Kategorie

More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that's vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool. The issue, tracked as CVE-2023-49606, carries a CVSS score of 9.8 out of a maximum of 10, per Cisco Talos, which described it as a use-after-free bug impacting versions 1.10.0 and 1.11.1, the latter of

More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that's vulnerable to a critical unpatched security flaw in the HTTP/HTTPS proxy tool. The issue, tracked as CVE-2023-49606, carries a CVSS score of 9.8 out of a maximum of 10, per Cisco Talos, which described it as a use-after-free bug impacting versions 1.10.0 and 1.11.1, the latter of Newsroomhttp://www.blogger.com/profile/[email protected]

The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface management firm Censys. Dubbed ArcaneDoor, the activity is said to have commenced around July 2023, with the first confirmed attack against an unnamed victim

The recently uncovered cyber espionage campaign targeting perimeter network devices from several vendors, including Cisco, may have been the work of China-linked actors, according to new findings from attack surface management firm Censys. Dubbed ArcaneDoor, the activity is said to have commenced around July 2023, with the first confirmed attack against an unnamed victim Newsroomhttp://www.blogger.com/profile/[email protected]

The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software Manager. These changes aim to enhance the overall user experience within the Linux Mint ecosystem, bolster security, and improve compatibility. Let's examine what you have to look forward to in Linux Mint 22 and the implications of these changes for Linux admins and security practitioners.

Cybercriminals are vipers. They’re like snakes in the grass, hiding behind their keyboards, waiting to strike. And if you're a small- and medium-sized business (SMB), your organization is the ideal lair for these serpents to slither into.  With cybercriminals becoming more sophisticated, SMBs like you must do more to protect themselves. But at what price? That’s the daunting question

Cybercriminals are vipers. They’re like snakes in the grass, hiding behind their keyboards, waiting to strike. And if you're a small- and medium-sized business (SMB), your organization is the ideal lair for these serpents to slither into.  With cybercriminals becoming more sophisticated, SMBs like you must do more to protect themselves. But at what price? That’s the daunting question The Hacker Newshttp://www.blogger.com/profile/[email protected]

Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices running Android. "The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, [and] disclosure of phone, settings and Xiaomi account data," mobile security firm

Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices running Android. "The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, [and] disclosure of phone, settings and Xiaomi account data," mobile security firm Newsroomhttp://www.blogger.com/profile/[email protected]

Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets, inventing new techniques and reusing good old ones. Amid the current threat landscape, Kaspersky has conducted a comprehensive analysis of the financial risks, pinpointing key trends and providing recommendations to effectively mitigate risks and enhance security posture.

Methodology

In this report, we present an analysis of financial cyberthreats in 2023, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. To gain an understanding of the financial threat landscape, we analyzed anonymized data on malicious activities detected on the devices of Kaspersky security product users and consensually provided to us through the Kaspersky Security Network (KSN).

Key findings Phishing

• Financial phishing accounted for 27.32% of all phishing attacks on corporate users and 30.68% of phishing attacks on home users.
• Online shopping brands were the most popular lure, accounting for 41.65% of financial phishing attempts.
• PayPal phishing accounted for 54.78% of pages targeting electronic payment system users.
• Cryptocurrency phishing saw a 16% year-on-year increase in 2023, with 5.84 million detections compared to 5.04 million in 2022.

PC malware

• The number of users affected by financial malware for PCs dropped by 11% from 2022.
• Ramnit and Zbot were the prevalent malware families, together targeting over 50% of affected users.
• Consumers remained the primary target of financial cyberthreats, accounting for 61.2% of attacks.

Mobile malware

• The number of Android users attacked by banking malware increased by 32% compared to the previous year.
• Agent was the most active mobile malware family, making up 38% of all Android attacks.
• Users in Turkey were the most targeted, with 2.98% encountering mobile banking malware.

