot spoof to determine the identity and authenticity of a site @blog

android

an example: an android app offers Coronavirus Safety Mask but delivers SMS trojan @zscaler

machine learning

“ML is rapidly becoming core to organizations’ value propositions (with a projected annual
growth rate of 39% for ML investments in 2020)” and it’s only natural that organizations
invest in protecting their crown jewels – Cyberattacks will further ultilize Artificial Intelligence (AI) @Microsoft Digital Defense Report

spear phishing vs. whaling

more tragetet with a reference to company, project or proposal – while whaling targets CEOs, CFOs, and other executives to gain access or steal bitcoin, with reported success rate up to 90% – even froms attackers that “not extremely technically advanced” @decrypt

new domains aren’t blocked and look as from corporate @zscaler

vishing

“criminal phone fraud, using social engineering over the telephone system to gain access to private personal and financial information” targeting remote workers with social engineering and fake VPN page – the FBI warn in an Advisory

ransomware

it has been sneaking into our world at a remarkable rate, huge increase in the daily average of ransomware attacks, compared to the first half of the year – parallel is malware 39% down overall … “but trending upward”

Denial of Service

25% increase during the pandemic lockdown – unprecedented number of shorter, faster, more complex attacks – Hidden Impact: consume payed bandwidth & throughput

stay secure and healthy – both private and business

… use 2-Factor-Authentication

switch to modern authentication – sms as second factor is insecure

not only since twitter ceo jack dorsey was a victim with activated additional sms authentication for it’s account – now twitter disabled “temporarily” the ability to tweet via sms …that phone numbers and sms’s were not designed to be used as two-factor authentication systems, as they are insecure. Fabio Assolini, Senior Security Researcher at Kaspersky…

by matthias mader 9. September 2019

Hi, Speed – innovation kickback of actual keynote

…what apple annouced innovative right now

homepod mini

smaller and smarter as the big brother, automatically create a pair in the same room and placing an iPhone near give visual/audio/haptical effects with UltraWide Band Chip, later this year – communicate via Intercom with other device in my home or need apple devices *wow*

there are sonos and other smart speaker around but in my opinion aren’t that smart, preorder start november 6th, shipping begins november 16th for just $99

iPhone 12

all new design? looks like a “Back to the Future” iPhone5, but infact with quite competitive harware improvements: 5G speed, A14 Bionic, Ceramic Shield, Edge‑to‑edge OLED display, Night mode on every camera and finall LiDAR (Light Detection And Ranging) to measure object distance, from size mini to max

• iPhone 12 mini at $699
• iPhone 12 s at $799
• iPhone 12 Pro at $999
• Phone 12 Pro Max at $1,099

MagSafe

also there are still wireless charging options but not tuned, cutout for the clock in cases with magnetic clips and apple “enable an all new ecosystem” mean even more money

after the more or less disappointing keynote in september “Time Flies” with e.g. the iPadAir this was inspiring in terms of:

Stay hungry. Stay foolish.

Steve Jobs

whats new in enterprise – iOS14 and macOS Big Sur

apart from consumer features from iOS with it’s homescreen widgets, app libary, app clips or picture-in-Picture and many other features (already available in Android) – so, what’s new about managing the new release to utalize of enterprise with mdm

iOS 14 release date, beta, features and compatible iPhones @techradar

announced at wwdc 2020 the upcoming releases are packed full of features even for enterprise, a lot a leasons learned from iOS transered to macOS and some highlights in my opinion

• macOS enrollment – more seamless with detailed options to ease the onboarding process
• auto advance for mac – added an offline enrollment method that just require connecction network and power

• lights out management for mac pro, payload via mdm
• user enrolled macOS are supervised !!!
• macOS managed software – defer updates up to 90 days, same as for iOS or force update
• macOS managed apps – remove by mdm, managed app configuration or convert from managed to unmanaged
• download profiles for macOS – privacy from iOS to prevent mistakes and manually install profile iOS-style
• shared iPad for business – multi user device with managed apple id via apple’s abm

• non-removable managed apps – homescreen layout advanced to allow rearrange but prohibit uninstall of apps
• managed openin support shortcuts app
• set timezone – without location service
• per account vpn – mail,contact,calendar for same domain

