This has become such a pervasive problem that Apple in 2024 actually published a support document explaining what you should look for to avoid social engineering attacks. Attackers are increasingly creative, pose as trusted entities, and will use a combination of personal information and AI to create convincing attacks. They recognize, after all, that it is not the attack you spot that gets you, it’s the one you miss.
Within this environment, it is important to note that 25% of organizations have been affected by a social engineering attack — even as 55% of mobile devices used at work run a vulnerable operating system and 32% of organizations still have at least one device with critical vulnerabilities in use across their stack. (The latter is a slight improvement on last year, but not much.)
The nature of what attackers want also seems to be changing. Jamf noticed that attempts to steal information are surging, accounting for 28% of all Mac malware, which suggests some degree of the surveillance taking place. These info-stealing attacks are replacing trojans as the biggest threat to Mac security. The environment is similar on iPhones and iPads, all of which are seeing a similar spike in exploit attempts, zero-day attacks, and convincing social-engineering-driven moves to weaponize digital trust.
Read the full article here