Financial phishing

In 2023, online fraudsters continued to lure users to phishing and scam pages that mimicked the websites of popular brands and financial organizations. The attackers employed social engineering techniques to trick victims into sharing their financial data or making a payment on a fake page.

This year, we analyzed phishing detections separately for users of our home and business products. Among phishing and scam pages blocked on the devices of business users, 27.32% were financial phishing pages (pages mimicking online banks, payment systems and online stores). For fake pages blocked on home devices, this number was even higher at 30.68%.

TOP 10 organizations mimicked by phishing and scam pages that were blocked on business users’ devices, 2023 (download)

TOP 10 organizations mimicked by phishing and scam pages that were blocked on home users’ devices, 2023 (download)

Overall, among the three major financial phishing categories, online store users (41.65%) were targeted the most, followed by banks (38.47%) and payment systems (19.88%).

Distribution of financial phishing pages by category, 2023 (download)

Online shopping scams

Online stores were the most targeted category, comprising more than 40% (41.65%) of all financial phishing pages. Fraudsters impersonated popular online store websites, such as Amazon, eBay and Shopify, as well as brand websites and popular streaming services, such as Spotify and Netflix.

TOP 10 online shopping brands mimicked by phishing and scam pages, 2023 (download)

The most frequently impersonated e-commerce site was Amazon, which was mimicked in more than one third (34%) of all online store phishing attempts. Apple came in second with 18.66% of fraudulent pages, followed by Netflix, with 14.71%.

Sample of a phishing site that impersonates Amazon

The tenth most-copied site was the Latin American online market MercadoLibre, which was mimicked by 1.77% of phishing pages. Fake sites also frequently targeted Louis Vuitton (5.52%), Shopify (4.73%), Alibaba Group (3.17%), Spotify (3.14%), eBay (3.12%) and Luxottica (2.94%) users.

Phishing pages impersonating AliExpress, Spotify and Louis Vuitton websites

One of the most common scam types targeting online shoppers consists in cybercriminals offering heavy discounts (which, of course, expire soon), special offers, early access to goods or entertainment, and other “bargains”. Both home users and businesses were targeted. For instance, in the screenshot below, a fake page presumably is offering a bus at an attractive price. If the user attempts to buy the vehicle, they are prompted to log in with their eBay account, which is then stolen.

Fake page offering a bus at a relatively low price

Fraudsters use similar scams on social networks. For example, in the screenshot below, a fake Instagram store is offering Louis Vuitton products.

Fake Louis Vuitton store on Instagram

As new and more secure, authentication technologies appear, scammers find ways to evade these, too. The phishing page in the screenshot below, mimicking the Shopify sign-in form, implements a scenario for when the victim uses a passkey as the authentication method. Passkeys can only be used on websites and apps they are created for. To authorize passkey authentication, the user has to unlock the device the passkey was issued for. That means passkeys are of no use to phishers. To trick users into choosing to authenticate with a manually entered one-time code, the fake page displays an error message.

Fake Shopify page trying to bypass passkey authentication

Payment system phishing

Payment systems were mimicked in 19.88% of financial phishing attacks detected and blocked by Kaspersky products in 2023.

TOP 5 payment systems mimicked by phishing and scam pages (download)

Among these, PayPal (54.73%) was the one that received the most attention, with more than half of attacks using its image.

Fake page targeting PayPal users

Other most frequently victimized payment systems included MasterCard (16.58%), Visa (8.43%), Interac (4.05%) and PayPay (2.96%). Notably, of these, Visa and MasterCard are typically mimicked on fake payment pages linked to a variety of phishing and scam sites.

Cryptocurrency scams

In 2023, the number of phishing and scam attacks relating to cryptocurrencies continued to grow. Kaspersky antiphishing technologies prevented 5 838 499 attempts to follow a cryptocurrency-themed phishing link, which is 16% more than in 2022. This may be due to the fact that the Bitcoin rate, after hitting rock bottom in 2022, started to climb again in 2023. With the price of the number-one cryptocurrency setting new records at the beginning of 2024, this trend can be expected to develop further.