• encrypted dns
• randomized wifi mac

about managing apple devices at wwdc @apple

---

read more about how to join and even downgrade from beta

downgrade beta

…it’s quite easy to join a public beta, a lot of chinese vendor develop there software while customer already using it – for ios and android it is possible to get a sneak look into new features or test changes behaviour in your enterprise environment before public rollout join beta at https://beta.apple.com/ https://www.google.com/android/beta top 3…

by matthias mader 19. March 20196. June 2019

gather ios device logs on the fly without a mac

it usually requires a mac with configurator installed to gather iOS device logs while troubleshooting an issue, there a some alternatives around…

#1 virtualize macOS

… and use apple’s configurator on windows, read more how to establish this below

touch @macos

apple introduced the “all news” touch bar in 2017 for macbook pro, but what most mac users missing is a touchscreen – the addon airbar, extra hardware attached to the screen, looks unbeautiful every smartpsmartsmaand a lot other notebook own a touchdisplayt, so what to do if you don’t want to run or carry separate device – vitualize…

#2 itools

as an alternative software for iTunes, it it further able to access device logs and is supported at windows & macOS for the following devices

iPhone X, iPhone 8,iPhone 5, iPhone 6, iPhone SE, iPhone 7,iPhone 5C,iPhone 5S, iPhone 6S,iPhone 6 plus, iPhone 6S plus, iPhone 7 Plus, iPod touch, iPad 4,iPad Mini 4, iPad Mini 3 and iPad Mini 2,iPad Pro (9.7 , 12.9 inch),iPad Air and iPad Air 2

---

#3 buildin analystics

even directly from the device it self it’s possible to gather debug information, with this workaround

• enable AssistiveTouch
• select analytics
• press virtual Homebutton
• reproduce the issue/crash
• upload logs

how to install an old version of an iOS app

usually it’s not that simple for apple user to install a previous version of an app, sideloading of apps is reserved for android devices or just in cydia store via iOS jailbreak

TestFlight is apple’s Beta Testing Service to test Pre-Release version with new features, it support up to 10.000 tester invited per mail or via shared link, your able to install newer and even older versions of the invited app, or switch betweeen versions is possible, but builds remain just active for 90 days

the link will refer to the previous installed TestFlight app, select the shared beta app and select any previous build

iOS VPNonDemand gets “inactive”

recently we noticed VPN wasn’t working, could be the disabled connect on demand option – nope – the entire VPN configuration was inactive?!

a bit history: apple introduced VPN on demand (VPoD) still in iOS 5, it’s required setup certificate authentication – at first it was just possible to define single domains, over the years it advanced to ignore, evaluate or disconnect for certain domains – along with iOS 7 apple intoduced Per-app VPN to connect specific apps – since iOS13 it is even possible to tunnel just mail/calandar/contacts domains

noticed that this just happed for VPoD configuration, even if a single domain overlap in OnDemand rule, always the last pushed VPN configuration is active

even though all other obsete profiles are remove, the VPN config stays in it’s current state, even if it’s the last remaining configuration

you either manually enable the desired config or repush the config via MDM to remote enable

switch android phone and (easily) reconnect your wear smartwatch

largely relegated to checking notifications, counting steps, and maybe measuring your heart rate from time to time

in Q3 2019 the wearable band shipments grew 65% and propably below some christmas trees

beginning 2020, one-in-five americans use a smart watch or fitness tracker, according to a Pew Research

---

apple released in 2019 it’s watch series 5 with built-in compass and Emergency SOS application on cellular models

google smartwatches, running wear os, without an update since rename in 2018 – need oem vender to push the mobile os – xiaomi succeed with low prices to the global leader with 27% share – huawei reached annual growth largest wearable growth of 243% – fitbit recently sold to google

---

what’s embarrassing with wear os is the switch to a new android device, there is no guide to reconnect, you had to erase the watch and reconfigure – some apps on your mobile device offer the option to install as extention onto the watch, but all other needs to be installed manually one by one

but the is a clever guide to use the developer option to reconnect to a new device, without the need of resetting

simply enable usb debugging, disable blueooth, connect your wearable to android studio/adb tos, execute to following