We have seen a number of different cryptocurrency-related schemes throughout the year. Scammers impersonated well-known cryptocurrency exchanges and offered coins in the name of major companies. Among the most notable schemes was a phishing campaign that targeted hardware crypto cold wallets. This type of wallet, normally disconnected from the internet, is considered quite safe. However, under the guise of a crypto giveaway, the attackers tricked users into connecting their hardware wallets to a fake website.

We have also seen crypto wallet phishing using well-known non-cryptocurrency brands as a lure. For example, a phishing website bearing the Apple logo and photos of Apple products invited users to get cryptocurrency called “AppleCoin”. Interestingly, a coin under that name does exist, but it has nothing to do with Apple Inc.

Phishing website touting AppleCoin in the name of Apple Inc

If the user believes that Apple has at last issued its own cryptocurrency and enters their wallet credentials, the scammers grab their funds.

PC malware

In 2023, the decline in the number of users affected by financial PC malware continued. Our data showed a decrease from 350,808 in 2022 to 312,453 in 2023, reflecting an 11% drop. This trend has persisted for the past years, and there are several reasons for that. First, users increasingly prefer mobile banking, and sign in to their online bank accounts on PCs less frequently than on smartphones. Although they may still store their banking credentials in browsers on their desktop computers, most notorious banking malware for PCs was repurposed to deliver other malware, such as ransomware, to infected systems. Often, these banking Trojans are used in more sophisticated targeted attacks, which usually means they infect fewer users.

Changes in the number of unique users attacked by banking malware in 2023 (download)

As can be seen in the graph above, banking malware attacks spiked in March. This coincided with a fourfold increase in Emotet‘s activity, which was its last large-scale campaign observed in 2023.

Key banking malware actors

The notable strains of banking Trojans in 2023 included Ramnit (35.1%), Zbot (22.5%) and Emotet (16.2%), which remained the top three financial malware families for the PC. The percentages of all three grew compared to 2022, together comprising nearly three-quarters of all financial malware attacks on desktop computers.

Name Verdict %* Ramnit/Nimnul Trojan-Banker.Win32.Ramnit 35.1 Zbot/Zeus Trojan-Banker.Win32.Zbot 22.5 Emotet Trojan-Banker.Win32.Emotet 16.2 CliptoShuffler Trojan-Banker.Win32.CliptoShuffler 6.9 Danabot Trojan-Banker.Win32.Danabot 2.2 Tinba Trojan-Banker.Win32.Tinba 2.1 SpyEyes Trojan-Spy.Win32.SpyEye 1.9 Qbot/Qakbot Trojan-Banker.Win32.Qbot 1.8 BitStealer Trojan-Banker.Win32.BitStealer 1.3 IcedID Trojan-Banker.Win32.IcedID 1.2

* Unique users who encountered this malware family as a percentage of all users attacked by financial malware

These three Trojans have a range of capabilities apart from stealing banking credentials. They can download additional modules and third-party malware, collect various types of data, such as passwords stored in browsers, and perform other malicious activities.

Fourth and fifth were CliptoShuffler (6.9%) and Danabot (2.2%), both frequently appearing in the rankings, and in sixth place was Tinba (2.2%), also known as “Tiny Banker Trojan”. Although we have not seen this family among the most active banking Trojans in previous years, it dates back to 2012, and its source code has been leaked. It is written in Assembler and gets its name for a remarkably small size.

Among other most active banking malware types were SpyEyes (1.9%), QakBot (1.8%), BitStealer (1.3%) and IcedID (1.2%).

Brazilian malware

While the overall number of desktop financial malware attacks has steadily declined, we have observed a trend for Brazilian families attempting to fill the void. In the beginning of 2023, we shared insights into new functionality added to Prilex, a type of malware known to target ATMs and PoS (point of sale) terminals. Kaspersky experts found the new modification was specifically designed to exploit contactless payments. When someone tries to pay with a contactless card, the infected PoS terminal displays an error message, prompting the buyer to insert the card and thus helping attackers to capture sensitive payment details. Cybercriminals can then run unauthorized transactions and potentially steal large sums of money from unsuspecting victims.

Another interesting malware strain is GoPIX, which targets the Brazilian instant payment system PIX. It spreads by impersonating the WhatsApp web app. Once successfully installed, it starts monitoring clipboard contents. If the malware detects PIX transaction data, it substitutes it with malicious data, tricking the user into transferring money to cybercriminals. It targets Bitcoin and Ethereum transactions in the same manner.

Recently, our Global Research and Analysis Team (GReAT) discovered Coyote, a new banking Trojan of Brazilian origin. Targeting more than 60 banking institutions, primarily in Brazil, this malware uses a sophisticated infection chain that utilizes various relatively new technologies. Spreading via the Squirrel installer, it leverages a NodeJS environment and the Nim programming language to complete infection. Coyote is capable of keylogging, taking screenshots, and setting up fake pages to steal user credentials.

Geography of PC banking malware attacks

To highlight the countries where financial malware was most prevalent in 2023, we calculated the share of users who encountered banking Trojans in the total number attacked by any type of malware in the country. The following statistics indicate where users are most likely to encounter financial malware.

The highest share of banking Trojans was registered in Afghanistan (6%), Turkmenistan (5.2%) and Tajikistan (3.7%). Switzerland (3.2%) and Mauritania (3%) were also among the worst affected by this type of threats.

TOP 20 countries by share of attacked users

Country* %** Afghanistan 6 Turkmenistan 5.2 Tajikistan 3.7 China 3.2 Switzerland 3 Mauritania 2.4 Sudan 2.3 Egypt 2.2 Syria 2.1 Yemen 2 Paraguay 2 Algeria 1.9 Venezuela 1.9 Uzbekistan 1.7 Libya 1.7 Zimbabwe 1.7 Spain 1.6 Pakistan 1.6 Iraq 1.6 Thailand 1.5

* Excluded are countries and territories with relatively few (under 10,000) Kaspersky users.
** Unique users whose computers were targeted by financial malware as a percentage of all Kaspersky users who encountered malware in the country.

Types of attacked users

Consumers (61.2%) were the main target of financial malware attacks in 2023, with their share unchanged from 2022.

Financial malware attack distribution by type (corporate vs consumer), 2021–2022 (download)

Mobile Malware

In 2023, 32% more Android users encountered mobile banking malware than in the previous year: 75,521 attacks compared to 57,219 in 2022. Moreover, we observed notable growth in the number of affected users in the last quarter of the year, which may be due to a new financial malware family called Mamont that targets mainly users in the CIS.

Number of Android users attacked by banking malware by month, 2022–2023 (download)

The most active Trojan banker was Bian.h (22.22%), followed by Agent.eq (20.95%), whose share grew by 17.50 pp compared to 2022. Third was Faketoken.pac, which affected 5.33% of all users who encountered mobile financial threats in 2023.

Verdict %*, 2022 %*, 2023 Difference in pp Change in ranking Trojan-Banker.AndroidOS.Bian.h 23.78 22.22 -1.56 0 Trojan-Banker.AndroidOS.Agent.eq 3.46 20.95 +17.50 +6 Trojan-Banker.AndroidOS.Faketoken.pac 6.42 5.33 -1.09 +1 Trojan-Banker.AndroidOS.Agent.cf 1.16 4.84 +3.68 +13 Trojan-Banker.AndroidOS.Agent.ma 0.00 3.74 +3.74 Trojan-Banker.AndroidOS.Agent.la 0.04 3.20 +3.16 Trojan-Banker.AndroidOS.Anubis.ab 0.00 3.00 +3.00 Trojan-Banker.AndroidOS.Agent.lv 0.00 1.81 +1.81 Trojan-Banker.AndroidOS.Agent.ep 4.17 1.74 -2.44 -4 Trojan-Banker.AndroidOS.Mamont.c 0.00 1.67 +1.67

* Unique users who encountered this malware as a percentage of all Kaspersky mobile security users who encountered banking threats.