• adb devices
• adb shell “pm clear com.google.android.gms && reboot”
• adb shell “am start -a android,bluetooth.adapter.action.REQUEST_DISCOVERABLE”

detailed guide at xda-developers

mobile os version in 2019

with over 2 billions of android device world wide running android but with a large version fragmentation, google is acting with project treble to push faster updates, for enterprise recommended devices has to push security update within 90 days – attached current version spread of android versions

firstclass support for it’s iOS devices, good choise in regarding return of invest – my 5 years old test device iPhone 6s already updated to the current iOS13

.. and even new releases got a great adoption rate for apple devices, already half of all iOS devices running the latest release

• 

• 

kaiOS quietly gained to one of the most used mobile operating system, it bridges the gap between feature phones and smartphones

second screen – how to multi screen | updated

let’s check how to use display content at a second screen to raise productivity, there are several options to enlarge your screen, the power of your mobile device is most of the time enough to serve multi screen

windows

project, duplicate, extend are availabe options when hit windows key + p to open up charms bar with available options to display wired connected to hdmi or wireless adapter via miracast

macos

to add an unwired further screen like an ipad, android, windows or even another mac – use airdisplay or interesting as a hardware solution lunadisplay

since macos catalina the sidecar extend screen natively with iPad

huawei

got it’s own desktop mode when connected via hmdi to a tv, attach keyboard, show presentation direct from your mobile or mirror your mobile screen wireless to miracast or chromecast

windows phone

continuum is/was a clever system, but HP Elite X3 was the latest device to support it, microsoft finally quite the phone project

read more about ..

samsung

offers wir dex a hadware adapter to connect you samsung mobile to your monitor, keyboard, etc. – looks like combinded version of huawei and continuun, intersting to access from mobile device via dex dock to virtual desktop

blackberry

blend seamlessly brings messaging and content that’s on your blackberry smartphone to your desktop and tablet

anycast

if the is no build in solution, this is problalby the best way that support airplay, miracast, dlna up and up to 4k in a single device

dualscreen

this trend driven further since microsoft shortly announced the android powered surface duo and surface neo both with a buildin second screen – samsung already released a dualscreen device with it’s fold, huawei will maybe following

current bundle id’s of iOS devices

the bundle id’s of apple current ios 13 are useful to sort icons in homescreen layout or to block dedicated app for supervised iOS devices

Activity	com.apple.Fitness
Apple TV Remote	com.apple.TVRemote
AppStore	com.apple.AppStore
Books	com.apple.iBooks
Calculator	com.apple.calculator
Calendar	com.apple.mobilecal
Camera	com.apple.camera
Classroom	com.apple.classroom
Clips	com.apple.clips
Clock	com.apple.mobiletimer
Compass	com.apple.compass
Contacts	com.apple.MobileAddressBook
Facetime	com.apple.facetime
Feedback Assistant	com.apple.appleseed.FeedbackAssistant
File	com.apple.DocumentsApp
Find Friends	com.apple.mobileme.fmf1
Find iPhone	com.apple.mobileme.fmip1
Find My	com.apple.findmy
GarageBand	com.apple.mobilegarageband
Health	com.apple.Health
Home	com.apple.Home
iCloud Drive	com.apple.iCloudDriveApp
iMovie	com.apple.imovie
iTunes Store	com.apple.MobileStore
iTunes U	com.apple.itunesu
Mail	com.apple.mobilemail
Maps	com.apple.Maps
Messages	com.apple.MobileSMS
Measure	com.apple.measure
Music	com.apple.Music
News	com.apple.news
Notes	com.apple.mobilenotes
Phone	com.apple.mobilephone
Photos	com.apple.mobileslideshow
Photo Booth	com.apple.Photo-Booth
Podcasts	com.apple.podcasts
Reminder	com.apple.reminders
Safari	com.apple.mobilesafari
Settings	com.apple.Preferences
Shortscuts	com.apple.shortcuts
Stocks	com.apple.stocks
Tips	com.apple.tips
TV	com.apple.tv
Videos	com.apple.videos
Voice Memos	com.apple.VoiceMemos
Wallet	com.apple.Passbook
Watch	com.apple.Bridge
Weather	com.apple.weather

you may also interessted in