Geography of the attacked mobile users

To find out which countries were worst affected by mobile financial malware in 2023, we calculated the percentage of users who encountered mobile banking Trojans among all active Kaspersky users in the country. Users in Turkey were attacked the most at 2.98%, with Saudi Arabia coming in second at 1.43% and Spain (1.38%) in third place.

TOP 10 countries by number of users who encountered mobile banking malware, 2023:

Country* %** Turkey 2.98% Saudi Arabia 1.43% Spain 1.38% Switzerland 1.28% India 0.60% Japan 0.52% Italy 0.42% South Korea 0.39% Azerbaijan 0.24% Colombia 0.24%

* Countries and territories with relatively few (under 25,000) Kaspersky mobile security users have been excluded from the rankings.
** Unique users attacked by mobile banking Trojans as a percentage of all Kaspersky mobile security users in the country.

Conclusion

Although the number of users affected by PC banking malware continues to decline, there are other financial threats that underscore the need to stay vigilant and protect your digital assets. Unlike 2022, the year 2023 saw the number of users encountering mobile banking Trojans increase significantly. Cryptocurrency-related phishing and scams continued to grow, too, and they are not expected to stop in the nearest future.

To protect your devices and finance-related accounts:

• Use secure authentication methods, such as multifactor authentication, strong unique passwords, and so on.
• Do not follow links from suspicious messages, and do not enter your credentials or payment details, unless you are 200% sure that the website is legitimate.
• Download apps only form trusted sources, such as official app marketplaces.
• Use reliable security solutions capable of preventing both malware and phishing attacks.

To protect your business:

• Regularly update your software and install security patches in a timely manner.
• Improve your employees’ security awareness, conduct regular security training and encourage safe practices, such as proper account protection.
• Implement robust monitoring and endpoint security to detect and mitigate threats at an early stage.
• Implement network segmentation and default deny policies for users with access to financial assets.
• Stay aware of the latest cybercrime trends by obtaining threat intelligence from trusted sources and sharing it with industry partners.

I’m lucky. On average, I’m only on videoconference calls for about five hours a week. I have friends and colleagues who burn that many hours on camera every day!

I’ve been videoconferencing since the 1990s — when you needed a dedicated ISDN line and a $1,000 worth of audio-video gear to make it happen. Today, you open up your laptop and you’re ready to go, even if you’re in a McDonald’s. Back then, when it worked, it was exciting. Today…, not so much.

Though most people call it Zoom fatigue, you’ll find it on any videoconferencing platform. Another name for the same effect is MEGO, short for “My Eyes Glaze Over.”  You know how it goes. A combination of boredom, conversation drift, and a lack of meeting focus, and soon you’re as snoozy as grandpa after a big lunch.

Zoom and its rivals know all about this phenomenon. And lately, they’ve been trying to make meetings more lively and productive by combining visual tricks and AI. 

The visual games have been with us for a while. Who could forget the “I’m Not a Cat!” meme when a misused filter made a lawyer appear as a white kitten with gray markings and large eyes during a civil forfeiture hearing on Zoom in February 2021? 

Now, this kind of thing — for better or worse — has gotten more advanced. Apple Vision Pro users, for example, can now use CGI avatars (Personas) in Zoom meetings. Personas, you can remove the backgrounds of your meeting participants and “pin” their real-time avatars in your physical workspace. (I have no doubt that those avatars will soon be able to move around in your augmented reality space.)

I consider that more fun than practical for business meetings. But I can see how  Microsoft’s Mesh, when used with Microsoft Teams and spatial audio, could be useful by allowing avatars to “step away” from the main meeting for private conversations.

Another meeting technology I could see seriously taking off involves having your avatar, but not you, attend a meeting. Thanks to the Microsoft 365 Copilot chatbot and Google’s Duet AI for Workspace, we can already get meeting minutes from gatherings we didn’t actually attend. Why not make it “appear” that we’re there while we’re actually ordering a Big Mac? 

Other tools, such as Zoom’s AI Companion, are already making meetings more productive by presenting meeting summaries, identifying action items, and prompting people to share the next steps. Personally, I’ve been doing this for a while by running Otter.AI, my voice transcription program of choice, manually with videoconferencing programs. Today, Otter AI Assistant for Zoom Meetings can do this on auto-pilot. 

All that’s neat and nifty, but I remain unconvinced they’ll help much. For example, if I had my avatar record a meeting to boil it down to what I needed to know and act on, why wasn’t it an e-mail in the first place? 

Sure, if there’s a conversation — that’s different. But there’s no talk going on if our meetings are mostly attended by avatars. So what’s the point?

Avatars and AI aren’t really going to make videoconferencing meetings more productive. While they can be fun and helpful, they don’t address the real reasons so many meetings are deadly dull. 

As my friend Alfred Poor (he’s my video meeting advisor and founder of The 75% Solution), told me, “I firmly believe that there is no such thing as ‘Zoom Fatigue.’ Instead, I believe that people are observing ‘Bad Zoom Fatigue,’ which is not much different from ‘Bad Conference Room Meeting Fatigue’ that we’ve suffered from for generations. It’s just that the vast majority of Zoom (and Teams and Google Meet and webinars and all those other platforms) meetings are not prepared and executed with intention.”

Specifically, Poor believes you must properly organize “the meeting itself — ‘this meeting could have been an email’ — which requires analyzing the objectives along with the type and direction of information flow required to achieve those objectives.” 

For example, if a meeting involves the boss simply telling people what’s what in the next quarter, it could just as well be a webinar rather than a videoconference. Or, if there’s a meeting to determine what will happen in the next quarter, it should involve only the people planning what’s what, not everyone and their assistant. Your aides-de-camp will be fine with meeting minutes and action items. 

Yes, sometimes videoconferences are necessary and helpful. Yes, AI tools can make them more productive. And, yes, I, for one, would be happy to have a meeting where I was represented by an avatar of my dog Telly and my editor by his Lil Joe. That would be fun, at least once. But for videoconferences to really be useful, we need organization and planning, not technical tricks. 

Augmented Reality, Collaboration Software, Generative AI, Productivity Software, Videoconferencing, Zoom Video Communications

Cybersecurity researchers have discovered a new information stealer targeting Apple macOS systems that's designed to set up persistence on the infected hosts and act as a spyware. Dubbed Cuckoo by Kandji, the malware is a universal Mach-O binary that's capable of running on both Intel- and Arm-based Macs. The exact distribution vector is currently unclear, although there are

Cybersecurity researchers have discovered a new information stealer targeting Apple macOS systems that's designed to set up persistence on the infected hosts and act as a spyware. Dubbed Cuckoo by Kandji, the malware is a universal Mach-O binary that's capable of running on both Intel- and Arm-based Macs. The exact distribution vector is currently unclear, although there are Newsroomhttp://www.blogger.com/profile/[email protected]

Security is vital for your Linux web apps, but keeping up with the latest exploits and meeting compliance standards can quickly become overwhelming.

Open-source software, or OSS , has completely changed the technology sector by enabling developers anywhere to work together and produce creative solutions faster. However, security issues are a significant worry, just like in any digital environment. Therefore, you should take precautions to secure any open-source software you use.

German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns associated with the widely used sudo command. Let's explore run0's implications for Linux admins and security practitioners.

Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from the European Union (E.U.), the North Atlantic Treaty Organization (NATO), the U.K., and the U.S. The Czech Republic's Ministry of Foreign Affairs (MFA), in a statement, said some unnamed

Czechia and Germany on Friday revealed that they were the target of a long-term cyber espionage campaign conducted by the Russia-linked nation-state actor known as APT28, drawing condemnation from the European Union (E.U.), the North Atlantic Treaty Organization (NATO), the U.K., and the U.S. The Czech Republic's Ministry of Foreign Affairs (MFA), in a statement, said some unnamed Newsroomhttp://www.blogger.com/profile/[email protected]

If he hasn’t already, it’s past time for Apple CEO Tim Cook to gain a reputation for dry wit when it comes to handling preconceived opinion — he ladled out several helpings of this during Apple’s second-quarter fiscal call on Thursday. Though the company’s financials were down, they were still ahead of what Wall Street had anticipated.

Revenue for the quarter was $90.8 billion, down 4% from the same quarter last year, but Apple’s gross margins increased to 46.6%, mainly on the strength of solid services increases.

Cook states the facts 

For me, one of his best lines during the presentation was captured in this exchange during analyst questions:

Wells Fargo analyst:  “I guess I’m going to go back to the China question. I guess at a high level, the simple question is, when we look at the data points that have been repeatedly reported throughout the course of this quarter, I’m curious, Tim, what are we missing? Where do you think people are missing Apple’s iPhone traction within the Chinese market?”

Tim Cook: “I can’t address the data points. I can only address what our results are. And we did accelerate last quarter and the iPhone grew in mainland China. So that’s what the results were. I can’t bridge to numbers we didn’t come up with.”

Translation: The analyst is confused because all the industry data points (IDC, Counterpoint, Gartner, Ming Chi Kuo) seem to have been inaccurate. Cook simply dismisses those estimates with the company’s actual results.

What happened in China?

What’s confusing here is that the company’s management report confirms weak iPhone sales in every segment — but in part this reflects one of those “difficult comparisons” the company likes to state. 

Think back to this time last year, when Apple was just emerging from what had been a very difficult time operationally. In the run up to this quarter a year ago, COVID-19 had closed the iPhone factories, meaning lots of smartphones weren’t being made, and order fulfillment was delayed. Apple told us then that it realized about $5 billion in iPhones sales in the quarter that would have been made in the preceding one. 

That’s not the case this year. “If you remove that $5 billion from last year’s results, we would have grown this quarter on a year-over-year basis,” Cook said. “And so that’s how we look at it internally from how the company is performing.” 

If that’s true, it explains why Apple doesn’t seem especially concerned that its iPhone sales internationally did decline by 10% in revenue in the quarter. After all, the iPhone was the top-selling smartphone model in the US, urban China, Australia, UK, France, Germany, and Japan. The device also achieved 99% customer satisfaction according to Changewave.

Managing change

Even though Cook told us that iPhone sales grew in China, both the Wall Street Journal and Nikkei insist sales fell there. In fact, the two best-selling smartphones in mainland China during the quarter were the iPhone 15 and 15 Pro Max, Apple confirmed during the presentation. 

Apple did concede that it has work to do on its other products, and iPhone sales were down in contrast to this time last year. Weakness was felt across multiple markets, and with the iPhone Apple’s biggest product, the impact of this and softening iPad sales contributed to revenue decline.

What is interesting is that in Japan and elsewhere in the APAC region, Apple sales seemed weak. That doesn’t mean there isn’t an appetite for the company’s products. Cook sees enthusiasm across the region: “Everywhere I travel, people have such a great affinity for Apple, and it’s one of the many reasons I’m so optimistic about the future,” he said. He also expressed his confidence in the long-term Apple market in China.

What about enterprise use?

Apple made a handful of references to enterprise sales, the majority of which pertained to its latest device, the Vision Pro headset. The company reported that over half of the world’s Fortune 100 companies have already bought Vision Pro units to explore what the device can do for their business. 

“We are seeing so many compelling use cases, from aircraft engine maintenance training at KLM to real-time team collaboration and immersive kitchen design at Lowes,” said Apple CFO Luca Maestri.

Apple also confirmed the ongoing rise of Macs in the enterprise. “More and more enterprise customers are embracing the Mac,” said Maestri.

In healthcare, Epic Systems, the world’s largest electronic medical record provider, recently launched its native app for the Mac, making it easier for healthcare organizations like Emory Help to transition thousands of PCs to the Mac for clinical use. “I think there’s a great opportunity for us around the world in enterprise,” said Cook.

A note on Europe

Two points seemed interesting:

• Apple anticipates solid services growth (which includes Europe) in the current quarter, despite the EU’s DMA act which is forcing it to change its App Store business model.
• With those changes, Apple said it’s too early to tell whether consumers or developers will migrate outside the App Store; its focus for now is on complying with the EU law while “mitigating the impacts to user privacy and security” of doing so.

One step beyond

Apple also discussed emerging markets. 

Maestri: “…When we start looking at places like India, like Saudi, like Mexico, Turkey, Brazil, Mexico and Indonesia, the numbers are getting large. And we’re very happy because these are markets where our market share is low. The populations are large and growing. And our products are really making a lot of progress within those markets. The level of excitement for the brand is very high. So, it is very good for us.

“And then and certainly the numbers are getting larger all the time. And so the gap as you compare it to the numbers in China is reducing. And hopefully that trajectory continues for a long time.”

The takeaway from those statements tells me that, like any farmer, Apple is investing in future business growth and most certainly sees rapidly emerging markets as the bedrock for tomorrow’s success as mature markets atrophy.

What happens next?

Looking forward, Apple warned of low single-digit growth in the June quarter, with services predicted to continue to grow and the iPad to see double-digit growth. The company is expected to ship a new iPad as soon as next week. 

That iPad may also introduce some new AI-driven tools, perhaps as a taster of what to expect at WWDC and their expected spread across the company’s products this fall. Discussing generative AI, Cook described it as a “very key” opportunity, stressed his confidence that the company has advantages to bring such tech to market, and promised “we will be talking more about it as we go through the weeks ahead”. So, there’s a lot to look forward to.

Apple’s data points

So, having established that there’s no data about Apple better than Apple’s own data, what data points did Apple share? You can review its press release here and financial statements here and here. What follows are some details cherry-picked from within the company’s analyst call:

• Apple reached revenue records in more than a dozen countries and regions, including in Latin America and the Middle East, as well as Canada, India, Spain, and Turkey.
• It also achieved an all-time revenue record in Indonesia, “one of the many markets where we continue to see so much potential,” said Cook, who recently visited the nation.
• Services hit an all-time revenue record, up 14% YoY at $23.9 billion. (It’s worth noting that recent data indicates Apple TV+ is the fastest growing streaming service in major markets.)
• Mac sales by revenue grew 4% YoY. (Cook described the MacBook Air as “the best consumer laptop for AI”, which I take to mean “watch this space.”)
• iPad revenue fell 17%, ahead of next week’s expected refresh.
• Wearables, home, and accessory sales fell 10%.
• Apple nodded toward CSR, confirming its plan to be completely carbon neutral across its business by 2030 and celebrating that it has reduced overall emissions by over 50% even while revenue (and therefore sales) increased 65% since 2015.
• Apple expects gross margins in the June quarter of 45.5% to 46.5% (which is really high, even for Apple).
• Apple predicts single-digit growth in comparison to last year in the upcoming June quarter. In 2023, it booked $81.8 billion in revenue for that period.
• If you own Apple shares, you’ll get 25 cents per share on May 16.

Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

Apple, iMac, iPhone, Mobile

In today's rapidly evolving digital landscape, the threat of Distributed Denial of Service (DDoS) attacks looms more significant than ever. As these cyber threats grow in sophistication, understanding and countering them becomes crucial for any business seeking to protect its online presence. To address this urgent need, we are thrilled to announce our upcoming webinar, "Uncovering Contemporary